Safety lnstrumentation Simplified

Similar documents
Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

United Electric Controls One Series Safety Transmitter Safety Manual

Wireless Gas Monitoring

IEC61511 Standard Overview

Safety Instrumented Systems

100 & 120 Series Pressure and Temperature Switches Safety Manual

InstrumentationTools.com

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

Safety Instrumented Systems The Smart Approach

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

Why AC800M High Integrity is used in Burner Management System Applications?

Integrated but separate

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

New requirements for IEC best practice compliance

Functional Safety Solutions

Functional Safety: the Next Edition of IEC 61511

Is your current safety system compliant to today's safety standard?

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

SAFETY ON A BROADER SCALE Safety and security for people, processes, plants, communities and environment

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities

Digital EPIC 2 Safety manual

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

Failure Modes, Effects and Diagnostic Analysis

Options for Developing a Compliant PLC-based BMS

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

ADIPEC 2013 Technical Conference Manuscript

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

Martin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY

The SIL Concept in the process industry International standards IEC 61508/ 61511

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

The Use of an Operator as a SIL 1 component in a Tank Overfill Protection System

INTERNATIONAL STANDARD

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

Safety Instrumented Fire & Gas Systems

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

High Integrity Pressure Protection System

Securing and Protecting Process Plants in the Digital Age Functional safety requires IT security

Failure Modes, Effects and Diagnostic Analysis

Functional Safety Manual June pointek CLS500/LC500

Smarter Field Instrumentation Life Cycle Management. Ray Rogowski Global Marketing PMC Instruments

Certification Report of the ST3000 Pressure Transmitter

innova-ve entrepreneurial global 1

67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

Certification Report of the ST 3000 Pressure Transmitter with HART 6

New Developments in the IEC61511 Edition 2

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

The evolution of level switches and detectors

LifeCycle Engineering & Field Services

Failure Modes, Effects and Diagnostic Analysis

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

TECHNICAL SPECIFICATION

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

Reliability of Safety-Critical Systems Chapter 1. Introduction

SAFETY CERTIFIED MODEL FP-700 COMBUSTIBLE GAS DETECTOR

INTERNATIONAL STANDARD

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Applying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites

2013 Honeywell Users Group Europe, Middle East and Africa. Erik de Groot. Safety and Fire & Gas Solutions

ue short form catalog Leaders in Safety, Alarm & emergency Shutdown

Proof Testing Level Instruments

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

IEC PRODUCT APPROVALS VEERING OFF COURSE

Safety in the process industry

LOPA. DR. AA Process Control and Safety Group

Failure Modes, Effects and Diagnostic Analysis

Siemens Process Automation End-user Summit- 2011

Session Ten: The importance of a clear Safety Requirements Specification as part of the overall Safety Lifecycle

2015 Honeywell Users Group Europe, Middle East and Africa

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

Numerical Standards Listing

SAFETY MANAGER SC Ensure safety, simplify operations and reduce lifecycle costs

DeltaV SIS TM. for Process Safety Systems Smart Safety Loops. Reliable Process.

Karl Watson, ABB Consulting Houston LOPA. A Storage Tank Case Study. ABB Inc. September 20, 2011 Slide 1

Only a safe plant is economical

Failure Modes, Effects and Diagnostic Analysis

Advanced diagnostics embedded in a pressure transmitter can detect integrity issues

2015 Honeywell Users Group Europe, Middle East and Africa. Incident Response at your Fingertips Adrian Fielding, Honeywell

The benefits of modern Integrated Control and Safety Systems architectures for FPSO facilities.

Beyond Compliance Auditing: Drill til you find the pain points and release the pressure!

Fully configurable SIL2 addressable Fire & Gas Detection solutions

THE VALUE IS IN THE SOFTWARE

Integrating Control and Safety: Where to draw the line.

Safety and Security: Can they live together?

Process Solutions. Solution Note. HC900 and OneWireless. Background. Applications. Key issues. Tanks in explosion-proof areas.

