Users of this document shall take into account the following constraints to avoid misunderstanding or wrong expectations regarding safety-related developments and applications.
NOTE 1 This includes for example use for training, seminars, workshops and consultancy.
The communication technologies specified in this document shall only be implemented in devices designed in accordance with the requirements of the relevant safety standards.
The use of communication technologies specified in this document in a device does not ensure that all necessary technical, organizational and legal requirements related to safety-related applications of the device have been fulfilled in accordance with the requirements of the relevant safety standards.
For a device based on this document to be suitable for use in safety-related applications, appropriate functional safety management life-cycle processes according to the relevant safety standards shall be observed. This shall be assessed in accordance with the independence and competence requirements of the relevant safety standards. Safety-related applications of the device can be subject to local regulations and legal requirements.
NOTE 2 Examples for relevant safety standards include the IEC 61508 series, IEC 61511, IEC 602041, IEC 62061, ISO 13849-1 and ISO 13849-2.
The manufacturer of a device using communication technologies specified in this document is responsible for the correct implementation of the standard, the correctness and completeness of the device documentation and information.
Additional important information including corrigenda and errata published by the OPC Foundation or PI shall be considered for implementation and assessment.
It is strongly recommended that implementers of this document comply with the appropriate conformance tests and validations provided by the related technology-specific organization.
NOTE 3 These requirements and recommendations are included because incorrect implementations could lead to serious injury or loss of life.
Since safety technology in automation is relevant to occupational safety and the concomitant insurance risks in a country, local regulations and legal requirements can apply. The national authorities (notified bodies) decide on the recognition of assessment reports.
NOTE Examples of such authorities are the IFA (Institut für Arbeitsschutz der Deutschen Gesetzlichen Unfallversicherung/Institute for Occupational Safety and Health of the German Social Accident Insurance) in Germany, HSE (Health and Safety Executive) in UK, FM (Factory Mutual/Property Insurance and Risk Management Organization), UL (Underwriters Laboratories Inc./Product Safety Testing and Certification Organization), or the INRS (Institut National de Recherche et de Sécurité) in France.
Table 41 gives an informative overview of all the requirements (safety and non-safety) which are described in this document. A summary requirement description and the corresponding clause or subclause where the requirement is defined are given. To fully understand a requirement and its context, it is necessary to consult its original definition. Table 41 serves as a tool for quick navigation and as a checklist for an overview over all requirements.
For the conventions used for numbering requirements, see 3.3.2.
Table 41 – Index of requirements (informative)
|
Requirement number |
Requirement summary |
Clause or subclause |
|
RQ4.1 |
Implement in devices designed according to the IEC 61508 series with appropriate SIL |
|
|
RQ5.1 |
Implement in safety devices only |
|
|
RQ5.2 |
Implement safety measures (MNR, timeout with receipt, IDs, data integrity check) |
|
|
RQ5.3 |
Process and monitor safety measures in the SCL |
|
|
RQ5.4 |
Start CRC calculation with value “1” |
|
|
RQ5.5 |
Use CRC result “1” instead of “0” |
|
|
RQ5.6 |
Ignore all-zero SPDUs |
|
|
RQ6.1 |
Singleton SafetyACSet Folder |
|
|
RQ6.2 |
Objects for SafetyProviders and SafetyConsumers |
|
|
RQ6.3a |
Usage of Call Service for Client/Server |
|
|
RQ6.3b |
Usage of SafetyPDUs for PubSub |
|
|
RQ6.4 |
Provide SPDUs for diagnostics in Method ReadSafetyDiagnostics |
|
|
RQ6.5 |
Restrictions on DataTypes |
|
|
RQ6.6 |
Non-abstract DataTypes for out data |
|
|
RQ6.7 |
Definition of concrete DataTypes for ResponseSPDU |
|
|
RQ6.8 |
Usage of NonSafetyDataPlaceHolder |
|
|
RQ6.9 |
Restriction to scalar types |
|
|
RQ6.10 |
List supported DataTypes in user manual |
|
|
RQ6.11 |
||
|
RQ6.12 |
Implementation of SafetyProvider SAPI |
|
|
RQ6.13a |
Implementation of SafetyProvider SPI |
|
|
RQ6.13b |
Parameters of SafetyProvider SPI |
|
|
RQ6.14 |
Implementation of SafetyConsumer SAPI |
|
|
RQ6.15a |
Implementation of SafetyConsumer SPI |
|
|
RQ6.15b |
Parameters of SafetyConsumer SPI |
|
|
RQ6.16 |
Values for qualifiers |
|
|
RQ6.17 |
SafetyConsumer diagnostic message texts |
|
|
RQ7.1 |
RequestSPDU Flags |
|
|
RQ7.2 |
Contents and structure of SafetyData in ResponseSPDU |
|
|
RQ7.3 |
Usage of ResponseSPDU.Flags |
|
|
RQ7.4 |
Zero out reserved flags |
|
|
RQ7.5 |
Copy SafetyConsumerID into ResponseSPDU |
|
|
RQ7.6 |
Copy MonitoringNumber into ResponseSPDU |
|
|
RQ7.7 |
Usage of CRC signature |
|
|
RQ7.8 |
Usage of NonSafetyData |
|
|
RQ7.9 |
Indication of NonSafetyData |
|
|
RQ7.10 |
Answer repeated RequestSPDUs in Client/Server communication |
|
|
RQ7.11 |
Document behaviour chosen in RQ7.10 in safety manual |
|
|
RQ7.12 |
Monitor ConsumerCycleTime in safety-related way |
|
|
RQ7.13 |
Implement SafetyProvider behaviour |
|
|
RQ7.14 |
Implement SafetyConsumer behaviour |
|
|
RQ7.15 |
Rules for building the ResponseSPDU |
|
|
RQ7.16 |
Rules for calculating SPDU_ID fields |
|
|
RQ7.17 |
Values to indicate SafetyProviderLevel_ID |
|
|
RQ7.18 |
Avoid accidental use of higher SIL indicator |
|
|
RQ7.19 |
Calculation of SafetyStructureSignature |
7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) |
|
RQ7.20 |
No evaluation of SafetyStructureSignature |
7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) |
|
RQ7.21 |
Value of SafetyStructureSignatureVersion |
7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) |
|
RQ7.22 |
Generator polynomial for CRC signature |
|
|
RQ7.23 |
Endianess encoding of SafetyData |
|
|
RQ7.24 |
CRC calculation sequence |
|
|
RQ7.25 |
Calculate CRC in SafetyConsumer from ResponseSPDU values |
|
|
RQ7.26 |
Immediate effect of SafetyConsumerTimeout |
|
|
RQ8.1 |
Provision of SafetyProviderDelay |
|
|
RQ9.1 |
Storage of SafetyBaseID and SafetyProviderID |
|
|
RQ9.2a |
(Option 1) Use stored MNR after restart |
|
|
RQ9.2b |
(Option 2) Use random MNR after restart |
|
|
RQ9.3 |
Provision of and information in safety manual |
|
|
RQ9.4 |
Indication of SAPI.OperatorAckRequested |
|
|
RQ9.5 |
Properties of LED indication of SAPI.OperatorAckRequested |
|
|
RQ12.1 |
Namespaces |