PROFIsafe
…is the leading technology for discrete manufacturing and process automation when exchanging functional safety-relevant data. With several million nodes installed, PROFIsafe technology has proven itself in the market as leading technology for functional safety communication.
The PROFIsafe Policy provides a set of rules for the PROFIBUS/PROFINET community in order to define a high quality level of PROFIsafe products and services through:
- Consistent public relations regarding the PROFIsafe technology by manufacturers, integrators, distributors, competence centers and consultants
- Careful implementation in safety products
- A high degree of reputation on the market and its perpetuation (image)
- Responsible handling of the safety aspects to avoid risk and harm or damage for people, environment and assets
- High-quality training and seminars.
Safety in Automation
Safety has become an integral part of Automation Systems.There is hardly any machine or piece of equipment anymore which does not feature some sort emergency stop or other means of safety device.
PROFIsafe is an integrated safety technology
...for all sectors of discrete manufacturing and process automation. Examples are:
- Maximum safety for press applications
- Flexible integration of all types of safety components in the various industry’s
- Wireless safety-related transmission for use of driverless transport systems, automated guided vehicle (AGV), cranes, ropeways, amusement rides etc.
- Flexible production in the automotive industry such as for different bodies on one assembly line
- Quick adaption of existing Applications by simply integrating F-Devices into the infrastructure
- Highly integrated safety applications in the process industry like Emergency ShutDown Systems (ESD), Burner Management Systems (BMS) and Fire&Gas Systems
Numerous manufacturers
...of safety devices have participated in the creation of vendor-neutral and open standards under the framework of PI. This enables the development of an extensive and complete portfolio by many different providers – ranging from sensors to controllers to actuators:
- Safety control systems
- Remote I/O (in IP20, IP67)
- Safety gateways (e.g., AS-i Safety at Work)
- Safety sensors (e.g., light arrays, laser scanners, rotary encoders)
- Drives with integrated safety sub-functions
- Valves and valve blocks with safety functions
- Devices for process automation (e.g., level monitors, pressure transmitters)
- Mobile operator control and monitoring with safety functionality
- Industrial robots
PROFIsafe fulfills the relevant requirements
The IEC 61508-compliant technology has been developed under PROFIBUS & PROFINET International (PI) and is worldwide established. PROFIsafe has become an international standard (IEC 61784-3-3) and has been evaluated positively by German notified bodies such as IFA and TÜV.
PROFIsafe is independent of the communication method and provides cost-effective and flexible functional safety. It covers the entire communication path from the sensor over the controller to the actuator and integrates safety and standard communication on one cable (black channel principle).
The proven and acknowledged PROFIsafe technology has been adapted further, and is being utilized for the safe communication between controllers described in the OPC UA Core specification Part 15.
PROFIsafe provides overall benefits for all industry sectors
- Compliance with the most stringent safety requirements (up to SIL 3 (Safety Integrity Level ) in accordance with IEC 61508, IEC 61511 and IEC 62061, also up to PL e (Performance Level) and category 4 in accordance with ISO 13849)
- Integrated configuration and improved diagnostics
- Reduction in wiring effort
- Flexible automation
- Integration of a wide variety of safety devices such as controllers, sensors and actuators
In addition to the industrial sectors listed, PROFIsafe applications are also found in the packaging, transport, wood processing and process industries, for example.
PROFIsafe - the leading technology
With its numerous installations, PROFIsafe has posted striking evidence of its leading role in fieldbus-based safe communication systems. At present there are 6.95 million PROFIsafe nodes installed.
PROFIsafe is suitable for various Fieldbus networks
...without impacts on these existing fieldbus standards. It is possible to transmit safety messages on the existing standard bus cables in coexistence with the standard messages.
General
PROFIsafe can be simply introduced to existing and new installations using the same network infrastructure as the standard communication.
- Integrated, readily available diagnostic mechanism
- Applications with decentralized Stations
- Machine to Machine communication (e.g. via gateways across network structures)
- Wireless network architecture with PROFIsafe (Black Channel approach)
- From isolated to cooperating safety-related devices
For guidelines and recommendations to ensure the maximum availability of your industrial network please reference against the environmental guidelines for fieldbus networks.