Session Number: 3 SIL-Rated Fire (& Gas) Safety Functions Fact or Fiction?

Thank You for Attending Our February Webinar:

Numerical Standards Listing

Electrical Safety Compliance: NFPA 70E

Where Process Safety meets Machine Safety

OPTIMIZING YOUR TECHNOLOGY INVESTMENT WITH SERVICE AND SUPPORT

2015 Functional Safety Training & Workshops

Engineering Guideline. pac- Carriers Type Universal

Addressing Challenges in HIPPS Design and Implementation

Transcription:

A United Electric Controls White Paper Safety lnstrumentation Simplified by: Wil Chin, Vice President of Marketing and Business Development at United Electric Controls Rick Frauton, Senior Product Marketing Manager at United Electric Controls The reliability of today s automation technology has moved from generic components into the high reliability, certified space. While there remains considerable variation in the quality of the sub-system infrastructure, there is increasing awareness of the risk, cost of ownership and sustainability of all elements of process safeguards, including, and especially, the Safety Instrumented System (SIS). Traditional SIS components along with all instrumented protective systems (IPS) are under scrutiny for their role in either initiating or responding to hazardous events. Within the scope of the Basic Process Control System (BPCS), these instrumented functions are known collectively as SCAI Safety Controls, Alarms and Interlocks per ISA 84.91.01-2012. (See Figure 1.) In the subset of SCAI known as Safety Instrumented Systems (SIS), these protective functions are managed under the guidance of IEC 61511 and ISA 84.00.01, two functional safety standards that have largely been accepted as best engineering practices. Instrumented systems that provide process safeguarding usually consist of: 4Sensors, which read pressure, temperature and other process variables. 4Logic solvers which translate analog or discrete inputs from process variables or from diagnostic signals, and act on those values. 4Final elements, which are the last link in safeguarding the process. These elements can be valves and other interconnected equipment like a Motor Control Center (MCC). The ultimate objective is to reduce the risk of a hazardous event by putting in place instrumented safeguards that are available to the BPCS, assuring that no demand is ever placed on the safety instrumented system or, in a worst case scenario, the safety instrumented system that brings the process to a safe state. According to the ARC Advisory Group, more than 50 percent of safety system failures can be attributed to the final element, 40 percent to the sensor and 8 percent to the logic solver.

2 for example. And, complexity can introduce greater cyber security vulnerability through multiple, unnecessary digital I/O, particularly in interfaced and integrated safety systems tied to with BPCS and enterprise systems that ultimately communicate via the Internet. Such complexity is an even more critical issue today, as many engineers who have learned the intricacies of the system are retiring and being replaced by inexperienced workers for whom the learning curve is already high. Figure 1: Safety controls, alarms, and interlocks relationship to the process hazards analysis (PHA) Reference: ANSI/ISA 84.91.01-2012 Furthermore, according to Health and Safety Executive, an organization which advises the British government on workplace regulatory matters, more than 85 percent of industrial accidents are caused by human error. Anything that can be done to guide best practices, simplify system architectures and automate operations will contribute to performance which is both safer and more cost-effective. Although industry standards IEC 61511 and S 84 are related, technical reports provide a fair amount of guidance regarding safety best practices. There is wide variance across the process sector regarding efforts to comply with such functional safety standards, which is not surprising given their complexity. In general, the industry is challenged with retiring expertise, a wide variety of equipment, and a kind of myopia that may limit consideration of newer, disruptive technology which may prove more cost-effective and technically supportable than traditional approaches. Main Automation Contractors (MACs) and Engineering Procurement Contractors (EPCs) who design and build the systems and the owner-operators who use them must be aware of the possibilities that new, largely hidden technology can enhance compliance with functional safety standards. The complexity manifests at the subsystem design, implementation and commissioning levels. It can boost the cost of a system, through installation of redundant SIS components necessary to achieve the target SIL, increasing TCO based on need for more proof testing, calibration and maintenance. Complexity can reduce operating efficiency, masking information about whether a targeted valve actually closed as instructed by the logic solver, Figure 2: Causes for SIS Failure 42% Source: ARC Advisory Group Main Causes for SIS Failure 8% 50% How we got here The first safety systems involved electromechanical process switches, which could be set to open or close valves or act on other final elements directly, based on an internal set point and out-of-range process variable. More sophisticated, programmable logic solvers were introduced to manage the increasingly complex relay logic. Since these systems lacked diagnostic coverage, voting mechanisms were introduced to provide higher levels of safety integrity and availability. As smart process transmitter usage grew, they became the norm in the plant, and by default, the sensing elements for SIS systems. But once the networked process transmitter was configured for SIS, the digital communication Logic Solver Final Element Measurement

