PMT Hps Sms r210 6 SCN

Safety Management Systems
R210.6
Software Change Notice
Version: 1.3
Safety Management Systems R210.6 / 1.3 Software Change Notice 1

Disclaimer
This document contains Honeywell proprietary information. Information contained herein is to be used solely
for the purpose submitted, and no part of this document or its contents shall be reproduced, published, or
disclosed to a third party without the express permission of Honeywell Measurex (Ireland) Limited.
While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied
warranties of merchantability and fitness for a purpose and makes no express warranties except as may be
stated in its written agreement with and for its customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential damages. The information
and specifications in this document are subject to change without notice.
Copyright 2023 - Honeywell Measurex (Ireland) Limited

Table of Content
1 Introduction .............................................................................................................. 4
1.1 Safety Management Systems R210.6 ................................................................................................. 4
1.2 About this Document .......................................................................................................................... 6
1.3 Safety Management Systems Status ................................................................................................... 7
1.4 Conventions ........................................................................................................................................ 8
2 Getting Started .......................................................................................................... 9

2.1 Supported Hardware........................................................................................................................... 9
2.2 Safety Management Systems functionality support ......................................................................... 11
2.3 Supported Safety Manager Releases ................................................................................................ 15
2.4 On-line Modifications ....................................................................................................................... 16
2.5 SM OLM differences Chassis IO vs Universal Safety IO ..................................................................... 18
2.6 Migrate Application .......................................................................................................................... 19
2.7 Migrate Fail Safe Controller projects ................................................................................................ 26
2.8 Safety Builder .................................................................................................................................... 28
2.9 User Documentation ......................................................................................................................... 29
2.10 Experion Integration Support ........................................................................................................... 29
3 Release Overview .................................................................................................... 30
4 Anomalies Resolved................................................................................................. 31
4.1 S300 Firmware .................................................................................................................................. 31
4.2 QPP-0002 Firmware .......................................................................................................................... 32
4.3 FC-PDIO01 firmware ......................................................................................................................... 33
4.4 FC-PUIO01 firmware ......................................................................................................................... 34
4.5 Safety Manager SC FC-RUSIO-3224 firmware ................................................................................... 35
4.6 Safety Manager FC-RUSIO-3224 firmware ........................................................................................ 36
4.7 FX-USI-0002 firmware ....................................................................................................................... 37
4.8 Safety Builder .................................................................................................................................... 37
4.9 Experion Integration ......................................................................................................................... 38
5 Known Restrictions .................................................................................................. 39

5.1 Safety Manager SC Controller ........................................................................................................... 39
5.2 Safety Manager Controller ................................................................................................................ 44
6 Special Considerations ............................................................................................. 50

6.1 Safety Manager SC Controller ........................................................................................................... 50
6.2 Safety Manager Controller ................................................................................................................ 52
6.3 Universal Safety IO (FC-RUSIO-3224/FC-RUSLS-3224) ...................................................................... 59
6.4 Certification EN/ISO 13849-1 (PAR3973) .......................................................................................... 60
6.5 MSSQL 2019 Installed with Safety Management Systems R210.6.................................................... 60
7 Annex A: Contents of Release .................................................................................. 61

7.1 Software Version Identification ........................................................................................................ 61
7.2 Files in Package ................................................................................................................................. 62
8 Notices and Trademarks .......................................................................................... 63

1 Introduction
1.1 Safety Management Systems R210.6

consists of
• Safety Builder
• Safety Manager SC solution
• Safety Manager solution
1.1.1 Safety Builder

Safety Builder is the common engineering and maintenance platform which configures, loads, and
monitors Safety Manager SC controller and Safety Manager Controller.
1.1.2 Safety Manager SC solution

Safety Manager SC is part of the Safety Management Systems Product Family.
Safety Manager SC is a highly reliable, high-integrity safety system for safety-critical control
applications. As part of Honeywell’s Experion Process Knowledge System (EPKS), integrated or in
stand-alone applications, Safety Manager SC forms the basis for functional safety, providing
protection of persons, plant equipment, and the environment, combined with optimum availability
for continuous plant operation. Safety Manager SC offers safety, reliability, and efficiency from its
foundations.
Safety Manager SC is a user-programmable, modular, microprocessor-based safety system, which can

perform a wide range of critical process control and safety instrumented functions, including:
• High-integrity process control,
• Burner/boiler management systems,
• Process safeguarding and emergency shutdown,
• Fire and gas detection systems, and
• Pipeline monitoring.
Safety Manager SC is a modular, fault tolerant safety system capable of solving the most challenging
Emergency Shutdown (ESD) / Safety Instrumented System (SIS) applications in the Process Control
industry. Certified by TUV Rheinland, for use in safety applications up to Safety Integrity Level 3
(SIL3), Safety Manager SC is operationally integrated with Experion® and meets the latest cyber
security standards, up to ISA Secure level 2.
The Safety Manager SC system offers key features such as:

Small footprint / scalable architecture
Expanded Honeywell LEAP™ and Universal I/O capabilities
Tight operational integration with Distributed Control Systems (DCS) and SCADA platforms
IEC 61131-compliant engineering tool for programming and diagnostics

1.1.3 Safety Manager solution
Safety Manager is part of the Safety Management Systems Product Family.
Safety Manager is a highly reliable, high-integrity safety system for safety-critical control
applications. As part of Honeywell’s Experion Process Knowledge System (EPKS), integrated or in
stand-alone applications, Safety Manager forms the basis for functional safety, providing protection
of persons, plant equipment, and the environment, combined with optimum availability for
continuous plant operation. Safety Manager offers safety, reliability and efficiency form its
foundations.
Safety Manager is a user-programmable, modular, microprocessor-based safety system, which can
perform a wide range of critical process control and safety instrumented functions, including:
• High-integrity process control,
• Burner/boiler management systems,
• Process safeguarding and emergency shutdown,
• Turbine and compressor control and safeguarding,
• Fire and gas detection systems, and
• Pipeline monitoring.
Safety Manager is a modular, fault tolerant safety system capable of solving the most challenging
Emergency Shutdown (ESD) / Safety Instrumented System (SIS) applications in the Process Control
industry. Certified by TUV Rheinland, for use in safety applications up to Safety Integrity Level 3
(SIL3), Safety Manager is operationally integrated with Experion® and meets the latest cyber security
standards, up to ISA Secure level 1.

1.2 About this Document
This document describes the new features, resolved problems, known restrictions and special
considerations for Safety Management Systems R210.6 (Safety Builder, Safety Manager SC, Safety
Manager).
Please read this document in its entirety prior to installation and use of this software.
Safety Management Systems R210.6 dated March 2023
1.2.1 Revision History

Version Month Description
1.3 Feb 2023 Updated list of User Assistance documents
1.2 Jan 2023 Updated Versions
1.1 Jan 2023 Added known issues SMSC-48379, SMSC-48378 & SMSC-
48121
1.0 Jan 2023 Initial

1.3 Safety Management Systems Status
STATUS SOFTWARE RELEASES:
R210.6 Safety Management Systems R210.6 is a maintenance release supporting

• Safety Manager SC – Control Processor solution
o SCNT01 Control Processor module
o RUSIO-3224 Universal Safety IO module
o PDIO01 Safety Digital IO module
o PUIO01 Safety Universal IO module
• Safety Manager – Control Processor solution
o QPP-0002, USI-0002, BKM-0001
o Chassis IO
o RUSIO-3224 Universal Safety IO module
o RUSLS-3224 Universal Safety Logic Solver
• Safety Builder is a set of tools to:
o Configure and build the Safety Manager and Safety Manager SC application
files.
o Load Controller(s), view diagnostics, view system status data, view application
data and live FLDs
FOR CURRENT USERS:
Safety Management Systems R210.6 is a maintenance release providing

- Elevated/enhanced data security.
- Remote Publish support enabling segregated Experion data publication.
- Common engineering and maintenance platform increasing the usability and security of
Safety Manager SC and Safety Manager
- Multiple Safety Builder engineering and maintenance enhancements provide easier
engineering and more detailed diagnostics and statistics.
- Feature-based license mechanism providing detailed licensing information and status.
- Improved HART communication robustness for HART enabled devices connected to FC-
RUSIO-3224/FC-RUSLS-3224 modules.
- For Safety Manager SC solutions IPsec communication for secure data communications.
- Upgrade from Safety Manager releases
- Migration from FSC releases. (Make sure to consult the Previous Software Change notices of
R16x series when migrating)
- One installation program, installing Safety Builder and its supported components.
Latest versions of Safety Management Systems R210.6 Software Change Notice can be found at
process.honeywell.com.
After you log in to process.honeywell.com, Click here or search for "SMSC-MAN" AND "R210.6"
including the quotes.

1.4 Conventions
The following symbols are used in Safety Management Systems documentation:
Tip
This symbol is used for useful, but not essential, suggestions.
Attention
This symbol is used for information that emphasizes or supplements important
points
Caution
This symbol warns of important facts on Safety Management Systems behavior or
architecture.

2 Getting Started
2.1 Supported Hardware
This section describes the supported hardware by Safety Management Systems R210.6
2.1.1 Safety Manager SC Hardware

Safety Management Systems R210.6 supports Safety Manager SC Controller
- FC-SCNT01, SAFETY CONTROLLER SIL3
o FC-TCNT11, SC S300 IOTA CNTRL REDUNDANT
- FC-PUIO01, SC SAFETY UIO IOM 24VDC, 32CH
o FC-TUIO11, SC IOTA SAFETY UIO REDUNDANT
o FC-TUIO51, SC FTA FC-PUIO01 KNIFE, EOL,24VDC,16CH, L
o FC-TUIO52, SC FTA FC-PUIO01 KNIFE, EOL,24VDC,16CH, R
- FC-PDIO01, SC SAFETY DIO IOM 24VDC, 32CH
o FC-TDIO11, SC IOTA PDIO REDUNDANT
o FC-TDIO51, SC SAFETY FTA KNIFE, EOL, 24VDC, 16CH, L
o FC-TDIO52, SC SAFETY FTA KNIFE, EOL, 24VDC, 16CH, R
- FC-RUSIO-3224, SM USIO module 32 ch 24Vdc
o FC-IOTA-R24, SM Universal Safety IO redundant termination assembly
o FC-IOTA-NR24, SM Universal Safety IO non-redundant termination assembly
- UMS (Universal Marshalling Solution) modules are supported by Safety Manager SC
o CC-UPTA01 Feedthrough/Disconnect
o FC-UIR501 SCA DIGITAL INPUT RELAY 5KOHM
o FC-UDI501 Pass thru + 5kOhm
o FC-UDIR01 SCA DIGITAL INPUT RELAY
o FC-UDOR01 SCA DIGITAL OUTPUT RELAY SIL 3
o FC-UDOF01 SCA DIGITAL OUTPUT RELAY SIL 3 F&G
o FC-UAIA01 SCA ANALOG INPUT
o FC-UAIS01 SCA ANALOG INPUT SINK
o FC-UDIN01 SCA DIGITAL INPUT NAMUR
o FC-UDNS01 SCA DIGITAL INPUT SAFETY NAMUR
o FC-UGDA01 Digital IO IS barrier
o FC-UGAI01 Analog Input barrier
o FC-UGAO01 Analog Output Barrier

2.1.2 Safety Manager Hardware
Safety Management Systems R210.6 supports Safety Manager Controller
- QPP-0002, USI-0002, BKM-0001, PSU-240516
o CPCHAS-000x
- RUSIO-3224, SM Remote Universal Safe IO module 32 ch 24Vdc
RUSLS-3224, SM Remote Universal Logic Solver 32 ch 24Vdc
o IOTA-R24, SM Universal Safety IO redundant termination assembly
o IOTA-NR24, SM Universal Safety IO non-redundant termination assembly
- Safety Manager and FSC IO modules. (see Revision Release List on TUV website)
o IOCHAS-0001R/ IOCHAS-0003R, IOCHAS-0001S/ IOCHAS-0003S
o IOCHAS-0002R, IOCHAS-0002S

2.2 Safety Management Systems functionality support
This paragraph provides overview of the hardware required for main functionalities of Safety
Manager SC Controller platform and Safety Manager Controller platform
Following table shows Hardware support regarding redundant/non-redundant Safety Manager (SC)
(A.R.T.), FC-SCNT01, Chassis-IO, FC-RUSIO-3224/FC-RUSLS-3224, FC-PDIO01 and FC-PUIO01
Safety Safety Safety Safety Safety
Safety System Manager Manager Manager SC Manager SC Manager SC
A.R.T. A.R.T. A.R.T.+
FC-SCNT01/ FC-SCNT01/ FC-SCNT01/
Controller ID FC-QPP-0002 FC-QPP-0002
FC-SCNT02 FC-SCNT02 FC-SCNT02
CPCHAS-0001/
Chassis/IOTA CPCHAS-0002 FC-TCNT11 FC-TCNT11 FC-TCNT11
CPCHAS-0003
Size 19" rack/ 19" rack/
Controller (Inch) 4HE 4HE
19" rack/ 4HE 15" 15" 15"
Non-
Redundant Redundant Redundant Redundant Redundant
Redundant
Chassis IO
19" rack/
Redundant
4HE
19" rack/
Non-Redundant
4HE
FC-RUSIO-3224 (Universal Safety IO)
Redundant 18"
Non-Redundant 12"
FC-RUSLS-3224 (Universal Safety Logic Solver)
Redundant 18"
Non-Redundant 12"
FC-PDIO01 (Safety Digital IO)
Redundant 12"
Non-Redundant 12"
FC-PUIO01 (Safety Universal IO)
Redundant 12"
Non-Redundant 12"
Cell Empty : Not supported.

