Safety Developer
Safety Developer Engineering-Tool

For the security relevant engineering steps the SolutionCenter contains the Safety Developer that includes all tools required for safety-related programming in accordance with IEC 61508 and PLCopen. Safety Developer has been developed and certified in close collaboration with TÜV.
All the methods required for logging and the machine manufacturer´s duty of verification are integral: password management, fail-safe program transmission, tamper-proof logging on the target device, documentation of the safety program and all software components used, unique identification of the safety modules and the programming itself.
Features
- Integrated in the SolutionCenter all-in-one engineering tool
- Full-graphic Function Block Diagram editor with autorouting
- Certified safety modules in accordance with PLCopen Safety
- Standard modules for logical links, timer and arithmetic operations acc. to IEC 61131-3
- Color coding of secure and insecure signal flow
- Grouping of circuit parts for repeat use (compounds)
- Adjustable test depth for the project translation
- Variable monitoring, value simulation and break points
- Bidirectional exchange of values between secure and insecure controller
- Open application programming interfaces (PLC, C, C++) for online monitoring, evaluation and connection of user-defined tools
- Unique identification of the safe hardware
- Configuration of the clocked self-monitoring of inputs/ outputs
- Communication to safe hardware via Ethernet (M200) or serial
- Certified redundant program download
- Logging of the acceptance state in PDF format
- Direct connection to version management
- Online monitoring of all I/Os also in safe operating mode
Programming in Accordance with PLCopen Safety
The safety application is programmed in a free-graphic function block diagram editor (Safety Editor) acc. to IEC 61131-3. The module set includes a library of safety modules that have been strictly implemented, tested, and certified in accordance with the PLCopen Safety standard. For the additional logic required, standard modules such as timers, arithmetic and logical operations are available.
The application program can be organized in separated functional units and sub programs in order to structure the program. The execution sequence of the modules is presented graphically and can be corrected by the user. Redundant hardware inputs are summarized via equivalence or antivalence blocks and subsequently presented as a safe signal in the program. The data types bool, integer and time, are supported.
Logging
The verification obligation is supported in different ways. A project report can be generated for logging the acceptance, which graphically displays the entire program code, exports all project settings, the safety scripts and its own acceptance tables for on-site commissioning. The tamperproof logbook of the Safety Controller logs each security relevant change in the system, such as the download of a changed program. Thus every access is traceable with user name, date and time.
Optionally, the entire project can be stored on the Safety Controller and can be opened and further processed from the there. Additional customized information, such as author, version history and additional comments can be stored for each network.
Hardware Configuration
In addition to the tools for variable selection, programming, and logging, the safe hardware can also be directly configured in the Safety Developer. This includes not only assignment of unique channel names, but particularly also allocation of the controller to the project, the adding of additional safe I/O modules, and specification of test intervals for clocked lines, which then are tested automatically by the hardware for short circuit, cross-connection and external voltage. Safety-relevant, required unique module identification that excludes the possibility of swapping modules after a service deployment is also executed directly in the Safety Developer.
Communication between Safety Developer and the control system for program download, diagnostics and configuration is executed conveniently via the Ethernet Interface of the M200 control system. Alternatively, communication can also be executed directly with the Safety Controller via a serial RS232 interface, which also enables the use of the Safety Controller as a stand-alone solution without a surrounding control system.