ABB Automation ABB Instrumentation Page 1. ABB Automation ABB Instrumentation Page 2 Summary: Safety...

ABB AutomationABB Instrumentation


Summary:

Safety - Applicable Std & Rules

Saturation & Alarms levels

600T Safety Transmitters - General concepts

Key points for determining the “Safety Integrity Level”


Applicable Std & Rules

ANSI ISA S84

ANSI ISA S84

IEC61511

IEC61511

SISSIS

HAZOPHAZOP

OSHAOSHA

19101910

IEC61508IEC61508Sa

fety

Safe

tyLi

fe C

ycle

Life

Cyc

lePHAPHA

SILSIL

TÜVTÜV


IEC 61508

DIN V 19250

DIN VDE 0116

ISO 10418HSE PES

IEC 61511

EN 61131-2

ISA S84.01

DIN V VDE 0801

API RP14C

NFPA 8501

EN 50082-2

EN 298

ISO 9000Basic Quality requirements

Basic safety/low voltage/Ex prot./EMC

EN 50081-2

Functional Safety

Application

standards

NFPA 8502

EN 54-2


IEC 61508Applicable for all

industries

ISA S84.01Process Industry

IEC 61511Process Industry

IEC 61513Nuclear Industry

IEC 615YYTransportation

IEC 1131Programming Languages

for PLC

This specification plays and important role on programmable system for safety applications

IEC 615ZZOther industries

ABB AutomationABB Instrumentation Page 7

Safety integrity can be expressed by:

“Ability by system for carrying the safety operation in satisfactory way on demand”

The evaluation of the performances of the system should be done according to the international stds (SIL in IEC) and national rules (AK in DIN). The certification can only be performed by authorized institute like TÜV.

Safety - Base Concept


Safety integrity Level (SIL)-

“ Safety Probability achievable through the loop (system) on safety demand.””

Safety - Base Concept

A safety loop or system includes all hardware , software and all the necessary components for

achieving the needed safety functions.


35% 15% 50%

Transducer & transmitter Safety System Actuator , valve

Safety Loop

Safety - Base concept


Safety Integrity Levels (SIL)Safety Integrity Levels (SIL)

“SIL 4”

“SIL 3”

“SIL 2”

“SIL 1”

Protection of environment & comunity

Human protection

Protection of ownership and manufacturing

Protection of plants

PFD:E-005 to< E-004

RRF:100,000 to 10,000 yrs.

PFD: E-004 to< E-003RRF: 10,000 to 1,000 yrs.

PFD: E-003 to < E-002RRF: 1,000 to 100 yrs.

PFD: E-002 to < E-001RRF: 100 to 10 yrs.

PFD = Probability of Failure on DemandRRF = Risk Reduction Factor (1/PFD)


Safety Integrity Levels, Target Failure Safety Integrity Levels, Target Failure MeasuresMeasures

SafetyIntegrity

Level

Low Demand Mode of OperationProbability of failure to perform its

design function on demand

Cont/High DemandMode of Operation

Probability of a dangerous failureper year

SIL 4 >=10-5 to <10-4 >=10-5 to <10-4

SIL 3 >=10-4 to <10-3 >=10-4 to <10-3

SIL 2 >=10-3 to <10-2 >=10-3 to <10-2

SIL 1 >=10-2 to <10-1 >=10-2 to <10-1

E/ E/ PE

Sensor-Transmitter ActuatorSafety Controller

35 % 15 % 50%


“ Sequence of the activities involved for implementing the safety system from the engineering design until the commissioning”

Safety Lifecycle -


11 External RiskReductionFacilities

Realization

1 Concept

2Overall Scope

Definition

3Hazard & Risk

Analysis

4Overall Safety Requirements

5Safety Requirements

Allocation

15Overall Modification

& Retrofit

16 Decommissioning

12Overall Installation &

Commissioning

13Overall Safety

Validation

14Overall Operation

& Maintenance

9 Safety-relatedsystems: E/E/PES

Realization

10 Safety-relatedsystems: Other Technology

Realization

Overall Installation & Commissioning Planning

6 7 8Overall Operation & Maintenance Planning

Overall Validation Planning

Overall Planning

Back to appropriate Overall Safety Lifecycle phase

Safety analysis:

-Identify the safety functions

Determine the minimum safety integrity to which the safety fuction should be carried out .


Block 9:

To Box 14

To Box 12

9.1 E/E/PES Safety Requirements Specification

9.19.1.1 Safety Functions Requirements Specification

Safety Integrity Requirements Specification

9.19.1.2

9.2 E/E/PESValidation Planning

9.3 E/E/PESDesign & Development

9.4 E/E/PESIntegration

9.6 E/E/PESSafety Validation

9.5 E/E/PES Operation &Maintenance Procedures


Example for determining the Safety Integrity Level, Example for determining the Safety Integrity Level, (ISA S84.01)(ISA S84.01)

* NA = No SIS required* Numbers in boxes are SIL levels for SIS

Medium

Low

High

SIL 3 SIL 3 SIL 3

SIL 3SIL 2 SIL 2

SIL 1 SIL 1 SIL 2

SIL 2 SIL 2 SIL 2

SIL 2SIL 1 SIL 1

SIL 1NA NA

NANANA

NA NA

SIL 1 SIL 1 SIL 1

SI 1

Low

High

Low Medium High

Efficiency of other means

towards a risk reduction

Probability of dangerous

event

Level of effect against dangerous event

Medium


99.99999

AvailabilityPercentage

99.9999

99.999

99.99

99.90

0.00001

P.F.D.(Probability of

Failure on Demand)

0.0001

0.001

0.01

0.1

ANSI/ISAS84.01

3

IEC 61508 Class TÜV (AK)

