1. Field of the Invention
The invention relates to industrial safety devices and, more particularly, to a method for controlling a safety-oriented industrial automation component, and to a controller for a safety-oriented industrial automation component.
2. Description of the Related Art
In industrial automation components, such as “CPUs” or “controllers”, a distinction is made between conventional automation components and so-called failsafe automation components or “F-CPUs”. Failsafe automation components are used wherever the health or life of people (or animals) may be adversely affected, or where there is the threat of a large amount of environmental or material damage in the event of failure or in the event of a malfunction. Such failsafe systems and controllers are regularly based on a hardware architecture in which the most important components are of redundant (i.e., duplicative) design. Furthermore, in the case of such components, it must also be ensured that the software meets the imposed safety requirements.
In failsafe industrial automation components, a multiplicity of parameters are regularly held with associated values (“data”) which must be changed by other automation components, i.e., controllers, during ongoing operation. These controllers, which are often themselves not failsafe components, communicate with the failsafe automation components for this purpose. Here, faults may occur, both in the “non-failsafe”controller and on the communication link, between the controller and the failsafe automation component, which faults influence the data to be transmitted, i.e., the information that changes the values of the parameters in the industrial automation component, such that erroneous values occur for the parameters of the failsafe automation component.
Particular effort when controlling failsafe automation components, i.e., the inputting and changing of values, parameters and instructions, involves having to provide a control station (“F-controller”) constructed according to the same safety standards and also having to provide likewise safe data transmission between such a control station and the failsafe automation component.