• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 31 subscribers
  • Views 767 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

RM4x as EN13849 Cat 3 PLd

Martin Christoffersen
Prodigy 70 points

Hi.

I am considering using one of the RM4 (or RM57) for a EN13849 compliant functional safety application.

The application will be using 2*CAN and 2*SPI as sensor inputs, and GPO for output relay control.

Is it possible to implement a category 3 setup using one RM4x and one TPS65381, or do I still need a double setup with two RM4x and 2 TPS65381 ?

Best regards Martin.

  • 0
    TI__Mastermind 22715 points

    Martin,

    I have forwarded your question to our safety experts. They will get back to you shortly.

    Thanks and regards,

    Zhaohong

  • 0
    TI__Mastermind 23000 points

    Hello Martin,

    The question is timely as we recently completed a concept study with TUEV SUED on a similar approach.  If you are registered for the SafeTI private E2E forum, you can download the concept report in the files section.  

    Basically the answer is "yes, a cat 3 equivalent implementation is possible," but there are a few caveats.  

    The first is the definition of the safety function to be performed.  Dependent on the definition of the functionality, it may not be possible to be supported with such an architecture.  For example, if you consider a motor drive application, a safe torque off function could be possible (disabling drive relays), but a more complex safe stop function would require a second MCU (actively providing motor control to brake the motor to a stop).

    Second, there are a number of considerations related to the safety concept implementation:

    • ensuring lack or mitigation of common cause/cascading/dependent failures
    • systematic capability of the components at least SC2
    • concept  implemented detect faults and transitions to safe state within process safety time
    • safety function is performed in high/continuous demand state
    • independent supervision of on chip safety mechanisms
    • etc.

    If you'd like to see more, I'd suggest that you access the private forum and download the report.  We can continue more detailed discussion there.  If you do not have access, you can request it via http://www.ti.com/safetyreport

    Regards,
    Karl