Network Router User Manual
Assembling and Installing Systems
A-33
Automation System S7-400 Hardware and Installation
A5E00850741-01
Splitting the group into safety-relevant areas and areas which are not
savety-relevant
Most plants contain components for handling safety-relevant functions (e.g.
EMERGENCY-OFF switch, protective gates, two-hand controls). To avoid the need
to examine the entire controller from the aspect of safety, the control system is
usually divided into an area that is safety-relevant and an area that is not
safety-relevant. In the non-safety area, no special demands are placed on the
safety of the control equipment, because any failure in the electronic system will
not influence safety in the installation. In the s afety-relevant area, however, it is
only allowed to operate controllers or circuits which satisfy the corresponding
regulations.
The following divisions are common in practical situations:
• For control equipment with few safety-related functions (e.g. machine controls)
The conventional PLC is responsible for machine control, whereas
safety-related functions are implemented with a fail-safe PLC.
• For controllers with balanced areas (e.g. chemical installations, cable cars)
In this case also, the area that is not safety-relevant is controlled with a
standard PLC, whereas a tested fail-safe controller (S7-400F or S7-400FH) PLC
the safety-relevant areas.
The entire installation is implemented with a fail-safe control system.
• For control equipment with mainly safety-relevant functions (e.g. burner control
systems)
The entire control system is implemented with fail-safe technology
Important Information
Even when electronic control equipment has been configured for maximum design
safety -- e.g. with a multi-channel structure -- it is imperative conform with
instructions given in the operating manual. Incorrect handling can render measures
intended to prevent dangerous faults ineffective, or generate additional sources of
danger.