With the advancement of technology, the continuous and trouble-free operation time of industrial control systems has been significantly extended. However, equipment failures are inevitable. When these failures occur, there is a need for a technology that can ensure the safety of both the equipment and personnel. This technology is known as "fail-safe technology."
Specifically, fail-safe technology refers to the ability to direct equipment to a safe state or position in the event of a failure. The earliest applications of fail-safe technology were in railway signal systems, but it is now widely used in many industrial control systems.
A system that employs fail-safe technology is referred to as a "fail-safe system." These systems are utilized in applications where high safety requirements are essential and are composed of fail-safe CPUs and fail-safe modules.
The fail-safe CPU has undergone safety certification by TüV, a German safety organization. In the event of a failure, it ensures that the control system switches to a safe mode. In the Siemens S7 series, fail-safe CPUs are identified by the letter "F" in their nomenclature, such as CPU319F. The "F" stands for "Fail-safe." To distinguish it from regular CPUs, the fail-safe CPU (F-CPU) is marked with a yellow label in both the module and hardware configuration. For example, in the CPU319F-3PN/DP pictured below, you can see both the TüV safety certification and the yellow label on the lower left corner.
The fail-safe CPU is capable of running fail-safe programs, which are composed of one or several safe operation groups. These groups operate independently from regular programs, evaluating the system's inputs and controlling its safe outputs. Consequently, the fail-safe CPU requires the cooperation of a fail-safe module.
A "fail-safe module" refers to a module that, in the event of a failure, directs the system to a safe state. These modules are frequently used in distributed control systems (Distributed systems). They differ from regular modules in their dual-channel design, where two integrated processors monitor each other and automatically test the IO loops. In the event of a failure, the module is placed in a safe state.
In the Siemens S7 series of PLCs, fail-safe modules include fail-safe power modules, fail-safe digital input modules, fail-safe digital output modules, and fail-safe analog input modules.
The fail-safe power module (F-Power) provides operating voltage to other modules and safely shuts down the output modules' operating voltage. The fail-safe digital input module (F-DI) records the digital signal state of safety-related sensors and transmits the fail-safe information frame to the fail-safe CPU (F-CPU). The fail-safe digital output module (F-DO) provides short-circuit or series protection and safely shuts down the actuator. The fail-safe analog input module (F-AI) acquires signals from safety-related analog sensors.
All fail-safe modules communicate with the fail-safe CPU through a fail-safe bus protocol. Communication failures will trigger an alarm on the fail-safe modules.
That concludes our introduction to fail-safe systems.
For further reference, please consult related articles: