ABB AutomationABB Instrumentation Page 1
ABB AutomationABB Instrumentation Page 2
Summary:
Safety - Applicable Std & Rules
Saturation & Alarms levels
600T Safety Transmitters - General concepts
Key points for determining the “Safety Integrity Level”
ABB AutomationABB Instrumentation Page 3
Applicable Std & Rules
ANSI ISA S84
ANSI ISA S84
IEC61511
IEC61511
SISSIS
HAZOPHAZOP
OSHAOSHA
19101910
IEC61508IEC61508Sa
fety
Safe
tyLi
fe C
ycle
Life
Cyc
lePHAPHA
SILSIL
TÜVTÜV
ABB AutomationABB Instrumentation Page 4
IEC 61508
DIN V 19250
DIN VDE 0116
ISO 10418HSE PES
IEC 61511
EN 61131-2
ISA S84.01
DIN V VDE 0801
API RP14C
NFPA 8501
EN 50082-2
EN 298
ISO 9000Basic Quality requirements
Basic safety/low voltage/Ex prot./EMC
EN 50081-2
Functional Safety
Application
standards
NFPA 8502
EN 54-2
ABB AutomationABB Instrumentation Page 5
IEC 61508Applicable for all
industries
ISA S84.01Process Industry
IEC 61511Process Industry
IEC 61513Nuclear Industry
IEC 615YYTransportation
IEC 1131Programming Languages
for PLC
This specification plays and important role on programmable system for safety applications
IEC 615ZZOther industries
ABB AutomationABB Instrumentation Page 7
Safety integrity can be expressed by:
“Ability by system for carrying the safety operation in satisfactory way on demand”
The evaluation of the performances of the system should be done according to the international stds (SIL in IEC) and national rules (AK in DIN). The certification can only be performed by authorized institute like TÜV.
Safety - Base Concept
ABB AutomationABB Instrumentation Page 8
Safety integrity Level (SIL)-
“ Safety Probability achievable through the loop (system) on safety demand.””
Safety - Base Concept
A safety loop or system includes all hardware , software and all the necessary components for
achieving the needed safety functions.
ABB AutomationABB Instrumentation Page 9
35% 15% 50%
Transducer & transmitter Safety System Actuator , valve
Safety Loop
Safety - Base concept
ABB AutomationABB Instrumentation Page 10
Safety Integrity Levels (SIL)Safety Integrity Levels (SIL)
“SIL 4”
“SIL 3”
“SIL 2”
“SIL 1”
Protection of environment & comunity
Human protection
Protection of ownership and manufacturing
Protection of plants
PFD:E-005 to< E-004
RRF:100,000 to 10,000 yrs.
PFD: E-004 to< E-003RRF: 10,000 to 1,000 yrs.
PFD: E-003 to < E-002RRF: 1,000 to 100 yrs.
PFD: E-002 to < E-001RRF: 100 to 10 yrs.
PFD = Probability of Failure on DemandRRF = Risk Reduction Factor (1/PFD)
ABB AutomationABB Instrumentation Page 11
Safety Integrity Levels, Target Failure Safety Integrity Levels, Target Failure MeasuresMeasures
SafetyIntegrity
Level
Low Demand Mode of OperationProbability of failure to perform its
design function on demand
Cont/High DemandMode of Operation
Probability of a dangerous failureper year
SIL 4 >=10-5 to <10-4 >=10-5 to <10-4
SIL 3 >=10-4 to <10-3 >=10-4 to <10-3
SIL 2 >=10-3 to <10-2 >=10-3 to <10-2
SIL 1 >=10-2 to <10-1 >=10-2 to <10-1
E/ E/ PE
Sensor-Transmitter ActuatorSafety Controller
35 % 15 % 50%
ABB AutomationABB Instrumentation Page 12
“ Sequence of the activities involved for implementing the safety system from the engineering design until the commissioning”
Safety Lifecycle -
ABB AutomationABB Instrumentation Page 13
11 External RiskReductionFacilities
Realization
1 Concept
2Overall Scope
Definition
3Hazard & Risk
Analysis
4Overall Safety Requirements
5Safety Requirements
Allocation
15Overall Modification
& Retrofit
16 Decommissioning
12Overall Installation &
Commissioning
13Overall Safety
Validation
14Overall Operation
& Maintenance
9 Safety-relatedsystems: E/E/PES
Realization
10 Safety-relatedsystems: Other Technology
Realization
Overall Installation & Commissioning Planning
6 7 8Overall Operation & Maintenance Planning
Overall Validation Planning
Overall Planning
Back to appropriate Overall Safety Lifecycle phase
Safety analysis:
-Identify the safety functions
Determine the minimum safety integrity to which the safety fuction should be carried out .
