hello world!

Functional Safety

  • Definition
    • Safety
      • IEC 61508/61511 – Freedom from unacceptable risk
    • Risk
      • Combination of:
        • Frequency of harm
        • Severity of harm
    • Functional Safety
      • Part of safety that depends on safety function implemented in a safety system
  • Definitions
    • Fail Safe
      • When SIS Fails its brings the plant to a safe state
    • Fault Tolerance
      • system can tolerate a fault and still function what its supposed to do
    • Safety System
      • Independant system
      • leads to predetermined safe state
      • When a process runs out of control
  • Studies have shown that 4% of world incidents are due to ESD systems
  • Safety Standards
    • Old Standards
      • DUN0801
      • TUV6
      • AK6
      • DIN19250
      • ISA S84
      • etceteras
      • ISO 9001
    • What we commonly deal with
      • IEC
        • Standards
          • IEC61508 (For Australia is AS 61508)
            • 7 parts
            • Anything electrical/electronic/programmable/software
            • Generic Standard
            • Parent
          • IEC 61511
            • 3 Parts
            • Specific for process industry
            • Child for 61508
          • 5 Main Aspects (for both standards)
            • Safety Lifecycle
            • Pipe to Pipe
            • Functional Management System
            • Fault Tolerant
            • Quantitive Safety (Calculations)
        • Does not require external verification for compliance
        • Is not in the detail level (i.e. pipe thickness and etc)
        • Defines a Safety Lifecycle
          • Concept
          • Scope Definition
      • ISO 9001
      • Electrical Standards
      • Company Specific Standard
  • SIL
    • Probability of Failure Upon Demand
      • Low Demand Rate (Less than once a year)
        • 0 : no safety requirments
        • 1 : <10^-1
        • 2 : <10^-2
        • 3 : <10^-3
        • 4 : <10^-4
    • Failure Rate
      • High Demand Rate (More than once per year)
        • 0 : no safety requirement
        • 1 : <10^-5
        • 2 : <10^-6
        • 3 : <10^-7
        • 4 : <10^-8
  • HAZOP
    • Brain Storming Session
    • Team Effort
    • Must have a facilitator
    • Activity
      • Identify
    • Guidewords Method – What If Analysis
      • Flow
        • High Flow
        • Low Flow
        • No Flow
      • Pressure
        • High Flow
        • Low Flow
        • No FLow..
      • Etc…
    • Basis – P&ID Drawing

IPF Study

  • IPF (Instrumented Protection Functions) are functions which comprises of
    • One or more initiators
    • A logic solver or an Instrumented Protection System. Some refer it to as PLC
    • One or more final element
    • with the purpose to prevent and mitigate hazardous situations
  • IPF Study is a study which consists of
    • SIL Classification (Proceed with all)
    • IPF Verification
    • IPF Implementatio
    • IPF Review – Every 5 years
  • SIL Classification
    • Most time consuming
    • Classifying consequence of IPF failure upon demand (Dangerous Failure)
    • Classifying consequence of IPF initiated without demand (Safe Failure/ Spurious Trip/ Nuisance Trip)
    • Classifying demand rate. Demand rate is a scenario that causes demand for an IPF
  • To assign SIL
    • No calculation – just assign SIL. In verification will only be calculation
    • clip_image002[5]
  • SIL Requirements
    • 0 no IPF required – In PPTSB 90% was SIL 0
    • a1 – Pre-alarm is adequate
    • a2 – Triggers a switch action (interlock from DCS) + pre-alarm. Can integrate with control function
    • 1 – Triggers switch action + pre-alarm.
      • Final Element can be control valve if fail safe
    • 2 – Trigger switch action + pre alarm
      • Final element can be control valve in 1oo2
      • Share initiator with control transmitter in 1oo2
    • 3 – Trigger switch action + pre-alarm
      • Share initiator with control transmitter in 2oo3
    • 4 – Shall be avoided, very low PFD, more economical to redesign
  • PFD
    • Sil 1 : 1/10
    • Sil 2 : 1/100
    • Sil 3: 1/100
    • Sil 4 : 1/10000
  • SIL Verification
    • To verify the installation at site. Look for common installations. Audit like
    • Calculate the PFD (Probability of Failure Upon Demand)
      • To obtain as low as SIL requirement
      • Is calculated by obtaining
        • HWFT (Hardware fault tolerance)
        • DCF(Diagnostic Coverage Factor)
        • Safe Failure Fraction (SFF)
          • Number of safe failures vs number of total failures
        • Proof Test Coverage Factor
          • How much unsafe failures one covers during testing
        • Test and repair durations
        • Mission Time
          • The time between test intervals
          • Mission – The mission is referred to the mission the IPF is taking during it’s operation
          • The smaller the mission time, the lower the PFD
  • 2 Layers of verification
    • Architectural Constraint. Consists of the following :-
      • Hardware Fault Tolerance (HWFT)
        • Is the tolerable number of dangerous failures in the IPF
        • For 2oo3, HWFT = 3-2 = 1.
        • For 1oo3, HWFT = 3-1 = 2
        • For 2oo2, HWFT = 2-2 = 0
      • Safe Failure Fraction (SFF)
        • Any hardware can be in the following state:
          • Working Normally
          • Safe Failure
          • Dangerous Failure (Already failed but not known)
        • SFF is the ratio of safe failures to the total number of possible failures (Safe + Dangerous)
        • Provided by manufacturer
    • Type of Instruments
      • Type A – All failure modes and effect known. Well documented.
      • Type B – Complicated Instrument
      • image