2.2.1 Safety Manager SC Controller functionality support
Safety Manager
Systems Release
Hardware required
Feature Earth Leakage
From To IOTA + Control Processor IOTA + Universal IO IOTA + Digital IO
Detection
Redundant Safety Manager SC R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
Experion Scada R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
SafeNet R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
Modbus slave R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
Modbus Master R201.1 --- FC-TCNT11 + 2 X FC-SCNT01
Experion CDA/FTE support R200.1 --- FC-TCNT11 + 2 X FC-SCNT01 `
SafeNet: Safety Manager to
R201.1 --- FC-TCNT11 + 2 X FC-SCNT01
Safety Manager SC
Redundant FC-RUSIO-3224 R200.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-IOTA-R24 + 2 X FC-RUSIO-3224
Non Redundant FC-RUSIO-3224 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-IOTA-NR24 + FC-RUSIO-3224
FC-IOTA-R24 + 2 X FC-RUSIO-3224 or
FC-RUSIO-3224 Earth Leakage Detection R200.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TELD-0001
FC-IOTA-NR24 + FC-RUSIO-3224
HART Handheld R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
Low Latency SOE / FC-RUSIO-3224 R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
HART Pass thru / FC-RUSIO-3224 R200.1 --- FC-TCNT11 + 2 X FC-SCNT01
FC-TDIO11 + 2 X FC-PDIO01
Redundant FC-PDIO01 R200.2 --- FC-TCNT11 + 2 X FC-SCNT01 2 X FC-SIC<20/10><Lx>
2 X (FC-TDIO51 OR FC-TDIO52)
FC-TDIO11 + 1 X FC-PDIO01
Non Redundant FC-PDIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 2 X FC-SIC<20/10><Lx>
2 X (FC-TDIO51 OR FC-TDIO52)
Low Latency SOE / FC-PDIO01 R201.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TDIO11 + 2 OR 1 FC-PDIO01
ART+ / FC-PDIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TDIO11 + 2 FC-PDIO01
Redundant FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 X FC-PUIO01
Non Redundant FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 1 X FC-PUIO01
FC-PUIO01 Earth Leakage Detection R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TELD-0001 FC-TUIO11 + 2 OR 1 FC-PUIO01
HART Pass thru / FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 OR 1 FC-PUIO01
A.R.T.+ / FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 FC-PUIO01
Low Latency SOE / FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 +2 OR 1 FC-PUIO01
FC-IOTA-R24 + 2 X FC-RUSIO-3224
UMS / FC-RUSIO-3224 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01
2 X CC-SICC1011/<Ly> + UMS
FC-TDIO11 + 2 OR 1 FC-PDIO01 +
UMS / FC-PDIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01
2 X FC-SIC5<Lx> + UMS
FC-TUIO11 + 2 OR 1 X FC-PUIO01
UMS / FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01
2 X FC-SIC5<Lx> + UMS
IO Ring support / FC-PUIO01 R211.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 X FC-PUIO01
Lx = In decimeters Ly = in meters
NOT supported Unsupported Hardware by Safety Manager SC

Earth Leakage Safety Universal IO/
From To IOTA + Control Processor Safety Digital IO
Detection Universal Logic solver
Safety Manager SC R200 --- FC-RUSLS-3224
Discontinued Hardware Discontinued
Earth Leakage Safety Universal IO/

From To IOTA + Control Processor Safety Digital IO
Detection Universal Logic solver
Safety Manager SC 2022-Q4 --- FC-SCNT01

2.2.2 Safety Manager Controller functionality support
Hardware required
BASE Control Earth Leakage
Chassis Communication Universal Safety IO Universal Logic Solver
Processor Detection
FS-CPCHAS-0001
Safety Manager R100 FS-IOCHAS-0001R FC-QPP-0001 FC-USI-0001 10310
FS-IOCHAS-0001S
Extra Support Extra Hardware requirement compared to BASE
Feature Control Earth Leakage

From To Chassis Communication Universal Safety IO
Processor Detection
FS-CPCHAS-0003
Power infrastructure improvement R100 FS-IOCHAS-0003R
FS-IOCHAS-0003S
SafeNet R110
High performance Processor R130 FC-QPP-0002
Universal Safety Interface (FC-USI-0001) R100 <R160 FC-USI-0001
Universal Safety Interface (FC-USI-0002) R100 FC-USI-0002
Universal Safety Interface (FE-USI-0002) R130 FE-USI-0002
Universal Safety Interface (FX-USI-0002) R140 FX-USI-0002
Redundant Universal Safety IO R140 R145 FC-QPP-0002 FC-IOTA-R24 + 2X FC-RUSIO-3224
Redundant Universal Safety IO R150 FC-QPP-0002 FC-IOTA-R24 + 2X FC-RUSIO-3224
FC-USI-0002,
Experion CDA/FTE support R150 FC-QPP-0002 FE-USI-0002 or
FX-USI-0002
FS-CPCHAS-0002
Advanced Redundancy Technique R150 FS-IOCHAS-0002R FC-QPP-0002
FS-IOCHAS-0002S
Universal Safety Logic Solver
R150 <R200 FC-QPP-0002 FC-IOTA-R24 + 2X FC-RUSLS-3224
(Localized Safeguarding)
Non Redundant Universal Safety IO R150 FC-QPP-0002 FC-IOTA-NR24 + FC-RUSIO-3224 FC-IOTA-NR24 + FC-RUSLS-3224
FC-IOTA-NR24 + FC-RUSIO-3224 or FC-IOTA-NR24 + FC-RUSLS-3224 or
HART Pass thru R150 FC-QPP-0002
FC-IOTA-R24 + 2X FC-RUSIO-3224 FC-IOTA-R24 + 2X FC-RUSLS-3224

Low latency SOE R150 FC-QPP-0002
FC-USI-0002,
Modbus Master TCP R150 FC-QPP-0002 FE-USI-0002 or
FX-USI-0002
HART Handheld R152 FC-QPP-0002
USIO/USLS FC-IOTA-NR24 + FC-RUSIO-3224 or FC-IOTA-NR24 + FC-RUSLS-3224 or

R153.3 FC-QPP-0002 FC-TELD-0001
Earth Leakage Detection FC-IOTA-R24 + 2X FC-RUSIO-3224 FC-IOTA-R24 + 2X FC-RUSLS-3224
FE-USI-0002 or
EUCN R160.1b FC-QPP-0002
FX-USI-0002
FC-USI-0002,
FSC to SM Migration R160 FC-QPP-0002 FE-USI-0002 or
FX-USI-0002
FC-USI-0002,
SafeNet : SM-FSC R161 FC-QPP-0002 FE-USI-0002 or
FX-USI-0002
FC-USI-0002,
AutroCom SIL 2 protocol R162 FC-QPP-0002 FE-USI-0002 or
FX-USI-0002
NOT supported Unsupported Hardware by Safety Manager

Earth Leakage
From To Chassis Control Processor Communication Safety Universal IO Universal Logic solver
Detection

Safety Manager R146 R146
Safety Manager R160 --- FC-QPP-0001 FC-USI-0001
Discontinued Hardware Discontinued

Earth Leakage
From To Chassis Control Processor Communication Safety Universal IO Universal Logic solver
Detection
Safety Manager 2012-Q1 --- FC-QPP-0001
FC-USI-0001
Safety Manager 2014-Q2 ---
FC-USI-0002
Safety Manager 2019-Q3 --- FE-USI-0002
FS-IOCHAS-0001R
Safety Manager 2019-Q4 ---
FS-IOCHAS-0001S
Safety Manager 2020-Q2 --- FS-CPCHAS-0001

2.2.3 Experion compatibility
2.2.3.1 Experion releases

Table below shows compatibility and dependency between Experion/FDM/UNISIM and Safety
Manager SC functionality:
Safety Manager SC Controller Experion

Relevant function From To R43x R500 R501 R510 R511 R520
Experion Protocol (SCADA) R200.1 --- p p √ √ √ √
CDA Integration (FTE) R200.1 --- √ √ √ √
Sequence of Event R200.1 --- √ √ √ √
Universal Safety I/O R200.1 --- p p √ √ √ √
FC-PDIO01 R201.1 --- p p √ √ √ √
FC-PUIO01 R210.1 --- p p √ √ √ √
Safety Manager SC Controller Experion LX

Relevant function From To R500 R510
Sequence of Event R200.3 --- √
Universal Safety I/O R200.3 --- √
FC-PDIO01 R201.1 --- √
FC-PDIO01 R210.1 --- √
CDA Integration (FTE) R200.3 --- √
Safety Manager SC Controller Experion HS

Relevant function From To R43x R430 R500 R510 R510
Experion Protocol (SCADA) R200.3 --- √
Sequence of Event R200.3 --- √
Safety Manager SC Controller Field Device Manager (FDM)

R511.2
Relevant function From To R500 R501 R510 R511.1
and later
FC-RUSIO-3224 HART Pass thru R200.1 --- √ √ √ √
FC-RUSIO-3224 HART handheld support R200.1 --- √ √ √ √
FC-PUIO01 HART Pass thru R210.1 --- √
FC-PUIO01 HART handheld support R210.1 --- √
Safety Manager SC Controller UNISIM / Workforce Competency

Relevant function From To R46x R470 R471 R520
Smoke & Heat Adapters
R200.1 --- √ √ √ √
Boolean Property Output
FLD Export to Unisim R200.1 --- √ √ √ √
FLD Export to Unisim R201.1 --- √ √ √
FLD Export to Unisim R210.1 --- √ √
FLD Export to Unisim R211.1 --- √
Safety Manager SC Controller Process, Machinery, and Drives (PMD)

Relevant function From To R8xx R90x R92x
CDA Integration (FTE) R210.1 --- √ √

2.2.3.2 Experion Station
Safety Builder of Safety Management Systems R210.6 can be installed on Experion Stations that
comply with the requirements as defined in section 2.2.4 Operating system.
2.2.4 Operating system

Safety Builder of Safety Management Systems R210.6 is developed to run on, Windows 10 Enterprise
LTSC 2019 operating system.
Following table indicates Microsoft Windows operating system version compliance for Safety Builder
of Safety Management Systems R210.6
Safety Builder - Microsoft Windows - Compliance

Safety Manager
R200.1 R210.1
R201.1 R211.1
to to R210.6
Microsoft Windows R201.2 R211.2
R200.3 R210.5
Windows 10 Enterprise LTSB 2015

Windows 10 Enterprise LTSB 2016 √ √ √ √
Windows 10 Enterprise LTSC 2019 √ √ √
Windows 10 Enterprise LTSC 2021
Windows Server 2016 Standard edition √ √ √ √ √
Windows Server 2019 Standard edition √
Supported operating systems are available online in "Safety Systems Software Support Guidelines"
on the Honeywell support guidelines.
This guideline can be found at MyHPS (https://process.honeywell.com/us/en/services-and-
support/support-center/technical-support/technical-solutions/article-detail.ka_000135672 )
Login, Select “Support”  “Knowledge Articles”, and search for "Safety Systems Software Support
Guidelines”
2.3 Supported Safety Manager Releases

The tool to be used for Configuring Safety Manager and Safety Manager SC is Safety Builder of
Safety Management Systems R210.6

2.4 On-line Modifications
2.4.1 Safety Management Systems Software migration matrix

Following table shows migration matrix Safety Management Systems R210.6
R146.2 R154.5 R162.8 R201.2 R210.6 R211.2 R212.1
R146.2 a p p p p p
R154.5 a p p p p
R162.9 a p p p
R200.1 u4 u4 u4
R200.2 u4 u4 u4
R200.3 u4 u4 u4
R201.1 u4 u4 u4
R201.2 a u4 u4 u4
R210.1 p p p
R210.2 p p p
R210.3 p p p
R210.4 p p p
R210.5 p p p
R210.6 a p p
R211.1 p p
R211.2 a p
R212.1 a
U4: When planning to migrate contact Honeywell GTAC

Following table defines the supported Safety Manager Database Migrations
R146.2 R154.5 R162.9 R201.2 R210.6 R211.2 R212.1
R146.1 √ √ √ √ √ √ √
R146.2 √ √ √ √ √ √
R151.2 √ √ √ √ √ √
R151.4 √ √ √ √ √ √
R152.2 √ √ √ √ √ √
R152.3 √ √ √ √ √ √
R153.3 √ √ √ √ √ √
R153.4 √ √ √ √ √ √
R153.5 √ √ √ √ √ √
R153.6 √ √ √ √ √ √
R153.7 √ √ √ √ √ √
R154.1 √ √ √ √ √ √
R154.2 √ √ √ √ √ √
R154.3 √ √ √ √ √ √
R154.4 √ √ √ √ √ √
R154.5 √ √ √ √ √
R160.2 √ √ √ √ √
R160.3 √ √ √ √ √
R161.1 √ √ √ √ √
R162.1 √ √ √ √ √
R162.2 √ √ √ √ √
R162.3 √ √ √ √ √
R162.4 √ √ √ √ √
R162.5 √ √ √ √ √
R162.6 √ √ √ √ √
R162.9 √ √ √ √
R200.1 √ √ √ √
R200.2 √ √ √ √
R200.3 √ √ √ √
R201.1 √ √ √ √
R201.2 √ √ √
R210.1 √ √ √
R210.2 √ √ √
R210.3 √ √ √
R210.4 √ √ √
R210.5 √ √ √
R210.6 √ √
R211.2 √
R212.1

2.5 SM OLM differences Chassis IO vs Universal Safety IO
There are behavioral differences during on-line modification between Safety Manager Chassis IO and
Safety Manager Universal Safety IO (FC-RUSIO-3224/FC-RUSLS-3224) that need to be understood
while planning an On-Line Modification.
• Safety Manager Chassis IO modules have pre-defined functionalities which are independent
from the Safety Manager firmware and user application. The functionality is available if the
module is healthy, and power is applied.
Important:
• During an on-line modification for redundant Safety Manager controllers, the controller
redundancy will ensure that operation is continued. When the first controller of the
redundant pair is loaded, the second controller continues operation and vice versa. This
applies to configurations with redundant IO, non-redundant IO or a mix of redundant and
non-redundant IOs.
• When an IO module is detected faulty during initialization of the Control Processor with new
application loaded, the system blocks online modification
• Safety Manager Universal Safety IO modules are flexible and perform additional tasks like
communication with Safety Manager, scanning and updating IO, internal diagnostics, SOE
generation and HART communication. The Universal IO modules require firmware, configuration,
and application program to operate. These three components are automatically updated, when
required as soon as the module is powered-up and connection to its Safety Manager is
established.
o firmware changes are normally part of a new software release,
o configuration changes are for example changes to a channel parameter, and
o application changes apply to the Universal logic solver when the FLD has been assigned to
the Universal Logic Solver.
Be aware that any update to any of these three components will force a reboot of the module.
During the update and reboot the Universal IO module will behave as follows:
o system and process data communication between the Universal Safety IO module and its
Safety Manager is not active,
o all Universal Safety IO outputs on the module will go to the safe, de-energized state,
o HART communication and SOE event reporting are not active, and
o on a Universal Safety Logic Solver (FC-RUSLS-3224 only) the application is not executed.
Important:
• During an on-line modification for redundant Universal Safety IO module configurations, the
redundancy will ensure that operation is continued. When the first Universal Safety IO
module of the redundant pair is loaded, the second Universal Safety IO module continues
operation and vice versa.
• During a Safety Manager on-line modification for non-redundant Universal Safety IO modules
configurations operation will be discontinued whenever firmware, configuration or
application has been changed.
• When an USIO module is detected faulty during initialization of the Safety Manager Control
Processor with new application loaded, the Safety Manager Controller will not block online
modification. Performing the fault reset to continue OLM will start the Safety Manager
Control Processor with a faulty reported USIO.

