Safety Integrated for Process Automation

Safety Integrated for Process Automation is the comprehensive range of products and services from Siemens for safe, fault-tolerant applications in the process industry. This is characterized by:

• Safety-related F/FH automation systems of the S7‑400 series (see "Automation Systems" section)
• Safe communication with the PROFIsafe profile via PROFIBUS (see section "Industrial Communication, PROFIBUS") or PROFINET (see section "Industrial Communication, PROFINET")
• Fail-safe transmitters (SITRANS P DS III) on the PROFIBUS PA with PROFIsafe (see Catalog FI 01, Field devices for process automation)
• ET 200SP HA, ET 200iSP and ET 200M distributed I/O systems with safety-related F‑I/O modules/submodules (see "Process I/O" section)
• Fail-safe process instruments/devices for connection to ET 200 distributed I/O systems (see Catalog FI 01, Field Instruments for Process Automation)
• SIMATIC Safety Integrated software for implementation and operation of safety applications, with additional components for the Engineering System and the operator stations: SIMATIC S7 F systems, SIMATIC S7 Safety Matrix
• Special applications, for example, Partial Stroke Test
• Safety Lifecycle Management with support by highly qualified solution partners: services for all phases in the lifecycle of a safety instrumented system (analysis, implementation, and operation)

Safety Integrated for Process Automation enables full integration of safety technology in the SIMATIC PCS 7 process control system. The Basic Process Control System (BPCS) and Safety Instrumented System (SIS) combine seamlessly to form a uniform and innovative complete system. The advantages of this fusion are quite clear:

• One common controller platform
• One common engineering system
• No separate safety bus – standard and safety-related communication take place on the same fieldbus (PROFIBUS/PROFINET with PROFIsafe)
• Mixed operation of standard and safety-related I/O modules in SIMATIC ET 200SP HA, SIMATIC ET 200iSP and SIMATIC ET 200M remote I/O stations
• Integrated data management – no complex data exchange between BPCS and SIS
• Integration of safety-related applications into process visualization on the operator station
• Automatic integration of safety-related fault messages with time stamping into the process control system
• Integration of safety-related hardware into the asset management with the SIMATIC PCS 7 Maintenance Station for diagnostics and preventive maintenance

The PROFIsafe profile enables safety-related communication between the automation system (controller) and the process I/O via both PROFIBUS and PROFINET. The decision for choosing either PROFINET IO or the PROFIBUS DP/PA fieldbuses has a significant influence on the architecture of the safety-related system.

Safety-related design versions with PROFIBUS

In the case of a safety-related system with PROFIBUS communication integrated into SIMATIC PCS 7, a distinction is made across all architecture levels between two design versions:

• Single-channel, non-redundant design
• Redundant, fault-tolerant design

Both design versions are extremely variable, and offer a large scope for different customer requirements. Standard automation (basic process control) and safety-related functions can be combined flexibly, not only in the area of distributed I/O. Even at the controller level, they can be combined in one system or separated. In addition, there are numerous possibilities arising from the use of flexible modular redundancy.

Safety-related design versions with PROFIBUS

At the individual architecture levels (controller, fieldbus, I/O), you have the configuration alternatives shown in the figure in line with the I/O used (ET 200SP HA, ET 200iSP, ET 200M remote I/O stations or PROFIBUS PA devices with PA profile 3.0 or higher).

Safety-related design versions with PROFINET

Safety-related AS single stations (F systems) and AS redundancy stations (FH systems) from the S7‑400 series can be networked simply and effectively with remote I/O stations via PROFINET IO. For this purpose, the PN/IE interface integrated in the CPU and the corresponding PROFINET interface module in the remote I/O stations (e.g. IM 155-6 PN HA for ET 200SP HA) are available on the automation system side.

The availability of the I/O devices on an AS Single Station (F-system) can be increased by a ring topology with media redundancy. If the transmission link in the ring is interrupted at one point, for example, due to a break in the ring cable or the failure of a station, the redundancy manager then immediately activates the alternative communication path.

Safety-related PROFINET IO communication with media redundancy

The maximum availability with minimum fault reaction times is achieved by the AS redundancy station (FH system) in conjunction with the redundant PROFINET configuration R1. From the CPUs of the H system onwards, the R1 devices are connected via two separate line structures. In order to increase availability, we recommend reverse cabling (as shown in the blueprint). In contrast to the single-sided I/O device connection to only one CPU, failure of a CPU in this case does not automatically lead to failure of the connected I/O devices.

Safety-related PROFINET IO communication with system redundancy