Industrial Safety: PROFIsafe Profile Overview


PROFIsafe (PROFINET safety) is a safety communication technology for discrete manufacturing and process automation systems. It was developed by PROFIBUS / PROFINET International (PI) to meet Functional Safety requirements for PI communication technologies (PROFINET, PROFIBUS, and PROFIBUS PA).  As we talked about in Safety Basics, the PROFIsafe role in the safety universe is to minimize the chance of incorrect functioning of the control system. Incorrect functioning for a PROFsafe communication would be an undetected error. If a failure were to be undetected, then no safety action could be taken and an unsafe condition could be the result. PROFIsafe reduces the probability of undetected errors. The PROFIsafe Profile contains the details about how PROFIsafe meets the communication requirements for Functional Safety in a PROFINET context.

The “Black Channel”

PROFIsafe is designed to be independent of the base transmission channel; whether that channel is copper wire, fiber optics, wireless or a back-plane. The transmission rate and any built-in error detection mechanisms of the transmission protocol are considered “Black Channels” (like a black box where we don’t know what’s inside)they play no role in safety considerations. This approach frees PROFIsafe users from having to worry about the safety assessment of the individual system communication paths. PROFIsafe ensures the security of the communication from the safety signal origination to the signal destination(and vice versa). The PROFIsafe layer (or PROFIsafe driver) is an encoding/decoding  package that ensures the integrity of the safety portion of the communication. There is more detailed information on how PROFIsafe does this in the article PROFIsafe Profile Details.

PROFIsafe GSD files: F-GSDs

GSD files contain information that enables PROFINET controllers to set up communications with PROFINET devices.  PROFIsafe devices require the same sort of communication setup with safety controllers. PROFIsafe GSD files must be secured to protect the communication integrity, so they are compiled with a special tool that calculates a safety CRC that is then incorporated into the GSD.  PROFIsafe components may also be called F-components (Failsafe), so a PROFIsafe GSD could be called an F-GSD.  (GSD files are explained here: PROFINET GSD File Basics.) 

PROFIsafe Parameters: F-Parameters

When the safety controller sends parameters to the devices, the setup information is transmitted and received using the PROFIsafe drivers. The parameter setup ensures the same level of data protection as for safety data for I/Os.

Example PROFIsafe System

PROFIsafe Elements in an F-system:

  1. F-GSD file contains all the information to allow an F-controller to set up and communicate with the device. The F-GSD file is protected with a CRC to ensure its’ safety conformance.
  2. The f-config tool is the programming environment. It uses F-GSDs to create and download the system configuration and F-Program to the F-controller. The F-program and configuration are subject to the PROFIsafe safety checks to ensure correct functioning.
  3. F-controller executes the safety program. Safety controllers use the concept of duplication, either with HW or FW, and F-programming to operate a safety system.
  4. F-Devices (F-I/O, F-light curtains, F-valves etc. ) use hardware safety techniques to ensure their safe operation.

How safe is PROFIsafe?

PROFIsafe can support up to Safety Integrity Level 3 ( SIL 3)  IEC 61508, or Category 4, EN 954-1.  To meet SIL 3 requirements, the probability of an undetected error must be < 1 error for every 10^(7) hours of operation. The allowable PROFIsafe communication portion of the error probability is < 1 undetected error for every 10^(9) hours (one undetected error every 114,155 years).

A product is not automatically suitable for safety applications just by using PROFIBUS/PROFINET and PROFIsafe technology.  Safe communication alone does not guarantee a product meets all safety requirements.

Conclusion

PROFIsafe takes the communication media and transmission technology out of the safety equation by using the Black Channel concept.  Safety is ensured by encoding/decoding the data within the communication itself. The encode/decode technique is extended over communication setup via F-GSD files, PLC operation with F-PLC program and inside PROFIsafe I/O devices. Using PROFIsafe for communication is designed to significantly reduce the number of undetected errors in safety communication to more acceptable probabilities (1 undetected error every 144,000 years is a pretty significant reduction).

We will be continuing our discussion of PROFIsafe operations here: PROFIsafe Profile Details.

Continue your education by completing a PROFINET Certified Network Engineer Course.

These certification classes are intense, hands-on courses. You will learn how the underlying technology works from the application to the frame level. After passing both a practical and written exam, you become certified.

For more information, contact us or visit our website.