ed17-faulttolerantandfailsafearchitecturesforprocesssafetyapplications_psug2012

8/13/2019 ed17-faulttolerantandfailsafearchitecturesforprocesssafetyapplications_psug2012

1/17

Copyright 2012 Rockwell Automation, Inc. All rights reserved.

ED17: Architecturesfor Process SafetyApplications

Name Pete Skipp

Title Process Safety Architect

Date November 5th & 6th 2012


2/17

Copyright 2012 Rockwell Automation, Inc. All rights reserved. 2

Agenda

The Rockwell Automation ProcessSafety Capability

The Rockwell Automation ProcessSafety philosophy

An Introduction to Process Safety


3/17


Introduction to Process Safety

Terminology - BPCS and SIS

3

I/P

Basic Process ControlSystem (BPCS)

PT

1A

PT

1B

Safety InstrumentedSystem (SIS)

A system that responds toinput signals from theequipment under controland/or from an operatorand generates outputsignals, causing the

equipment under control tooperate in the desiredmanner.

A system composed ofsensors, logic solvers, andfinal control elements forthe purpose of taking theprocess to a safe statewhen pre-determinedconditions are violated.


4/17


Containment Passive protection layer

Emergency response layerPlant andEmergencyResponse

Prevent

Mitigate

ProcessControl Normal behaviour

BasicProcessControlSystem

Process control layer

Process control layer

Process

ShutdownOperatorIntervention

Process alarm

Trip point

SafetyInstrumentedSystem

Safety layerEmergencyShut Down

Relief valve,Rupture disk Active protection layer

Pressure Relief


What is Process Risk ?

Process Setpoint


5/17



What Standards Apply

International StandardsIEC 61508 Functional safety of electrical/electronic/ programmable electronic safety-

related systemsIEC 61511 Functional safety Safety instrumented systems for the process industry sector

North American Standards

NFPA 85 Burner Management (Boilers, HRSGs, Stokers, etc. )

ANSI/ISA-84.00.01 (IEC 61511-1 Mod)

Functional Safety: Safety Instrumented Systems for the Process Industry Sector

API RP 14C Safety Systems for Offshore Production Platforms

Reference Documents

CCPS Guidelines for Safe Automation of Chemical Processes

5


6/17






7/17


Dedicated portfolio of products for process safety with architectures that support:

Fault tolerance for system components

Scalable portfolio of technologies including fail-safe, fault tolerant and Triple

Modular Redundant (TMR) options SIL rated and certified up to SIL3 for use in Process Safety Solutions

Offers integrated and separated platform choices

Technology offering high level of diagnostics

Dedicated resources for design of complete Process Safety Solutions Global Solutions offers expertise to design, implement and deploy process safety

solutions using functional certified safety engineers

Follows best engineering practices against IEC61511

7

Process Safety Philosophy

Products and Solutions philosophy

Allen-BradleyA-BQualityControlNET

CHA CHB OKA

#

0

1

Redundancy ModuleP RI C O M O K

PRIM

RUN REM PROG

Logix5555

RUN

OKRS232

BAT

I/O

Allen-BradleyA-BQualityControlNET

CHA CHB OKA

#

0

1

Redundancy ModuleP RI C O M O K

PRIM

RUN REM PROG

Logix5555

RUN

OKRS232

BAT

I/O

Primary

Secondary


8/17






9/17


Which Platform?

Portfolio Positioning

SIL 0

Process

SIL 1

Fail Safe

SIL 2

Fail Safe

SIL 2

Fault Tolerant

SIL 3

Fail Safe

SIL 3

Fault Tolerant

PlantPAx(Logix)

EtherNet/IP communication:

AADvance & PlantPAxTrustedTMR

Process Control Process Safety

AADvanceScalableSafety

O&G / Petrochem applications favor AADvance and Trusted


10/17


What is the Target SIL level or SIL levels in single architecture ?

SIL 1, Low Integrity

SIL 2, Medium Integrity

SIL 3, High Integrity

What Levels of Fault Tolerance are Required ?