  • Safety Integrity Levels (SIL)
    • Safety Integrity Levels (SILs) are a safety-measurement standard defined by IEC in IEC61508 to quantify the chance of dangerous failures in electrical or electronic safety devices, that is, the probability of the device to fail in performing its Safety function.
    • Four SIL levels are possible, with SIL4 being the most dependable and SIL1 being the least. Each are based on it’s corresponding PFD (Probability of Failure Upon Demand) – Which is the probability that an instrument will not respond to a demand. It usually works on frequency of demand
      • image
    • TÜVs (Technischer Überwachungsverein) are German organizations that aim to protect humans and the environment against hazards coming from factories and mechanisms of all kinds. As an independent consultant, it examines monitoring-needy plants, motor vehicles, energy installations and devices. The many subsidiaries of the TÜVs can also appear as project developers for energy and traffic concepts, problem solutions in the area of environmental protection and certification bodies

Process Shutdown Systems

  • Process shutdown systems (or Instrumented protective systems) are systems which monitor the safe operations of a process unit. Inputs come from online sensors while output are either valves or relays
  • Important terminologies
    • IPF (Instrumented Protective Function) – A function comprising the initiator function, logic solver and final element function for the purpose of preventing and mitigating hazardous situations
    • IPS (Instrumented Protective System) – A system which serves and executes all IPF
    • Failsafe – A concept where the failure of a component puts the system in a less hazardous condition
  • Typical project stages
    • Feasibility Study
    • BED
      • PEFS, PFS
      • Narrative
      • Pre-Hazop
      • Pre-IP
      • C&E – Produced last
      • Detailed Design
  • Documents needed to design an IPS C&E Matrix
    • PEFS
    • PFS
    • Safeguarding Memorandum

  • Example of C&E Matrix
    • clip_image002
  • When purchasing instrument switches for a shut down system, 1 must specify whether it’s a normally closed or normally open circuit. Normally open or normally closed refers to the state of the instrument when it’s in the environment.
    • Consider a push button. If it’s normally open, it means that the switch is open in open environment. When some one presses it, it’s activated and will cause the circuit to be energize
    • Another example is a level switch. If a level switch is expected to activate when the level is low, then at an open environment, it is normally open. Think of it this way, when the level switch is immersed in water, the floater will flow up and close the circuit. This is safe cause if the we need to be in an energized mode for normal operation. If the water level drops below the switch, the switch will be open, hence we select a normally open switch for this type

Yokogawa Prosafe Hardware

  • Basic
    • Microprocessor based Programmable control system
    • Design for critical application such as
      • ESD
      • Burner Management System
      • F&G
      • High Availability Process Control
  • SCS Hardware
    • 2 Power Modules
    • Control Module
    • I/O Modules
  • Communication
    • V-net
      • For Yokogawa Systems
        • SENG
        • to other SCS
        • Centum
    • RS232
    • RS422/485
    • I/O
  • Maintenance
  • Logsav
  • Starts a DOS

