Safe I/O

edoardo_bosio · Post by **edoardo_bosio** » 21 Feb 2018, 10:48

Can the revPi manage safe I/O? I need this feature to interface with a safety PLC or something equivalent.
I look forward to your reply.

volker · Post by **volker** » 21 Feb 2018, 21:29

I'm sorry but no this is not possible. I fear you will have to spend much more money for safe systems. We work very close together with PILZ and thus I do have a little insight in the immense efforts they need to invest to make a system safe and compliant to the norms for safe systems.

edoardo_bosio · Post by **edoardo_bosio** » 23 Feb 2018, 11:45

Thank you Volker for your reply. You mean that in your opinion there are no ways touse a plc safety for safety and a revPi for Operation? Where RevPi check the status of the machine communicating with the safety PLC?

Kindly,
Edoardo

volker · Post by **volker** » 23 Feb 2018, 11:58

You can always connect a RevPi to a safety PLC (e.g. PILZ has done this on their "smart factory" exhibit for Hannover fair) to get or deliver data which is not part of the safty concept. This could for example be a gateway to deliver values into the cloud or to signal certain conditions for monitoring to an ERP system or to send an Email or SMS in case of certain machine states. But our IOs (DIO, DI, DO) could never be "safe IOs" in the sense of a safty concept. You could never calculate the SIL Leveöl for a system where a RevPi DIO is integral part of the safety concept.

Post by **Timo** » 23 Feb 2018, 13:21

I can speak only for the PNOZmini multi (made by Pilz) here, because i used it in a project. It is a small configurable and expandable safety plc.
Receiving data via Modbus TCP - even security related data - is possible and quite easy.
Sending unsafe data via Modbus TCP and mixing it with safe inputs is possible through the logic element called "reset element". It does not look pretty, nor easy, but seems to be legit and it works reliably. So I would say it depends on the possibilities of your safety PLC.

volker · Post by **volker** » 23 Feb 2018, 18:20

Most safety PLCs do have "unsafe" communication channels, i.e. they offer data or take data at from IOs or busses which need not to be safe. But the signals you are writing to the safety system are then NEVER part of the safty concept. They are (like with the PNOZ) possibly "security" relevant. But security is something different and must not be mixed up with safety. Security might e.g. block the safety controller to go into a certain state because a lack of authentication or legitimation. If you are using the safe inputs of the PNOZ together with unsafe outputs of a DIO this would not make much sense. the overall functionality of the RevPi->DIO->PNOZ combination would not be safe and you could not calculate any SIL level for it. The Modbus port of a PNOZ is first of all a diagnostic port and you can retrieve information from it. You can use it for sending data into registers of the PNOZ but such registers can only be used for disabling certain machine states never to block or to trigger a safty related operation.