Device manufactures
- Easy implementation of a PROFIsafe solution
A PROFIsafe solution can be easily implemented and inexpensively replicated using -certified Hard- and/or Software. The support of the PI recognized Test Labs and the so achieved certification ensures the acceptance in the market and interoperability of the components
- Flexibility based on different architectures
The different architectures of safety-relevant control systems from different vendors can easily adapt PROFIsafe communication. PROFIsafe therefore opens the door to new and innovative safety functionality into the Devices.
Users and integrators
- Internationally established technology
PROFIsafe is an integrated safety technology for discrete manufacturing and process automation. The IEC 61508-compliant technology enjoys widespread international acceptance and has been evaluated positively by IFA and TÜV. PROFIsafe is specified as international functional safety communication standard IEC 61784-3
- Efficient use of technology and product
The wide range of products from different manufacturers for PROFIsafe Host and Device enables easy, cost-effective system configuration. Training, documentation, and maintenance are required for only a single bus technology, thus saving time and money for system operations. To see a complete listing of all vendors please follow the link to our Product Finder.
- Standardized engineering and installation
Standard and safety-related applications can be programmed for PROFIsafe by means of a single tool and certified function blocks. In addition, the technology enables a high degree of flexibility when retrofitting existing installations. The use of certified PROFIsafe devices simplifies system acceptance.
- Environmental Standards
Benefits for PROFIsafe is the usage of process data and failsafe relevant data in the same network, and the commonly applied standards are being used as well. PROFIsafe is designed to be functional safe. Any communication fault- be it caused by failure or by error – will lead to a defined safety reaction.
- Cost savings
Due to the flexible configurations, simple parametrization, integrated diagnostics and reduction in wiring effort. Easy and cost-efficient system design with a broad range of certified devices from different manufacturers allow tailoring the HW-Design.
Safety remedies
It is the task of safety communication between two partners to deliver correct data to the right destination just-in-time. Various transmission errors may occur when messages are transferred in complex network topologies, whether due to hardware failures, extraordinary electromagnetic interference, or other influences.
Out of the numerous remedies known from literature, PROFIsafe concentrates on those presented in the matrix shown in Figure 3.
Fig. 3: Transmission error types and safety remedies
Investment protection
PROFIsafe is a well-established fieldbus technology with significant future potential. PROFIBUS & PROFINET International (PI) functions as a global network of experts who work cooperatively on further technology development. Investments are protected as a result of this long-term development strategy. All existing and future standards are used, and will continue to be used, for safety-relevant applications, as well.
Black-Channel approach
The PROFIsafe protocol is equally suitable for different networks without impacts on the existing fieldbus standards. The transmission of safety messages on the fieldbus infrastructure for Standard (Non-Failsafe) and Failsafe Equipment is being operated on a standard bus system, including the use of standard PLCs with integrated but logically separated safety processing.The PROFIsafe protocol is equally suitable for different networks without impacts on the existing fieldbus standards. The transmission of safety messages on the fieldbus infrastructure for Standard (Non-Failsafe) and Failsafe Equipment is being operated on a standard bus system, including the use of standard PLCs with integrated but logically separated safety processing.
Fig. 1: one single bus
The PROFIsafe protocol has not any impact on the standard bus protocols. It is as independent as possible from the base transmission channels be it copper wires, fiber optics, wireless, or backplanes. Neither the transmission rates nor the error detection mechanisms play a role. For PROFIsafe they are just "Black Channels" (Figure 2). Thus, the PROFIsafe protocol overtakes, for the users, the safety assessment of their individual backplane communication and also transmission paths beyond the PROFINET and PROFIBUS networks. It secures the whole path from the location where a safety signal originates to the location where it is processed and vice versa.
The PROFIsafe protocol can be used for safety applications up to SIL3 according to IEC 61508 / IEC 62061, or Category 4 according to EN 954-1, or PL "e" according to ISO 13849-1.
Fig. 2: The "Black Channel" approach
How to implementing PROFIsafe
As a general rule, it is not possible to turn a standard device into a safety device (F-device) just by implementing the PROFIsafe protocol: The final SIL of the device is defined by the architecture of the safety technology of the device together with the protocol and the manner in which both are implemented.
Even though PROFIsafe is suitable for safety functions up to SIL3, it may not be necessary to design and develop the F-Device also for SIL3.
