toothless48
Mechanical
- Oct 27, 2014
- 29
Hello, I am working on a small to medium-sized automation system, and I am currently writing the commissioning procedures, particularly ones related to functional safety. I am somewhat new to it.
The procedure I have written out is based on some examples I found while searching the internet, and that I have done in the past. Basically:
1. Verify the system starts and cycles normally.
2. Press the E-Stop button.
3. (In my case, the system will already be stopped when the button is pressed, as it is not healthy to E-Stop it repeatedly) Verify that the system cannot be started.
4. Verify that the UI shows an E-Stop state.
5. Release the button.
6. Verify that the system cannot be restarted.
7. Press the reset button.
8. Clear faults, verify that the system can be restarted.
We are using a safety PLC with an AS-i network, so it is somewhat of a black box in terms of E-Stop logical chain. For example, I don't really know if the right bits have been set, or maybe the PLC just issued a soft stop but never pulled the motor contactors. Or maybe it is being done in standard logic. Maybe that is all overthinking it?
My questions are:
1. Does this basically just come down to reviewing and documenting PLC code? Is it typical to keep track of program hashes to make sure you've got the right program (or whatever Siemens uses as a checksum)?
2. Is it typical to take a multimeter to check that the contactor coils are deenergized?
OR
3. Is passing the purely function test typically considered sufficient.
I often see a lot of answers pointing back to the risk analysis, but I feel like the RA is never detailed enough to give specific answers like that. Our system is not especially dangerous, our systems are designed to PLd.
Thank you for reading my long post!
The procedure I have written out is based on some examples I found while searching the internet, and that I have done in the past. Basically:
1. Verify the system starts and cycles normally.
2. Press the E-Stop button.
3. (In my case, the system will already be stopped when the button is pressed, as it is not healthy to E-Stop it repeatedly) Verify that the system cannot be started.
4. Verify that the UI shows an E-Stop state.
5. Release the button.
6. Verify that the system cannot be restarted.
7. Press the reset button.
8. Clear faults, verify that the system can be restarted.
We are using a safety PLC with an AS-i network, so it is somewhat of a black box in terms of E-Stop logical chain. For example, I don't really know if the right bits have been set, or maybe the PLC just issued a soft stop but never pulled the motor contactors. Or maybe it is being done in standard logic. Maybe that is all overthinking it?
My questions are:
1. Does this basically just come down to reviewing and documenting PLC code? Is it typical to keep track of program hashes to make sure you've got the right program (or whatever Siemens uses as a checksum)?
2. Is it typical to take a multimeter to check that the contactor coils are deenergized?
OR
3. Is passing the purely function test typically considered sufficient.
I often see a lot of answers pointing back to the risk analysis, but I feel like the RA is never detailed enough to give specific answers like that. Our system is not especially dangerous, our systems are designed to PLd.
Thank you for reading my long post!