Abb Ac500-s User manual

MANUAL

AC500-S

Safety user manual V1.2.0

Original instructions

—

Table of contents

1 Introduction..................................................................................................................................................... 5

1.1 Purpose..................................................................................................................................................... 5

1.2 Document history...................................................................................................................................... 5

1.3 Validity....................................................................................................................................................... 7

1.4 Important user information........................................................................................................................ 7

1.5 Definitions, expressions, abbreviations..................................................................................................... 8

1.6 Functional safety certification.................................................................................................................. 10

1.7 References / related documents.............................................................................................................. 11

1.8 Applicable standards............................................................................................................................... 11

2 Overview of AC500-S safety PLC................................................................................................................. 13

2.1 Overview................................................................................................................................................. 13

2.1.1 System..................................................................................................................................... 13

2.1.2 Safety components.................................................................................................................. 14

2.2 Intended use............................................................................................................................................ 16

2.3 Safety loop.............................................................................................................................................. 17

2.4 Safety values........................................................................................................................................... 17

2.5 Qualified personnel................................................................................................................................. 18

2.6 Lifecycle.................................................................................................................................................. 18

2.7 Installation of safety modules.................................................................................................................. 18

2.8 Exchange of modules.............................................................................................................................. 19

2.9 AC500-S restart behavior........................................................................................................................ 19

2.10 Replacing AC500-S safety PLC components........................................................................................ 19

2.11 Environmentally friendly disposal.......................................................................................................... 19

2.12 Safe communication.............................................................................................................................. 19

2.13 Safety function and fault reaction.......................................................................................................... 21

2.13.1 Safety CPU (SM560-S / SM560-S-FD-1 / SM560-S-FD-4).................................................... 22

2.13.2 Safety module with safety input channels (DI581-S, DX581-S and AI581-S)........................ 22

2.13.3 Safety module with safety output channels (DX581-S).......................................................... 23

2.14 Safety function test................................................................................................................................ 23

2.15 Troubleshooting..................................................................................................................................... 23

2.16 FAQ - AC500-S safety PLC................................................................................................................... 28

3 AC500-S safety modules.............................................................................................................................. 32

3.1 Safety CPU - SM560-S / SM560-S-FD-1 / SM560-S-FD-4..................................................................... 32

3.1.1 Purpose.................................................................................................................................... 32

3.1.2 Functionality............................................................................................................................. 32

3.1.3 Mounting, dimensions and electrical connection..................................................................... 39

3.1.4 Diagnosis and LED status display............................................................................................ 41

3.1.5 Safety CPU module states....................................................................................................... 43

3.1.6 Safety and non-safety CPU interaction.................................................................................... 47

3.1.7 Technical data.......................................................................................................................... 47

3.1.8 Ordering data........................................................................................................................... 50

3.2 Generic safety I/O module behavior........................................................................................................ 50

3.2.1 Overview.................................................................................................................................. 50

3.2.2 Safety I/O module states.......................................................................................................... 50

3.2.3 Undervoltage / overvoltage...................................................................................................... 59

3.2.4 Diagnosis................................................................................................................................. 60

3.3 DI581-S safety digital input module......................................................................................................... 61

3.3.1 Purpose.................................................................................................................................... 61

Table of contents

2020/06/193ADR025091M0208, 12, en_US2

3.3.2 Functionality............................................................................................................................. 62

3.3.3 Mounting, dimensions and electrical connection..................................................................... 65

3.3.4 Internal data exchange............................................................................................................. 69

3.3.5 I/O configuration....................................................................................................................... 69

3.3.6 Parameterization...................................................................................................................... 69

3.3.7 Circuit examples....................................................................................................................... 69

3.3.8 LED status display................................................................................................................... 81

3.3.9 Technical data.......................................................................................................................... 82

3.3.10 Ordering data......................................................................................................................... 85

3.4 DX581-S safety digital input/output module............................................................................................ 86

3.4.1 Purpose.................................................................................................................................... 86

3.4.2 Functionality............................................................................................................................. 87

3.4.3 Mounting, dimensions and electrical connection..................................................................... 91

3.4.4 Internal data exchange............................................................................................................. 95

3.4.5 I/O configuration....................................................................................................................... 95

3.4.6 Parameterization...................................................................................................................... 95

3.4.7 Circuit examples....................................................................................................................... 96

3.4.8 LED status display................................................................................................................. 101

3.4.9 Technical data........................................................................................................................ 102

3.4.10 Ordering data....................................................................................................................... 106

3.5 AI581-S safety analog input module..................................................................................................... 107

3.5.1 Purpose.................................................................................................................................. 107

3.5.2 Functionality........................................................................................................................... 108

3.5.3 Mounting, dimensions and electrical connection.................................................................... 110

3.5.4 Internal data exchange........................................................................................................... 113

3.5.5 I/O configuration..................................................................................................................... 113

3.5.6 Parameterization.................................................................................................................... 113

3.5.7 Circuit examples..................................................................................................................... 114

3.5.8 LED status display.................................................................................................................. 118

3.5.9 Technical data........................................................................................................................ 119

3.5.10 Ordering data....................................................................................................................... 122

3.6 TU582-S safety I/O terminal unit........................................................................................................... 123

3.6.1 Functionality........................................................................................................................... 123

3.6.2 Mounting, dimensions and electrical connection................................................................... 124

3.6.3 Technical data........................................................................................................................ 126

3.6.4 Ordering data......................................................................................................................... 127

4 Configuration and programming............................................................................................................... 128

4.1 Overview............................................................................................................................................... 128

4.2 Workflow................................................................................................................................................ 129

4.3 System configuration and programming................................................................................................ 130

4.3.1 Installation.............................................................................................................................. 130

4.3.2 License activation................................................................................................................... 130

4.3.3 Creation of new project and user management..................................................................... 130

