Reference Manual · Publication 1756-RM099 · Rockwell Automation

GuardLogix 5570 & Compact GuardLogix 5370 Safety App Reference Manual

This reference manual covers safety application development for GuardLogix 5570 and Compact GuardLogix 5370 controllers, catalog numbers 1756-L71S through 1756-L73EROMS and 1769-L30ERMS through 1769-L38ERMSK. It describes SIL 3 certification per IEC 61508, CIP Safety protocol, safety task configuration, safety tags, PFD and PFH specifications, and the commissioning lifecycle. The manual is intended for engineers responsible for developing, operating, or maintaining GuardLogix-based safety systems using Studio 5000 Logix Designer.

Download PDF
SIL CL3 Max Safety Integrity Level
Up to 20 years Proof Test Interval
500 ms Safety Task Period Max
TÜV Rheinland Certified By

Document Preview

Open the full PDF in a new tab  · Publication 1756-RM099

Specifications

Compact GuardLogix 5370 Local Expansion & Motion Axes

1769-L30ERMS local expansion modules (max) 8
1769-L30ERMS motion axes 4
1769-L33ERMS local expansion modules (max) 16
1769-L33ERMS motion axes 8
1769-L36ERMS local expansion modules (max) 30
1769-L36ERMS motion axes 16
1769-L37ERMS local expansion modules (max) 30
1769-L37ERMS motion axes 16
1769-L38ERMS local expansion modules (max) 30
1769-L38ERMS motion axes 16

Safety Task Parameters

Safety task period maximum 500 ms
Safety task type Periodic/timed
Safety I/O RPI range 6…500 ms
Safety task reaction time Sum of safety task period plus safety task watchdog

GuardLogix 5570 Compatible Chassis

1756-A4 4-slot chassis, Series B
1756-A7 7-slot chassis, Series B
1756-A10 10-slot chassis, Series B
1756-A13 13-slot chassis, Series B
1756-A17 17-slot chassis, Series B
1756-A4LXT 4-slot XT chassis, Series B
1756-A5XT 5-slot XT chassis, Series B
1756-A7XT / 1756-A7LXT 7-slot XT chassis, Series B
1756-A10XT 10-slot XT chassis, Series B

SIL Compliance Reliability Burden Distribution

Input module share of PFD 35%
Controller (input, processor, output) share of PFD 15%
Actuator share of PFD 50%

Communication Protocols

Supported industrial networks and field buses for the products covered by this publication.

CIP Safety over EtherNet/IP Supported by both GuardLogix 5570 (via 1756-ENBT, 1756-EN2T, 1756-EN2F, 1756-EN2TR, 1756-EN3TR, 1756-EN2TXT, 1756-EN2TRXT bridges) and Compact GuardLogix 5370 (two onboard EtherNet/IP ports). Enables peer-to-peer safety communication and control of CIP Safety I/O devices. CIP Safety over DeviceNet Supported on GuardLogix 5570 systems via 1756-DNB DeviceNet bridge module. Allows control and exchange of safety data with CIP Safety I/O modules on a DeviceNet network. CIP Safety over ControlNet Supported on GuardLogix 5570 systems via 1756-CN2, 1756-CN2R, and 1756-CN2RXT ControlNet bridge modules. Enables produced and consumed safety tags over ControlNet to other GuardLogix controllers or remote CIP Safety I/O networks.

Certifications & Compliance

SIL 3 per IEC 61508 (type-approved and certified) SIL CL3 per IEC 62061 Performance Level PLe, Category 4 per ISO 13849-1 TÜV Rheinland approved for safety-related applications up to SIL CL 3

Document Contents

Full PDF covers the following topics in detail:

  • Preface: terminology, summary of changes, and additional resources
  • Chapter 1: Safety Integrity Level (SIL) concept, SIL 3 certification, proof tests, GuardLogix architecture, PFD and PFH specifications, system reaction time
  • Chapter 2: GuardLogix controller system hardware — GuardLogix 5570 primary controller and safety partner, Compact GuardLogix 5370 hardware, CIP Safety protocol, communication bridges
  • Chapter 3: CIP Safety I/O for the GuardLogix control system — safety functions, reaction time, ownership, configuration signature, device replacement
  • Chapter 4: CIP Safety and the Safety Network Number — routable CIP Safety control systems, unique node reference, SNN assignment considerations
  • Chapter 5: Characteristics of safety tags, the safety task, and safety programs — SIL 2 and SIL 3 safety control, safety task execution, HMI use, safety programs, routines, and tags
  • Chapter 6: Safety application development — commissioning lifecycle, downloading and uploading, online editing, force data, inhibiting devices
  • Chapter 7: Monitor status and handle faults — CONNECTION_STATUS data, I/O diagnostics, GSV/SSV instructions, nonrecoverable and recoverable faults
  • Appendix A: Safety instructions
  • Appendix B: Safety Add-On Instructions — creation, qualification, and validation process
  • Appendix C: Reaction times — Logix system reaction time, factors affecting reaction-time components
  • Appendix D: Checklists for GuardLogix safety applications — controller system, safety inputs, safety outputs, program development
  • Appendix E: GuardLogix systems safety data — PFD and PFH values
  • Appendix F: RSLogix 5000 Software Version 14 and later safety application instructions
  • Appendix G: Use of 1794 FLEX I/O modules and 1756 SIL 2 inputs and outputs with GuardLogix 5570 controllers to comply with EN 50156
  • Glossary and Index

