Rockwell Automation AADvance Controller Safety Manual User Manual







4-30

Document: 553630

ICSTT-RM446K-EN-P Issue: 10

_C

Safety Manual (AADvance Controller)



The PFD & PFH data has been calculated on the basis that the shutdown
state is configured to the OFF state. Therefore the OFF state shall be used

for SIL2 & SIL3 applications.



When a module fails then all the channels are set to the de-energized

state.

Reactions to faults in output modules

When an output module goes faulty the following status information is
reported:



module presence



module health and status



channel health and status



field faults



an echo of the front panel indicators for each module

When any of the following internal conditions exist the output module will fail-
safe:



power feed combiner over temperature detection



power supply rails out of tolerance

Process safety time faults

For a digital output module, the process safety time represents the period of a

watchdog timer that specifies the length of time the controller will allow the
module to run without receiving updates from the application. If the module

runs beyond this time period without receiving any updates, it enters the

Shutdown Mode.

Shutdown Mode

When in the Shutdown mode the Ready and Run indicators will go RED. You

can configure the state of the outputs when the module is in the Shutdown

Mode. You have to decide when you configure the module how you want the

output channels to behave in the Shutdown mode.The output modules can be
configured to provide the following channel values:



De-energized (Off default fail-safe value)



Hold Last State