4.3.4 Working with PROFINET/PROFIsafe F-Devices................................................................... 131

4.3.5 Instantiation and configuration of safety modules / definition of variable names................... 133

4.3.6 Programming of AC500-S safety CPU................................................................................... 141

4.3.7 Checking of program and system configuration..................................................................... 159

4.4 CODESYS Safety programming guidelines.......................................................................................... 172

4.4.1 Overview................................................................................................................................ 172

4.4.2 Framework............................................................................................................................. 172

4.4.3 Language-specific programming guidelines.......................................................................... 174

Table of contents

2020/06/19 3ADR025091M0208, 12, en_US 3

4.4.4 General programming guidelines........................................................................................... 180

4.4.5 Safety and non-safety parts of the application....................................................................... 181

4.5 Safety code analysis tool....................................................................................................................... 181

4.6 AC500-S libraries.................................................................................................................................. 182

4.6.1 Overview................................................................................................................................ 182

4.6.2 Safety_Standard.lib................................................................................................................ 183

4.6.3 SafetyBase_PROFIsafe_LV200_AC500_V22.lib................................................................... 187

4.6.4 SafetyBlocks_PLCopen_AC500_v22.lib................................................................................ 191

4.6.5 SafetyDeviceExt_LV100_PROFIsafe_AC500_V27.lib........................................................... 294

4.6.6 SafetyExt2_LV100_AC500_V27.lib........................................................................................ 298

4.6.7 SafetyExt_AC500_V22.lib...................................................................................................... 300

5 Safety times................................................................................................................................................. 317

5.1 Overview............................................................................................................................................... 317

5.2 Fault reaction time................................................................................................................................. 317

5.3 Safety function response time............................................................................................................... 317

6 Checklists for AC500-S commissioning................................................................................................... 326

6.1 Overview............................................................................................................................................... 326

6.2 Checklist for creation of safety application program.............................................................................. 326

6.3 Checklist for configuration and wiring.................................................................................................... 328

6.4 Checklist for operation, maintenance and repair................................................................................... 330

6.5 Verification procedure for safe iParameter setting in AC500-S safety I/Os........................................... 332

6.5.1 Verification procedure workflow............................................................................................. 333

6.5.2 Verification tables for iParameter settings in AC500-S safety I/Os........................................ 334

7 Safety application examples...................................................................................................................... 342

7.1 Overview............................................................................................................................................... 342

7.2 Example 1: diagnostics concept............................................................................................................ 343

7.2.1 Functional description of safety functions.............................................................................. 343

7.2.2 Graphical overview of safety application interface................................................................. 344

7.2.3 Declaration of used variables................................................................................................. 344

7.2.4 Program example................................................................................................................... 345

7.2.5 Additional notes...................................................................................................................... 345

7.3 Example 2: muting................................................................................................................................. 346

7.3.1 Functional description of safety functions.............................................................................. 347

7.3.2 Graphical overview of the safety application interface........................................................... 348

7.3.3 Declaration of used variables................................................................................................. 348

7.3.4 Program example................................................................................................................... 350

7.3.5 Additional notes ..................................................................................................................... 351

7.4 Example 3: two-hand control................................................................................................................. 352

7.4.1 Functional description of safety functions.............................................................................. 352

7.4.2 Graphical overview of the safety application interface........................................................... 353

7.4.3 Declaration of used variables................................................................................................. 353

7.4.4 Program example................................................................................................................... 354

7.4.5 Additional notes...................................................................................................................... 354

8 Index............................................................................................................................................................. 356

Appendix...................................................................................................................................................... 359

A System data for AC500-S-XC................................................................................................... 360

B Usage of safety CPU with V2 non-safety CPU PM5xx............................................................. 366

C Usage of safety CPU with V3 non-safety CPU PM56xx........................................................... 384

Table of contents

2020/06/193ADR025091M0208, 12, en_US4

—

1 Introduction

1.1 Purpose

This safety user manual describes AC500-S safety PLC system. It provides detailed information

on how to install, run, program and maintain the system correctly in functional safety applica-

tions up to SIL 3 according to IEC 61508:2010, SILCL 3 according to IEC 62061:2015 and per-

formance level e (cat. 4) according to ISO 13849-1:2015.

ABB’s AC500 series is a PLC-based modular automation solution that makes it easy to mix and

match safety and non-safety I/O modules to meet automation market requirements.

1.2 Document history

Rev. Description of version / changes Who Date

1.2.0 Various typos were corrected and various improvements in the texts and

illustrations were made. Layout was changed to current ABB branding.

Major changes:

● Chapter 4.3.7.1: New safety verification tool SVT was added.

● Safety modules are supported by AC500 V3 non-safety CPUs. Spe-

cific information on handling safety modules with non-safety CPUs

transferred to appendices B + C.

Appendix B contains all specific information about safety modules

with V2 non-safety CPUs PM5xx.

Appendix C contains all specific information about safety modules

with V3 non-safety CPUs PM56xx.

● Chapter 3.1.2.6: "Firmware, boot code and boot project update" was

updated.

● Assembly instructions of safety I/O modules were updated.

ABB 19.06.2020

1.1.0 Various typos were corrected. Various improvements in the text.

Major changes:

● Information about SM560-S-FD-1(-XC) and SM560-S-FD-4(-XC)

safety CPUs was added.

● Ch. 4.6.7: New PROFIsafe F-Device library SafetyDevi-

ceExt_LV100_PROFIsafe_AC500_V27.lib was added.

● Ch. 4.6.8: New Safety library SafetyExt2_LV100_AC500_V27.lib was

added.

● Detailed information about relevant standards was added.

● Checklists for AC500-S commissioning in Chapter 6 were updated.

ABB 16.03.2018

1.0.5 Various typos were corrected. Minor improvements in the text and

removal of screen shots for older versions of Automation Builder.

