PCS7 SIMATIC SAFETY MATRIX

Goal

The goal of writing an article on PCS7 Simatic Safety Matrix is to instruct you on creating a safety matrix with the help of an example. I will keep it as simple as possible. By the end of the article, you will have the skills to effectively work on a PCS7 Safety Matrix. In the next article, I will delve into more detail to clarify concepts such as the acknowledgment of spare channels, SIL (safety integrity level), and other aspects of the Simatic Safety Matrix.

Pre-requisites

The learner should possess basic knowledge of PCS7 environments. He or she should be familiar with hardware configuration, components view, plant view, CFC, driver channels, block icons, picture and symbol tables. A foundational understanding of these concepts is essential.

Why Simatic Safety Matrix?

Simatic Safety Matrix is a tool that helps us program safety protocols effortlessly. It automatically generates logic with fail-to-safe channel drivers, eliminating the need for analog scaling. It provides alarms for the matrix, cause, and effect. The Safety Matrix is an integrated tool for all activities, including maintenance, error handling, and change management during operation.

Let's get started to create the Simatic Safety Matrix.

Let's begin creating the Simatic Safety Matrix with the following step-by-step instructions:

Task:

For the example, we have following cause and effect.

Causes:

• FIT-1001 have range 0-3016 GPM.
• FIT-2002 have range 0-3016 GPM.
• FIT-3003 have range 0-3016 GPM.
• LIT-1001 have range 0-900 MM.
• LIT-1002 have range 0-900 MM.
• LIT-1003 have range 0-900 MM.
• XL-1001A have effect at FALSE.
• XL-1001B have effect at FALSE.

Effect:

• P1-A will trip at 2016.5 GPM by FIT-1001.
• P1-B will trip at 2016.5 GPM by FIT-2002.
• P2-A will trip at 2016.5 GPM by FIT-3003.
• P2-B will trip at 800 MM by LIT-1001, LIT-2002, LIT-3003 (2oo3).
• P3-A will trip at FALSE by OR-GATE of XL-1001A and XL-1001B.

Hardware Configuration:

Siemens employs special cards for safety programs, commonly referred to as F-cards or fail-safe cards. Typically, these cards are designated with an 'F' in their names, such as SM 326 10F-DQ, S7-300 SM 336 F 6AI, etc. We use safety cards because in PCS7 we have to safety driver channels. Also, we have use CPU which have fail-safe capability as show in given picture.

In the following example, I will use the following hardware configuration:

1. CPU 410-5H Order Number 6ES7 410-5HX08-0AB0 Version 8.1
2. IM 153-2 Order Number 6ES7153-2BA10-0XB0
3. SM 326 10F-DQ Order Number 6ES7326-2BF10-0AB0
4. SM 336 F 6AI 15 Bit Order Number 6ES7336-4GE00-0AB0
5. SM 336 F 24DI Order Number 6ES7336-1BK02-0AB0

In Siemens hardware configuration for CPU, we have added password for safety program in Protection tab as shown in given picture.

Safety Cards Properties:

Open card properties and select address tab, change process image OB1 to PP1 which is 100ms timer interrupt, do it for all cards as shown in picture.

After hardware configuration, your hardware will look like this as shown in picture.

Symbol Table:

Create CFC:

You have to create the CFC folder by right click on S7 program folder in Simatic manager. We have to create empty CFC for each cause and effect as shown in picture.

Why are we creating empty CFC's?

Because when will we inserting cause and effect in Safety Matrix then we will select CFC for each cause and effect to generate alarm blocks. Don't worry, your confusion will clear, when we will be creating Safety Matrix. Just keep in mind that we have to create empty CFCs for each cause and effect.

Because after created Simatic Safety matrix when we will transfer then the alarm block will generate in each CFC as shown in picture.

When will we transfer Safety Matrix then three types of blocks create. we will learn, when we transfer Safety Matix.

Create Matrix:

First of all, you have to create the Matrix folder by right click on S7 program folder in Simatic manager as shown in picture.

Open Matrix folder and insert new Matrix by right click and select insert new object as shown in picture.

Familiarize with Simatic Safety Matrix Environment:

Let's talk about environment of Simatic Safety Matrix. As you open Matrix you will see chart as shown in picture.

Click on Edit and open properties then the properties window will open assign title, project name and description. At the end of properties window above the OK button in general tab, you will find Matix Cycle Time (ms), click on drop down menu button and select OB35 which is 100ms time cycle as shown in picture.

Note: If you remembered, we early in HW configuration assign PIP1 which is 100ms time cycle. If the hardware cycle miss-match with matrix time cycle, then the error will occur.

Click on Alarms tab in properties window and check the placing of cause and effect, placing of matrix, enable matrix messages and enable matrix group messages and click OK as shown in picture.

Note: If you don't check, you will not be able to find alarms tab while placing cause and effect.

