Confirmed Write Protocol for OPC writing to SIL2/3SIL applications
There are numerous documents describing that CWP (Confirmed Write Protocol) is neccessary when sending commands or data from HMI to SIL applications in HI controllers, by OPC.
However, I have never seen any document explaining exactly why this is neccessary.
Which possible problems does it solve?
Is it explicitly required by IEC-51508?
Is it indirectly required by IEC-61508?
Would it be according to IEC-61508 to perform state changes which are latched in the controller and possibly confirmed by some external hardware, e.g. commanding action blocking in the logic solver or revert ditto, all outside of CWP (e.g. by "normal" OPC writing to non-SIL application and from there write into SIL application by e.g. SIL-MMS?
This way, I cannot really see that the HMI is part of the SIF and thus could be implemented as non-SIL (providing SIF is not directly dependent on operators actions).
As a side-step I would like to mention that AC500-S (SM560-S + SIL certified S500 IO etc.) does not implement any similar restriction as far as I know, Is something like CWP not neccessary when using AC500-S? Why not?
Can anyone point to some documentation describing these things
Answers
This question has not yet been answered.
Add new comment