PROFIsafe: an overview

A new era in the automation of safety-related machines and plants began 15 years ago with the first PROFIsafe specification and certified products. PROFIsafe can be used with PROFIBUS and PROFINET networks and not only guarantees greater safety, but also maximum functionality. PROFINET Marketing Working Group Leader Xaver Schmidt explains.

The PROFIsafe solution is based on the “black channel” principle that originated with PROFIsafe, in which safety-related information is packed into a secure “PROFIsafe container”.

In the case of an emergency stop, for example, the status of the safety sensor or emergency pushbutton is transmitted by a PROFIsafe telegram to the safety controller, edited and then forwarded to a drive. On arrival in the drive unit, the requested safety reaction is triggered, for example the drive is switched to torque-free operation using the “Safe Torque Off” (STO) safety function. Meanwhile, standard communication continues: with PROFIsafe, everything runs on one cable so that standard and safety data are processed together in one failsafe CPU.

PROFIsafe is now established as an international standard (IEC 61784-3-3). PROFIsafe’s “black channel” principle is now included in other IEC standards. PROFIsafe complies with safety standards such as IEC 62061 and ISO 13849 (for production automation) and IEC 61511 (for process automation), and are compliant with the Machinery Directive 2006/42/EC and the Seveso Directive of the European Union. Other local regulations such as NFPA 79 (USA) are also met.

Building on many years of experience with PROFIBUS-based PROFIsafe applications, it was possible in 2005 to integrate them into PROFINET with minimum system discontinuity. With the aid of the Tool Calling Interface (TCI) and the specified i-Parameter server, the engineering and replacement of equipment has been simplified.  F-parameters are stored in the CPU and, in the event of a device being replaced, are downloaded to the new device without further assistance.

Another option is the switching on and off of individual channels – without repercussions on the other channels in the same failsafe I/O module. Safety-related communication over wireless LANs simplifies the development of mobile operating concepts.

PROFIsafe even permits the connection of safety-related Intrinsic Safety (Ex-i) devices via a PN/PB link. And, when an application demands the separation of F-controller and standard controller, the integration of safety functions into devices can be exploited with the aid of a “shared device” architecture (see diagram). Additional possibilities include use of the “safe speed” feature, and combining PROFIsafe, PROFIdrive and PROFIenergy in one system.