Rockwell Automation AADvance Controller Safety Manual User Manual

Page 44

Advertising
background image

3-10

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)


SIL3 Fault Tolerant I/O Architectures

A SIL3 fault tolerant processor and I/O is achieved by dual input and output

module configurations with dual or triple processor modules. The processor
modules operate in 1oo2D under no fault conditions, degrade to 1oo1D on

the detection of the first fault in either module and fail-safe when there are

faults on both modules.
Similarly the input modules operate in 1oo2D under non faulted conditions

and 1oo1D on detection of the first fault in either module and will fail-safe

when there are faults on both modules.
the processor must be repaired within the MTTR assumed in the PFD

calculations or SIL3 safety instrumented functions must be shut down.

For SIL3 applications you must use a minimum of a dual processor

configuration.

Digital Output Modules

A digital output module fault must be repaired within the MTTR which was used in

the PFD calculation.

Analogue Output Modules

An analogue output module fault must be repaired within the MTTR which was
used in the PFD calculation.

Table 8:

Modules for SIL3 Fault Tolerant Architectures

Position Module Type

Advertising
See also other documents in the category Rockwell Automation Equipment: