10 Assessment
10.1 Safety policy
Users of this document shall take into account the following constraints to avoid misunderstanding or wrong expectations regarding safety-related developments and applications.
The communication technologies specified in this document shall only be implemented in devices designed in accordance with the requirements of the relevant safety standards.
The use of communication technologies specified in this document in a device does not ensure that all necessary technical, organizational and legal requirements related to safety-related applications of the device have been fulfilled in accordance with the requirements of the relevant safety standards.
For a device based on this document to be suitable for use in safety-related applications, appropriate functional safety management life-cycle processes according to the relevant safety standards shall be observed. This shall be assessed in accordance with the independence and competence requirements of the relevant safety standards. Safety-related applications of the device can be subject to local regulations and legal requirements.
The manufacturer of a device using communication technologies specified in this document is responsible for the correct implementation of the standard, the correctness and completeness of the device documentation and information.
Additional important information including corrigenda and errata published by the OPC Foundation or PI shall be considered for implementation and assessment.
It is strongly recommended that implementers of this document comply with the appropriate conformance tests and validations provided by the related technology-specific organization.
10.2 Obligations
Since safety technology in automation is relevant to occupational safety and the concomitant insurance risks in a country, local regulations and legal requirements can apply. The national authorities (notified bodies) decide on the recognition of assessment reports.
10.3 Index of requirements (informative)
Table 41 gives an informative overview of all the requirements (safety and non-safety) which are described in this document. A summary requirement description and the corresponding clause or subclause where the requirement is defined are given. To fully understand a requirement and its context, it is necessary to consult its original definition. Table 41 serves as a tool for quick navigation and as a checklist for an overview over all requirements.
For the conventions used for numbering requirements, see 3.3.2.
| Requirement number | Requirement summary | Clause or subclause |
|---|---|---|
| RQ4.1 | Implement in devices designed according to the IEC 61508 series with appropriate SIL | 4.2 Implementation aspects |
| RQ5.1 | Implement in safety devices only | 5.2 Safety functional requirements |
| RQ5.2 | Implement safety measures (MNR, timeout with receipt, IDs, data integrity check) | 5.3 Safety measures |
| RQ5.3 | Process and monitor safety measures in the SCL | 5.3 Safety measures |
| RQ5.4 | Start CRC calculation with value “1” | 5.5 Requirements for CRC calculation |
| RQ5.5 | Use CRC result “1” instead of “0” | 5.5 Requirements for CRC calculation |
| RQ5.6 | Ignore all-zero SPDUs | 5.5 Requirements for CRC calculation |
| RQ6.1 | Singleton SafetyACSet Folder | 6.2.2.1 SafetyACSet Object |
| RQ6.2 | Objects for SafetyProviders and SafetyConsumers | 6.2.2.1 SafetyACSet Object |
| RQ6.3a | Usage of Call Service for Client/Server | 6.2.2.1 SafetyACSet Object |
| RQ6.3b | Usage of SafetyPDUs for PubSub | 6.2.2.1 SafetyACSet Object |
| RQ6.4 | Provide SPDUs for diagnostics in Method ReadSafetyDiagnostics | 6.2.2.1 SafetyACSet Object |
| RQ6.5 | Restrictions on DataTypes | 6.2.2.2 Safety ObjectType definitions |
| RQ6.6 | Non-abstract DataTypes for out data | 6.2.2.2 Safety ObjectType definitions |
| RQ6.7 | Definition of concrete DataTypes for ResponseSPDU | 6.2.3.4 ResponseSPDUDataType |
| RQ6.8 | Usage of NonSafetyDataPlaceHolder | 6.2.3.4 ResponseSPDUDataType |
| RQ6.9 | Restriction to scalar types | 6.2.5 DataTypes and length of SafetyData |