Because of the “Black-Channel” principle, the PROFIsafe layer (located above the standard protocol) has no impact on the standard bus protocols and is independent from the base transmission channels. This makes implementation of the PROFIsafe driver software in devices and hosts quite easy. The following choices exist:
- Development of the software according to the specification or
- Use of a PROFIsafe starter kit available on the market from different technology providers. The advantage of a starter kit is obvious: pre-certified PROFIsafe driver software, additional valuable information and tools, and technical support.
- For interfacing PROFIsafe technology any of the available ASICs and layer stacks are suitable; the PROFIsafe driver software must only be adapted to the specific device needs.
Versioning of PROFIsafe
The most recent Information’s of the available PROFIsafe Version can be found in the FAQ PROFIsafe Document.
Drives
According to IEC 61800-5-2 some safety features (stopping and monitoring functions) are defined for drives with integrated safety (F-drives). Parts of these functions are specified in an amendment to the PROFIdrive specification.
Field devices for process automation
F-Devices for process automation follow the sector standard IEC 61511, which also takes into account the particular aspect of "proven-in-use". The PI Working Group "PA Devices" has specified, within a separate amendment to the “PA Device” specification, how to use the PROFIsafe platform for PA devices.
F-Host implementation solutions
Depending on the strategy of system manufacturers, different kinds of architectures for F-Hosts with PROFIsafe communication are possible: stand-alone F-CPUs or integrated but logically separated safety processing within standard CPUs. Safety processing can be realized in different ways: via hardware redundancy and discrepancy checking or via "software redundancy" or via "safeguarding" or by using already existing diverse hardware platforms.
The PROFIsafe tests
The PROFIsafe protocol mechanisms are based on finite state machines. Thus it was possible via a validation tool for finite state machines to mathematically prove that PROFIsafe works correctly even in cases where more than two independent errors or failures may occur. This systematically was achieved by generating all possible cases for "test-to-pass" and "test-to-fail" situations. They have been extracted as test cases for a fully automated PROFIsafe layer tester, which is used to check the PROFIsafe conformance of F-Devices and F-Hosts. It is part of a three-step-procedure within the overall safety certification process according IEC 61508 by notified bodies.
Figure 1, Test and Certification Procedures
Security Aspects of PROFIsafe
Just as PROFINET is PROFIsafe well suitable to be used within secure networks without impacting the required safety level in general (acc. to IEC 62443). However availability and reliability aspects have to be considered. From a plain PROFIsafe perspective even so a clear separation in the responsibilities of the network hierarchies and structure are to be maintained.
Conformity & Certification
Several products of different types from various vendors communicate within a PROFIsafe island. The products must be implemented conform to the PROFIsafe specification to ensure that this communication works correctly. Usually the conformance is documented through a certificate from the PI certification office based on the test report of one of the PI test laboratories.
Safety assessment
It is important to note that the PI test laboratories perform the approved PROFIsafe layer tests on behalf of notified bodies such as
- TÜV (worldwide)
- INRS (France)
- INERIS (France)
- IFA (Germany)/(Sweden)
- SUVA (Switzerland)
- HSE (United Kingdom), UL (USA)
The mandatory safety manual of each and every F-Device (acc. IEC 61508) shall provide information about the safety characteristic values such as SIL (Safety Integrity Level) or PL (Performance Level).
PROFIsafe provides a specification for test & certification. Various international PI test laboratories are autorised for the PROFIsafe testing.
PROFIsafe Live Demonstration
The strengths of PROFIsafe allowed it to become the market leading communication protocol for safety-related applications. Evidence of this can be seen in the nearly 7 million installed PROFIsafe nodes (at end of 2016). To demonstrate the strengths of PROFIsafe, the PROFIsafe Marketing Working Group of the PNO has set up a live demo.
The members of the PROFIsafe Marketing Working Group explain the advantages and performance capability of PROFIsafe using the live demo setup.
The PROFIsafe live demo consists of several small applications and different devices from numerous Vendors. It shows the variety of PROFIsafe products for PROFINET and PROFIBUS. The live demo demonstrates the use of safety-related communication between three fail-safe hosts of different manufacturers which are connected to different devices. As example on the exhibit, three machines with different controllers operate independently or together as a production line. An Emergency Stop or other safety functions act on just one or multiple production line units. The functional demo shows optical and electromechanical sensors, I/O modules, fail-safe PLC, gateways, drives and safe shut off from valves. As well as the simple cabling, the entire safety functionality runs over one network.