Rockwell Automation AADvance Controller Safety Manual User Manual

Page 46

Advertising
background image

3-12

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)


SIL3 TMR Input and Processor, Fault Tolerant Output

A SIL3 TMR architecture offers the highest level of fault tolerance for an

AADvance controller and consists of triple input modules, triple processors
and dual output modules.

The input and processor modules operate in a 2oo3D under no fault

conditions, degrade to 1oo2D on detection of the first fault in any module,
and degrade to 1oo1 on the detection of faults in any two modules and

will fail-safe when there are faults on all three modules.

In the event of a failure in any element of a channel, the channel processor will
still produce a valid output which could be voted on because of the coupling

between the channels. This is why the triple modular redundant

implementation provides a configuration that is inherently better than a typical

2oo3 voting system.

Digital Output Modules

A digital output module fault must be repaired within the MTTR which was

used in the PFD calculation.

Analogue Output Modules

An analogue output module fault must be repaired within the MTTR which was
used in the PFD calculation.

Advertising
See also other documents in the category Rockwell Automation Equipment: