the engineering for the safety application consists of two sections we start with a hardware configuration of the failsafe controller and finish with the creation of the safety program the application is to be implemented with a failsafe s7 1200 the hardware consists of the CPU 1212 FC and the to fail safe signal modules FDI and fdq we start with an empty ta portal project and begin with the placement of the modules we select the respective CPU 12 12 SC dcdcdc in the hardware catalog and plays it by drag-and-drop into the network editor in the device view of the module the failsafe input and output modules are inserted we have the possibility to either drag and drop them onto any slot or to automatically allocate the next free slot by ta portal with a simple double click on the module in the next step the specific module and channel parameters of the failsafe signal modules are adapted we first start with the FDI module the following considerations must be made in advance for the connection of the command devices emergency stop and safe position switches number one how is the encoder evaluated is it a one or two channel evaluation number two is the encoded fit wire the modules internal encoder supply or does the encoder already provide a safe signal number three is the default value of the configured discrepancy time sufficient or not the respective parameters must be set in the properties of the FDI module the physical input channels are always arranged in pairs in the input mask but with a two channel evaluation they are later considered as only one signal in the safety program the term one out of two therefore means that the module combines two input channel to one safe signal for the evaluation of the emergency stop we select a two channel evaluation one out of two with the discrepancy time of 100 milliseconds use the internal encoder supply since we already selected 1 out of 2 above the second channel is automatically assigned with the same settings for the evaluation of the RFID positioning switch of the safety door we also select the 2 channel evaluation 1 out of 2 we increase the discrepancy time to 100 milliseconds and keep the encoders apply an external the sensor already provides a safe signal with sensor integrated diagnosis and therefore does not require a monitor supply from the module all other setting parameters for the channel acknowledgment or input filter do not have to be changed the default value is appropriate for most applications for the diagnosis short circuit protection the check mark short circuit must be set for all 16 channels the variable names for symbolic addressing can be assigned parallel to the heart configuration all input addresses of the respective module are listed under IO tax with us defined the variable name is dub for the easter button and the variable name safety door for the safety tour please complete the configuration of the FDI module the safety related shutdown of the motor starters is performed with a failsafe output the default parameters of the module do not have to be changed here only the variable name for the output has to be added for the subsequent application we need the variable names for start/stop and AK for the acknowledgement which we enter in the list of the i/o tags of the CPU module the hardware configuration is finished now the next step is to create the safety program compared to a standard project the project structure differs by the safety administration editor which is shown in the project tree in the safety administration editor the central administration of the safety program takes place the OB 123 calls the main safety FB which includes our safety program here we see the setting of the cycle time which shows how often the F program is called the priority as well as a warning limit for the cycle time and the maximum cycle time that must not be exceeded we directly start in the main safety module of our F front end group on the right we find under the instructions follow named safety functions this contains certified components for e-stop a two-hand operation muting a monitored feedback loop and safety door functionality we begin with the evaluation of the emergency stop we drag and drop the e stop module into the first Network the module covers all requirements for the evaluation of the emergency stop the import parameter is dub is connected with our variable e stop in this context ACK NEC means that an acknowledgment is always required when the emergency stop is actuated this acknowledgment is initiated by an input ACK when the emergency stop is unlocked an ACK is acknowledged the output of the component Q is set to true in order to enable a logic interconnections subsequently we define a static variable for this output on the interconnected with the module output in the next Network we direct the block for the evaluation of the safety door we connect the two blog inputs each one with a variable safety door since our protection monitor contains only one safety position switch the functionality of the ACK NEC input is identical to our East top module again we need the aknowledge mint and a static variable which will relate our use for the logic interconnection we now have executed the evaluation of the control devices and have to carry out the logic for the safety shutdown of the starters the safety shutdown logic should be as follows when the start button is activated it is turned on safely when they merchant's the stop button is activated when the safety door is opened or when the stop button is activated it is switched off safely this logic is implemented by the relevant interconnection of the blocks therefore we need a memory element which we insert into our next free Network we define the variables that out on that stars our initial state thus we can switch on the status wire the start button and the East of signal is missing when the safety doors open or Banesto button is operated it is switched off the output drive is switched at this point by an assignment but there's a special feature for the safety project planning when a channel module or communication error occurs during operation it is safely switched off and the affected module is passivated the global acknowledgement for all F modules is performed via the module ACK GL only the acknowledgement button is connected with the ACK we compile the safety program and the entire project [Music] after the compiled we see in the Safety Administration editor the listing of the offline signatures the signatures are unique irrelevant for safety related acceptance of the plant the signature changes if a modification is made to the implemented hardware or to the safety program the signature is also generated module granular for more complex project it is thus possible to retract the safety relevant modifications based on the module signature thus the engineering of our safety application is completed now we can save the project and download it to the CPU Siemens ingenuity for life