Major changes:

● New PROFIsafe F-Host library SAFETY-

BASE_PROFIsafe_LV200_AC500_V22.lib is used in the document.

● FAQ (Frequently Asked Questions) list was added.

● Ch. 2.4: Detailed safety values for AC500-S modules were provided.

● Ch. 4.3.6: "DANGER!" note was added to explain PROFIsafe

Device_Fault bit usage.

● Ch. 6.3: New checklist item 9 was added.

ABB 23.10.2017

Introduction

Document history

2020/06/19 3ADR025091M0208, 12, en_US 5

Rev. Description of version / changes Who Date

1.0.4 Various typos were corrected. Minor improvements in the text.

Major changes:

Licensing information was updated:

● Ch. 4.1: Notice Block with reference to PS501-S license installation

removed.

● Ch. 4.2: Figure 63 updated (Programming workflow, step 2) was

enhanced for the license handling of Automation Builder version

V2.0.2 (or higher).

● Ch. 4.3.2: "Licence activation" was extended with additional licensing

information for usage of Automation Builder version V2.0.2 (or

higher).

Additional information according to the new F-Host library "SAFETY-

BASE_PROFIsafe_AC500_V22_Ext.lib" was added:

● Ch 4.6.1: Table for library "SAFETY-

BASE_PROFIsafe_AC500_V22_Ext.lib" was updated.

● Ch. 4.6.3: The chapter was updated and renamed acc. to the new

library name "SAFETYBASE_PROFIsafe_AC500_V22_Ext.lib".

● Ch. 6.2: Checklist item 20 was updated according to the new library

name "SAFETYBASE_PROFIsafe_AC500_V22_Ext.lib".

ABB 27.03.2017

1.0.3 Various typos were corrected. Additional abbreviations were included in

the abbreviation list.

The entire document was re-styled:

● The yellow background on notices and recommendations was

replaced by a light-grey background because of document standardi-

zation.

● "DANGER" and "NOTICE" symbols were replaced by standard sym-

bols from German Standard DIN 4844-2 in text boxes.

The text was changed in the document:

● More standard terms are now used in the document.

● Values for storage and transport temperatures were extended.

● Vertical mounting option (with derating) is added for SM560-S Safety

CPU and corrected for DI581-S and AI581-S Safety I/O modules.

● LREAL is not supported by SM560-S Safety CPUs and was removed

from the document.

● POU SF_MAX_POWER_DIP_GET description was modified.

● "DANGER" text box was added for POU

SF_DPRAM_PM5XX_S_SEND to explain limitations for POU usage.

● F_WD_Time2 and Device_WD2 term definitions in Chapter 5.3 were

corrected.

● "F_Host_WD" was replaced with "the value set using

SF_WDOG_TIME_SET" inside of "NOTICE" box in Chapter 5.3

ABB 28.05.2015

1.0.2 Words "Original Instructions" have been added to document title ABB 17.04.2015

Introduction

Document history

2020/06/193ADR025091M0208, 12, en_US6

Rev. Description of version / changes Who Date

1.0.1 Minor typos were corrected. TÜV SÜD certificate was added.

The text was changed in the document:

● Safety I/O inputs and outputs are not electrically isolated from the

other electronic circuitry of the module.

● The safety values for safety outputs of DX581-S (-XC) module are

only valid if the parameter "Detection" is set to "On".

● DC (diagnostic coverage) for DX581-S (-XC) module shall be

≥ 94 %.

● The clarification was added that the boot project update on SM560-S

is possible only if no boot project is loaded on SM560-S.

● Not more than one communication error (CE_CRC or Host_CE_CRC

output signals become equal to TRUE) per 100 hours is allowed to

be acknowledged by the operator using OA_C input signal without

consulting the responsible safety personnel.

● SM560-S cycle time shall be included three times instead of two

times in Safety Function Response Time calculation.

● The values for input delay accuracy in Safety Function Response

Time calculation were updated.

● Update of Appendix A with system data for AC500-S-XC.

ABB 08.03.2013

1.0.0 First release ABB 19.12.2012

1.3 Validity

The data and illustrations found in this documentation are not binding. ABB reserves the right to

modify its products in line with its policy of continuous product development.

1.4 Important user information

This documentation is intended for qualified personnel familiar with functional safety. You must

read and understand the safety concepts and requirements presented in this safety user

manual prior to operating AC500-S safety PLC system.

The following special notices may appear throughout this documentation to warn of potential

hazards or to call attention to specific information.

DANGER!

The notices referring to your personal safety are highlighted in the manual by

this safety alert symbol, which indicates that death or severe personal injury

may result if proper precautions are not taken.

NOTICE!

This symbol of importance identifies information that is critical for successful

application and understanding of the product. It indicates that an unintended

result can occur if the corresponding information is not taken into account.

Introduction

Important user information

2020/06/19 3ADR025091M0208, 12, en_US 7

1.5 Definitions, expressions, abbreviations

1oo2 One-out-of-Two safety architecture, which means that it includes two channels

connected in parallel, such that either channel can process the safety function.

AC500 ABB non-safety PLC

AC500-XC ABB non-safety PLC suitable for extreme environmental conditions

AC500-S ABB safety PLC for applications up to SIL 3 (IEC 61508), SILCL 3 (IEC 62061)

and PL e (ISO 13849-1)

AC500-S-XC ABB safety PLC for applications up to SIL 3 (IEC 61508), SILCL 3 (IEC 62061)

and PL e (ISO 13849-1) suitable for extreme environmental conditions

ADC Analog to digital converter

AOPD Active opotoelectronic protective device

Automation

Builder

Integrated engineering suite for ABB PLCs, including IEC 61131-3 editor

CODESYS

CCF Common cause failure

Control

Builder Plus

PS501

Integrated engineering suite for ABB PLCs, including IEC 61131-3 editor

CODESYS, predecessor of Automation Builder

CPU Central processing unit

CRC Cyclic redundancy check. A number derived from and stored or transmitted

with a block of data in order to detect data corruption.