2.6 Migrate Application
2.6.1 Backup your application

It is always strongly recommended to create a backup of your application with the previous release
of Safety Management Systems before starting the migration to Safety Management Systems R210.6
“Migrate Application” migrates a complete Plant (including all configured controllers).
In case the migration fails, the reason will be reported. Go back to the original application, make the
required modification, and migrate again.
Safety Management Systems R210.6 can use applications created from Safety Builder Release
R146.1
Safety Builder of Safety Management Systems R210.6 will detect and requests to run “Migrate
Application” if needed, when a plant is selected via Network Configurator
2.6.2 Migrating application

In case a Safety Manager application is opened by Safety Management Systems R210.6 Safety Builder
requests to migrate the database to latest version by using the ’Migrate Application’ option.
The ‘Migrate application’ function is available via Tools-Configuration-Migrate Application.
’Migrate Application’ will migrate the complete plant, including all Safety Manager Controllers
configured in that plant to latest version.
The ‘Migrate application’ function is not protected by privilege level access
The Migration log file will reflect this.
Before plant and applications can be used by Safety Management Systems R210.6 the Safety
Manager Database(s) need to be converted to SQL database using option: File-Migrate to Microsoft
SQL Server… .
The Migrate projects Dialog box shows progress and result.

After successful migrate to SQL Server the Plant can be used.

2.6.3 Known restrictions
2.6.3.1 Safety Manager Fault reset during load.

The On-Line Modification procedure should be followed.
At the start of On-Line Modification: The Safety Manager Safety system should run without IO faults:
• If there are IO Faults on chassis IO, the first Control Processor (CP) will not start-up after
loading it .
• If there are IO Faults for USIO, you may loose the module after fault reset
During the actual Load: Do NOT apply a Fault Reset (Direct or Remote). The Safety Manager
Controller stops the software loading.
2.6.3.2 Password protection

‘Migrate Application’ is not password protected.
The privileges levels are temporary disabled during the Migrate Application. After the migration the
privileges levels are active again.
2.6.3.3 Experion integration

Safety Manager Controller of Safety Management Systems R210.6 supports two integration methods
with Experion, namely:
• Via the SCADA protocol using Dual LAN connectivity to the FTE network, and
• Via the CDA protocol using full FTE connectivity to the FTE network.
Existing Experion / Safety Manager Installations migrating to Safety Management Systems R210.6
will continue to use the Experion protocol and dual LAN method. For new controllers, the customer
can choose the desired integration method.
Existing FSC Installations using Experion SCADA migrating to Safety Management Systems R210.6 will
use the Experion protocol and dual LAN method.
Existing TPS/FSC Installations using UCN migrating to Safety Management Systems R210.6 will use
the Experion EUCN protocol.
Safety Manager Controller - Experion integration via SCADA and PCDI protocol over Dual LAN
The Experion communication link can only be configured on channel A of the USI communication
module. This means that Experion links configured on channel B cannot be migrated.
Before starting the migration, change the configuration of the Experion link to channel A.

Safety Manager with advanced Experion integration (CDA)
The FTE support provides maximum communication availability for Safety Manager being an FTE
node within the Experion communication architecture. It provides detailed node diagnostics and
transparent availability within the Experion architecture. Full FTE support is coupled with CDA
integration in Experion.
Upgrading from dual LAN connectivity to full FTE requires specific hardware changes and changes to
the Experion point database and custom graphics.
For migration to full FTE node:
• Requires Experion R410.2 or higher
• The impact to existing custom graphics and point database must be evaluated as well as
the impact to point licenses on Experion server
• Two communication channels (A and B) of the USI communication module must be
configured. Experion communication link can only be configured on channel A of the USI
communication module. Channel B of the same USI will automatically be occupied.
This means that Experion links configured on channel B cannot be migrated.
Before starting the migration, change the configuration of the Experion link to channel A.
NOTE: The Safety Management Systems R210.6 Experion Components.msi is a standalone installer.
For CDA Experion integration, the detail displays must be installed using this installer, before starting
Experion.
2.6.3.4 Universal Safety I/O connection

Safety Manager controller of Safety Management Systems R210.6 supports Universal Safety I/O
communication (SM IO Link) only via dedicated channels 1B and/or 2B of the Control Processor.
Safety Builder of Safety Management Systems R210.6 A.R.T. supports Universal Safety I/O
communication (SM IO Link) via dedicated channels 1A+1B and 2A+2B
2.6.3.5 I/O property “Safety Related”

When the property “Safety Related” of a point is left to “Undefined” this will be reported as a
warning by Application Compiler.
To avoid those warnings, configure the property “Safety Related” of a point to “Yes” or “No”. This can
be done after the project is migrated. The “Safety Related” property of points is for documentation
purposes only, except Digital Input points where it influences the Line monitoring setting.
2.6.3.6 Safety Historian on same channel as Experion SCADA

Safety Manager of Safety Management Systems R210.6 does not support Safety Historian and
Experion SCADA on same Channel.
Before Migrating from release older than Safety Manager R160, the configuration of Safety Historian
should be different from Experion SCADA.

2.6.4 Considerations
2.6.4.1 OLM report – Deleted points

Scenario: Migrating from a previous release of Safety Management Systems Compiling and Loading
the application may result in unexpected report of deleted points by the OLM report.
This is the result of the application compiler cleaning up points that have been left in the database by
a previous release of Safety Manager.
To be able to verify the “unexpected” items in the OLM report the following actions must be taken:
1. Before migrating to Safety Management Systems R210.6:
a. Export the IO points in the version the Safety Manager (SC) Controller is running.
b. To clean up the audit trail, archive the audit trail from the Safety Manager (SC)
Controller that is about to be migrated.
2. Migrate the Safety Manager (SC) Controller to Safety Management Systems R210.6.
3. Compile the application.
4. Display the audit trail of the compiled Safety Manager (SC) Controller.
5. Note: Both documents mentioned in item 1a and 4 needs to be checked for “unexpected”
items in the OLM report.
6. The unexpected items mentioned in the OLM report have an application address which can
be found also in the export file of the IO points. The export file of the IO points shows the
related Tag numbers, which can verify against the audit trail that they have been cleaned up
by the compiler.

Example: Verify if point mentioned in OLM report with Application address 178 is one of the points
that the compiler has cleaned up.

2.6.5 On-line modification
2.6.5.1 Universal Safety IO module channel option

Universal Safety IO modules (PUIO01, PDIO01, RUSIO-3224, RUSLS-3224) can detect if a device is
connected to a spare channel. This can be enabled or disabled with the check box “Report spare
channel diagnostics” located on the properties dialog box.
In case spare channel detection is enabled adding and/or deleting a point will generate an EC64
‘Device detected on spare channel’ during On-line Modification. The same message may be
generated as soon as field cables are connected to a spare channel, even if the field device is not yet
connected, and this may cause an overflow on the diagnostic message buffer.
2.6.5.2 Safety Manager Peer to Peer (SafeNet)

For Safety Manager Controller sometimes after loading first Control Processor (CP) an error code
186: “External communication fault with ….” is reported. (E.g. due to not optimal communication
infrastructure). Before proceeding make sure the details of this diagnostic message are analyzed.
After it is selected to continue, the communication with the peer safety Manager that are reported in
details of error code 186 will be lost. To prevent loss of Safety Manager Peer to Peer communication
make sure that unexpected error code 186 is resolved before proceeding with On-line modification.
2.6.5.3 On-line modification

When executing Online Modification in Safety Manager Controller of Safety Management Systems
R210.6 and system is configured with USIO modules, the running USIO module may report EC79 and
the stopped Safety Manager QPP module may report EC228. These error codes can be ignored.

2.6.5.4 On-line System software upgrade shows “Controller Too Complex”
During Safety Manager Controller On-Line system software upgrade to Safety Management Systems
R210.6, diagnostics may show EC98: Controller too complex to calculate cycle time within configured
DTI .
The DTI should be changed using previous system software version.
- Restore
- Change DTI in previous System Software version
- Compile
- Migrate to Safety Management Systems R210.6
2.6.5.5 On-line software upgrade from Safety Manager R150.1 (1-11FBXRN)

During On-line system software upgrade from Safety Manager R150.1 Safety Builder Load option
may show a “red cross” and On-line software upgrade appears to be blocked. When on-line software
upgrade was started the system is running fault free and if no other faults are reported as defined in
the On-line Modification Guide the first CP should be cycled to Stop and back to Run. After restarting
download the On-line software upgrade will continue and complete.
2.6.5.6 On-line software upgrade from Safety Manager R150.1 shows multiple EC 141
During On-line software upgrade executed from Safety Manager R150.1 following anomaly may be
observed:
Multiple error codes 141 appear. (Internal communication failure or redundant CP degraded)
If this is observed, it is strongly advised to complete the following steps before commencing the on-
line modification:
1. Turn the QPP key switch of the non-running QPP to the STOP position. The R150.1 Control
Processor remains RUNNING.
2. Toggle the Reset key switch once.
3. Turn the QPP key switch of the non-running QPP to the RUN position. The R150.1 Control
Processor remains RUNNING.
4. Wait for the QPP to show “CPReady” on the display,
5. Wait 10 seconds
6. Check Diagnostics,
7. If 0 to 3 error code 141 is reported, then all is OK and continue with next step else repeat
from step 1.
8. Resume the on-line modification procedure at step C2.i as defined in the On-line
Modification Guide

2.6.5.7 On-line adding and removing Universal Safety IO /Universal Safety Logic Solver module
Safety Manager Controller of Safety Management Systems R210.6 adding Universal Safety IO /
Universal Safety Logic Solver module to the application (Topology change) the application must be
changed first before Universal Safety IO /Universal Safety Logic Solver module are powered up.
Adding/deleting of Universal Safety IO / Universal Safety Logic solver must not be done as
part of a firmware upgrade to Safety Management Systems R210.6 (1-UA45D9)
2.6.5.8 System software Upgrade (1-AYDFBKD)

System software upgrade from Safety Manager R152 may report Sheet differences EC108. All
reported sheets contain system markers that represent the health status of the HBus of the IO racks.
2.6.5.9 Migrate from Safety Manager R153.3

System software upgrade of Safety Manager Controller having FC-RUSIO-3224 or FC-RUSLS-3224 and
running a DTI of 2 seconds is ONLY supported from Safety Manager R153.3 or higher.
2.7 Migrate Fail Safe Controller projects
2.7.1 Compatibility
Safety Management Systems R210.6 can migrate FSC R80x applications.
Safety Management Systems R210.6 supports most of FSC IO Modules.
More detail can be obtained by contacting local Honeywell affiliate.

2.7.2 FSC to Safety Manager Migration Process
Following are steps to migrate an FSC Controller to Safety Manager controller.
For releases in Flow Diagram use Safety Management Systems R210.6 and latest FSC R80x release.
Refer FSC R80x

Start
release note and
Migration
Safety Manager
systems SCN
1. Backup FSC Database

No 2. Migrate FSC Application to FSC R420
FSC Controller
3. Run “Verify Application” for all controllers
Database is in >=
FSC R420 running on FSC R420 software and
save the VA Report
Yes
4A. Backup FSC Database

4B. Install Latest FSC Navigator R80x
4C. Upgrade complete application (all the controllers) to FSC R80x
4D. Run “Verify Application” for all controllers running on
FSC >=R420 software and Save the VA Report
Phased Migration
No 5A. Upgrade complete application (all the controllers)
to FSC R80x
Single step?
5B. Run “Verify Application” for all controllers running
on FSC >=R420 software and Save the VA report
Yes 5C. Create the FSC system(s) migration phases/plan.
6. Run Migration Audit Tool for all the controllers in the application
upgraded in step 4C, find Un-Supported Features/Hardware
using “FSC to SM Migration Audit Tool” and remove them from
the FSC application
No, Rip and Replace

Yes Change to SM I/O’s
keep existing FSC I/Os
7A. Migrate the FSC Controller using Safety 7B. Migrate the FSC Controller using Safety
Builder option “Migrate to SM Controller”, Builder option “Migrate to SM Controller...”,
Uncheck “Change to SM IO Chassis” Option check “Change to SM IO Chassis” Option
All Controllers
done?
Yes
8. Compile & Load All SM Controllers with Migrated Application

9A. Run “Verify Application” from FSC Navigator R80x
for all the migrated Safety Manager Controllers
9B. Compare “Verify Application” report with “Verify Application”
Report of FSC R80x
9C Check FSC to SM Migration Report
No
Refer to
Can all differences be
Migration
explained?
document
Yes 10. Check & Re-Test Application

(As required)
Migration
Complete

2.8 Safety Builder
Safety Builder of Safety Management Systems R210.6 is an all-in-one tool for configuring, loading,
and monitoring Safety Manager and Safety Manager SC controller.
Note: Some tools may not be available, depending on your license and package.
2.8.1 Installation
More details on Installing Safety Management Systems R210.6 is available in Installation and Upgrade
Guide EP-SMSC-MAN-7053-210C, Paragraph INSTALLING AND REMOVING SAFETY BUILDER
2.8.1.1 Install IPSEC

Only for Safety Manager SC Controller solution.
During installation customer has opportunity to install IPSEC.
Installing IPSEC is recommended if secured communication in the plant is required.
For more details, refer the document Safety Manager SC Safety and Security Manual (EP-SMSC-MAN-
7054-210A).