Fail Safe (Simplex)

Fault Tolerance (Dual or Triplicated)

What level of Integration with the Control Platform (BPCS) is required? Separate & Diverse Logic Solvers

Common Logic Solvers

Centralized or distributed safety

Central Processing, Remote I/O

Central Engineering Interface, Distributed Processing 3rd party communication & device interfaces

Smart Devices (HART)

3rd Party Logic Solvers (DCS or PLC)

10

Which Platform

Types of Questions we Ask


11/17


Which Platform

ControlLogix

Allen-BradleyA-B

Quality

ControlNET

CHA CHB OK

A

#

0

1

Redundancy Module

P RI C O M O K

PRIM

RUN REM PROG

Logix5555

RUN

OK

RS232

BAT

I/O

Allen-BradleyA-B

Quality

ControlNET

CHA CHB OK

A

#

0

1

Redundancy Module

P RI C O M O K

PRIM

RUN REM PROG

Logix5555

RUN

OK

RS232

BAT

I/O

Primary

Secondary

Targeted for applications wherecustomers who prefer a singlearchitecture

Key Features: Safety AOIs

Integrated Control & Safety

I/O on EtherNet/IP

Up-to-date with Logix releases

Supports fail safe and fault tolerant

configurations

Common, Fault Tolerant/Fail Safe, SIL 2


12/17


Which Platform

GuardLogix

Integrated, Fail Safe, SIL 3

Targeted for applications that do not require

High Availability

Key Features: Supports PointGuard Discrete and Analog I/O

SIL2 inputs (single channel), SIL3 dual channel

Common Network for Safe & Standard Communications

Extensive suite of safety certified instructions Supports safety Add-On instructions

Diagnostics and control in standard tasks

Safety related functions in the safety task

PointGuard Discrete&Analog I/O

GuardLogix 1756-L7xS


13/17


Which Platform?

AADvance

Interfaced, Fault Tolerant/Fail Safe, SIL 2 & 3

Targeted for applications that require a flexible architecture,

distributed safety and mixed SIL Levels

Key Features: Simplex (1oo1D), Dual (1oo2D) or TMR (2oo3) processorand I/O architectures

Stand alone or part of a large distributed network

Supports CIP connectivity to PlantPAx

All 5 IEC 61131-3 programming languages Comprehensive diagnostics and self test

Scalable fault-tolerance and safety at module level

Fully fault-tolerant Ethernet networks for safety

HART Support for Field Device Diagnostics & Maintenance(HART Passthru)


14/17


Which Platform?

Trusted

Interfaced, Fault Tolerant, SIL 3

Targeted for applications that require a High Availability TMR

architecture or have very high IO counts.

Key Features: Extensive 2oo3 (2 out of 3) voting throughout

architecture

Extensive diagnostics and triplication provides

high safety, fault-tolerance & high availability

High density 40 channel TMR IO modules CIP connectivity to PlantPAx

Supports 1000s of IO with a single TMR

processor

Partial Stroke testing part of standard product

offering

All 5 IEC 61131-3 programming languages

Fully fault-tolerant Ethernet networks for safety


15/17


Process Safety Philosophy

Solutions Capabilities

Formulate concept anddesign of the process

Identify Process Hazards

( HAZOP etc )

Identify non SIS layers ofprotection

Determine if any, needfor further risk reduction

Determine target SILlevel

Develop SafetyRequirements Specification

(SRS)

Develop SIS design tomeet SRS

Select, build, test, deploy

Install, commission andtest prior to start-up

Develop and implementmaintenance and operational

procedures

Assess and managemodifications to SIS

Process DevelopmentPhase

SIS Design Process Post Deployment

Rockwell Automation provides a wide range of expertise and

services throughout the project lifecycle

Decommission


16/17


Integrated Control and Safety System

Operator Interface

CIP Network(EtherNet/IP)

FactoryTalk View HMI Data Server

SISProcess Control



17/17


QuestionsThank You

Name Pete Skipp

Title Process Safety Architect

Date November 5th & 6th 2012