DC Diagnostic coverage

DPRAM Dual-ported random access memory

IEC International electro-technical commission standard

EDM External device monitoring signal, which reflects the state transition of an

actuator

EMC Electromagnetic compatibility

EN European norm (european standard)

EPROM Erasable programmable read-only memory

ESD Electro static discharge

ESPE Electro-sensitive protective equipment (for example a light curtain)

F-Host Data processing unit that is able to perform a special protocol and to service

the "black channel"

[3]

F-Device Passive communication peer that is able to perform the special protocol, usu-

ally triggered by the F-Host for data exchange

[3]

F-Parameter Fail-safe parameter as defined in

[3]

FAQ Frequently asked questions

FB Function block

FBD Function block diagram (IEC 61131 programming language)

Flash

memory

Non-volatile computer storage chip that can be electrically erased and reprog-

rammed

FV Fail-safe value

GSDML Generic station description markup language

ID Identification

IO controller Controller that controls the automation task in PROFINET context

Introduction

Definitions, expressions, abbreviations

2020/06/193ADR025091M0208, 12, en_US8

IO device Field device, monitored and controlled by an IO controller in PROFINET con-

text

iParameter Individual safety device parameter

LAD Ladder logic diagram (IEC 61131 programming language)

Loop-back The programmable routing feature of a bus device re-routes unintentionally an

F-Host message back to the F-Host, which expects a message of the same

length (refer to www.profisafe.net for further details).

LSB Least significant bit

MSB Most significant bit

MTBF Mean time between failures

MTTF Mean time to failure

Muting Muting is the intended suppression of the safety function. This is required, e.g.

when transporting the material into the danger zone.

NC Break contact. Normally-closed contacts disconnect the circuit when the relay

is activated; the circuit is connected when the relay is inactive.

NO Make contact. Normally-open contacts connect the circuit when the relay is

activated; the circuit is disconnected when the relay is inactive.

OEM Original equipment manufacturer

OSSD Output signal switching device

Passivation The passivation is the special state of safety I/O modules which leads to the

delivery of safe substitute values, which are ‘0’ values in AC500-S, to the

safety CPU.

PC Personal computer

PELV Protective extra low voltage

PES Programmable electronic system (refer to IEC 61508)

PFD Probability of failure on demand

PFH Probability of failure per hour

PL Performance level according to ISO 13849-1

PLC Programmable logic controller

POU Program organization unit

PROFIsafe Safety-related bus profile of PROFIBUS DP/PA and PROFINET IO for commu-

nication between the safety program and the safety I/O in the safety system

PROFINET Industrial technical standard for data communication over Industrial Ethernet

Proof Test

Interval

The proof test is a periodic test performed to detect failures in a safety-related

system so that, if necessary, the system can be restored as close as possible

to its previous new state. The time period between these tests is the proof test

interval.

PS Programming system

PTC Positive temperature coefficient

RAM Random access memory

Reintegration It is the process of switching from substitute values "0" to the process data.

Safety vari-

able

It is a variable used to implement a safety function in a safety-related system

SCA Safety code analysis - ABB software tool to automatically check CODESYS

Safety programming rules

SD card Secure digital memory card

Introduction

Definitions, expressions, abbreviations

2020/06/19 3ADR025091M0208, 12, en_US 9

SELV Safety extra low voltage

SFRT Safety function response time

SIL Safety integrity level (IEC 61508)

SILCL SIL claim limit (IEC 62061)

ST Structured text (IEC 61131 programming language)

SVT Safety Verification Tool - ABB software tool to verify the AC500-S safety config-

uration in Automation Builder

TÜV Technischer Überwachungs-Verein (technical inspection association)

TWCDT Total worst case delay time

ULP Unit in the last place, which is the spacing between floating-point numbers, i.e.,

the value the least significant bit represents if it is 1 (refer to

http://en.wikipedia.org/wiki/Unit_in_the_last_place for more details).

WLAN Wireless local area network

1.6 Functional safety certification

The AC500-S safety modules are safety-related up to SIL 3 according to IEC 61508:2010,

SILCL 3 according to IEC 62061:2015 and performance level e according to ISO 13849-1:2015,

as certified by TÜV SÜD Rail GmbH (Germany).

The AC500-S is a safety PLC which operation reliability is significantly improved compared to a

non-safety PLC using 1oo2 redundancy in the hardware and additional diagnostic functions in

its hardware and software. The embedded safety integrity diagnostic functions are based on the

safety standards current at the time of certification

TÜV SÜD Rail Certification Report for

AC500-S [2]. These safety integrity tests include test routines, which are run during the whole

operating phase, making the AC500-S safety PLC suitable for the safety machinery and

process applications up to SIL 3 according to IEC 61508:2010, SILCL 3 according to

IEC 62061:2015 and performance level e according to ISO 13849-1:2015.

NOTICE!

Please refer to TÜV SÜD Rail Certification Report for AC500-S

[2] for a com-

plete list of standards and further details, like versions of standards, etc.

The proof test interval for the AC500-S safety PLC is set to 20 years.

PFH, PFD, MTTFd, category and DC values from IEC 61508:2010, IEC 62061:2015 and

ISO 13849-1:2015 for AC500-S safety modules satisfy SIL 3, SILCL 3 and PL e requirements

Chapter 2.4 “Safety values” on page 17.