Yokogawa Prosafe Software

  • Key Components (From the Windows Start Menu) 
    • Maintenance
      • Logsav
        • Starts a DOS command and saves  all important system config data to a file
      • SCS Master DB Recover
    • Online Manual
    • Message Cache Tool
      • A program that
    • SCS Status Overview
      • Displays a list of SCSs assigned to a given RS project
    • SOE OPC Parameter Setting
      • Setup OPC Interface
    • SOE Viewer
    • Software Configuration Viewer
      • Displays information related to Prosafe RS Software
    • Version Control Tool
      • Used for controlling revision history
    • Workbench
      • The main software
      • User interface to the ProSafe-RS
  • Workbench / SCS Manager
    • Purpose
      • Transfer configuration to and from PLC
      • Edit Project
      • View and update variables
      • Troubleshooting SCS
      • Produce Documentation
    • Directory Structure
      • Projects
        • Prosafe RS Projects are typically stored at “C:\RS-Projects\”. The projects are in the form of directory. The following example shows the “MYRSPJT” project:
          • image
        • In the Directory there will be many SCS, open an SCS and from Prosafe, the main file is the PRJLibrary.mdb file
        • Projects stored here as MDB files
          • RS Projects
            • SCS Projects
              • PRJLibrary.mdb ==> This is the main file top open
      • Shared
      • Users
      • Workbench
      • YOKOGAWA
    • Project Structure
      • RS Project is the Main Project, contains a combination of:
        • SCS Projects. An SCS project has:
          • Work Database
            • This is stored in the Project folder “C:\RSPROJECTS\MYRSPJT\SCSXXXX\PRJLIBRARY.MDB”
            • Is used for user to work on it.
            • It become the master database once downloaded in to SCS
          • Master Database
            • This is stored in the Yokogawa Master folder “C:\RSPROJECTS\MYRSPJT\SCSXXXX\YOKOGAWA_Master\PRJLIBRARY.MDB”
            • Is used as a ‘Reflection’ of the database inside SCS Controller
            • When download occurs, the SCS database is copied as the Master Database.
            • A ‘Restoring Function’ restores the master database into the work database
    • Supports
      • Function Block Diagrams
      • Ladder Diagrams
    • Has 3 Databases
      • Work Database
        • For working
        • Allows Online Download to SCS
      • Master Database
        • For backup
        • Can only be Offline Downloaded to SCS
      • SCS Database _71LAHH006_AN
    • SCS Constants Builder
      • Accessed from Tools ==> Engineering ==>SCS Constants Builder
      • Used for specifying Global Settings
    • I/O Configuration
      • There are three places where I/O Configuration is done
        • I/O Wiring View (STEP 1/3)
          • Accessed from Project ==> I/O Wiring
          • Used to define I/O Modules
          • image
          • The parameters show the position of the device in the SCS. The %IUxx.x=_______ will show what variable is wired to the slot
            • image
        • I/O Parameter Builder (STEP 2/3)
          • Accessed from tools ==> Engineering ==> I/O Parameter Builder
          • Used to specify parameters for input/output modules defined in I/O Wiring View.
        • Dictionary View (STEP 3/3)
          • Access under Projects ==> Variables
          • Used to to map internal variable definitions
    • A POU short for Program Organization Units is a generic name for programs, function blocks and functions
      • Program (aka a logic page)
        • Function Block (aka logic super block)
          • Function
            • Input/Output
    • Link Architecture
      • Is accessed from clicking on the left most icon link
      • image
      • New logics can be added in here
      • When a logic is opened, the ‘Multi-Language’ Editor is automatically launched

    • Multi Language Editor
      • User defined Functions and Function Blocks

    • Library Projects
      • Are custom function blocks
      • Is exclusive to an SCS project, i.e. cannot be shared amongst SCS projects

