2

The Process Safety Management Suite (PSMS) is a range of software packages designed to assist in the lifecycle management of Satety Instrumented Systems.Allowing for a defined and controlled approach to simplifying the design and validation of system development and modification.

The PSMS tools assist engineers, operation managers, control room operators, maintenance teams and many more personnel who have an active role within the systems lifecycle.

These tools have been designed and developed by certified functional safety engineers, providing a package which endeavours to reduce the time and costs involved with the management of a system yet providing an increased understanding and confidence with the operation of the system and the application logic.

The development activities for the PSMS have been externally audited by two independent auditing bodies against the requirements of IEC 61508.

Process Safety Management Suitepssuk.co.uk

3

Process Safety Solutions

pssuk.co.uk

5

Process Safety Solutions

4

Process Safety Solutions

4

Process Safety Solutions

4

IfonlyourCause&Effectwasuptodate inrealtime BackDraftingofCause&Effectdocumentationcanoftenlaglongbehind actualsystemmodificationprocesses.

CEREScanensureuptodateCause&Effectmanagement,trackhistory andimprovesafetyintegrity.

Process Safety Solutions

6

pssuk.co.uk

7

Key features

•LifecycleManagementofSafetySystemCause&Effects•GraphicalInterfacefordeveloping&maintainingCause&Effects•Searchtoolforqueryingcause&effectdatabase•ProductionofCause&EffectDrawings•Fulllifecyclehistoryandcomparisons•RedLinemark-uptoolformodifications•ImportfacilitytoconvertexistingCause&Effects•ExporttooltoVESTAforsystemtesting•ExporttooltoPALLASforsystemmonitoring

CERESisapackageofinnovativesoftwaretoolsthatallowforthedevelopment,maintenanceandlifecyclemanagementofCause&Effectdocumentationforsafety-instrumentedsystems.

CERESactsasaninterfacetothevastamountofdataneededtoproduceafullsystem’sC&EdrawingsandallowsformodificationstobedirectlyintroducedtothelifecycleoftheC&E.

CERESintroducesaconsistencytoC&Edrawingsbymaintainingarecordofpastdatabaseversions,ensuringdevelopmentiscarriedoutonthemostcurrentC&Edrawingsandprovidingatrailofpastmodifications. ExistingC&EscanalsobetreatedwiththesameleveloflifetimesupportasCERESprovidesatoolforconvertingexistingC&EsintoCERES.UtilisingtheCERESExtracttoolmakesforfastandcosteffectivemigrationofexistingC&EdrawingsintotheCERESC&Estyle.

TheversatilityofthefunctionsCERESprovidesausefulandpracticalsoftwaretoolforthemanagementanddevelopmentofSISC&ECharts.CERESoffershighlevelsofefficiencyandcontrolthrough-outthelife-cycleofasystem’sC&EChartswithpowerfulanduniquefunctionality.

Cause & Effect Relationship Software A full lifecycle Cause & Effect managementtool for Safety Instrument Systems.

7

CERESDesignallowsthedesignandmodificationsoftheCauseandEffectdatabase.

UsingCERESDesign,userscanConstruct,DestructandModifysystemInputs,Outputs,CauseandEffectrelationships,systemnotes,systeminformationandFire/ProcessZonemapping.

Eachmodificationisloggedwithadate/timestamp,theuserwhoimplementedthechangeandtheversionoftheCERESDatabase.

Beforeimplementingmodifications,theversionoftheCERESProjectcanbeupdated.Thisarchivesthecurrentversion.ThisallowsallpreviousversionsoftheCERESDBtobeinterrogatedandcompared.

CERESViewproducesCauseandEffectdrawingsbasedoninformationcontainedwithintheCERESdatabase.

TheCauseandEffectsdrawingsarecreatedbasedonuserspecifiedtemplateswhichallowtheCause&Effectdrawingstomeetenduserdocumentspecifications

TheCERESCauseandEffectdrawingsallowfor:

•Input/OutputGrouping&Segregation•DisplayofVotingInputs,IncludingANDing,MooNetc.•RevisionHistoryDetails•ExternalDocumentReferencing.•Cause&EffectsareexportedinexcelandPDFformat

pssuk.co.ukProcess Safety Solutions

8 9

CERESinsightprovidesuserswithaquickandeasy accessmethodtoobtainrelevantCauseandEffectinformation.