2.9 User Documentation
The Safety Manager User Assistance Documentation R210 is included as PDF user documentation.
Following Safety Management Systems R210 documentation is available.
- Communication Best Practice
- Experion Parameter Reference
- Hardware Reference
- Installation and Upgrade Guide
- License Server Installation and Administration Guide
- Online Modification Guide
- Planning and Design
- Safety and Security Manual
- Safety Manual
- Software Reference
- System Administration Guide
- The Overview Guide
- Troubleshooting and Maintenance
- USC Planning Installation and Service
The latest update of Safety Manager User Assistance Documentation R210 is available on
Honeywell Process website. (https://process.honeywell.com/us/en/services-and-support/support-
center/technical-support/technical-solutions/article-detail.ka_000135672)
2.10 Experion Integration Support
2.10.1 Experion SCADA: Safety Manager SC diagnostic message files on Experion

To get a correct Safety Management Systems R210.6 diagnostic representation on Experion SCADA
the following files will need to be copied (replaced) to the Experion Server:
• fsc_module.txt
• fsc_fault.txt
Most likely the file location at the Experion server is: \Experion PKS\Server\Data.
2.10.2 CDA integration in Experion: Safety Manager SC Experion Components Installer

To be able to see the Safety Management Systems R210.6 detail displays, system tree icons and CDA
error messages on Experion the Safety Management Systems R210.6 Experion Components.msi
should be installed on the Experion Server and Experion stations when file replication is not used.
The Safety Management Systems R210.6 Experion Components.msi is a standalone installer. For CDA
Experion integration, the detail displays must be installed using this installer, before starting Experion
R501 (or higher).
Experion Components.msi will install the SBPublish tool. SBPublish supports remote publish to
Experion.

3 Release Overview
Safety Management Systems R210.6 is a maintenance release
- Abandoning separate Safety Builder tool for Safety Manager Controller.
Safety Management Systems R210.6 - Safety Builder tool manages Configuration of Safety
Manager Controller and Safety Manager SC controller.
- Elevated/enhanced data security.
- Remote Publish support enabling segregated Experion data publication.
- Common engineering and maintenance platform increasing the usability and security of
Safety Manager SC and Safety Manager
- Multiple Safety Builder engineering and maintenance enhancements provide easier
engineering and more detailed diagnostics and statistics.
- Feature-based license mechanism providing detailed licensing information and status.
- Improved HART communication robustness for HART enabled devices connected to FC-
RUSIO-3224/FC-RUSLS-3224 modules.
- For Safety Manager SC solutions IPsec communication for secure data communications.
- Upgrade from Safety Manager releases
- Migration from FSC releases. (Make sure to consult previous Software Change Notices of
Safety Manager R16x series when migrating)
- One installation program, installing Safety Builder and its supported components.

4 Anomalies Resolved
This section provides an overview of the issues resolved per component in Safety Management
Systems R210
4.1 S300 Firmware

Following table indicates anomalies resolved for Safety Manager SC Controller - S300 firmware
PAR # Abstract Release
SMSC-43177 Firmware upgrade sometimes fails because of a synchronization issue between redundant R210.5
processors on the same Logic Solver (FC-SCNT-01). Nuisance issue.
SMSC-44060 S300 reboot needed to purge duplicate process alarms from active alarm list if they exist. R210.5
SMSC-7598 Having 13, 29, 45, 61, 77, 93, 109, 125, 141, 157, 173, 189, 205, 221, 237, or 253 in the 3rd R210.4
octet of the IP address may result in a loss of communication, and a potential loss of
control during either a FTE yellow switch or FTE yellow cable fault. These 16 Problem IP
address values for the 3rd octet end in $D when converted to Hexadecimal (PN2021-08)
SMSC-43188 Pulling FTE-A cable may result in unstable communication over FTE-B cable. R210.4
SMSC-43611 CDA process alarms not sent out when CDA recovery/regeneration is in progress for long R210.4
periods of time
SMSC-43715 In the case of a chattering analog alarm, and consecutive analog channels with the same R210.4
alarm configuration, duplicate alarms for the consecutive channels could be generated.
Eventually, this could cause the process alarm list to fill up, which will prevent new alarms
from being generated.
SMSC-43681 Both SafeNet link lost for the unaffected link after doing application OLM for SafeNet links R210.4
due to EC181
SMSC-43681 EC182 reported between SMSC and SM links for the unaffected link after performing R210.4
application OLM for the SMSC link
SMSC-8461 Safety Manager SC shows EC 22 and effected Control Processor goes to safe state R210.3
SMSC-8422
SMSC-8397 Non-redundant Safety Manager SC configuration may be incorrectly rejected by the R210.3
controller due to an incorrect check on a configuration property.
SMSC-7670 "EC44 - SOE buffer full" reported while SOE is connected, and no events generated R210.3
SMSC-7891 An application on-line modification with FC-PUIO01 configured may cause the FC-SCNT01 R210.2
to spuriously shutdown with EC74.
SMSC-7996 Both Safety Manager SC Controllers stopped reporting EC19/EC49/EC53 after few min of R210.2
application OLM when DTI=1 sec with configured cycle time>=340ms
SMSC-8040 Safety Manager SC Controller 1 stopped and reported EC198. Safety Manager SC R210.2
Controller 2 stopped reporting EC49 at same time while doing application OLM
SMSC-3236 Not always possible to write a Write Enabled register symbol R210.1
SMSC-5700 Restore function may not work R210.1
SMSC-6140 FDM save history of some devices may be failing R210.1
SMSC-6922 The FC-SCNT01 report read/write failures R210.1
SMSC-6967 The FC-SCNT01 may report EC198 during Online Modification R210.1
SMSC-7100 The FC-SCNT01 may report EC22 and stops R210.1
SMSC-7132 The Modbus communication may show "Data Corruption Error" R210.1
SMSC-7345 It is possible to switch from operation mode to simulation mode online R210.1
SMSC-7433 Automatic cold start may not synchronize directly, need Fault reset R210.1
SMSC-7449 The FC-SCNT01 may report EC58, EC140 while performing power cycle on one CP. R210.1

4.2 QPP-0002 Firmware
Following table indicates anomalies resolved for Safety Manager Controller - QPP-0002 firmware
PAR # Abstract Release
1-EASI3WJ If any customer having Safety Manager application which does not have HART configured R210.6
on at least one channel of the connected RUSIO nodes and later application is changed to (R163.1)
enable HART configuration on one or more channels, during OLM chances of both RUSIO
modules reporting EC228 are high. But once both QPPs (CP1 and CP2) are upgraded with
latest applications and post final fault reset, communication will resume. Any further
changes to enable more HART channels on any RUSIO nodes will not introduce this effect
again
1-ECAAILL Safety Manager Controller running firmware <=R162.8 can run into communication link R210.6
failure due to exceptions (in this case due to denormalized floating point) over Modbus (R163.1)
protocol.
1-DXQSZRR Removing Slot 20 IO Extender causes Control Processor to stop. R210.6
Redundant Control Processor loses all IO in its chassis. (R163.1)
1-EC7TZ09 Safety Manager application having AutroSafe configuration might experience logical link R210.6
not going to faulty state if there an issue over line disturbing CRC or garbage message. (R163.1)
1-DHN0Z5D SM A.R.T system with many SDOL-0424 modules (>50) (typically non-redundant) R210.6
configured, then one CP may stop. (R163.1)
See paragraph 5.2.1
1-CV9BSKQ Any customer configuration having more than 16 SAO-0220m modules configured and if R210.6
there are more than 16 open loops reported from all these SAO-0220m modules, this will (R163.1)
lead to generating multiple Open loops in one cycle leading to EC141, EC147.
Cause for Open loop can be either the devices not connected or there is common cause
failure like having bad IO Extender.
1-CPYYUEJ For Safety Manager controllers using SAO-0220m modules having cycle times less than R210.6
300 mS in some occasion’s issues have been found when disconnecting and reconnecting (R163.1)
field devices, when these field devices affect the current send out by the SAO-0220m
module. This may result in EC10 for channel 1 and EC11 for channel 2.
1-BP6GKLH Safety Manager A.R.T having only SDOL-0424 modules in larger number i.e., up to 4-5 R210.3
chassis of SDOLs configured in combination with RUSIO-3224/RUSLS-3224, EC230 may be (R162.5)
reported. Diagnostics might reappear on every Fault Reset.
1-BZUSVA1 The very low probability that both I/O bus flat cables are disconnected on a running R210.3
controller and without verifying the root cause activating the “Fault Reset” could result in (R162.5)
outputs staying active.
1-BP6GKLH Safety Manager A.R.T having only SDOL-0424 modules in larger number i.e., up to 4-5 R210.3
chassis of SDOLs configured in combination with RUSIO-3224/RUSLS-3224, EC230 may be (R162.5)
reported. Diagnostics might reappear on every Fault Reset.

4.3 FC-PDIO01 firmware
Following table indicates anomalies resolved for FC-PDIO01 firmware
PAR # *Abstract Release
SMSC-8744 Module upgrade failed leaving FC-PDIO01 unresponsive R210.4
SMSC-42889 FC-PDIO01 may report hardware fault - ADC Range Test failure (EC 142) with high supply R210.4
voltage or high temperature.
SMSC-43183 FC-PDIO01 may report Module Faulty EC149 at runtime followed by short (EC63), open R210.4
(EC62) and DI hardware error (EC144) on the redundant module when the faulty module
rejoins. (PN2021-15)
SMSC-43318 FC-PDIO01 may report Module Faulty (EC149) at High temperatures (> 40°C) R210.4
SMSC-43338 FC-PDIO01 may report ADC Compare Fault (EC152) at very high temperatures (> 60°C) R210.4
SMSC-43339 FC-PDIO01 may report Hardware module fault EC23 or EC34 when startup at very high R210.4
SMSC-43353 temperatures (> 60°C)
SMSC-8398 After performing a remote reset random IO modules lost communication link with the R210.3
FC-SCNT01 (EC228)
SMSC-8311 EC152/EC153 observed on FC-PDIO01 R210.3
SMSC-8603 FC-PDIO01 may become unresponsive when power is removed during Firmware upgrade R210.3
SMSC-7464 FC-PDIO01 may report EC148-EC74-EC152 EC149, or EC102. R210.2
SMSC-7954 The Safety Builder IO module overview screen has the FC-PDIO01 module still showing as R210.2
“Running/Healthy” instead of "Running/Faulty" even though the module reported a
hardware fault. The reported diagnostics and system reaction are correct
SMSC-7173 Spurious channel fault reported for not-used (spare) channels R210.2
SMSC-7788
SMSC-8091 Spurious FC-PDIO01 stop, reporting error code EC148 and EC149. R210.2
SMSC-8134 IO module reports redundancy synchronization failure (EC102) during OLM, leading to R210.2
the trip (safe state) of one of the two IO modules
SMSC-2747 open loop or short on DI LM channel on FC-PDIO01. Only the “Short AND” system point is R210.1
set low.
SMSC-7032 Test pulse for Digital Output may cause LED blinking on a relay module R210.1
SMSC-7344 FC-PDIO01 stopped and reported EC23, EC34 and EC74 R210.1
SMSC-7356 Replacing FC-PDIO01 module the redundant module stops and reports EC34 and EC23 R210.1
SMSC-7406 Prevent EC74 for FC-PDIO01 R210.1
SMSC-7448 During upgrade of the FC-PDIO01, the status shows as Unknown instead of Loading R210.1
SMSC-7241 FC-PDIO01 may report EC148 - Duplicate USIO node address detected R210.1

4.4 FC-PUIO01 firmware
Following table indicates anomalies resolved for FC-PUIO01 firmware
PAR # *Abstract
SMSC-8457 EC27/EC140 reported on FC-PUIO01. R210.3
SMSC-8453 IO channel hardware fault not always reported correctly R210.3
SMSC-8562 EC 140 reported on FC-PUIO01 R210.3
SMSC-8533
SMSC-7792 EC201 of FC-PUIO01 not displayed correctly R210.2
SMSC-7794 Both FC-PUIO01 modules status LED doesn't blink in Red when any one of CP power R210.2
cycled whereas RUSIO-3224 and FC-PDIO01 Status LED blinks in RED for both module
SMSC-7882 Analog input and output HART device-tree in the Honeywell Field Device Manager (FDM) R210.2
program may not be displayed correctly
SMSC-7896 The “Last status change” timestamp which is displayed on Safety Builder Remote IO page R210.2
is not correct for FC-PUIO01
SMSC-7957 During the FC-PUIO01 module replacement, open loops, short circuit, and PV shifts are R210.2
observed on the AI and DI_LM channels
SMSC-7974 FC-PUIO01 module reported EC95 on DO channel for Inductive Load during module R210.2
replacement
SMSC-7992 Field Device Manager reports load failure due to parity error issue for FC-PUIO01 module. R210.2
SMSC-8014 FC-PUIO01 LEDs not operational during startup. R210.2
SMSC-8043 EC62 getting reported during redundant module turning on. R210.2
SMSC-8106 FC-PUIO01 stops on redundant module power-up reported with error code EC30. R210.2

4.5 Safety Manager SC FC-RUSIO-3224 firmware
Following table indicates anomalies resolved for Safety Manager SC FC-RUSIO-3224 firmware
SMSC-8105 Channel fault diagnostics (EC91) gets reported for the devices like Smoke/heat detector R210.4
that has alarm range at 24.3mA. no issues when the devices are within normal operation
range. Issue is predominantly seen during the RUSIO-3224 module replacement with
Smoke/Heat detector in the alarm range at/above 24.3mA. Since it only reports on the
redundant module fault reaction for the point is not applied
SMSC-43418 FDM drops off connection with devices connected SMSC FC-RUSIO-3224 R210.4
1-CKZ0ZNB AI signals operated at a current of 24.3 – 25 mA may report a spurious EC91. R210.2
1-C1HTY4T The synchronization of the AI value and the AI loop statuses could be out of R210.2
synchronization when an FC-TELD-0001 is present in an application with USIO modules. In
case (one of) the AI loop statuses are used in the FLD’s to generate an automatic override
on a logic function it may have happened that this override does not work as intended as
the AI loop status is activated up to 2 cycles later as expected.
1-C9PRZ7B Specific output loads on FC-RUSIO-3224/FC-RUSLS-3224 of Safety Manager releases R210.2
R153.6 to R154.2, R162.1 to R162.4 and specific output loads on FC-RUSIO-3224 of Safety
Manager SC releases R200.1 to R210.1, may result in EC56 followed by EC116 being
reported on one or both USIO modules.
An EC62 can be reported for DO channel in case an Earth Fault occurs on that DO channel
when it has a load < 10mA and the number of channels being monitored by the ELD is >
50. EC251 will also be reported in this situation
1-C9XNS6T Specific output loads on FC-RUSIO-3224/FC-RUSLS-3224 of Safety Manager releases and R210.2
specific output loads on FC-RUSIO-3224 of Safety Manager SC releases R200.1 to R210.1
may result in EC62 and EC56 followed by EC116 being reported on one or both USIO
modules.
1-B9VNAS1 Safety Manager CDA got stuck in the EPKS alarm summary. The starting point is that one R210.2
or more points are in alarm condition. When the alarm limits or open / short set point
limits are changed in such a way that the previous limits are in the new operating range,
then the alarms would not recover. The workaround was to get the point above the new
limits and then let it recover.
1-BWG78QK A specific hardware fault on USIO input channel used for DI-LM signal, having a status Low R210.2
can result in a one cycle duration activation of that DI-LM signal to status High.