| RQ6.10 | List supported DataTypes in user manual | 6.2.5 DataTypes and length of SafetyData |
| RQ6.11 | Values for Boolean DataType | 6.2.5 DataTypes and length of SafetyData |
| RQ6.12 | Implementation of SafetyProvider SAPI | 6.3.3.2 SAPI of SafetyProvider |
| RQ6.13a | Implementation of SafetyProvider SPI | 6.3.3.3 SPI of SafetyProvider |
| RQ6.13b | Parameters of SafetyProvider SPI | 6.3.3.3 SPI of SafetyProvider |
| RQ6.14 | Implementation of SafetyConsumer SAPI | 6.3.4.2 SAPI of SafetyConsumer |
| RQ6.15a | Implementation of SafetyConsumer SPI | 6.3.4.4 SPI of the SafetyConsumer |
| RQ6.15b | Parameters of SafetyConsumer SPI | 6.3.4.4 SPI of the SafetyConsumer |
| RQ6.16 | Values for qualifiers | 6.3.6 Principle for “application variables with qualifier” |
| RQ6.17 | SafetyConsumer diagnostic message texts | 6.4.2 Diagnostics messages of the SafetyConsumer |
| RQ7.1 | RequestSPDU Flags | 7.2.1.4 RequestSPDU: Flags |
| RQ7.2 | Contents and structure of SafetyData in ResponseSPDU | 7.2.1.5 ResponseSPDU: SafetyData |
| RQ7.3 | Usage of ResponseSPDU.Flags | 7.2.1.6 ResponseSPDU: Flags |
| RQ7.4 | Zero out reserved flags | 7.2.1.6 ResponseSPDU: Flags |
| RQ7.5 | Copy SafetyConsumerID into ResponseSPDU | 7.2.1.8 ResponseSPDU: SafetyConsumerID |
| RQ7.6 | Copy MonitoringNumber into ResponseSPDU | 7.2.1.9 ResponseSPDU: MonitoringNumber |
| RQ7.7 | Usage of CRC signature | 7.2.1.10 ResponseSPDU: CRC |
| RQ7.8 | Usage of NonSafetyData | 7.2.1.11 ResponseSPDU: NonSafetyData |
| RQ7.9 | Indication of NonSafetyData | 7.2.1.11 ResponseSPDU: NonSafetyData |
| RQ7.10 | Answer repeated RequestSPDUs in Client/Server communication | 7.2.2.2 SafetyProvider and SafetyConsumer Sequence diagram |
| RQ7.11 | Document behaviour chosen in RQ7.10 in safety manual | 7.2.2.2 SafetyProvider and SafetyConsumer Sequence diagram |
| RQ7.12 | Monitor ConsumerCycleTime in safety-related way | 7.2.2.2 SafetyProvider and SafetyConsumer Sequence diagram |
| RQ7.13 | Implement SafetyProvider behaviour | 7.2.2.4 SafetyProvider state diagram |
| RQ7.14 | Implement SafetyConsumer behaviour | 7.2.2.5 SafetyConsumer state diagram |
| RQ7.15 | Rules for building the ResponseSPDU | 7.2.3.1 Build ResponseSPDU |
| RQ7.16 | Rules for calculating SPDU_ID fields | 7.2.3.2 Calculation of the SPDU_ID_1, SPDU_ID_2, SPDU_ID_3 |
| RQ7.17 | Values to indicate SafetyProviderLevel_ID | 7.2.3.4 Coding of the SafetyProviderLevel_ID |
| RQ7.18 | Avoid accidental use of higher SIL indicator | 7.2.3.4 Coding of the SafetyProviderLevel_ID |
| RQ7.19 | Calculation of SafetyStructureSignature | 7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) |
| RQ7.20 | No evaluation of SafetyStructureSignature | 7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) |
| RQ7.21 | Value of SafetyStructureSignatureVersion | 7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) |
| RQ7.22 | Generator polynomial for CRC signature | 7.2.3.6 Calculation of a CRC signature |
| RQ7.23 | Endianess encoding of SafetyData | 7.2.3.6 Calculation of a CRC signature |
| RQ7.24 | CRC calculation sequence | 7.2.3.6 Calculation of a CRC signature |
| RQ7.25 | Calculate CRC in SafetyConsumer from ResponseSPDU values | 7.2.3.6 Calculation of a CRC signature |
| RQ7.26 | Immediate effect of SafetyConsumerTimeout | 7.2.2.2 SafetyProvider and SafetyConsumer Sequence diagram |
| RQ8.1 | Provision of SafetyProviderDelay | 8.2 Safety function response time part of communication |
| RQ9.1 | Storage of SafetyBaseID and SafetyProviderID | 9.1.1 SafetyBaseID and SafetyProviderID |
| RQ9.2a | (Option 1) Use stored MNR after restart | 9.2 Initialization of the MNR in the SafetyConsumer |
| RQ9.2b | (Option 2) Use random MNR after restart | 9.2 Initialization of the MNR in the SafetyConsumer |
| RQ9.3 | Provision of and information in safety manual | 9.5 Safety manual |
| RQ9.4 | Indication of SAPI.OperatorAckRequested | 9.6 Indicators and displays |
| RQ9.5 | Properties of LED indication of SAPI.OperatorAckRequested | 9.6 Indicators and displays |
| RQ12.1 | Namespaces | 12.2 Handling of OPC UA namespaces |