Introduction

Functional safety certification

2020/06/193ADR025091M0208, 12, en_US10

1.7 References / related documents

[1] - Creation of safety-oriented applications with CODESYS V2.3 - Document version 1.8

[2] - TÜV SÜD Rail Certification Report for AC500-S Safety PLC, Version - 2018 (or newer),

available at www.abb.com/plc

[3] - PROFIsafe - Profile for Safety Technology on PROFIBUS DP and PROFINET IO Profile

part, related to IEC 61784-3-3, Version 2.4, March, 2007 (or newer)

[4] - AC500 user documentation for Automation Builder / Control Builder Plus, available at

www.abb.com/plc

[5] - IEC 61131, 2003 (or newer), Programmable Controllers, Part 3 - Programming Lan-

guages

[6] - Computer Science and Engineering at University of California, Riverside, Chapter 14,

Ch14_Floating Point Calculations and its drawbacks.pdf

[7] - User Examples with PLCopen Safety Functions, Version 1.0.1, 2008 (or newer)

[8] - PROFIsafe System Description, Version - Nov. 2007 (or newer)

[9] - PLCopen Safety: Concepts and Function Blocks, Version 1.0, 2006 (or newer)

[10] - ISO 13849-1: Safety of machinery - Safety-related parts of control systems - Part 1: Gen-

eral principles for design, 2015 (or newer)

[11] - PROFIBUS Guideline: PROFIsafe - Environmental Requirements, V2.5, March 2007 (or

newer)

[12] - PROFIBUS Guideline: Communication Function Blocks on PROFIBUS DP and

PROFINET IO, V2.0, November 2005. Order No. 2.182 (or newer)

1.8 Applicable standards

Standard Date Title

IEC 61508 2010 Functional safety of electrical/electronic/programmable elec-

tronic safety-related systems

IEC 62061 2015 Safety of machinery - Functional safety of safety-related elec-

trical, electronic and programmable electronic control systems

ISO 13849-1 2015 Safety of machinery - Safety-related parts of control systems -

Part 1: General principles for design

IEC 60204-1 2016 Safety of machinery - Electrical equipment of machines - Part

1: General requirements

IEC 61496-1 2012 Safety of machinery - Electro-sensitive protective equipment

IEC 61511-1 2016 Functional safety - Safety instrumented systems for the

process industry sector - Part 1: Framework, definitions,

system, hardware and software requirements

IEC 61326-3-1 2017 EMC for functional safety

IEC 61131-2 2007 Programmable controllers - Part 2: Equipment requirements

and tests

ISA-71.04-2013

Harsh group A

2016 Environmental Conditions for Process Measurement and Con-

trol Systems - Airborne Contaminants

IEC 60721-3-3 2002 Classification of environmental conditions - Part 3-3: Classifi-

cation of groups of environmental parameters and their severi-

ties - Stationary use at weather protected locations

CISPR 16-1-2 2014 Specification for radio disturbance and immunity measuring

apparatus and methods - Part 1-2: Radio disturbance and

immunity measuring apparatus - Ancillary equipment - Con-

ducted disturbances

Introduction

Applicable standards

2020/06/19 3ADR025091M0208, 12, en_US 11

Standard Date Title

CISPR 16-2-1 2017 Specification for radio disturbance and immunity measuring

apparatus and methods - Part 2-1: Methods of measurement

of disturbances and immunity - Conducted disturbance meas-

urements

CISPR 16-2-3 2016 Specification for radio disturbance and immunity measuring

apparatus and methods - Part 2-3: Methods of measurement

of disturbances and immunity - Radiated

IEC 61000-4-2 2008 Electromagnetic compatibility (EMC) - Part 4-2: Testing and

measurement techniques - Electrostatic discharge immunity

test

IEC 61000-4-3 2010 Electromagnetic compatibility (EMC) - Part 4-3: Testing and

measurement techniques - Radiated, radio-frequency, electro-

magnetic field immunity test

IEC 61000-4-4 2012 Electromagnetic compatibility (EMC) - Part 4-4: Testing and

measurement techniques - Electrical fast transient/burst

immunity test

IEC 61000-4-5 2017 Electromagnetic compatibility (EMC) - Part 4-5: Testing and

measurement techniques - Surge immunity test

IEC 61000-4-6 2013 Electromagnetic compatibility (EMC) - Part 4-6: Testing and

measurement techniques - Immunity to conducted distur-

bances, induced by radio-frequency fields

IEC 61000-4-8 2009 Electromagnetic compatibility (EMC) - Part 4-8: Testing and

measurement techniques - Power frequency magnetic field

immunity test

EN 55011 2016 Industrial, scientific and medical equipment - Radio-frequency

disturbance characteristics - Limits and methods of measure-

ment (CISPR 11:2015, modified)

IEC 60715 2017 Dimensions of low-voltage switchgear and controlgear -

Standardized mounting on rails for mechanical support of

switchgear, controlgear and accessories

IEC 60068-2-1 2009 Environmental testing - Part 2-1: Tests - Test A: Cold

IEC 60068-2-6 2007 Environmental testing - Part 2-6: Tests - Test Fc: Vibration

(sinusoidal)

IEC 60068-2-27 2008 Environmental testing - Part 2-27: Tests - Test Ea and guid-

ance: Shock

IEC 60068-2-30 2005 Environmental testing - Part 2-30: Tests - Test Db: Damp heat,

cyclic (12 + 12 h cycle)

IEC 60068-2-52 2017 Environmental testing - Part 2-52: Tests - Test Kb: Salt mist,

cyclic (sodium chloride solution)

IEC 60068-2-64 2008 Environmental testing - Part 2-64: Tests - Test Fh: Vibration,

broadband random and guidance

IEC 60068-2-78 2012 Environmental testing - Part 2-78: Tests - Test Cab: Damp

heat, steady state

NOTICE!

Contact ABB technical support for further details.