4.6 Safety Manager FC-RUSIO-3224 firmware
Following table indicates anomalies resolved for Safety Manager FC-RUSIO-3224/FC-RUSLS-3224
firmware
1-D3KJ8BS For AO channels on USIO modules the fault reaction has been updated in case of an Open R210.6
Loop. (R163.1)
1-DNZ1U61 Application of a forced analog input channel may incorrectly use the field value for one R210.6
application cycle for Safety Manager with Universal Safety IO (USIO) module type FC- (R163.1)
RUSIO-3224 or FC-RUSLS-3224 which include earth fault detector module type FC-TELD-
0001. (PN2021-11A)
1-BWG78QK A specific hardware fault on USIO input channel used for DI-LM signal, having a status Low R210.3
can result in a one cycle duration activation of that DI-LM signal to status High. (R162.5)
1-CT50VCH Using the GM relay GMID5096S it could happen that an unexpected EC62 was reported R210.3
for the channel when the DO channel was in the off state. If the EC62 was not detected at (R162.5)
the same by a redundant module setup it could be followed by an EC96/EC116 on the
module that reported EC62.
1-B9VNAS1 The starting point is that one or more points are in alarm condition. When the alarm limits R210.3
or open / short set point limits are changed in such a way that the previous limits are in (R162.5)
the new operating range, then the alarms would not recover. The workaround was to get
the point above the new limits and then let it recover.
1-C1HTY4T The synchronization of the AI value and the AI loop statuses could be out of R210.3
synchronization when an FC-TELD-0001 is present in an application with USIO modules. In (R162.5)
case (one of) the AI loop statuses are used in the FLD’s to generate an automatic override
on a logic function it may have happened that this override does not work as intended as
the AI loop status is activated up to 2 cycles later as expected.
1-C9PRZ7B Specific output loads on releases > R153.6 and < R154.3 and > R162.1 and < R162.5 may R210.3
result in EC56 followed by EC116 being reported on one or both USIO modules. (R162.5)
An EC62 can be reported for DO channel in case an Earth Fault occurs on that DO channel
when it has a load < 10mA and the number of channels being monitored by the ELD is >
50. EC251 will also be reported in this situation
1-CKZ0ZNB AI signals operated at a current of 24.3 – 25 mA may report a spurious EC91. R210.3
(R162.5)
1-C9XNS6T Specific output loads on releases < R154.3 and R160.1 – R162.4 may result in EC62 and R210.3
EC56 followed by EC116 being reported on one or both USIO modules. (R162.5)

4.7 FX-USI-0002 firmware
Following table indicates anomalies resolved for FX-USI-0002 firmware resolved for Safety Manager
Controller
1-EJCT8SL Safety Manager having EUCN configuration running on <=R162.8 might run into EUCN R210.6/
communication loss, when EUCN configured communication module encounters EC34 R163.1
diagnostic (PN2022-12A).
1-E89DTHL UCN noise reported continuously in TPS journal logs reported by Safety Manager. R210.6/
(PN2022-12A) R163.1
1-E3PTQ31 Safety Manager having CDA configuration and BI or BO points configured for CDA alarms R210.6/
may experience points are stuck in Active state and Return to Normal (RTN) will not occur. R163.1
1-E3QUQRF SM-EUCN: Time drift on ENB causes "partfail" for 6 seconds randomly R210.6/
Safety Manager customer having EUCN configuration and having ENB in network, might R163.1
experience SMTSFLT part fail alarms in system journal
1-D2KUCHG Any customer configuration having FSC as Primary node, Safety Manager and FSC as R210.6/
Secondary node with Device clock is configured (using UCN, Modbus or DBM) at FSC R163.1
Primary node can have SafeNet link high level retries resulting in alarms. In some cases,
FSC-SM SafeNet logical link failure might be observed.
1-E1DVZKR SMM (Safety Manager Module) may not failover when universal safety interface (USI) fails R210.6/
with error code 34. (PN2022-12A) R163.1
1-D3NU95N In situations where two IP addresses are configured on SM (that is IP configuration on R210.6/
port A and port B) and with different protocols configured on port A and port B, then it is R163.1
possible to communicate to protocols configured on port B via communication from port
A and vice versa, with simple addition of “route” command.
4.8 Safety Builder

Following table indicates anomalies resolved for the Safety Builder
SMSC-47507 SM Controller's CP2 Load Fails when the Safety Builder is only in the View only Mode R210.6
during the Firmware/Application Download
1-DV6J6DX Tool requires to resolve alarm stuck issue on SM - Experion CDA integration R210.6
1-DDO10FF Decimal value not correctly displayed in online FLD after Function Blocks and division. R210.6
1-DZMXZHW Remote Reset is enabled in View Only credential of safety Builder during Point Viewer R210.6
option.
1-E2WMZGP FNG DI point connected to function block symbol not working when directly connected R210.6
without logic
1-DZJRTVH Application Viewer: Safety Manager having PID configuration may show “NaN” while R210.6
reading the output of PID in point viewer or in online FLD page
1-CQTOMA3 Safety Builder stopped when right click on FLD during FLD selection in application viewer R210.3
1-C81RRID Migration aborted due to Maximum number of Points that can be allocated to EUCN R210.3
protocol
1-AUIE97W Urgent alarms from SM are termed as Critical alarms in Experion server R500.1 R210.3
1-CAZYRAP Copy Controller" functionality is broken: All addresses changed, and OLM is not possible R210.3
1-C2R8HJB 1 DO tag forced causing another ANN tag to force as well R210.3
1-C1DDKP7 Range Check Error during compilation. (Unable to compile application) R210.3
1-B3AO76P On sheet marker directly connected to an input is missing all properties of that input R210.3

1-CQBECT7 Safety Builder stopped during migration of FSC-SM database after 6 hours R162.5
SMSC-8349 On sheet marker directly connected to an input is missing all properties of that input R210.3
SMSC-8399 Not able to retrieve controller logs via Safety Builder R210.3
SMSC-5761 Clicking and changing between FB in online view renders SB unresponsive R210.1
SMSC-6044 Deallocated points are not showing in the Select Point list from the Hardware R210.1
Configurator
SMSC-6200 Safety Builder on a standalone remote PC stops when the SQL Server to which it is R210.1
connected is turned off.
SMSC-6213 Retrieving diagnostics in OLM procedure takes relative long: 1,5 minutes R210.1
SMSC-6214 Universal Safety IO (System Info tab) does not update when modules are R210.1
changed/added/removed
SMSC-6219 "Nervous cursor" when being in online environment R210.1
SMSC-6220 No confirmation from Safety Builder that backup is successfully created and completed R210.1
SMSC-6630 On sheet marker directly connected to an input is missing all properties of that input R210.1
SMSC-6647 Compiler did not address SM SC with non-used max repair time configuration. R210.1
SMSC-6739 Builder reports "DISK WRITE ERROR" when load block and save block used on comment R210.1
FLD
SMSC-6145 Copy controller when Modbus Responder configured may show "host IP address R210.1
invalid”.
4.9 Experion Integration

Following table indicates anomalies resolved for the Experion Integration
1-4A9KBKH TFS_COM1-Firstup Status events reported in Safety Historian & not reported in Experion R210.6
CDA
Safety Management Systems R210.6 provides Safety Manager Controller version R163.1
For more detail information regarding updates for Safety Manager Controller, check the Software
Change Notices for Safety Manager R162.x, which can be found at MyHPS website
(https://process.honeywell.com/us/en)
Search for "Safety Manager - SoftwareChangeNotification – R162"

5 Known Restrictions
Safety Management Systems R210.6 has following known restrictions for:
- Safety Manager SC controller and
- Safety Manager controller
5.1 Safety Manager SC Controller
5.1.1 Temporary connect

In case the FC-SCNT01 controller application is cleared and then then a controller load operation is
performed, then a controller reboot occurs and temporary connect operation needs to be performed
to establish communication with the controller again.
5.1.2 Considerations for HART-communication
5.1.2.1 Performance
FC-RUSIO-3224 has one HART modem serving channels 1-16 and a second HART modem serving
channels 17-32. In a redundant configuration, the two HART modems assigned to the same group of
channels are sharing the HART communication load.
Communication with the HART enabled channels is scheduled round-robin. With a typical HART
request-response communication cycle of 800ms, this implies that when running non-redundant,
each HART configured channel is on average serviced 800ms x (number of HART enabled channels in
the same group – 1). When running redundant, this will be approximately 800ms x (number of HART
enabled channels in the same group / 2 – 1). If communication retries are requested, the
performance will be lower.
5.1.2.2 Signal levels and quality

The minimum HART signal amplitude for low-impedance devices is specified at 120mVpp. It is
observed that devices connected between the FC-RUSIO-3224 and the field device (intermediate
device) sometimes attenuate or malform the HART signal. Especially isolating barriers using a
transformer attenuate the HART signal a factor 2 to 5. Even if the intermediate device is HART-
compliant, a perfectly healthy HART signal with 200mVpp at the device side may be attenuated well
below the minimum HART specification after it passed the barrier. At the FC-RUSIO-3224 side a too
low signal amplitude may lead to retries, resulting in a slow response, or no HART communication.
Poor cable quality, long cables, poor cable connections and intermediate devices like barriers, may
cause excessive noise or malformed HART signals. This may result in a slow response, or no HART
communication.
The HART specification defines the Mark and Space frequency tolerance at ±1%. It is observed that
some field devices deviate 2% or more. FC-RUSIO-3224 HART firmware pre R210.5 is designed
against the ±1% specification. When running firmware versions older than R210.5, these out of
bound frequencies are not always decoded properly and may lead to no HART communication.
Firmware version R210.5 and higher also support out of bound device frequencies up to ±3%.

5.1.2.3 Differences between FC-RUSIO-3224 and FC-PUIO01
The FC-PUIO01 has 32 HART modems, one for each IO channel whereas FC-RUSIO-3224 has 1 HART
modem serving a group of 16 channels. From a performance point of view, FC-PUIO01 has a higher
throughput.
In general, the hardware design provided with FC-PUIO01 is more forgiving for out-of-bound
frequencies and poor signal quality compared to FC-RUSIO-3224. If HART communication is
important for operations, and if module selection is an option, it is recommended to use FC-PUIO01.
5.1.3 Known anomalies

This section provides an overview of the not yet resolved anomaly with high priority confirmed to be
an issue with Safety Management Systems R210.6.
5.1.3.1 Safety Manager SC Controller

PARID# Abstract
SMSC-4816 Experion CDA Module status shows incorrect module status for SM modules for
various fault states of Safety Manager
SMSC-5613 Safety Manager SC release <R210 the Endianness property in DCS (Modbus TCP)
dialog is default blank. To avoid compilation errors, Users should configure this
property.
SMSC-5703 Nuisance EC147 (Cycle Time is different for Redundant Module) reported while
newly placed FC-SCNT01 from stock gets equalized.
SMSC-6763 Safety Historian cannot be configured on port C or port D. It is recommended to
configure DCS or Safety builder node on port C or port D and use same physical
network to connect to Safety Historian.
SMSC-7498 The SOE Buffer full system marker covers the SOE buffer and the Alarm buffer, while
the name suggests it only covers the SOE buffer.
SMSC-7632 Forces are accepted in idle, but will be cleared at start-up
SMSC-7710 Automatic cold start does not work reliably under all conditions. It is recommended
to leave the Automatic cold start unchecked.
SMSC-8621 SOE Buffer full and Clock Source System Points goes to Low during upgrade SMSC
Controller reboot
SMSC-8546 During switchover after load, the maximum cycle time shown on System –
Information - SM-SC Controller statistics screen increases and at times may show
vast difference between cycle time or min cycle time and maximum cycle time.
Toggle fault reset after load ensures that all three values are showing accurate data.
SMSC-43054 S300 - SOE: CDA process alarm list size limit reached.
SMSC-8675 Safety Manager SC CDA points show trip value as 0 or 1 in EPKS Alarm/Event
Summary
SMSC-43679 If alarms/returns to normal are generated at a rate of > 10/second for an extended
period, this can cause the S300 process alarm list (and Experion) to get stuck with
alarms that cannot be returned to normal. The alarm list could also eventually fill up
and result in EC44. If this happens, rebooting both S300s at the same time is the
only way to restore the alarm list to normal. If EC43 occurs (SOE generation
overrun), this could also result in stuck alarms in the S300 process alarm list.
SMSC-45951 Loss of communication when SM-SC controller name and the asset name inside the
FLD properties are equal
SMSC-45397 Fault Reset applied to Safety Manager SC system not always listed in Diagnostics.