    • Inter-SCS Safety Communication Definition
      • Producing Side
        • In a program, use any of the intercommunication producer function block (PROD_B, PROD_I or PROD_R, hereinafter referred to as PROD_*)
        • Produce a corresponding binding variable for each data.
        • Define a global variable for the binding variable. Make sure to observe the naming rules for binding variables.
        • Connect the variable to be sent with the input of the PROD_* and bind the output of the PROD_* with the binding variable.
        • Make binding settings for the binding variable.
        • It is recommended to describe information of the consuming side as the comment for the binding variable.
        • Assign a binding group for each SCS on the consuming side.
        • An error of V net communication can be output by using a SYS_DIAG. When engineering, VNET parameter of SYS_DIAG can be used for outputting the alarms.
      • Consuming Side
        • Prepare a binding variable, a corresponding intercommunication FB (CONS_B, CONS_I or CONS_R, hereinafter referred to as CONS_*) for inter-SCS safety communication for the consuming side and a corresponding internal variable for each data.
        • Define a global variable for the binding variable. Make sure to observe the naming rules for binding variables.
        • Set a fail-safe value to be output in case the communication cannot be established or a communication error occurs and a timeout value (reception interval timeout value and transmission delay timeout value) for judging that a communication error has occurred for each data.
        • Make binding settings for the binding variable.
        • Assign a binding group for each SCS on the producing side.
        • The communication status can be output. When engineering, NR output parameter of CONS_* for each data can be used for outputting the alarms. CMER output parameter of SYS_DIAG for the entire data can be used for outputting the alarms.

    • CENTUM CS COMMUNICATION
      • Prosafe RS allow integration with CENTUM CS HIS, as in the Operator is able to directly call a Safety System Tag without the tag being created in CENTUM
        • All one needs to do is to download the taglist from the SCS in the CENTUM CS System View
          • image
        • The Variable name in the SCS can be changed to a more DCS friendly name from the Tag Name Builder (Tools ==> Engineering ==> Tag Name Builder)
          • Here mapping is done. The example below shows the mapping of an Enunciator Alarm
          • image
          • As shown, all details regarding the tag is done in prosafe, not in DCS.
        • (TO CONFIRM THIS) Under Tool==> Engineering ==> SCS Project Properties, put in DCS location
          • image
      • To Communicate with CENTUM CS HIS, as in allowing
    • Safety Analyzers
      • Prosafe provides two safety analyzers which needs to run before a download to SCS is done. This is to ensure integrity of the project.
        • Integrity Analyzer
        • Cross Reference Analyzer

    • Simulation
      • If the project is a current project, the project first needs to be changed to a Test project. This can be done using the  ‘Test Project Creation Tool’
      • Should also run: Project ==> Build Project library, if haven’t done so.
      • Under Project ==> Build Settings ==> Target Tab ==> Change to ‘SCS Simulator’
      • Simulator Can then be run by either
        • Debug ==> Simulation
          • This runs it’s own test simulation
        • Tools ==> Maintenance ==> SCS Test Function
          • This allows integration with Centum Test Function
          • Needs approval from Analyzer first
          • Once run, the system should be viewable from .so in Centum VP
    • Start ==> Program Files
    • image
  • Message Cache Tool
    • Start ==> Program Files
    • image
    • File ==> Setup
    • image
    • image
    • Diagnostic Information, event, trip file 1,2 must either be
      • 100% – Reading of information completed
      • 0% – Not trips
    • Trip File
      • Trip 1 is for trips
      • Trip 2 is when events are used as trip
  • Information Collecting Procedures
    • Before pulling out failed module, collect
      • SOE Report
      • System Report
        • Workbench ==> Tools ==> Maintenance ==> System Overview ==> Windows ==> SCS State Management ==> System Report
      • IOM Report
        • Should also be in System Report
      • Diagnostic Information
        • Workbench ==> Tools ==> Maintenance ==> System Overview ==> Windows ==> SCS State Management ==> Windows ==> Diagnostic Information
    • Backup Project Backup
      • image
    • Backup CheckIn Folder
      • If CheckIn tool is used
Open-Plant is a revolutionary Industrial IOT Platform software, used to create and deploy Industrial IT apps/solutions. It is an all-encompassing solution offering both back-end and front-end components i.e. the full stack. From our user's experience, creating and deploying Industrial IT apps became 10x faster and 10x less cost. We serve the mining, energy, oil & gas, construction and manufacturing industry. 

OPEN-PLANT PTY LTD

Perth, Australia

EMAIL

info@open-plant.com