Frequently Asked Questions

What safety integrity levels are the GuardLogix 5570 and Compact GuardLogix 5370 certified for?
Both controller systems are type-approved and certified for use in safety applications up to and including SIL 3 per IEC 61508, SIL CL3 per IEC 62061, and Performance Level PLe (Category 4) per ISO 13849-1. The certification was granted by TÜV Rheinland. The safety task is the only task certified for SIL 3 applications.
What is the proof test interval for GuardLogix 5570 and Compact GuardLogix 5370 controllers?
GuardLogix 5570 and Compact GuardLogix 5370 controllers have a proof test interval of up to 20 years. Other system components such as safety I/O devices, sensors, and actuators may have shorter proof test intervals. The controller should be included in the functional verification tests of those other components.
How does the GuardLogix 5570 achieve SIL 3 capability?
The GuardLogix 5570 uses a primary controller (ControlLogix 557xS) and a safety partner (ControlLogix 557SP) working together in a 1oo2 architecture. The safety partner must be installed in the slot immediately to the right of the primary controller. If the two processors disagree or cannot communicate, a major nonrecoverable controller fault occurs. Both modules perform power-up and runtime functional-diagnostic tests of all safety-related components.
Can the Compact GuardLogix 5370 standard task be used for SIL 2 safety applications?
No. Compact GuardLogix 5370 controllers do not support SIL 2 applications in the standard task. SIL 2 applications are supported only in the safety task of a Compact GuardLogix 5370 controller. GuardLogix 5570 controllers, by contrast, can perform SIL 1 or SIL 2 safety control from within standard tasks, subject to requirements in publication 1756-RM001.
What is the maximum safety task period and what happens if the watchdog is exceeded?
The safety task period is limited to a maximum of 500 ms and cannot be modified online. The safety task watchdog is the maximum permissible time for safety task processing. If safety task processing time exceeds the watchdog time, a nonrecoverable safety fault occurs in the controller and outputs transition to the safe state (off) automatically. The watchdog time must be less than or equal to the safety task period.
What communication networks support CIP Safety in GuardLogix 5570 systems?
GuardLogix 5570 systems support CIP Safety over EtherNet/IP (via 1756-ENBT, 1756-EN2T, 1756-EN2F, 1756-EN2TR, 1756-EN3TR, and XT variants), DeviceNet (via 1756-DNB), and ControlNet (via 1756-CN2, 1756-CN2R, 1756-CN2RXT). Compact GuardLogix 5370 controllers support CIP Safety protocol only over EtherNet/IP networks using two onboard EtherNet/IP ports.
What is a Safety Network Number (SNN) and when must it be assigned manually?
The SNN is a 6-byte hexadecimal number that uniquely identifies a section of a safety network, forming part of the unique node reference for each CIP Safety device. Assignment is automatic when creating a GuardLogix safety controller project and adding new CIP Safety I/O devices. Manual assignment is required when safety-consumed tags are used, when a project consumes safety input data from a device owned by another safety device, or when a safety project is copied to another hardware installation within the same routable CIP Safety system.

Disclaimer

Disclaimer: PLC Exchange is an independent reseller and is not an authorized distributor, affiliate, licensee, partner, or agent of Allen-Bradley / Rockwell Automation. All product information on this page is compiled from publicly-available manufacturer publications, technical data sheets, and catalog sources, each of which remains the copyright of its originating manufacturer. We make no representation or warranty, express or implied, regarding the accuracy, completeness, timeliness, or fitness for any particular purpose of the specifications or descriptions shown — content may contain errors, omissions, or out-of-date information. Product images are the property of their respective manufacturers, trademark owners, and source publications, and are displayed solely for identification purposes under the nominative fair use doctrine; images are representative and may depict a different configuration or catalog variant than the exact product listed. Purchasers should independently verify specifications against the current manufacturer publication before placing an order. All product names, trademarks, service marks, and registered trademarks are the property of their respective owners, and their use does not imply endorsement or affiliation.