Automation systems for controlling a technical process or a technical plant, are known to specify control of safety critical process or plant components separately from non-safety critical components. The modules specified for this purpose such as safety oriented controllers and safe input/output modules connected thereto, also called I/O safety modules, are disclosed, for example, in DE 10 2004061 013 A1. The input/output modules described therein have additionally, apart from control interfaces, means for monitoring the redundantly designed field device access modules integrated in the input/output modules, wherein the field device access module is connected to the monitoring means by means of one of the control interfaces and the monitoring means communicates with a controller via further control interfaces. The field device access modules are designed, for example, as standard modules for detecting process data.
Further safe input/output modules are described in EP 1 703 346 A2 and U.S. Pat. No. 7,319,406 B2. The safety modules operating as input/output units, shown there, have no further non safety oriented communication board for transmitting secure and non-secure data from/to a central processing unit. Thus, a simple option for defining a standard interface for secure and non-secure input/output modules is missing in the above mentioned systems.
It is also often difficult to separate the safety critical functions unambiguously from the non-safety critical functions.
The secure input/output modules described above are not suitable for application in modularly constructed control systems as described, for example, in DE 102004056363 A1 or, respectively, can only be integrated into an existing modularly constructed control system by means of an additional hardware and development expenditure.