[RQ9.3] According to IEC 61508-2, the suppliers of equipment implementing an implementation of this document shall provide a safety manual. The instructions, information and parameters of Table 40 shall be included in that safety manual unless they are not relevant for a specific device.
Table 40 – Information to be included in the safety manual
|
|
Item |
Instruction and/or parameter |
Remark |
|
1 |
Safety handling |
Instructions on how to configure, parameterize, commission and test the device safely in accordance with IEC 61508 and IEC 61784-3. |
|
|
2 |
PFH, respectively PFDavg |
The PFH, respectively PFDavg, per logical connection of the safety function. |
See 9.3.2 and 9.4 |
|
3 |
SFRTOPCSafety |
Information on how this value can be calculated by the end user / OEM. |
See 8.1 The implementation and error reaction of ConsumerCycleTime is in the responsibility of the vendor/integrator. |
|
4 |
SafetyBaseID / SafetyProviderID |
Information on how the SafetyBaseID and SafetyProviderID are generated and assigned. |
See 9.1.1 |
|
5 |
Commissioning |
The end user / OEM is responsible for verification and validation of correct cabling and assignment of network addresses. The safety manual shall address how this can be accomplished.
|
|
|
6 |
Operator Acknowledgment |
If the SafetyConsumers makes a transition to fail-safe substitute values requiring operator acknowledgment “frequently”, this is an indication that a check of the installation (for example electromagnetic interference), network traffic load, or transmission quality is required. It shall be mentioned in the manual that it is potentially unsafe to simply omit these checks.“Frequently” in this context is defined as
|
|
|
7 |
Duration of demand |
In safety applications where the duration of a demand signal is short (e.g., shorter than the process safety time), and it is crucial that the consumer application never misses a demand, then a bidirectional communication must be arranged and the confirmation of receiving the demand at consumer side must be implemented in the application program, by sending appropriate information within the SafetyData. |
|
|
8 |
High demand and low demand applications |
The SafetyConsumer must be executed cyclically within a shorter time frame than the SafetyConsumerTimeout. |
|
|
9 |
Maintenance |
Specific requirements for device repair and device replacement. |
|
|
10 |
Relevant safety standards |
A safety device according to this document shall fulfill the requirements of the relevant safety standards, such as IEC 61508 (according the SIL-level as described) when used in live operation. |
For usage in live operation |