Introduction

Applicable standards

2020/06/193ADR025091M0208, 12, en_US12

—

2 Overview of AC500-S safety PLC

2.1 Overview

The AC500-S is realized as 1oo2 system (both safety CPU and safety I/O modules) and can be

used to handle safety functions with SIL 3 (IEC 61508), SILCL 3 (IEC 62061) and PL e

(ISO 13849-1) requirements in high-demand systems of safety machinery applications and low-

demand systems of safety process applications. 1oo2 system includes two microprocessors.

Each of them executes the safety logic in its own memory area and both compare the results of

the execution at the end of each cycle. If a mismatch in the execution or an error is detected,

the system goes to a safe state, which is described for each of the safety modules separately.

2.1.1 System

The AC500-S safety PLC is an integrated part of AC500 platform with a real common look &

feel engineering approach. Due to a tight integration in AC500 PLC platform, the generic AC500

system characteristics (mechanics, programming, configuration etc.) are also valid for AC500-S

safety modules.

All non-safety AC500 modules are considered to be interference-free modules for AC500-S

safety PLC. In contrast to safety modules, interference-free modules are not used to perform

safety functions. A fault in one of these modules does not influence the execution of the safety

functions in a negative way.

The term "integrated safety" applied for AC500-S safety PLC and AC500 platform means:

● One PROFINET IO fieldbus is used for safety and non-safety communication.

● The same engineering environment with real look & feel is used for both safety and non-

safety programming.

● The same hardware and wiring look & feel is used within safety and non-safety modules.

● The same diagnostics concept is used for safety and non-safety modules.

Overview of AC500-S safety PLC

Overview > System

2020/06/19 3ADR025091M0208, 12, en_US 13

Fig. 1: Overview on ABB’s AC500 family with safety and non-safety modules

1Non-safety communication module

AC500 covers all common communications standards, such as Ethernet, EtherCAT,

PROFINET IO, PROFIBUS DP, CANopen, DeviceNet, Modbus TCP, Modbus serial, Serial,

ABB CS31 and PROFIsafe via PROFINET. Combinable to form optimally scaled network

nodes, ABB’s AC500 is suitable for both small-scale applications and large-scale industrial

systems.

2Safety CPU

Safety CPUs certified up to SIL 3 (IEC 61508), SILCL 3 (IEC 62061) and PL e

(ISO 13849-1). An array of features such as system diagnostics provided via LEDs and

onboard display of non-safety CPUs provides the added diagnostic concept required for

integrated safety.

3Non-safety CPU

ABB’s complete AC500 range of non-safety CPUs can be used with safety CPU to create

customized solutions - even for the most challenging requirements. The programming of

safety and non-safety applications is offered via a non-safety PLC interface.

4Safety I/O module

Safety I/O modules certified up to SIL 3 (IEC 61508), SILCL 3 (IEC 62061) and PL e

(ISO 13849-1). Features such as channel-wise error diagnostics and the flexibility to choose

between channel-wise or module switch-off in case of channel error make working safely

easier.

5Non-safety I/O module

With ABB’s non-safety I/O modules, the complete S500 and S500-eCo I/O module range

can be connected to the non-safety PLC. A wealth of functions in AC500 configurable I/O

modules allows getting the customized and low-priced solutions to optimize industrial appli-

cations.

2.1.2 Safety components

The AC500-S safety PLC includes the following safety-related hardware components.

Overview of AC500-S safety PLC

Overview > Safety components

2020/06/193ADR025091M0208, 12, en_US14

SM560-S

DIAG

PWR

RUN

I-ERR

E-ERR

ADDR

x10H

ADDR

x01H

Safety CPU (safety module) for up to SIL 3 (IEC 61508), SILCL 3 (IEC 62061) and PL e

(ISO 13849-1) safety applications.

DI581-S

UP 24VDC 5W 16SDI

Safety Digital Input 24VDC

3.8UP

3.9ZP

3.7

3.0T4

3.1

3.2T5

3.3

3.5

3.4T6

3.6T7

ERR2

4.9ZP

4.2I10

4.0I8

4.1I9

4.3I11

4.4I12

4.5I13

4.6I14

4.7I15

4.8UP

ERR1

2.9ZP

2.2I2

2.0I0

2.1I1

2.3I3

2.4I4

2.5I5

2.6I6

2.7I7

2.8UP

PWR

1.9ZP

1.8UP

1.7

1.0T0

1.2T1

1.3

1.1

1.5

1.4T2

1.6T3

ADDR

x01H

ADDR

x10H

Safety binary input module DI581-S with 16 safety input channels (up to SIL 2 or PL d) or 8

safety input channels (up to SIL 3 or PL e) with 8 test pulse output channels.

DX581-S

3.8UP

3.9ZP

3.7

3.0T2

3.1

3.2T3

3.3

3.5

3.4

3.6

UP 24VDC 100W 8SDI 8SDO

Safety Digital Input 24VDC

Safety Digital Output 24VDC 0.5A

ERR2

4.9ZP

4.2I6

4.0I4

4.1I5

4.3I7

4.4O4

4.5O5

4.6O6

4.7O7

4.8UP

ERR1

2.9ZP

2.2I2

2.0I0

2.1I1

2.3I3

2.4O0

2.5O1

2.6O2

2.7O3

2.8UP

PWR

1.9ZP

1.8UP

1.7

1.0T0

1.2T1

1.3

1.1

1.5

1.4

1.6

ADDR

x10H

ADDR

x01H

Safety binary input/output module DX581-S with 8 safety output channels (up to SIL 3 or PL e)

and 8 safety input channels (up to SIL 2 or PL d) or 4 safety input channels (up to SIL 3 or PL e)

with 4 test pulse output channels.