After that click on view then customize then layout, customize layout window will open, check on Highlights Bars and Intersection Tooltip as shown in picture.

This will enable you to highlight intersection of cause and effect.

Create Cause and Effect:

Note: To start inserting cause and effect you have to create Symbol table and make HW configuration, we have done above.

As you can see that cause have columns of Input tag, Func, Limit/Trip, Unit and Cause description. you will familiarize after inserting cause.

Double click on row of Input tag, then Cause detail window will open, you will find at bottom of window Input type, Number of inputs, Function Type and Alarm profile as shown in picture.

If you will select Discrete, then it will show only digital input signal from Symbol Table when we select tag with the help of I/O button.

If you will select Analog, then it will show only analog input signal from Symbol Table when we select tag with the help of I/O button.

In Number of Inputs, we can select up to three signals, and then by using Function type we can make logic by using AND-Gate or OR-Gate.

Let's put comments (For Note only).

Double click on row of Input tag, then select Note Only in Function Type and write FIT in description and click OK. It will create comments on selected row of cause as shown in picture.

Double click on next row of Input tag, then select Analog in Input Type after that click of I/O button and select the FIT-1001 which is our cause to trip pump and check on with monitoring then click OK. By check monitoring we can see the status of FIT-1001 signal in CFC which we can use in our logic. If you are confusing why we selected with monitoring? Don't worry we will learn when we transfer the matrix charts. you can edit description also if you want as shown in picture.

Click on three dots button than channel driver window will open, where you will put High and Low range of FIT-1001. It will automatically scale the analog values as shown in picture.

In Analog Parameter tab, we will assign value of Limit when pump should be trip, pre-alarm value, inserting unit in Unit text box and select Low trip or High trip type. In our example we will use parameters as shown in picture.

In Option tab, you will find time delays to trip pump. In our example we will select none. In right bottom corner, you will notice check mark on Auto Acknowledgement. It will auto acknowledge cause in simple words it will reset cause automatically, but the effect will remain the same. The effect will only reset or acknowledge when operator make it. we will use default setting in Option tab as shown in picture.

In Alarm tab we will assign CFC for each cause. In our cause we will assign FIT-1001 CFC. In above maybe you have confusion when we are creating empty CFC for each cause and effect. By assigning CFC it will generate alarm block at specific place where we can further use in logic. After assignment CFC select ok as shown in picture.

Effect:

Now click of output tag to place effect. The effect window will open. Click on I/O button, then select tag to trip pump P-1A with check monitoring and click OK as shown in picture.

Write STOP in Action textbox and SIL level 2 as shown in picture.

In Option tab you will find Reset/Override tag click on I/O button, select I/O window will open. Select External channel and write ESD_RESET, it will generate in matrix object block an input to reset effect, we will when we transfer the matrix, click OK as shown in picture.

In Alarm tab, assign its CFC and then click OK after inserting effect, your effect will look like this as shown in picture.

Now double click on intersection of cause and effect then Intersection Details window will open, select S-Stored to hold trip as shown in picture.

Congratulations, you have entered your first cause and effect. Repeat for your all cause and effect then your safety matrix chart will look like shown in picture.

XL-1001A and XL-1001B are digital alarms input, you can use up to 3 digital input to make logic with AND-GATE and OR-GATE. In this example we are using OR-GATE to trip Pump P3-A. The P3-A will trip if any of them will FALSE. In Simatic Safety Matrix for digital input is FALSE. If you check Energize-to-Trip, it will trip on TRUE value. In this example we are using FALSE as shown in picture.

For analog input LIT-1001, LIT-2002 and LIT-3003 we are using as 2oo3 which means if any two get value of 800 MM, then the pump will trip as shown in picture.

Transfer Matrix:

Now click on File and click on save. After saving it will automatically open Transfer window after some seconds, before transfer first time, it asks to enter password and then transfer window will open, then click OK as shown in picture.

Work on CFC:

After transferred Simatic Safety Matrix, you will find CFC of matrix name with yellow color in Components View as shown in picture.

As you open Matrix(1) CFC you can see the that two blocks have been created as shown in picture.

If you noticed, its show our cause-and-effect tag names. Because of with monitoring. if we don't select with monitoring while inserting tags in cause and effect then we can't see those tags which generated by these two blocks. we can use these tags for further logic designing. Also noticed that you will find ESD_RESET tag which we assign during output tag assigning of effect. This is external tag means we can give it signal from CFC logic to reset effect.

If you open your first block by double click, you can the whole logic is designed by Simatic Safety Matrix with driver channel as shown in picture.

Also, as you open CFC of your cause and effect, you can see that alarm block generated in each CFC. If you open CFC of FIT-1001 you will see alarm block as shown in picture.

Further, if you double click on alarm block, you can see logic as shown in picture.

Congratulations! With these steps, you are now equipped to successfully create the Simatic Safety Matrix.