Din V19250

SIL

2

1

4

3

2

1

AK8

AK6

AK7

AK5

AK3AK4

AK2

AK1

8

6

7

5

34

21

Comparison between classifications


It require analysis of risks and consequent evaluation of integrity according to the SIL (Safety Integrity Levels)

“Think ” safety during all the life cycle of your plant

“Think ” safety not only for the safety controller but for all the safety loop : Sensor/Transmitter Actuator

1 1 E x t e r n a l R i s kR e d u c t i o nF a c i l i t i e s

R e a l i s a t i o n

1 C o n c e p t

2 O v e r a l l S c o p eD e f i n i t i o n

3 H a z a r d & R i s kA n a l y s i s

4 O v e r a l l S a f e t yR e q u i r e m e n t s

5 S a f e t y R e q u i r e m e n t sA l l o c a t i o n

1 5 O v e r a l l M o d i f i c a t i o n& R e t r o f i t

1 6 D e c o m m i s s i o n i n g

1 2O v e r a l l I n s t a l l a t i o n &

C o m m i s s i o n i n g

1 3 O v e r a l l S a f e t yV a l i d a t i o n

1 4 O v e r a l l O p e r a t i o n& M a i n t e n a n c e

9 S a f e t y - r e l a t e ds y s t e m s :E / E / P E S


1 0 S a f e t y - r e l a t e ds y s t e m s : O t h e rT e c h n o l o g y


O v e r a l lI n s t a l l a t i o n &C o m m i s s i o n i n gP l a n n i n g

6 7 8O v e r a l lO p e r a t i o n &M a i n t e n a n c eP l a n n i n g

O v e r a l lV a l i d a t i o nP l a n n i n g

O v e r a l l P l a n n i n g

B a c k t o a p p r o p r ia teO v e r a l l S a f e t y L i fe c y c le p h a s e

Safety - Philosophy


The 600T Safety Transmitter has been designed according to IEC 61508. “Functional safety of electrical/electronic/ programmable electronic safety-related systems” per Safety Integrity Level 2 (SIL2)

Safety Transmitter


SIL2 means that the transmitter should detect every internal hardware failure giving an external alarm and programming the analogue output level at a predetermined value.

The 600T Safety is intrinsically redundant either for hardware that for software .This has been achieved with a supplementary stage and through an improvement of the internal diagnostic software .

Safety Transmitter


–If input signal 105% High Saturation = 20.8 mA

–If input signal -1.25% Low Saturation = 3.8 mA

Saturation Levels

–UP Scale = 22 mA

–Down Scale = 3.7 mA

Alarm Levels

Saturation Limits and UP/DOWN scale (alarms) according to NE43 (NAMUR).


Saturation Limits and UP/DOWN (alarm) scale

Analogue output saturated

3.8 20.8

Malfuntioning

223.7

Normal Operation


Even if the SIL2 approval is valid only for the analog output being the Hart Communication Protocol not certifiable, the 600T Safety Pressure Transmitters perform the Hart communication and keeps all the Hart features with improved diagnostic information.

The SIL2 approval is valid only for the analog output.


Principle of operation

The two inductive signals are separately detected by two independent ASICs and separately elaborated internally the electronics.

600T Safety Transmitters take advantage of the intrinsic redundancy of the highly reliable 600T series differential inductive sensor which provides two independent signals proportional to input pressure

Calculations follow independent flows and they are compared in the microcontroller in order to validate the output pressure signal.


Internal diagnostic algorithms are implemented to check correctness and validity of all processing variables and the correct working of memories.

A supplementary shut down circuitry provides a safe shut down when a fault occurs in the analog section of the electronics.



The output stage is also checked by reading back the analog output signal.

The feedback loop is obtained by an additional A/D converter put at the end of the output stage, which translates the 4-20 signal into a digital form suitable to be compared by the microcontroller.



Summary of Key Points for Safety Integrity

Excitation and reading integrity

Sensor integrity

CPU integrity


Analog Output stage integrity

CPU working - software sequences

Clock integrity

Power Supply monitoring

Summary of Key Points for Safety Integrity


HART

420 mA 420 mA

RedundancyDiagnostic

Previous

OUTPUT2

OUTPUT2

VOTING VOTING

COMPARATORCOMPARATOR

VERIFYSUPPLYVERIFYSUPPLY

COMPARATORCOMPARATOR

Base schematic Redundancy Diagnostic

PRESSUREDETECTIONELEMENT 1

PRESSUREDETECTIONELEMENT 1

Temperature sensor

Temperature sensor

LINEARIZATION &

COMPENSATION

LINEARIZATION &

COMPENSATION

PRESSURE DETECTIONELEMENT 2

PRESSURE DETECTIONELEMENT 2

LINEARIZATION &

COMPENSATION

LINEARIZATION &

COMPENSATION

VALIDATIONVALIDATION

WATCHDOGWATCHDOG

Hardware and software redundancy

Dual element Sensor Microprocessor A/D Power supply & analog output

420 mA SAFE

OUTPUT

420 mA SAFE

OUTPUT

Benefits

CLOCK2

CLOCK2

A / DA / DVERIFY

OUTPUT VERIFY

OUTPUT

D / AD / A

CLOCK1

CLOCK1

FAILSAFE

ENABLE

FAILSAFE

ENABLE420 mA

OUTPUT1

420 mA

OUTPUT1


600T Inductive Sensor

Measuring diaphragm

Ferrite Plate

Coil

Ferrite Pot-Core

Feedthrough


End of slide show.

ABB Automation ABB Instrumentation Page 1. ABB Automation ABB Instrumentation Page 2 Summary: Safety...

Documents

Transcript of ABB Automation ABB Instrumentation Page 1. ABB Automation ABB Instrumentation Page 2 Summary: Safety...