PARID# Abstract
SMSC-48378 Already reported ACTIVE alarms might get stuck in Experion side in case
SMSC-48379 - Some tags have ACTIVE alarms reported and
- Both the Control Processor (CP) modules are rebooted at same time and
- the Power UP values of those tags are in Normal range
This scenario will not be corrected using “Clear Alarm” functionality.
Workaround: Initiate manual recovery from Experion side once both CPs of the
Safety Manager are in Running condition
5.1.3.2 Safety Universal IO module

PARID# Abstract
SMSC-5346 FC-RUSIO-3224 sometimes generates 2 low-latency (1ms) events for the same DI
transition
SMSC-7164 For systems with more than one IO module in the power supply group,
FC-RUSIO-3224 and FC-PUIO01 may not be able to localize earth faults which occur
on Digital Output channels. "Earth Fault detected on cabinet" (EC251) will be
reported. For details on tracing earth faults, see section “Checking for earth faults” in
the Safety Manager Troubleshooting and Maintenance Guide.
SMSC-7517 Any single Ethernet cable fault Universal IO module FC-PUIO01 will set both RIOLA
and RIOLB system markers faulty for this module.
SMSC-7671 FC-PDIO01 Digital Output channel high with beacon connected may report EC60
SMSC-7783 Safety Manager SC ART and ART+ Supports 32 IO modules. The IO modules node
number must be less than or equal to 32.
SMSC-7778 A nuisance External Communication Failure (EC228) can be observed while
performing an on-line modification on IO module FC-PUIO01 if this module does not
have the IO network cross-wiring between redundant CP. It is advised to check the
Remote IO status in System Information to confirm all IO links are healthy
SMSC-7134 Intermittent Earth Fault on the DI_LM channel of the FC-PUIO01 module in the same
power supply group may report EC63
SMSC-7419 Power cycle both FC-RUSIO-3224’s having Analog Output channels configured and
device connected, may report EC58
SMSC-7709 Power cycling FC-PDIO01 or FC-PUIO01 module during OLM may report EC102, EC95
for the redundant FC-PDIO01 / FC-PUIO01.
SMSC-7779 Adding AI having load on spare channel of FC-PUIO01 may report EC62/EC63 after
doing application OLM. Fault reset will clear EC62/EC63
SMSC-8130 RIOLAFault & RIOLBFault set to high when communication to RUSIO module is lost
SMSC-8098 Analog Input value may shift approx. 2-3% during module replacement.
SMSC-43145 Issues with loading out of the box RUSIO modules with R210.x (PN2021-10A)
SMSC-8788 FC-PDIO01 reports EC60 on DO HIGH for Asco redhat solenoid valve
SMSC-43731 New FC-RUSIO-3224 installed on IOTA running R2xx will not be loaded. (PN2021-10A)
SMSC-44882 FC-PUIO01 HMI display shows ESD activated all time while no ESD is activated.
SMSC-45927 On Powering off FC-RUSIO-3224 / FC-PDIO01 / FC-PUIO01 module, Experion displays
for this module shows healthy status.
SMSC-43144 FC-RUSIO-3224 connected to Safety Manager SC controller reports EC56 after
upgrade.
1-ECKOM3V ART RUSIO1-Slot2 module not able to join partner module RUSIO1-Slot1 and come to running
state.

5.1.3.4 SafeNet
PARID# Abstract
SMSC-6437 Adding/deleting an intermediate SMSC master both SafeNet links may fail
SMSC-6170 Incorrect “Fault Reaction Applied (Own/Peer)” on SafeNet Status screen.
SMSC-5603 Fault Reaction Applied Peer value attempts to assist the operator but is not
definitive. Operator should check the SafeNet link status from the peer controller’s
SafeNet Status Details
SMSC-7352 SafeNet communication links between a Safety Manager and a Safety Manager SC is
not supported on the FTE network.
SMSC-6943 Elevated numbers of low level retry may be recorded on SafeNet links because of
delays in sending message acknowledgements, not adverse network conditions.
High level SafeNet retry counts are not affected.
SMSC-7512 A SafeNet link will recover automatically if its redundant link is healthy.
However, the External Communication Fault system marker associated with that
SafeNet channel (ExtComfaultCCx) will keep its alarm state until fault reset.
SMSC-45740 Time sync via SafeNet not supported but able to configure in Safety Builder
5.1.3.5 License and install

PARID# Abstract
SMSC-4856 After installing Flexera licensing, acrobat Pro stops working. Acrobat should be re-
installed after Flexera, or you must run the repair tool
SMSC-6066 License Activation Utility shortcut is created in Start Menu, but it is a blank icon.
SMSC-48121 "Honeywell CLL UI’ service may not be available after Install.
Uninstall and reinstall the ‘Honeywell license activation utility’ again as
administrator.
SMSC-47809 Installing on Windows 2016 LTSB, not all security settings may be applied.
Make sure security settings are applied as defined in Chapter - SQL SERVER DEFAULT
SETTINGS RECOMMENDATIONS of the Safety Management Systems R210.6
Installation and Upgrade guide.

5.1.3.7 Safety Builder
PARID# Abstract
SMSC-4395 Not able to export points in case more than 40 Logical links are configured, Safety
Builder fails with message "unable to create external database"
SMSC-5885 After a Copy controller is done, some controllers may fail to open. This is due to
inconsistent data related to SafeNet allocations that is already present in the
database.
Workaround: re-create the SafeNet allocations after Copy controller is done.
- Export the points
- Remove the SafeNet allocations
- Import the points again
SMSC-6029 Safety Historian doesn't work when installed with Safety Builder on same windows
10 machine. (SQL server related)
SMSC-8763 Unable to create .BAK and .SBX files
SMSC-6740 The value for the Maximum Repair Timer which is configured as “Not Used” in Safety
Builder (for Safety Manager) is not shown as “Not Used” in Experion Native Window.
SMSC-6754 Importing large number of FLDs is causing Safety builder to hang. It is recommended
to import in a set of 750 FLDs at a time.
SMSC-7312 Project Plant-Backup Configuration or Export option may fail with Query Timeout.
Expired/Command Timeout error when plant configured with more than 40
controllers and more than 70 logic connection.
SMSC-43178 No Print option Safety Builder Hardware Configurator
SMSC-43175 incorrect text shown in column "unit" in Experion alarm display
SMSC-42966 "Publish to Experion" Window: Word "Enumerations" to be replaced with
"Enumerations"
SMSC-42964 NTP & Experion server host name change does not change the Controller Status to
Blue or Red.
SMSC-42919 When selecting a sheet which is available bit visible in appl. viewer, Safety Builder
stops
SMSC-45586 Not able to import the Autronica *.xml files on Safety Builder
SMSC-44882 Controller management: System Information: incorrect quantity "Number of faults"
reported
SMSC-43037 Incorrect Audit Trail Message "Remote Reset Confirmation Failed": Reset is
performed successfully

5.2 Safety Manager Controller
5.2.1 SDOL-0424 limits in Safety Manager A.R.T. system (1-DHN0Z5D)

Maximum number of SDOL-0424 modules supported since Safety Manager R162.7 in an SM A.R.T.
configuration is 108 SDOL-0424 modules in a non-redundant IO configuration and 54 pair of
redundant SDOL-0424 modules in a redundant IO configuration.
The cumulated maximum number of open loops on SDOL-0424 modules in an SM A.R.T.
configuration is 10.
5.2.2 Changing Function Block gives an error during compilation

(PAR1420, 1-12IVDA2)
Safety Manager Release
R100.1 and higher
Configurations:
Changing Function Block (FB)
Descriptions & Conditions:
When changing an FB which is used on one or more FLDs, these FLDs are not refreshed with the
latest changes. Translate Application reports all FLDs with the changed Function Block.
Changes on a function block that require a refresh on the FLD’s that use these function blocks are
• Interface signal types
• Timer set points
• Counter
• Cycle-pulse
Work around:
Use ‘Change’ option from the pop-up menu to update the FLD’s that use this changed Function
Block.
5.2.3 Remove “Force enable” procedure (1-14UOTT/1-14UOWF)

Configurations:
All
If a point is forced in a running redundant SM Controller and during a modification this point is set to
force enable ‘No’, after the on-line modification (OLM) the point is still forced. The force of this point
can only be cleared via the Safety Builder “Clear all forces” option or by disabling the FORCE ENABLE
key. When trying to start-up the “View all Forces”, while having this point forced the Safety Builder
will terminate.
Work around:
Do not use “View all Forces” until the point is cleared.

5.2.4 FE-USI-0002 compatibility limitations (1-3WZT0DJ)
Configurations:
FE-USI-0002 with EUCN configuration
If an FE-USI-0002 module which was working in R16x with EUCN configured (having EUCN
authentication files) is swapped as spare USI to Safety Manager Release < R130.1, the FE-USI-0002 or
loses its EUCN certificate. This might result in loss of communication with EUCN (ENIM does not
accept Safety Manager node) and/or the FE-USI-0002 module reporting diagnostic message EC75.
Restriction:
Do not use FE-USI-0002 in a Safety Manager Solution < R130.1.
5.2.5 FX-USI-0002 compatibility limitations (1-BZ1LQP7)

Configurations:
FX-USI-0002
The FX-USI-0002 module only supports a QPP that is running >= R140.1,
Positioning the FX-USI-0002 with a QPP running older firmware than R140.1 will leave the
FX-USI-0002 not operational. (PN2019-31)
Restriction:
Do not use FX-USI-0002 with a QPP that is running Firmware older than R140.1.
5.2.6 Noise reported on EUCN during startup (1-3ZPP4MR)

Configurations:
Safety Manager – EUCN integration
The startup time of EUCN protocol in USI is a bit slower compared to SMM because all components
run in USI (LLC, TBC emulator). Therefore, the context switch time between these tasks cause the
delay at startup.
Work around:
Ignore any cable alarms and Return-To-Normal at startup/state change.
When doing online modification, verify there is no noise before starting this exercise

5.2.7 EUCN and Advanced Experion Integration protocols.
Configurations:
Safety Manager – EUCN integration and CDA
Due to the USI memory capacity the EUCN and Advanced Experion Integration (CDA) protocols
cannot be used both in the same Safety Manager Controller
Work around:
None
5.2.8 Universal Safety IO HART

Configurations:
Applications having Universal Safety IO with HART enabled channels also configured for Smoke/Heat
detection.

When a HART enabled channel is also configured for Smoke/Heat detection, HART communication
may be lost temporarily when that HART device is reset.
Workaround:
Not applicable.
5.2.9 Able to configure 2 SOE devices while not allowed (1-5JZQLKU)

Configurations:
Safety Manager having a SOE channel configured

Safety Manager with SCADA link to Experion, check the box SOE enable.
Configure a link for Safety Historian. Configuration can compile.
Loading Safety Manager results in EC65 (USI -0002, configuration error)
Workaround:
Not applicable.

5.2.10 Not able to temporary connect in case BootP active (1-82X5JIV)
Configurations:
Safety Builder is installed on Experion server or another node having BootP service running

BootP service to be disabled on Experion node to allow temporary connect to SM
Workaround:
BootP service to be disabled before the temporary connect on controller (without IP address, and node
number) is performed.
5.2.11 Migrating an application gives error code EC180 (1-8R4I2TN)
Configurations:
Application having SCADA and Safety Historian protocol on same USI

Migrating an application that has Experion SCADA and Safety Historian protocol on same USI reports
error code EC180.
Workaround:
Change original application

5.2.12 QPP-0002 as spare Part in pre R16x System (1-474GAS9)
Configurations:
Safety Manager Controller running release prior to R160 and configured as QPP-0001 where QPP-
0002 from Safety Manager system running R160 or later release is applied as spare part.

After applying QPP-0002 in system Manager Controller running release prior to R160 the USI will end
up in continuous restart.
Workaround:
Before using a QPP-0002 from SM R16x system as spare part in system running release prior to R160.
Remove the USI modules before the QPP-0002 is inserted. Once the QPP-0002 has been loaded with
the firmware of the controller the USI's can be re-inserted.
5.2.13 Known anomalies

This section provides an overview of the not yet resolved problems with high priority reported by
customers and confirmed to be an issue with Safety Management Systems R210.6
PAR# Abstract
1-11MGURO Migration of Safety Manager < R15x to Safety Manager R16x may takes long time.
1-EA8GM1U Migration stops without error message
1-DHPO6WR Safety builder Boolean on sheet marker sequence number reported incorrect when trying
to create new
1-EBW9ZCN Forced DI or AI signals of RUSIO-3224 are overwritten by Field Value when power cycling
both RUSIO's
1-DJM9XWN RUSIO-3224 connected to Safety Manager controller reports EC56 after upgrade
1-DWRW6DD NTP & Experion server host name change does not change the Controller Status to Blue or
Red.
1-ECKOM5T Loss of comm to RUSIO-3224 on one link when Control Processor halt and multiple
RUSIO-3224 nodes fail at different slots in RUSIO ART configuration
1-DAHOE2L USI EC 3, 34 and 13 reported spuriously, resulting in loss of communication.
1-EPZ7R1H FSC migrated to SM with EUCN. The USI-0002 reports EC34.
1-DV6U0ER Seconds timer shows the value in minutes in UNISIM, When UNISIM uses export to
UNISIM function of Safety Builder
1-DJCXEYL Printout of logic diagrams shows 30-Dec-1899 while revision tab shows a dash at the date
field.
1-DXUNCXH Safety Builder becomes nonresponsive after selecting Function Block in application
1-CRQKR13 Viewer.
1-CD4ENF5 After migration controller reported error code 35: too many SOE points configured
1-E4QAJIZ Logical Routes missing when configure multiple EUCNs per TPS device in Safety Builder
1-CZJ28R3 SIM-SM publish deletes points from Experion when "delete before update" is not selected
1-DS7ASRN After migration from FSC to Safety Manager verify reports a record not regenerated
SMSC-48509 Clear Alarm functionality is only available when Safety Builder is configured on same USI
module where Experion CDA protocol is configured, and Safety Builder communicates via
Safety Builder-FTE physical path.