ABB AutomationABB Instrumentation Page 14
Block 9:
To Box 14
To Box 12
9.1 E/E/PES Safety Requirements Specification
9.19.1.1 Safety Functions Requirements Specification
Safety Integrity Requirements Specification
9.19.1.2
9.2 E/E/PESValidation Planning
9.3 E/E/PESDesign & Development
9.4 E/E/PESIntegration
9.6 E/E/PESSafety Validation
9.5 E/E/PES Operation &Maintenance Procedures
ABB AutomationABB Instrumentation Page 15
Example for determining the Safety Integrity Level, Example for determining the Safety Integrity Level, (ISA S84.01)(ISA S84.01)
* NA = No SIS required* Numbers in boxes are SIL levels for SIS
Medium
Low
High
SIL 3 SIL 3 SIL 3
SIL 3SIL 2 SIL 2
SIL 1 SIL 1 SIL 2
SIL 2 SIL 2 SIL 2
SIL 2SIL 1 SIL 1
SIL 1NA NA
NANANA
NA NA
SIL 1 SIL 1 SIL 1
SI 1
Low
High
Low Medium High
Efficiency of other means
towards a risk reduction
Probability of dangerous
event
Level of effect against dangerous event
Medium
ABB AutomationABB Instrumentation Page 16
99.99999
AvailabilityPercentage
99.9999
99.999
99.99
99.90
0.00001
P.F.D.(Probability of
Failure on Demand)
0.0001
0.001
0.01
0.1
ANSI/ISAS84.01
3
IEC 61508 Class TÜV (AK)
Din V19250
SIL
2
1
4
3
2
1
AK8
AK6
AK7
AK5
AK3AK4
AK2
AK1
8
6
7
5
34
21
Comparison between classifications
ABB AutomationABB Instrumentation Page 17
It require analysis of risks and consequent evaluation of integrity according to the SIL (Safety Integrity Levels)
“Think ” safety during all the life cycle of your plant
“Think ” safety not only for the safety controller but for all the safety loop : Sensor/Transmitter Actuator
1 1 E x t e r n a l R i s kR e d u c t i o nF a c i l i t i e s
R e a l i s a t i o n
1 C o n c e p t
2 O v e r a l l S c o p eD e f i n i t i o n
3 H a z a r d & R i s kA n a l y s i s
4 O v e r a l l S a f e t yR e q u i r e m e n t s
5 S a f e t y R e q u i r e m e n t sA l l o c a t i o n
1 5 O v e r a l l M o d i f i c a t i o n& R e t r o f i t
1 6 D e c o m m i s s i o n i n g
1 2O v e r a l l I n s t a l l a t i o n &
C o m m i s s i o n i n g
1 3 O v e r a l l S a f e t yV a l i d a t i o n
1 4 O v e r a l l O p e r a t i o n& M a i n t e n a n c e
9 S a f e t y - r e l a t e ds y s t e m s :E / E / P E S
R e a l i s a t i o n
1 0 S a f e t y - r e l a t e ds y s t e m s : O t h e rT e c h n o l o g y
R e a l i s a t i o n
O v e r a l lI n s t a l l a t i o n &C o m m i s s i o n i n gP l a n n i n g
6 7 8O v e r a l lO p e r a t i o n &M a i n t e n a n c eP l a n n i n g
O v e r a l lV a l i d a t i o nP l a n n i n g
O v e r a l l P l a n n i n g
B a c k t o a p p r o p r ia teO v e r a l l S a f e t y L i fe c y c le p h a s e
Safety - Philosophy
ABB AutomationABB Instrumentation Page 18
The 600T Safety Transmitter has been designed according to IEC 61508. “Functional safety of electrical/electronic/ programmable electronic safety-related systems” per Safety Integrity Level 2 (SIL2)
Safety Transmitter
ABB AutomationABB Instrumentation Page 19
SIL2 means that the transmitter should detect every internal hardware failure giving an external alarm and programming the analogue output level at a predetermined value.
