General details of the software safety concept

Software safety functions in the above sense are fundamentally realised in the ISG-MCE or the MCP.

The safe state is always the default state, i.e. this default state can only be deactivated by means of special safety-relevant function blocks intended for this purpose.

The ISG delivery does not include the function blocks required for deactivation.

As the HLI is a memory-coupled interface, a realisation has been chosen for communication of safety-relevant commands that ensures that the one-time deactivation of a safety-relevant function ordered by setting a memory position does not continue to apply if the PLC no longer calls up the applicable safety function block.