6 Special Considerations
With Safety Management Systems R210.6, users will need to take the following special
considerations into account:
- Safety Manager SC controller
- Safety Manager controller
- Universal Safety IO (FC-RUSIO-3224/FC-RUSLS-3224)
6.1 Safety Manager SC Controller
6.1.1 FC-PDIO01 special considerations
6.1.1.1 FC-PDIO01 Migration might take long time (SMSC-6733)

Upgrading Safety Manager SC having FC-PDIO01 may take up to 90 minutes while at some stages of
the upgrade it may appear that no progress is made.
Safety Builder R210 indicates an update is in progress.
It is strongly recommended to wait at least 90 minutes before manually aborting the download or
power cycle the IO modules. Power cycling FC-PDIO01, while the upgrade is in progress, may result
in an unusable module.
6.1.1.2 Replacement FC-PDIO01 may not startup (SMSC-43398)

Replacement part Universal Safety Digital IO module FC-PDIO01 may not startup immediately.
Remove the FC-PDIO01 and place back on FC-TDIO11.
6.1.1.3 Placement of FC-PDIO01 module (SMSC-7425)

Universal Safety Digital IO module FC-PDIO01 may report spurious errors if not properly fastened on
its IOTA. Make sure that the FC-PDIO01 is inserted properly. Tighten both screws leaving no gap
between the IOTA and the module.
6.1.2 Use latest SafeNet timeout calculator tool (SMSC-6019)

In case doing upgrade, both links reported faulty for few seconds and reported EC182 for both CPs.
Make sure to use settings from latest SafeNet timeout calculator tool
6.1.3 Accessing project simultaneously by SQL Server and Remote Safety Builder
Machine (SMSC-6146)
To prevent Safety Builder stop when simultaneously accessing same project from SQL Server and
Remote Safety Builder Machine, make the user accessing Safety Builder in all the machines part of
Safety builder product administrator group.

6.1.4 Offline migration in case Modbus Responder configured (SMSC-5465)
Upgrading Safety Manager SC Controller configured as Modbus Responder from R200.x can only be
done offline.
Following procedure to be executed.
1. Make both Control Processors to “NODB” state by setting device index as "0"
2. Power off both Control Processors and set the device index as per configuration
3. Power On both Control Processors.
4. Migrate the application to latest R21x release and compile the application.
5. Load the application to both controllers and bring it Running after successfully loaded.
6. Upgrade to Safety Manager R210
This procedure must be followed in case the configuration of Modbus Responder endianness is
started ‘undefined’, Controller gets loaded and then endianness is changed.
Error code 123 – “Download failure” will be reported if you are not following the above procedure.
This is due to Endianness changes for the Long and Float data type.
6.1.5 User guides

If a user looks for task specific instructions, the following considerations apply:
1. Dedicated instructions for operators have not been identified; tool usage instructions for
operators can be extracted from the on-line tools section in the Software Reference.
2. Dedicated instructions for engineers have not been identified; tool usage instructions for
engineers can be extracted from the various tool sections in the Software Reference.
6.1.6 Certification EN/ISO 13849-1

Configurations:
Safety Manager Controller or Safety Manager SC Controller having connected the FC-RUSIO-3224, FC-
PDIO01 or FC-PUIO01.
To comply with the EN/ISO 13849-1 standard:
1. Digital input signals allocated to the FC-RUSIO-3224, FC-PDIO01 or FC-PUIO01 must be
configured as Line monitored Digital Input.
2. Digital output signals allocated to FC-RUSIO-3224, FC-PDIO01 or FC-PUIO01 module must
have shielded field wiring.
6.1.7 Fault reset clears Error code 228 (SMSC-7115)

With ART+ connections, a persistent cable fault either single or multiple, a Fault reset will clear the
Communication diagnostic (EC228) from the Actual diagnostic page.
It is recommended to check the status on page Controller Management -System information, Tab
Remote IO

6.2 Safety Manager Controller
6.2.1 Migrating FSC to SM (1-6VN5EWF)

Migrating an FSC network to Safety Manager network
When migrating an FSC Responder system to Safety Manager Controller the loaded state for all
Safety Manager controllers on the same physical network changes.
6.2.2 SafeNet Diagnostics

Fault reset which set SafeNet link healthy on one Safety Manager will automatic clear the actual
diagnostics and archive the diagnostic messages including details of systems who have SafeNet
connectivity with this system.
Diagnostics on all related SM controller will be cleared.
The system markers are not set to healthy. Safety Manager is running with faults but no diagnostics.
To reset system markers, a reset on all related SM Controllers is still required.
6.2.3 Remove points from TPS point database before removing from Safety Manager
Database and online modification (1-44RPJAH)
In case that it is required to remove Points from the Safety Manager application, the following
sequence shall be followed:
1. Remove the associated point(s) from the nodes point database at the TPS side.
2. Save the point database to a new checkpoint
3. Remove the Point(s) from the Safety Manager database in safety builder.
When ready compile the application
4. Perform the online modification
6.2.4 On-line modification (1-AKLE9C)

When performing an On-line Modifications always make use of the OLM procedure.
Do not apply a Fault Reset (Direct or Remote) during the actual download as this may stop the
software loading.
6.2.5 Key switch QPP

When the QPP key switch is placed between IDLE, and STOP position the SM Controller will interpret
this as key switch is set to the RUN position.
The display of the QPP will show “CPReady”. It is possible to start-up the SM Controller in this
situation.

6.2.6 Data types within Experion releases
When configuring Safety Manager data types in Experion, use for AI and AO the data types as shown
in below table.
Table 1
Point type AI / AO Experion R210 or lower Experion R300 and higher
0-20mA FSC020MA SM020MA
4-20mA FSC420MA SM420MA
0-5 V FSC05V SM05V
1-5 V FSC15V SM15V
0-10 V FSC010V SM010V
2-10 V FSC210V SM210V
6.2.7 Safety Manager Controller Sequence of Event

• System events
System events with SOE number 0, 1, 2, 3 and 5 do not exist.
Safety Manager Controller does not reserve these SOE numbers for system events. The
system events must be configured the same way as normal points connected to the SOE Only
controller.
• SOE-ID update
The application must be compiled to have all SOE IDs assigned correctly before these can be
used by Experion/Safety Historian
6.2.8 Network Time Protocol (NTP) (PAR2035)

The property ‘Clock source timeout’ must be set to 1 Hour or more.
6.2.9 Writing a point via SafeNet from Safety Builder (PAR3104)

It is not possible to “write” a point of an indirect connected Safety Manager with Safety Builder.
Precondition: Connected only via a SafeNet link.
(Safety Builder => Safety Manager Controller 1 => SafeNet => Safety Manager
Controller 2)
6.2.10 Multi-site - Bulk Copy (1-B89IZT)

Make sure that before copying multiple FLDs from another Safety Manager Controller the privilege
level of this source Safety Manager Controller is disabled.
6.2.11 Clock source configurations (PAR 1790)

It is possible to configure clock source priorities in SafeNet networks which are not supported by the
Safety Controller.
The responder Safety Manager Controller will only respond to its direct master Safety Manager
Controller, even if a higher master Safety Manager Controller is configured as time master.
Be sure that clock sources configurations are only with direct connected master Safety Manager
Controllers.

6.2.12 Unable to set SM Controller to the loaded mode (PAR3466)
In case an IO module is deleted from an application it is necessary to compile the application twice
before it can be set to “loaded”. An attempt to set the controller to “loaded” after the first compile
fails. Controller remains in the modified mode.
6.2.13 Using feedback loops on a sheet (1-AL1SR8)

Using feedback loops on one sheet can result in unexpected behavior.
A function is designed on a sheet using logic symbols.
The designed function on a sheet is executed in a sequence.
The sequence of execution is determined by the Application Compiler function of the Safety Builder.
The Application Compiler has NO knowledge on the sequence of the function that was designed by
the user.
With logic as defined in the picture at the right the
Application Compiler cannot determine what function
(1, 2 or 3) is executed first.
In case the order of execution is 1, 3, 2 then there
might be a difference of output
=> Personally analyzing the sheet you expect same
results on 1 and 2.
This logic can appear in an unlimited number of
variations:
e.g. using registers. Using lots of logic symbols going
from 3 to 2
The essence of this issue is multiple feedback of a signal on one sheet.

Note: The Application Compiler is consistent when generating the sequence of execution. If the
sheet does NOT change the sequence does NOT change.
The Safety Builder helps to detect ambiguous marker feedback loops.
During compilation a Warning will be generated when it detects an ambiguous execution of the
sheet. (in sheet example if execution is 1-3-2, 2-3-1).
e.g.
In General:
Be conscious when using “Multiple feedbacks on ONE sheet”
Feedback loops should be tested thoroughly
Work around.
- Implement feedback via multiple sheets using off and on sheet references.
- Prevent the Application compiler to generate internal points to store intermediate
results. (3) e.g. In Sheet example connect 3 to off sheet reference.

6.2.14 Adding new SafeNet points on-line (PAR3398/1-FCPGC0)
When adding a new SafeNet inputs on-line, the signal will get the configured power-up value for the
first cycle and not the value of the source output. SafeNet Inputs that could cause a process trip
through de-activation need to be forced in the application, to avoid such an accidental process stop.
It is advisable to first add the points and logic and bypass this with for example a or-gate and a '1'.
In this situation, the signal and logic can be tested before it will be implemented in the real logic. If
all is tested, the OR-gate and 1 must be deleted. This needs another OLM.
Another option is to set the power up value correctly. This will set the value correct during the first
cycle but may result testing of the logic is not possible.
6.2.15 Universal Safety I/O module status online view (1-T75FTL)

Configurations:
SM Controller with Universal Safety I/O modules running.
During Load of Safety Manager also the USIO modules receive new software. During this time the
detailed status of the USIO modules is not updated.

6.2.16 Renamed CDA tag parameters names
Since Safety Manager R151.1 CDA tag parameter names have changed which might have effect on
the faceplates designed using Safety Manager R150.1.
Following list contains the changed CDA tag parameter name changes compared to
Safety Manager R150.1
Block Name Parameter Name Parameter Name
(R150.1) (R151.1)
SM_DOCOM OPFL PVFL
SM_DOCOM OP PV
SM_BOCOM OP PV
SM_AI EngUnits EUDESC
SM_AI BOTTOMSCALE PVEULO
SM_AI TOPSCALE PVEUHI
SM_AO EngUnits EUDESC
SAI_NR_CHAN PVPERC PV
SAI_R_CHAN PVPERC PV
To activate the Safety Management Systems R210.6 parameter names when migrating from Safety
Manager R150 the “Force Update All” option in the publish dialog box must be selected. (Only first
time with Safety Management Systems R210.6)
The Experion Custom displays (faceplates), trends, history, peer to peer configurations and all other
Experion clients using Safety Manager parameters that have been changed has to be modified
according to new parameters names in Safety Management Systems R210.6.
6.2.17 Universal Safety Logic Solver module (FC-RUSLS-3324)

Before changing Execution Environment of an FLD make sure to remove Sheet transfers first to
properly de-allocate the sheet transfer allocation.

6.2.18 Universal Safety I/O
Universal Safety I/O does not automatically accept communication infrastructure changes that affect
Time synchronization. The Universal Safety I/O module must be power cycled after a change in delay
is made for example when a switch level is added. Both Remote IO links require the same number of
switches and only tolerate 10 km difference in fiber length.
6.2.19 Export to UNISIM

The UNISIM product is used to simulate the application of Safety Management Systems.
To transfer correct information from Safety Management Systems to UNISIM the option Export to
Unisim must be used
Since Release SM R14x Safety Manager supports Smoke & Heat detectors. The property (‘Boolean
Property Output” was introduced. The Smoke & Heat detectors of Safety Manager R140 is fully
supported by UNISIM R400 or Higher
UNISIM supports FLD Intellectual Property Protection.
Safety Management Systems R210.6 UNISIM export format is fully supported as of UNISIM R430
6.2.20 Universal Safety Logic Solver does not make use of power up values. (1-U0U6RX)
Configured power-up values of Register, counter and flip-flops are not applied in FLD’s running on
the Universal Safety Logic Solver.

6.2.21 Unexpected points reported in OLM report
(1-NBCUL6, 1-T5AGKA, 1-SJCNHR 1-POSKKA, 1-8FOMI7H)
Since Safety Manager R151.1 the Float rounding routine is updated due to Implementation of
Universal Safety Logic Solver.
This means when migrating from Safety Manager R150.1 (and older) to Safety Management Systems
R210.6 and FLD containing constants of type Float. e.g. Float Constants, Equation Blocks can get
rounded differently. This result in FLD’s reported in OLM report.
When Safety Manager R150.1 application is migrated on-line to Safety Management Systems R210.6
more Functional Logic Diagrams (FLDs) may be reported as different as expected. This is caused by a
minor execution time difference of these FLDs running on the different firmware versions. It is
recommended to validate the reported FLDs.
After upgrading CP1 and before reset, The OLM may report unexpected differences in diagnostics
(EC108), due to modified processing of a Float value.
6.2.22 Migration from SM R161.1 may show EC13/EC59(1-BCH9QAB)

During migration from Safety Manager R161.1 The USI located in CP which is idle may show EC13 or
EC59. This EC13 and EC 59 can be ignored. The USI automatically recovers after “upgrade” is
complete.
6.2.23 Safety Manager with advanced Experion integration

• Existing Applications should be compiled before publishing to Experion server.
• Publishing of IO points - Delete all before update.
This option is not recommended to be used for an on-line system. It will require a restart
of the communication modules before Experion can receive any alarms and events. The
restart can be achieved on-line by restarting the CPs sequentially. After each restart the
CPs should be synchronized.
• QPP does not acknowledge writes, hence peers would not get acknowledge when writes
are not received by the Safety Manager. (1-O5M3U7)

6.3 Universal Safety IO (FC-RUSIO-3224/FC-RUSLS-3224)
Special considerations applicable for Universal Safety IO FC-RUSIO-3224/FC-RUSLS-3224 controlled

by Safety Manager Controller or Safety Manager SC controller
6.3.1 Reliability of HART communication (1-DVJX99H 1-CNGGL19 SMSC-44415)

Universal Safety IO HART communication does not work reliably with a subset of HART-capable
analog input and analog output field devices. The Universal Safety IO HART decoding software is
sensitive to malformed or noisy HART signals. The HART decoding does not support HART
frequencies exceeding 1% of specification, which follows HART specification, but it is noticed that
multiple field devices do not comply to this HART specification.
Solution is implemented for HART devices connected to:
- FC-RUSIO-3224 v1.8 controlled by Safety Manager SC controller.
- FC-RUSIO-3224 controlled by Safety Manager controller.
- FC-RUSLS-3224 controlled by Safety Manager controller.
6.3.2 Connection of complex devices (SMSC-7988, SMSC-7989)

Specific output loads by complex devices on FC-RUSIO-3224 may result in unexpected system
behavior.
Due to the complex nature of certain devices (e.g. Relay with open/short circuit diagnostics) and the
way self-diagnostics on channels is implemented in the FC-RUSIO-3224 the load of these devices
may have unexpected effect.
This may lead to reduced system availability.
Honeywell Safety Management Systems offers the MVIP program to check if devices are compatible
with Safety Manager.
Complex devices showing unexpected behavior may be analyzed.
Additional info for Schneider relay XPSAC5121:

Add a resistor of 15k Ohm in parallel to the field wiring, to be mounted as close as possible to the
relay, so the loop monitoring function is not defeated.
6.3.3 Analog value increase during exchange of FC-RUSIO-3224 (1-ACIME37)

In case FC-RUSIO-3224 module 2 must be replaced, the analog values of channels 1 - 16 may increase
by as much as 1.1 % depending on the total analog current through channels 1 - 16.
If any of the channels 1 - 16 are operated close to the shutdown limit (difference < 1.1%) it is advised
to reduce production such that the difference is more than 1.1% to avoid of process shutdown.

