1. Software
  2. IQANdesign
  3. Questions
+1

Question about differences between the modules regarding safety

nick_namsep 1 month ago in IQANdesign updated 2 weeks ago 3

Hello,

I have a quick question regarding the different expansion and master modules for a project i am working on. I want to implement the newer modules with new software on a mobile hydraulic machine but i am getting a bit confused with the safety differences between the modules.

I am currently in the planning phase of looking what modules i am going to use and how to implement the software the most efficient way. I am planning to use a new MD-5 with MC or XC expansion modules. But seeing as there is a MC43FS version which is rated for safety it not totally clear to me what the safety functions are that that module provides over a non FS version?

In the manuals and datasheets i was able to find is that it does real time checks and has redundancy on the in and output which is nice. But that got me wondering if the XC modules have that self check as well? for example if one output from the XC modules gets broken or disconnect from the valves does that also show that the output is not connected or broken or? Because that would make error detection and tracing way easier in the future of the project

If someone could help me a bit with these questions that would be great!

Thanks in advance,

Nick

+1
Michael Carlyle 1 month ago

The XC modules are slave modules so have no program...to be functionally safe - their software must reside in the MC43FS module.  The MD5 is a display and has no functional safety rating and a minimum 50 ms cycle time - software that resides on that should not control safety functionality;

Gustav Widén (System support) 3 weeks ago

The safety functions are what you make when designing the machine. 

When you implement safety functions, the logic for the safety functions should reside on an IQAN-MC4xFS module. 

That way you can use the methodology in a standard such as ISO 13849 to prove that your design is safe.  

As Michael pointed out, XC4 expansions (XC41, -42 and -43) can be part of the safety function -when they are controlled by logic in an MC4xFS master. 


What could be confusing is that have sell the similar looking MC4x "performance" version. With the MC4xFS, the difference is that FS modules run a safety certified RTOS, execute the application logic in lockstep and run the full set of diagnostic checks.  

For the example you give with output faults, the modules will detect and take a local decision to shut down the output, reaching a safe state. If this is on an expansion, the error is reported back to the main application as channel status. This is also where you control restart conditions, an important aspect. 

With an MD5 in the system, you will also get automatic popups with information about the fault. This is beyond the scope of the actual safety function,  but very practical for troubleshooting and repair. 

+1
nick_namsep 2 weeks ago

Ahhh that is a great description thanks!

Customer support service by UserEcho