The 600T Safety is intrinsically redundant either for hardware that for software .This has been achieved with a supplementary stage and through an improvement of the internal diagnostic software .
Safety Transmitter
ABB AutomationABB Instrumentation Page 20
–If input signal 105% High Saturation = 20.8 mA
–If input signal -1.25% Low Saturation = 3.8 mA
Saturation Levels
–UP Scale = 22 mA
–Down Scale = 3.7 mA
Alarm Levels
Saturation Limits and UP/DOWN scale (alarms) according to NE43 (NAMUR).
ABB AutomationABB Instrumentation Page 21
Saturation Limits and UP/DOWN (alarm) scale
Analogue output saturated
3.8 20.8
Malfuntioning
223.7
Normal Operation
ABB AutomationABB Instrumentation Page 22
Even if the SIL2 approval is valid only for the analog output being the Hart Communication Protocol not certifiable, the 600T Safety Pressure Transmitters perform the Hart communication and keeps all the Hart features with improved diagnostic information.
The SIL2 approval is valid only for the analog output.
ABB AutomationABB Instrumentation Page 23
Principle of operation
The two inductive signals are separately detected by two independent ASICs and separately elaborated internally the electronics.
600T Safety Transmitters take advantage of the intrinsic redundancy of the highly reliable 600T series differential inductive sensor which provides two independent signals proportional to input pressure
Calculations follow independent flows and they are compared in the microcontroller in order to validate the output pressure signal.
ABB AutomationABB Instrumentation Page 24
Internal diagnostic algorithms are implemented to check correctness and validity of all processing variables and the correct working of memories.
A supplementary shut down circuitry provides a safe shut down when a fault occurs in the analog section of the electronics.
Principle of operation
ABB AutomationABB Instrumentation Page 25
The output stage is also checked by reading back the analog output signal.
The feedback loop is obtained by an additional A/D converter put at the end of the output stage, which translates the 4-20 signal into a digital form suitable to be compared by the microcontroller.
Principle of operation
ABB AutomationABB Instrumentation Page 26
Summary of Key Points for Safety Integrity
Excitation and reading integrity
Sensor integrity
CPU integrity
ABB AutomationABB Instrumentation Page 27
Analog Output stage integrity
CPU working - software sequences
Clock integrity
Power Supply monitoring
Summary of Key Points for Safety Integrity
ABB AutomationABB Instrumentation Page 30
HART
420 mA 420 mA
RedundancyDiagnostic
Previous
OUTPUT2
OUTPUT2
VOTING VOTING
COMPARATORCOMPARATOR
VERIFYSUPPLYVERIFYSUPPLY
COMPARATORCOMPARATOR
Base schematic Redundancy Diagnostic
PRESSUREDETECTIONELEMENT 1
PRESSUREDETECTIONELEMENT 1
Temperature sensor
Temperature sensor
LINEARIZATION &
COMPENSATION
LINEARIZATION &
COMPENSATION
PRESSURE DETECTIONELEMENT 2
PRESSURE DETECTIONELEMENT 2
LINEARIZATION &
COMPENSATION
LINEARIZATION &
COMPENSATION
VALIDATIONVALIDATION
WATCHDOGWATCHDOG
Hardware and software redundancy
Dual element Sensor Microprocessor A/D Power supply & analog output
420 mA SAFE
OUTPUT
420 mA SAFE
OUTPUT
Benefits
CLOCK2
CLOCK2
A / DA / DVERIFY
OUTPUT VERIFY
OUTPUT
D / AD / A
CLOCK1
CLOCK1
FAILSAFE
ENABLE
FAILSAFE
ENABLE420 mA
OUTPUT1
420 mA
OUTPUT1
ABB AutomationABB Instrumentation Page 31
600T Inductive Sensor
Measuring diaphragm
Ferrite Plate
Coil
Ferrite Pot-Core
Feedthrough
ABB AutomationABB Instrumentation Page 39
End of slide show.
Top Related