6.3.4 Digital Output test pulses with FC-RUSIO-3224
To guarantee the ability to de-energize digital outputs, output channels are turned off periodically.
This may lead to a voltage drop in the field with a maximum of 2ms. Some fast reacting field devices,
such as pulse-actuated devices, may respond to this test pulse. For safety reasons this test remains
enabled even if the "Test Enable" checkbox for that channel is unchecked.
To detect open circuit (in the output stage of the I/O module or the field loop) on de-energized FC-
RUSIO-3224 Digital Output channels a test pulse is injected to the field once per DTI. The duration of
this test pulse depends on the actual field load. Typical values are around 200us (typical for e.g.
valves) with a maximum of 5ms (e.g. for incandescent lamps). In normal situations, this pulse will not
be able to activate the field load like actuators but can be detected by fast reacting digital input
circuits of connected equipment. This test pulse can be deactivated via configuration for those
applications where it can cause a problem. Due to the wide variety of process control equipment
configurations the responsibility of each customer to assess the potential impact of this test pulse to
their process & facilities.
6.4 Certification EN/ISO 13849-1 (PAR3973)

Configurations:
SM Controller with Universal Safety I/O modules running.
To comply with the EN/ISO 13849-1 standard:
• Digital input signals allocated to the Remote Universal Safe IO module must be configured
as Line monitored Digital Input.
• Digital output signals allocated to Remote Universal Safe IO module must have shielded field
wiring.
6.5 MSSQL 2019 Installed with Safety Management Systems R210.6

Installation of Safety Management Systems R210.6 comes with MSSQL 2019.
Applications created (or Backup) Using MSSQL 2019 cannot be used on systems running MSSQL
2017.

7 Annex A: Contents of Release
7.1 Software Version Identification

Honeywell components
Safety Management Systems R210.6 Version CRC
Safety Management Systems installation 319
Safety Builder R210.6.0.289
Safety Manager SC Embedded software
Safety Related (FC-SCNT01) 210.5.0.274 $B3F73A3C
Non Safety Related (FC-SCNT01) 210.5.0.274 $58BBC101
FC-RUSIO-3224 (Universal Safety IO) 210.6.0.276 $C181B3E0
FC-PDIO01 (Safety Digital IO) 210.5.0.266 $CD3964B9
FC-PUIO01 (Safety Universal IO) 210.5.0.268 $747DB2F3
Safety Manager embedded software $E3BF3B0D
Safety Processor (FC-QPP-0002) 163.1.0.7 $CF56B117
COM System (USI-0002) 163.1.0.8 $0E35A7AB
FC-RUSIO-3224 (Universal Safety IO) 163.1.0.4 $34114417
FC-RUSLS-3224 (Universal Safety Logic Solver) 163.1.0.4 $34114417
Honeywell Experion Message files

Component Version
FSC_Fault.txt 210.6.0.289
FSC_Module.txt 210.6.0.289
Honeywell Safety Management Systems Tools

Component Version
SafeNet Timeout Estimator 210.3
Modbus Master Timeout Estimator 201.1
Honeywell license Server

Component Version
Honeywell License Activation Utility 123.0
Honeywell License Server 123.0
Third party components

Component Version
MICROSOFT SQL SERVER 2019 EXPRESS 15.0.2000.5
Microsoft Windows Windows 10 Enterprise LTSC 2019
Acrobat Reader DC 2017

7.2 Files in Package
Safety Management Systems R210.6 deployment unit contains following items
Folder Name
Root Read Me First.txt
Root SMS-R210.6-SCN.pdf
Root HoneywellSETInstallInvoker.exe
Adobe Reader
AcroRdr2017Upd1701130078_MUI.msp,
AcroRdr20171700830051_MUI.exe
D_HSET Folder content
SafetyEngineeringToolsInstaller.exe
{108D6D32-F5CC-4953-BA56-A3CE6DDB88DA} SM_SQL_Express_PRQ.exe
{D4F19809-22FD-431C-86A3-AA55F5EBEE72} Honeywell License Server.exe
{0A8B3FC3-18A9-4585-92A4-19FF80AE9F5D} Honeywell License Activation Utility.exe
{F9293491-B507-4859-ADB9-DAFB429E1C94} Safety Manager Experion components.msi
{B4325027-0821-4A56-9BF6-30D7498DFFC6} SM-SQLExpress-PostInstall.exe
AUTORUN.INF
MEDIAINFO.XML
PackageId.dat
{64F6BBFC-6B55-4A1D-A2C5-62291BEB6025}
SETUP.EXE
SETUP.EXE.CONFIG
SQLSETUPBOOTSTRAPPER.DLL
1033_ENU_LP SQL server 2019 Installation files
redist Visual Studio Installation files
resources 1022\SETUP.RLL
x64 SQL Server 2019 configuration
Safety Builder Install files
0x0409.ini
{AAFA7177-856D-4DE5-AED9- ISSetup.dll
5DAD8B2CD770} Safety Manager.msi
setup.exe
Setup.ini
splash.bmp
CommonAppData \Honeywell\CommonLicense\Config.txt
\Favorites\Honeywell Hyperlinks www.HoneywellProcess.com and www.Honeywell.com
ISSetupPrerequisites {63A88B12-4E66-43FC-8869-2360D32FB05D}
\sqlncli.msi
{125AB5F8-0156-4A9F-B1D1-C2B7E7D82A60}
\sqlncli.msi
{506A420F-1F74-4371-9E84-EFF365724DAA}
\NDP46-KB3045557-x86-x64-AllOS-ENU.exe

Folder Name
Program files CRC.INI, DBPermissions.sql, DBPermissions_DiagnosticMessages.sql,
ECIClient.dll, ECICommon.dll, EDBTypes.xml, embedded
software.bin, embedded software2.bin, FlxComm.dll, FlxCore.dll,
Format.xml, FSCad.bpl, FSCLib.bpl,
Honeywell.Com.ECI.DataContracts.dll,
Honeywell.CommonLicensingLayer.dll, Honeywell_License.rtf,
IntermediateStructureV1.xml, IntermediateStructureV2.xml,
Metadata.xml, safetybuilder.chm, SafetyBuilder.exe,
SBExport_Schema.xsd, SBNetLib.dll, SMEDBInterface.dll,
SMFSCInterface.dll, sym1.sym, sym2.sym, sym3.sym, sym4.sym,
Third_Party_Licenses.rtf, Types.xml, VCompile.bpl, VConfCA.bpl,
VConfCC.bpl, VConfVar.bpl, VCore.bpl, VECI.bpl, VFSCMigrate.bpl,
VImEx.bpl, VIntf.bpl, VLib.bpl, VLibBP.bpl, VLibD.bpl, VLibUI.bpl,
VMigrate.bpl, VOnline.bpl, VShell.bpl, VViewSts.bpl, VViewVar.bpl,
WindRiverLinux7.0_ThirdPartyNotices_v3.0.pdf,
WindRiverLinuxOpenSourceCode.zip,
WindRiverLinuxOpenSourceLicenses.zip,
Experion message files\fsc_fault.txt,
Experion message files\fsc_module.txt,
Experion message files\readme.txt
dotnet \4.7.2\ndp472-kb4054530-x86-x64-allos-enu.exe
Experion message files Root
Fsc_fault.txt, fsc_module.txt, readme.txt
Tools Root
SafeNet Timeout Estimator.xls,
Modbus Master Timeout Estimator.xlsm
User_Assistance
DocumentList_R210.pdf
PDF List Communication_Best_Practice_R210.pdf
Experion_Parameter_Reference_R210.pdf
Hardware_Reference_R210.pdf
Installation_and_Upgrade_Guide_R210.pdf
License_Server_Installation_and_Administration_Guide_R210.pdf
Online_Modification_Guide_R210.pdf
Planning_and_Design_R210.pdf
Safety_and_Security_Manual_R210.pdf
Safety_Manual_R210.pdf
Software_Reference_R210.pdf
System_Administration_Guide_R210.pdf
The_Overview_Guide_R210.pdf
Troubleshooting_and_Maintenance_R210.pdf
USC_Planning_Installation_and_Service_R210.pdf
8 Notices and Trademarks

© 2023 Honeywell Measurex (Ireland) Limited. All Rights Reserved
While this information is presented in good faith and believed to be accurate, Honeywell disclaims
the implied warranties of merchantability and fitness for a purpose and makes no express warranties
except as may be stated in its written agreement with and for its customer.
In no event is Honeywell liable to anyone for any indirect, special, or consequential damages. The
information and specifications in this document are subject to change without notice.
Honeywell International
Process Solutions
1860 West Rose Garden Lane
Phoenix, AZ, 85027, USA
+1 800-822-7673
www.honeywell.com/ps

PMT Hps Sms r210 6 SCN

Uploaded by

Copyright:

Available Formats

PMT Hps Sms r210 6 SCN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PMT Hps Sms r210 6 SCN

Uploaded by

Copyright:

Available Formats

Safety Management Systems

Safety Management Systems R210.6 / 1.3 Software Change Notice 1

Copyright 2023 - Honeywell Measurex (Ireland) Limited

Safety Management Systems R210.6 / 1.3 Software Change Notice 2

2 Getting Started .......................................................................................................... 9

3 Release Overview .................................................................................................... 30

5 Known Restrictions .................................................................................................. 39

6 Special Considerations ............................................................................................. 50

7 Annex A: Contents of Release .................................................................................. 61

8 Notices and Trademarks .......................................................................................... 63

Safety Management Systems R210.6 / 1.3 Software Change Notice 3

1.1 Safety Management Systems R210.6

1.1.1 Safety Builder

1.1.2 Safety Manager SC solution

Safety Manager SC is a user-programmable, modular, microprocessor-based safety system, which can

The Safety Manager SC system offers key features such as:

Safety Management Systems R210.6 / 1.3 Software Change Notice 4

Safety Management Systems R210.6 / 1.3 Software Change Notice 5

Safety Management Systems R210.6 dated March 2023

1.2.1 Revision History

Safety Management Systems R210.6 / 1.3 Software Change Notice 6

STATUS SOFTWARE RELEASES:

R210.6 Safety Management Systems R210.6 is a maintenance release supporting

FOR CURRENT USERS:

Safety Management Systems R210.6 is a maintenance release providing

Safety Management Systems R210.6 / 1.3 Software Change Notice 7

The following symbols are used in Safety Management Systems documentation:

Safety Management Systems R210.6 / 1.3 Software Change Notice 8

2.1.1 Safety Manager SC Hardware

Safety Management Systems R210.6 / 1.3 Software Change Notice 9

Safety Management Systems R210.6 / 1.3 Software Change Notice 10

FC-RUSIO-3224 (Universal Safety IO)

FC-RUSLS-3224 (Universal Safety Logic Solver)

FC-PDIO01 (Safety Digital IO)

FC-PUIO01 (Safety Universal IO)

Cell Empty : Not supported.

Safety Management Systems R210.6 / 1.3 Software Change Notice 11

Redundant FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 X FC-PUIO01

Non Redundant FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 1 X FC-PUIO01

A.R.T.+ / FC-PUIO01 R210.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 FC-PUIO01

IO Ring support / FC-PUIO01 R211.1 --- FC-TCNT11 + 2 X FC-SCNT01 FC-TUIO11 + 2 X FC-PUIO01

NOT supported Unsupported Hardware by Safety Manager SC

Discontinued Hardware Discontinued

Earth Leakage Safety Universal IO/

Safety Manager SC 2022-Q4 --- FC-SCNT01

Safety Management Systems R210.6 / 1.3 Software Change Notice 12

Extra Support Extra Hardware requirement compared to BASE

Feature Control Earth Leakage

FC-IOTA-NR24 + FC-RUSIO-3224 or FC-IOTA-NR24 + FC-RUSLS-3224 or

USIO/USLS FC-IOTA-NR24 + FC-RUSIO-3224 or FC-IOTA-NR24 + FC-RUSLS-3224 or

NOT supported Unsupported Hardware by Safety Manager

FC-IOTA-NR24 + FC-RUSIO-3224 or FC-IOTA-NR24 + FC-RUSLS-3224 or

Discontinued Hardware Discontinued

Safety Management Systems R210.6 / 1.3 Software Change Notice 13

2.2.3.1 Experion releases

Safety Manager SC Controller Experion

Safety Manager SC Controller Experion LX

Safety Manager SC Controller Experion HS

Safety Manager SC Controller Field Device Manager (FDM)