Rockwell Automation T8094 8000 Series TMR System Safety Manual User Manual

SAFETY MANUAL

D oc N umber T8094
I ssue 27 – June 2013

Page 68 of 103

The sample application logic above uses a 5 second discrepancy timeout period. The
actual timeout period used should be based on the process safety time, and must not
exceed the second fault occurrence time.

In safety related systems the logical state from DX type modules must be forced to the
safe condition by the application program if the error bit for that channel is set to a “1”.
This action can be delayed in order to prevent unwanted control actions but the total
time of the logical delay, the MSEC delay set within the module and the system
throughput must not exceed the “Process Safety Time” for the application.

In this configuration the error bit must be latched by the application and manually reset
after the discrepancy has been removed.

Figure 6 – Discrepancy error bit latch and manual reset logic

Voted state

Error bit

Delay

&

Logical State

Latch

Reset