3 capability went unused, leaving the SIS unnecessarily vulnerable to cyber security threats. The digital protocols do provide the ability to reconfigure process transmitters remotely, which is ideal for process control applications, such as batch processing. This same capability, however, opens the SIS to tampering and must be disabled for maximum security. Process transmitters achieve high levels of accuracy necessary for custody transfer and ultimate process control. Conversely, process monitoring to determine whether safe parameters have been exceeded does not require such high accuracy. Increasing the accuracy of process transmitters, however adds to the price of the sensor, creating waste. And, since a safety system must have adequate layers of protection to meet SIL 2 or SIL 3 safety requirements, it may be necessary to deploy multiple transmitters, adding further to the cost. This move toward complexity has resulted in SISs with the following less than desirable traits: 4Redundant sensors, each with higher cost and more capability than is actually needed to achieve the SIL target. 4Cabling that connects up to 20 sensors to a PLC. This stems from two false assumptions: That a safety PLC must always be the logic solver and the controller for switching the final elements and that smart process transmitters with high accuracy (and price!) are adding value to the system. Challenging these assumptions can result in a safer, more economical system. Let s look at each. Instead of using a safety PLC to perform the logic solving function, for many safety applications, a safety transmitter with a built in safety relay can function as both sensor and safety logic solver. Eliminating an external connection Figure 3 Traditional Architecture Sensor I/O Simplified SIS Architecture Safety Transmitter Logic Solver (PLC) BPCS and the SIS logic solvers. When properly designed per the IEC 61511 standard, these two systems must be autonomous to ensure high reliability and availability and to avoid common mode failures. Common mode failures can, for example, occur when similar components from the BPCS and the SIS are subject to the same fault conditions, often resulting in a loss of both process and safety control. Sensor sense A transmitter that combines the functions of the sensor and a logic solver provides smart self Relay Final Element Final Element Mitigated Mitigated 4Complex voting logic and ESD decision algorithms that interpret the outputs provided by these redundant sensors. For smaller, less critical systems, this growing complexity isn t as much of a problem. But in large systems, which could involve hundreds of sensors, this arrangement adds unnecessary costs of implementation and ownership, vulnerability and confusion on the part of the operators and maintenance personnel. Myth-busting While many safety applications could benefit from a simpler safety architecture, SIS designers are instead deploying more technology layers, adding more complexity than is necessary. from the sensor to the logic solver in this way reduces wiring and complexity while increasing reliability and speed of response. Safety transmitters that combine the sensor and logic solver functions and are certified by a third party for use in the SIS provide assurance that the product will perform the functions for which it was designed while providing extremely high safe failure fractions. Blending BPCS and SIS components is another logic solver alternative. Some SIS designers attach multiple safety sensors to their BPCS logic solver. Conversely, the output from one process transmitter is provided for both the diagnostics and decision making capability. The sensor monitors the process variable for abnormal conditions and the built-in logic solver makes the appropriate decision to manipulate the final element via the on-board safety relay. Safety transmitters manufactured by UEC (), for example, combine a transmitter with a programmable switch and configurable self diagnostics to provide the logic solver function. The safety transmitter embeds a high-capacity safety relay to control the final element and a 4-20 ma signal for process trending, eliminating the need for a safety PLC or other logic solver.