UsingthequeryfieldsuserscanentersearchcriteriatodisplaysystemandCause&Effectinformationrelevanttothequeriedinputsandoutputs.

ThisinformationcanbeusedtoswiftlydeterminetherelationshipsbetweeninputandoutputwithouttheneedtosearchmanuallythroughtheCauseandEffectsdrawings.

ThesearchparameterscanbesavedasCERESquerieswhichcanbeloadedbacktoallowforquickaccesstocommonsearches.

Thequeryresultscanbeexportedtherebyallowing forreportinganduserspecificapplications.

CERESVersionsallowsforcomparisonbetweentwoversionsoftheCERESProject.

Thisallowsorpreandpostmodificationverification,highlightinganychangesmadebetweenthetwoversions.

Thedifferencesarelistedandcanbedisplayedonthecauseandeffectmatrix.

pssuk.co.ukProcess Safety Solutions

10 11

CERESExtractcanbeemployedtoextractexistingCause&Effectdatabases,Cause&EffectdrawinginformationandpopulateanewCERESDatabase,.

UtilisingalibraryofeasytouseextractorsCERESextractcanbeusedonalargenumberofformatsincludingExcel,AccessDB,ParadoxDB,andSQLDB.

IfastandardextractorcannotbedeployedProcessSafetySolutionscanproducebespokeextractortoolstoremovetheneedformanualtransfer.

CERESTestisanexporttoolpassingtheCERESCause&EffectinformationtoVESTAandPALLASforoffandonsitevalidationofthesystemCause&Effect,againsttherunningSISapplicationlogic.

Process Safety Solutions pssuk.co.uk

12 13

pssuk.co.uk

15

pssuk.co.uk

15

Process Safety Solutions

14

Process Safety Solutions

14

Process Safety Solutions

14

Whydoesitinvariablytakeover400manhourstotestmysystemsapplicationsoftwareafteronlyaminorchange?Doyoucompromisesafetyintegrityandtestonlythoseareasaffectedbythechangeoracceptthatinanyaspectofmanualinterventiontherecouldbeimplicationtoanypartofthesystem,andcarryout100%Cause&Effecttest?

UsingthePSMSa100%systemtestcanbesettorunautomatically.Typicallyasystemteston1000I/Osystemtestwouldcompleteinapproximately6hours.

Key features

•TestingofCause&EffectstoverifyfunctionalityofSafetyPLCapplicationlogic•ImportexistingC&Echartsinavarietyofformats(Autocad,Exceletc.viaCERES)•CreateTestSequencestomimicC&Efunctionality•AutomaticallyconditionSystemtoa‘healthy’state•FullCauseandEffecttestingofSystemlogic•VerificationofexpectedEffectsagainstinitiatingCauses•DetectionofunexpectedEffects•ProductionofC&EChartsandreportsfromtests•Fullyautomated,fast,accurateandrepeatabletesting•Carryout‘before’and‘after’verificationofsystemapplicationlogic•Preandpostmodification.Compareresults.•FullysatisfiestherequirementsofIEC61511Part1Clause17.2.7Paragraph9: “Tests used to verify that the change has not adversely impacted parts of the SIS which were not modified.”

VESTAisaninnovativeoff-siteconditioningandtesttoolforsafety-instrumentedsystems(SIS)thatallowscompletelyautomatedtestingofsafetyapplicationprograms,runningonavarietyoftargethardware.

Itsimulatesinputs/votes(Causes)intothesafetyapplicationrunningonaSafetyPLCoremulator,thencomparestheexpectedoutputs’states(Effects)againstactualEffectsobserved,andproducesreports,basedontheresultsoftesting.

TheneedforclumsyarraysofswitchesandlampstypicallyrequiredtocarryoutSISapplicationverificationtestingisnotonlyeliminatedwithVESTAbutthespeed,repeatabilityandaccuracyofsuchtestingproceduresisvastlyimproved.

Verification and Test of ApplicationsAn off-site conditioning and test tool for safety instrumented system applications.

Applicationlogicmodificationsmayalsobetestedinthesamemanner,allowinganaudittrailtobeproduced;preandpostmodification.

Process Safety Solutions

16 17

VESTAmaintainsadatabaseofTags,SystemAddressingandTagTripPoints.

TheseTrippointsincludeLowLow,Low,Mid,HighandHighHigh

TheseTrippointscanbecalledusingTripcommandswithinVESTAsequencesandCERESCause&Effects.

VESTAallowsfortheallocationofsetpointstoeachanalogueinputandsetsthenormalstateofeachdigitalinputandoutput.

TheVESTASequenceeditorcanbeutilisedtodefineVESTAtestsequenceswhichcanbeusedtovalidatealargevarietyofSISfunctionality,including:

•AnalogueSpanChecks•DifferentialTrips•TimeDelayTrips•Voting•OverrideTesting•LogicFunctionTesting•FunctionBlockTesting

SequencesI/O Conditioning

Process Safety Solutions pssuk.co.uk

18 19

AftertheCause&Effecttestiscompleted,VESTAproducesatestreportdetailinganydiscrepanciesbetweenthedefinedCause&Effectsandthetestedapplicationlogic.

ThisreportcanbeutilisedasevidenceofthefullCause&Effecttestingandcanbeusedinconjunctionwithfactoryacceptancedocumentation.

VESTAiscapableoftestinganumberofuserdefinedCause&Effectlogicalfunctions,whichcanbemanuallydefinedordirectlyimportedfromtheCERESdatabse,including:

•DirectInput-OutputTest•TimeDelayTripTests•ANDedInputs•MooNInputs•AnalogueDifferentialTrips

OnceCause&Effectinformationhasbeendeclared,VESTAcanperformthefullCause&Effecttestautomatically.

Thetestisperformedasfollows:

•Conditioningofthesystemtoa‘healthy’baselinestate.•Systemresetsareapplied.•ThefirstCause&Effectinput/voteistripped. Alltheoutputsaremonitored.•Outputtripsaredisplayedonthetestmatrix.•Input/voteismade‘healthy’.•Systemresetsareapplied.•ThesecondCause&Effectinput/voteistripped.

TheCause&Effecttestisexecutedforeachdefinedinput/inputvote.Oncethetesthasbeencompleted,aCause&Effectmatrixviewtestreportisproduced.

Cause & Effect Testing

Process Safety Solutions

Test Reporting

pssuk.co.uk

20 21

Risk

No Risk - Logic functions as expected

Highlights a risk to Production

Highlights a risk to Safety

No Risk - Logic functions as expected

Description

Output tripped as expected

Output tripped, but was not expected

Output was expected to trip, but did not

No trip expected and none occurred

Name

Expected Trip

Un-Expected Trip

Expected Trip. Not Recorded

No Trip

Symbol

XXO

Process Safety Solutions

22

pssuk.co.uk

23

Process Safety Solutions

22

pssuk.co.uk

23

Process Safety Solutions

22

Key features

•LiveCause&EffectMatrixViewer•Cause&Effectinformationcanbeconvertedfromvariousstandardformats•AlarmandEventLogging•ReplayofloggeddatafromPALLASorESOE•ConnectstoSafetyPLCsvia•OPCAlarmsandEvents(1.x)•OPCDataAccess(1.x,2.xand3.x)

PALLASisaliveCause&EffectMatrixviewerforonsiteCause&Effectverificationandalarmlogging.

PALLASconnectstoalogicsolverviaanonintrusivereadonlyOPCinterface,andusesC&EdatafromCERESorfromPALLASdesignertodisplaythestatusofsysteminputs,outputsandintersects.

PALLASrecordstheAlarmandEventdatawhichallowsPALLAStoactasanAlarmLogger.

ThemainfeatureofPALLASistheliveviewingofaC&EMatrixasalarmsandeventsoccurinthesystembeingmonitored.CauseswillbehighlightedastheyhappenandanycorrespondingEffectswhichareinitiatedintheSISbytheinputchangearemonitoredandcomparedtotheC&EChartforthesystem.

Process Automation, Live Logging and Analysis SoftwareOn-site data historian and live Cause & Effect viewing application.

ThecomparisonbetweenlivedatawiththesystemC&EChartsallowsforaclearunderstandingofhowthesystemoperateswithregardstoCauseandEffect,italsooffersanimmediateinsightintoproblemsorfaultswithinthesystemorC&ECharts.

LogsarekeptbyPALLASofeveryeventwhichhappensinthesystemthereforeofferingaviewofhistoricaldataandloggingofdatauptotheexactmomentofanypotentialproblemsorshutdowns

WhydoesittakehoursoftrawlingthoughSequenceofEventsLogstoidentifywhatcausedtheShutDown?PALLAS’shistoricplaybackfeatureallowsfortheFirstUptriptobequicklyidentifiedusingtheCause&Effectplaybackmode,assistingwithRootCauseanalysis,resultinginmoreefficientshutdownanalysisandplantrecovery.

Process Safety Solutions

24 25

PALLAShasaLiveCause&EffectViewer.Utilisingknown‘normal’systemstates,thecurrentsystemstate(UsingtheA&Edata)andaCause&EffectmatrixdefinedfromCERES(ormanually).

Whenasysteminputtransitionstoatrippedstate,theinputisflaggedastrippedontheinputsectionoftheCause&Effectmatrix.

PALLASalsomonitorsthesystemoutputshighlightingwhentheoutputstransitiontotrip.

IfinputandoutputcorrespondbasedonthedefinedCause&Effectinformation,theappropriateintersectwillbehighlightedastripped.

Ifthereisanydiscrepancybetweeninputandoutput,eitheranunsuccessfultriporanun-expectedtrip,theintersectfieldwillbehighlightedasfailed.

ThecoloursdisplayedonthematrixareuserconfigurableallowingPALLAStoconformtoenduserrequirements.

Live Cause & Effect ViewerOPC Data Logger

OnceconnectedtoanOPCAlarmandEventsServerPALLASstartsloggingallevents.

TheseeventsarestoredlocallyonthePALLASPCallowingforaccesstohistoricaleventdata.

pssuk.co.ukProcess Safety Solutions

26 27

EachendelementdefinedwithinPALLAScanbeassociatedwithfeedbackinputs.Theseinputscanincludevalvelimitswitchesandswitchgeartellbacks.

Numerousfeedbacksignalscanbedeclaredforeachoutputandthe‘healthy’and‘tripped’feedbackstatesmustbedeclared.

Usingthisinformation,anoutputdiscrepancyisflaggedandloggedwhenthefeedbacksignalsdisagreewiththeoutputstate.

Thisfeatureactsasarecordforend-to-endtestingofsystemandelements.

Usingthefeedbacksignals,outputtimingcanbemeasuredallowingfortheopen/closetimesofvalvesetctoberecorded.

PALLAScalculatesthetimebetweenthesystemoutputstatechangeandthefeedbacksignalconfirmation.

Thesetimevaluesareloggedandallowsforaccesstoalargenumberoftimingdata.Thisdatacanbeusedtomonitorvalvehealthandtoassistinvalvemaintenance.

UsingthearchivedA&Edata,PALLAScanreplaythehistoricsystemeventsallowingforplantshutdownoccurrencestobereplayedandtoassistinRootCauseAnalysis.

Usingthetimestampeddata,PALLAScanreplayin‘realtime’orstepbysteptheshutdownoccurrencehighlightingfirstupinputsandallowingoperationpersonneltoidentifythecauseandtheshutdownquicklyandefficiently,allowingforquickerplantrecovery.

Thelogfilescanbeextractedfromtheon-sitePALLASPCandtransferredtoanyotherPALLASPCallowingfordatatobeanalysedbyoffsitepersonnel,includingmaintenance,managementandgoverningbodies.

Historical PlaybackFeedback Confirmation and Timing

pssuk.co.ukProcess Safety Solutions

28 29

Cyclic Cause & Effect Verification

Process Safety Solutions

Cyclic Cause & Effect Verification

pssuk.co.uk

Process Safety Solutions

Process House341GreatWesternRoadAberdeenAB106NWT:+44(0)1224586288

Knowledge GatewayUnitD3NesfieldRoadColchesterCO43ZLT:+44(0)1206625444

E:info@pssuk.co.ukW:www.pssuk.co.uk