SM560-S /

SM560-S-FD-1 /

SM560-S-FD-4

DI581-S

DX581-S

Overview of AC500-S safety PLC

Overview > Safety components

2020/06/19 3ADR025091M0208, 12, en_US 15

AI581-S

UP 24VDC 2W 4SAI

Safety Analog Input

3.8UP

3.9ZP

3.4

3.7

3.0I2-

3.1FE

3.2I3-

3.3FE

3.5

3.6

ERR1

2.9ZP

2.8UP

2.3

2.4

2.5

2.1

2.7

2.6

2.2I1+

2.0I0+

ERR2

4.9ZP

4.8UP

4.7

4.2I3+

4.0I2+

4.6

4.5

4.4

4.3

4.1

PWR

1.9ZP

1.8UP

1.7

1.4

1.0I0-

1.2I1-

1.3FE

1.1FE

1.5

1.6

ADDR

x10H

ADDR

x01H

Safety analog input module AI581-S with 4 safety current input channels 0 ... 20 mA (up to

SIL 2 or PL d) or 2 safety current input channels (up to SIL 3 or PL e).

The following interference-free component shall be used for mounting safety I/O modules:

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.8

2.9

3.0

3.1

3.2

3.3

3.4

3.5

3.6

3.7

3.8

3.9

4.0

4.1

4.2

4.3

4.4

4.5

4.6

4.7

4.8

4.9

Spring-type terminal unit TU582-S for safety I/O modules.

2.2 Intended use

The user shall coordinate usage of ABB AC500-S safety components in his applications with

the competent authorities and get their approval. ABB assumes no liability or responsibility for

any consequences arising from the improper use:

● Non-compliance with standards and guidelines

● Unauthorized changes to equipment, connections and settings

● Use of unauthorized or improper equipment

● Failure to observe the safety instructions in this guide

AI581-S

TU582-S

Overview of AC500-S safety PLC

Intended use

2020/06/193ADR025091M0208, 12, en_US16

2.3 Safety loop

The safety loop, to which the AC500-S safety PLC belongs, consists of the following three parts:

sensors, safety PLC and actuators.

~35 % of safety loop PFH ~1 5 % of safety loop PFH ~50 % of safety loop PFH

Safety loop

Safety PLC

Sensor Safety CPU

Module

Safety Input

Module

Safety Output

Module Actuator

Fig. 2: Typical safety loop with AC500-S safety PLC

For the calculation of the PFH/PFD values of an exemplary safety system, a maximum of 15 %

is assumed for the safety PLC.

2.4 Safety values

Table 1: The following safety values shall be used for AC500-S safety modules:

Type SIL(1)

SILCL(2)

PL(3) DC(4) MTTFd(5) PFHd(6) PFHd(7) PFDg(8) T1(9) SFF(10) b(11)

SM560-S(-XC) /

SM560-S-FD-1(-

XC) / SM560- S-

FD-4(-XC)

3 e 97 1280 1.90E-09 8.95E-11 7.90E-06 20 98 2

AI581-S(-XC) 3 e 97 920 2.95E-09 4.50E-10 3.80E-05 20 99 2

DI581-S(-XC) 3 e 95 2270 1.45E-09 4.40E-10 3.70E-05 20 98 2

Inputs of

DX581-S(-XC)

3 e 94 2250 1.45E-09 4.50E-10 3.80E-05 20 98 2

Outputs of

DX581-S(-XC)

with parameter

Detection =

"On"

3 e 94 1985 1.60E-09 4.50E-10 3.80E-05 20 99 2

Outputs of

DX581-S(-XC)

with parameter

Detection = "Off"

2 d 85 200 1.19E-08 1.08E-08 4.70E-04 20 on

request

Overview of AC500-S safety PLC

Safety values

2020/06/19 3ADR025091M0208, 12, en_US 17

(1) - SIL (safety integrity level) according to IEC 61508

(2) - SILCL (safety integrity level claim limit) according to IEC 62061

(3) - PL (performance level) according to ISO 13849-1

(4) - Diagnostic coverage, % (refer to ISO 13849-1)

(5) - Mean time to failures (years) dangerous according to ISO 13849-1

(6) - Probability of dangerous failure per hour according to IEC 62061

(7) - Probability of dangerous failure per hour according to IEC 61508 (High demand mode)

(8) - Average probability of failure to perform its design function on demand according to

IEC 61508 (Low demand mode)

(9) - Proof test interval - mission time - lifetime years

(10) - SFF (safe failure fraction), % according to IEC 61508

(11) -b (beta factor), % for common cause failures according to IEC 61508

DANGER!

The average temperature (MTBF calculation base) for both the extended tem-

perature range (-40 ... +70 °C) as well as for normal temperature range

(0 ... +60 °C) is defined to +40 °C.

Ensure that average operating temperature for used AC500-S modules does

not exceed +40 °C.

2.5 Qualified personnel

AC500-S safety PLC may only be set up and used in conjunction with this documentation.

Safety application engineer of AC500-S safety PLC

Commissioning and operation of AC500-S safety PLC may only be performed by the qualified

personnel who is authorized to commission safety devices, systems and circuits in accordance

with established functional safety practices and standards.

The following basic knowledge of AC500 system is required to correctly understand this

AC500-S safety user manual:

● AC500 automation system

● Automation Builder / Control Builder Plus programming environment (system configuration

and programming in ST, LAD and FBD programming languages).

2.6 Lifecycle

All AC500-S safety modules have a maximum life of 20 years. This means that all AC500-S

safety modules shall be taken out of service or replaced by new AC500-S safety modules at

least one week before the expiry of 20 years (counted from the date of delivery by ABB).

2.7 Installation of safety modules

The following rules shall be taken into account for installing safety modules:

● The installation must be done according to the documentation with appropriate facilities and

tools.

● The installation of the devices may be done only in de-energized condition and carried out

by the qualified personnel.

Overview of AC500-S safety PLC

Installation of safety modules

2020/06/193ADR025091M0208, 12, en_US18

● The general safety regulations and applicable national safety regulations shall be strictly

observed.

● The electrical installation shall be carried out in accordance with relevant regulations.