4 Figure 4: One Series Hybrid Safety Transmitter This saves money by reducing the number of safety components needed to achieve the SIL target and functionality. It also eliminates the additional premium paid for smart process transmitters, since the high accuracy and communications protocol is not likely to be used once the system is configured. A large petrochemical plant in Dahej, India, for example, deployed the UE One Series hybrid transmitter-switch and reduced labor by 50 percent, commissioning time by 75 percent, logic solver programming and rewiring time by 100 percent. If smart process transmitters were used in place of these hybrid transmitters for these safety systems, implementation and TCO costs would have been estimated at 500 percent higher. Furthermore, a hybrid transmitter-switch provides something that is not available in any other SIL-rated SIS sensor: the ability to verify and report if the instruction sent to the final element from the safety relay was actually executed. The UE safety transmitter, for example, uses a feature called SRO Monitor to verify both the wiring integrity and instruction execution for the safety relay. The 4-20 ma analog signal is verified for accuracy and can indicate a fault by outputting 3.6 milliamps. Auxiliary discrete outputs provide set point status and diagnostics status, providing redundancy and facilitating voting logic schemes when a safety PLC is part of the SIS design. A simpler, safer world As mentioned earlier, a hybrid transmitterswitch design may not be appropriate for all SIS applications, but there are many SIL architectures that will benefit from this powerful yet simpler approach to SIS design. 4A refinery planning to implement a conventional SIS involving a process transmitter, trip amplifier, safety relays, distributed control system, wiring and all of the ancillary programming necessary to initiate an emergency shutdown, could achieve the same results with just a hybrid transmitter. Programming would be minimal and there would be no need for these separate components. Hybrid transmitter-switches that are certified for use in SIS applications functions as transmitter, switch, safety PLC and associated I/O, and by doing so eliminate the added cost, complexity, wiring and maintenance.

5 4A mothballed plant facing the need to upgrade their safety systems cost-effectively would avoid the need to implement a full-blown safety system, potentially reducing the time and expense to safe operation by as much as 75 percent. This could be even higher if design, analysis, and labor are included. 4 A company in a low-margin industry that has to safely expand its operations to meet projected demand increase, but for which success depends on rigid cost control, could save as much as 60 percent over the cost of sensors, in addition to a reduction in the total cost of ownership. 4 A refinery seeking to comply with IEC 61511 in order to update HAZOP and LOPA could benefit by implementing a hybrid safety transmitter at the FEED stage. If, for example, the analysis shows that one or more SIFs are needed to reduce the inherent risk, this can be accomplished by replacing legacy switches with hybrid transmitter-switches to provide or upgrade these SIFs. In summary, combining sensor, logic solver and relay into one, factory-integrated, SIL-verified automation component contributes to safety and cost control initiatives by offering the following advantages over safety PLCs and smart transmitter based systems: 4Reduced purchase price 4Reduced wiring 4Reduced maintenance 4Reduced time for learning and programming 4Reduced spares management 4Reduced vulnerability to human error, by eliminating human touch points And as the industry moves in the direction of even greater automation, the human factor in safety installations will become even less. We may not be at the point where we are automating the proof testing, but 10 years ago, very few people thought that driverless cars would be a good idea either. Wil Chin is Vice President of Marketing and Business Development at United Electric Controls, in Watertown, Mass. Prior to that, he was a research director for the ARC Advisory Group covering asset performance management, condition monitoring, plant asset management, field devices, control valves, communication protocols, and wireless technology. He has also held technical and marketing positions at Krohne and Foxboro (now part of Schneider Electric). He can be reached at wchin@ueonline.com. Rick Frauton is Senior Product Marketing Manager at United Electric Controls, where he is responsible for the One Series safety transmitter product line. Previously he held technical marketing positions at Polaroid Corporation. He can be reached at rfrauton@ueonline.com United Electric Controls Company 180 Dexter Ave, P.O. Box 9143 Watertown, MA 02471-9143 USA Telephone: +1 617-926-1000 Fax: +1 617-926-2568 154631

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback