Defined Safe State and Lifetime

Defined Safe State

If the module detects an internal error or a wiring error, the modules enable the defined safe state. The defined safe state is structurally designed as a low state or de-energized state and cannot be modified.

For more information regarding error detection, refer to the sections Error Detection in the chapter Channel Characteristics.

In circumstances where external influences may be present such that a de-energized state would require the application to actively turn on an actuator, additional measures such as mechanical brakes may be necessary to help prevent hazard from materializing.

WARNING
	UNINTENDED EQUIPMENT OPERATION Be sure to include in your risk assessment the effect on all systems when the defined safe state differentially removes power from elements of your machine or process. Failure to follow these instructions can result in death, serious injury, or equipment damage.

Lifetime

The Safety I/O modules have a maximum expected lifetime of 20 years when applied and maintained according to the user instructions.

This means that the Safety I/O modules must be taken out of service one week (at the latest) before the expiration of this 20-year lifetime (starting from delivery date).

NOTICE
	EQUIPMENT DAMAGE Do not operate the Safety I/O modules beyond the specified lifetime. Ensure that the Safety I/O modules are removed from operation, and replaced by new Safety I/O modules, before their lifetime expires. Failure to follow these instructions can result in equipment damage.