● Take the necessary protective measures against static discharge.

2.8 Exchange of modules

SM560-S / SM560-S-FD-1 / SM560-S-FD-4 safety CPU automatically detects an exchange of

safety I/O modules during the system start-up. The overall system (safety CPU and PROFIsafe

features of unique addresses for safety devices

[3]) provides a mechanism to automatically

ensure that exchanged safety modules are operated with correct parameters and incompatible

module types are rejected. No unsafe state is possible if wrong safety I/O module type is put on

the given terminal unit TU582-S.

2.9 AC500-S restart behavior

When SM560-S / SM560-S-FD-1 / SM560-S-FD-4 safety CPU is restarted using powering

off/on, the previously saved error information is lost. The safety I/O modules receive their

parameter sets each time during system start-up. The safety CPU is able to reintegrate safety

I/O modules using PROFIsafe start-up behavior

[3]. If your process does not allow an

automatic start-up after powering off/on, you must program a restart protection in the safety pro-

gram. The safety process data outputs must be blocked until manually acknowledged. These

safety outputs must not be enabled until it is safe to do so and faults were corrected.

2.10 Replacing AC500-S safety PLC components

When replacing software components on your programming device or PC with a newer version,

you must observe the notes regarding upward and downward compatibility in the documentation

and readme files for these products.

Hardware components for AC500-S (safety CPU and safety I/Os) are replaced in the same way

as in a non-safety AC500 automation system.

2.11 Environmentally friendly disposal

All AC500-S safety components from ABB are designed with a minimal environment pollution

effect. To enable environmentally friendly disposal of AC500-S safety components, they can be

partially disassembled to separate various components from each other. Disposal of those

materials shall be done in accordance with applicable national and international laws.

2.12 Safe communication

Safety data are transferred between safety CPU and safety I/Os using PROFIsafe profile

[3].

SM560-S / SM560-S-FD-1 / SM560-S-FD-4 safety CPU needs a non-safety CPU to communi-

cate to safety I/O modules. All safety-related communication takes place through the non-safety

CPU using a "black channel" principle of data transmission

[3].

The communication of safety CPU to remote safety I/O modules is done using PROFINET IO

field bus with a PROFIsafe profile for safe data transmission

[3]. Safety and non-safety I/O

modules can be mixed on a local I/O bus both in central and remote configuration. PROFINET

IO controller communication module (CM579-PNIO) shall be used on non-safety CPUs as a part

of the "black channel" to transfer safety data to PROFINET IO devices. PROFINET devices

CI501, CI502, CI504 and CI506 can be used to attach safety I/O modules in remote configura-

tions.

Overview of AC500-S safety PLC

Safe communication

2020/06/19 3ADR025091M0208, 12, en_US 19

Fig. 3: Possible AC500-S system setup with PROFINET/PROFIsafe for remote safety I/Os, sensors and actuators

PROFINET/PROFIsafe communication between AC500-S safety CPUs is supported using

CM589-PNIO(-XC) and/or CM589-PNIO-4(-XC) PROFINET IO device communication modules

together with SM560-S-FD-1(-XC) and/or SM560-S-FD-4(-XC) safety CPUs with F-Device func-

tionality on one side and CM579-PNIO(-XC) with any AC500-S safety CPU on the other side

(Fig. 4 on page 21). SM560-S-FD-1(-XC) and SM560-S-FD-4(-XC) safety CPUs are able to

exchange up to 384 bytes of safety data with F-Hosts (3rd party PROFIsafe F-Hosts are sup-

ported as well) using PROFINET/PROFIsafe. SM560-S-FD-1(-XC) with F-Device(s) supports

safe communication to maximum one F-Host. SM560-S-FD-4(-XC) with F-Device(s) supports

safe communication to maximum four F- Hosts. Fig. 4 shows that using SM560-S-FD-1 and

SM560-S-FD-4 safety CPUs with additional F-Device functionality one can establish safe CPU

to CPU communication between different control stations on PROFINET/PROFIsafe. SM560-S-

FD-4 safety CPUs can simultaneously communicate not only with 1 IO controller/F-Host

(Master) but with up to 4 IO controllers/F-Hosts (Masters). In addition to SM560-S-FD-1 and

SM560-S-FD-4 safety CPUs, CM589-PNIO and CM589-PNIO-4 PROFINET IO device commu-

nication modules are needed to establish PROFINET connectivity as "black channel", respec-

tively, to 1 or up to 4 PROFINET IO controllers.

Overview of AC500-S safety PLC

Safe communication

2020/06/193ADR025091M0208, 12, en_US20

Other manuals for AC500-S

Table of contents

Popular Industrial Equipment manuals by other brands

MAHLE

MAHLE ACX2281 Operation manual

Planeta

Planeta HD3N-EX Operation and maintenance manual

ATI Technologies

ATI Technologies Axia Series manual

Alemite

Alemite 8595-C Service guide

Hypertherm

Hypertherm Abrasive pot instruction manual

Fremco

Fremco MicroFlow TOUCH operating manual

Milnor

Milnor 7676TG1L/R Installation

Zimmer

Zimmer GEH8660-B Installation and operating instructions

Mold-Masters

Mold-Masters Hot Runner user manual

Aerotech

Aerotech PlanarDLA Series Hardware manual

Siemens

Siemens TS1 manual

Limitorque

Limitorque LY Series Installation and Maintenance

Wise

Wise L400 manual

Eclipse

Eclipse ecoflex ECO-100 Operation and maintenance guide

SAC

SAC MAXI-MIXER 4700 TRAILER Operator's manual

Siemens

Siemens SINAMICS G110M Getting started

DANA

DANA BREVINI EvoMax Installation and maintenance manual

Index

Index G220 Operating instructions and Maintenance instructions

ABB AC500-S User manual

Popular Industrial Equipment manuals by other brands