A method for monitoring data processing and data transmission in a safety chain of a safety system, and a device for carrying out the method, which achieve the object of further simplifying the monitoring of the safety chain of an overall safety function of a modular safety system, in particular during ongoing operation. For this purpose, the method and device use at least one actual characteristic value for a safety-relevant characterizing attribute of the data processing and/or data transmission.

The invention relates to a safe electronic device which has multichannel logic circuitry, a single channel input device, an output device, and a storage device. Data items, each of which is associated with an input value, are stored in the storage device. The multichannel logic circuitry is comprised of a first control unit and a second control unit. The first control unit reads in an input value which has been input, and transmits the input value to the second control unit which actuates the output device for outputting of optical and/or acoustic information, in response to the input value which has been input. If the optical and/or acoustic information corresponds to the input value, the selected data item is released for further use.

A switching device for switching on and/or switching off an electrical load has an input section for receiving a defined input signal, an output section having an output switching element that provides a current path to the electrical load, and a control section that can be operated in a first active mode of operation or in a second active mode of operation. The control section actuates the output switching element on the basis of the defined input signal in order to close or interrupt the current path. A display element assumes a first display state when the control section is in the first active mode of operation and the output switching element is in the closed operating state. The display element assumes an alternative second display state when the control section is in the first active mode of operation and the output switching element is in the open operating state. The control section interrupts the current path regardless of the defined input signal in the second active mode of operation. The display element assumes the first display state or the alternative second display state in the second mode of operation on the basis of the defined input signal. Preferably, the switching device is used to shut down a dangerous machine installation in failsafe fashion.

An industrial safety zone configuration system leverages a digital twin of an industrial automation system to assist in configuring safety sensors for accurate monitoring of a desired detection zone. The system renders a graphical representation of the automation system based on the digital twin and allows a user to define a desired detection zone to be monitored as a three-dimensional volume within the virtual industrial environment. Users can define the locations and orientations of respective safety sensors as sensor objects that can be added to the graphical representation. Each sensor object has a set of object attributes representing configuration settings available on the corresponding physical sensor. The system can identify sensor configuration settings that will yield an estimated detection zone that closely conforms to the defined detection zone, and generate sensor configuration data based on these settings that can be used to configure the physical safety sensors.

A control system configured to control safety-critical and non-safety-critical processes and/or plant components includes: a non-safety controller module, at least one safety controller module, and at least one condition monitoring module. The non-safety controller module is configured to control the non-safety-critical processes and/or the non-safety-critical plant components. The at least one safety controller module is configured to control the safety-critical processes and/or the safety-critical plant components. The at least one condition monitoring module is configured to perform fail-safe condition monitoring and to collect monitoring data. The non-safety controller module is configured to receive the collected monitoring data from the condition monitoring module and to pass the collected monitoring data to the safety controller module. The safety-controller module is configured to evaluate the monitoring data based on safety conditions.

An artificial intelligence (AI) system using a machine learning algorithm and an application thereof is provided. The method for controlling an electronic apparatus includes acquiring an output value by inputting an input value to a function module to perform a function corresponding to the function module included in the electronic apparatus, identifying a safety mechanism to be applied to the function module based on the input value and the output value, and detecting an error operation of the function module based on the identified safety mechanism.

A method for controlling a drive having at least one converter, at least one motor and an assigned drive control, wherein a failsafe CPU is operated separately from the drive control and only processes safety-relevant information, where a number of safety functions are implemented by the failsafe CPU such that the safety-relevant functions of the drive are implemented in a simple and reliable manner.

A safety switch with differentiated CPUs comprises a switching device (2) associated with a fixed part of an access to be controlled and having switching means connected to one or more circuits of the system for the opening/closing thereof, a driving device (3) associated to a movable part of the access to interact with the switching means for opening/closing of one or more circuits, control means (6) associated with the switching device (2) and adapted to receive input signals from the circuits through respective communication buses for sending an error signal and/or for stopping the system in case of no signal or detection of non-compliance, wherein the control means (6) comprise a main CPU (7) connected with the communication buses (9) associated with the safety functions and at least one auxiliary CPU (8) connected solely to the communication buses (12) associated with circuits and/or devices not related to safety conditions.

Hardware memory management units are used in an integrated safety/non-safety industrial computer to allow shared memory architecture processors to implement safety and non-safety reduced risk of memory corruption. Testing of the memory management unit of the non-safety processor may provide a periodic writing to protected memory to invoke a protection fault providing a report to the safety processor.

A control system is for controlling safety-critical processes, non-safety-critical processes, and/or installation components. The control system includes: at least one control unit configured to control non-safety-critical processes and/or non-safety-critical installation components, at least one safety control unit for controlling safety-critical processes and/or safety-critical installation components, and at least one input/output unit connected to the first control unit via an internal input/output bus. The control system is configured to act as communication master or as communication minion or as both in a pool having other devices that is connected via field bus, and to that end, the control system includes a master communication coupler and a minion communication coupler. The control system is modularly configurable. At least the safety control unit includes respective subunits with master functionality and subunits with minion functionalities.