Safety Instrumented Systems Engineering

32
7/18/2019 Safety Instrumented Systems Engineering http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 1/32 Safety Instrumented Systems  The Smart Approach

description

Systems engineering.

Transcript of Safety Instrumented Systems Engineering

Page 1: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 1/32

Safety Instrumented Systems The Smart Approach

Page 2: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 2/32

More than ever, running your plant product ively and safely requires the right 

technologies and experience. With increasingly stringent regulat ions and 

internat ional-standard best practices, safety instrumented systems perform

a crit ical role in providing safer, more reliable, process operations.

3The Emerson Approach toSafetyFrom sensor, to logic solver,

to final control element.

4Safety FirstNew international standardsare prompting a reexamina-tion of safety practices.

6The Ideal SafetyInstrumented SystemIntelligence embedded in theSIS loop reduces risk.

8Sensors for Reduced Risk 

Sensors for pressure, temper-ature, flow and level play animportant role.

10SIS Final ElementsFinal elements with digitalvalve controllers deliverhigher reliability and safety.

12Partial-Stroke Testing forReliabilityCheck the valve’s ability to

perform on demand—auto-matically.

14Logic SolverState-of-the-art logic solverssupport digital communica-tions.

16 Intuitive SoftwareIndustry-leading DeltaVsystem software

18Tough Applications Made

Easy TÜV-certified DeltaV SIS func-tion block suite makes imple-mentation easy.

20The Health of Your LoopsIdentifying and predictingproblems is critical.

22Flexible Architecture forAny SizeSafety Instrumented Systems

come in all sizes and topolo-gies.

24Simplifying IEC 61511Compliance

 The PlantWeb solution.

26Connecting with YourExisting BPCSIncrease your plant’s availabilitywith a smart SIS.

28 Integrated Yet Separate

 True integration with DeltaVsoftware; complete separa-tion from hardware.

30 Industry Leading Serviceand Support

 The world’s only IEC 61511certified project services.

CONTENTS

2

Page 3: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 3/32

Safe operations include many 

aspects—material handling 

procedures, process 

operations and safety 

instrumented systems (SIS).

Yesterday’ s SIS solut ions 

considered only the logic 

solver and left it to your 

maintenance organization to 

manually test the entire 

safety loop. Like you,

Emerson believes it’ s critical 

to consider the ent ire safety 

loop—from sensor, through logic solver, to final element 

—as a complete ent it y.

The Smart ApproachOnly Emerson Process

Management, an Emerson

business, takes a holistic new

approach by continuously

diagnosing the sensors, logic

solvers, and final elements’ abilityto perform on demand as required

for a smart SIS solution.

Now you can minimize the costly

practices of ongoing manual proof 

tests with the embedded

predictive diagnostics and the

digital communications of the

PlantWeb®architecture.

Complete Solutions—One Source.When it comes to safety

applications like emergency

shutdown systems, burner

management, and fire and

gas systems, our trained

global professional safety

personnel and project services

organizations have the knowledgeto perform, and expertise to assist

you in, process hazard analysis and

risk assessment along with safety

instrumented system design,

implementation, and

commissioning.

Emerson provides the only smart,

easiest-to-use, safety instrumented

system for the lowestlifecycle cost.

Sensor to Final Control Element,the Emerson Approach to Safety

®

“The PlantWeb

solution for safety

application is the

complete package.

It considers all

equipment in the

safety instrumented

function as well asthe simplified proof 

testing. This will

change the

industry.”

—Dr. William Goble,P.E. CSFSE

Exida

3

“The PlantWeb

solution for safety

application is the

complete package.

It considers all

equipment in the

safety instrumented

function as well asthe simplified proof 

testing. This will

change the

industry.”

—Dr. William Goble,P.E. CSFSE

Exida

Page 4: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 4/32

Reduce regulatory compliance efforts

Safety First

4

Past solutions for safe 

operat ions may no longer be 

suff icient. New internat ional 

standards for safety, like IEC 

61508 and IEC 61511, are 

prompt ing a reexaminat ion of safety practices. Planning 

is required to meet increased 

regulatory requirements 

across the globe.

Companies that don’t plan and manage

process operational risks face fines,

production outages, equipment damage

and serious injury or loss of life.

With today’s technology and best

practices, the re is no reas on not to put 

s afe ty fir s t .

 There are key international standards and

concepts you and your solutions

providers must know to effectively

implement safer operations. It’s

important that you work with a supplier

that has safety instrumented system

sensors, logic solvers, and final control

elements that meet IEC 61508 standards

to help you follow IEC 61511best practices.

 You need to effectively perform hazard

identification, hazard analysis, and risk

assessment studies to develop plans to

address current deficiencies.

IEC 61508Used by suppliers of safety-related

equipment, IEC 61508 defines a set of 

standards for functional safety of electrical/ electronic/programmable

electronic safety-related systems.

Emerson has the broadest range of IEC

61508-certified process safety devices,

from pressure, flow, and temperature

sensors through the logic solver, to final

element.

Process manufacturers who implement

SIS equipment need to do so in

accordance with best practices, as

defined by IEC 61511.

19

DIN V 1925

DIN V VD

Page 5: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 5/32

“This internationalstandard has twoconcepts which arefundamental to itsapplication; safetylifecycle and safetyintegrity levels.”

—IEC 61511-3

Global Safety

Standard

5

IEC 61511 The SIS user community has

formally collected best practices

in safety applications aligned with

IEC 61508. The result of this work

is the new IEC 61511 standard.

Only Emerson provides:

transmitters, valve controllersand logic solvers certified to

IEC 61508

services certified to IEC 61511

software that simplifies

adherence to IEC 61511 for

regulatory compliance.

IEC 61508-type data on non-

certified devices to help process

manufacturers build prior

use cases.

Emerson delivers a state-of-the-art

safety solution that reduces risk

and increases process availability.

ANSI/ISA-84.00.01-2004In 2004 the S84 committee of ISA

formally adopted the IEC 61511

standard for use in the USA. Thetwo standards are identical except

for a grandfather clause that the

S84 committee added to the

American version.

1992 1995 1998 2001 2004

NE 31 

IN V 19251 

EN 54,Part 2 

NFPA 8501 

IEC 61508 

NFPA 850 2 

IEC 61511 

ANSI/ISA S84 .01 

Key Safety Regulatory Standards

ANSI/ISA S84

“This internationalstandard has twoconcepts which arefundamental to itsapplication; safetylifecycle and safetyintegrity levels.”

—IEC 61511-3

Global Safety

Standard

Page 6: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 6/32

The ideal SIS takes a new 

approach to help you 

reduce risks and use the 

intelligence embedded in 

the total SIS loop: 

sensors, logic solvers,

and final control 

elements to increase 

safety.

Risk reduction The ideal SIS begins and ends withfield devices. Smart field devices:monitor the entire SIS loop from

sensor through the finalcontrol element

provide non-disruptive actuatorpartial-stroke testing andspurious trip prevention

proactively communicate

maintenance alerts fromintelligent sensors and actuators

support advanced diagnosticcapabilities for sensors,logic solvers and final controlelements for both self-test anddetection of abnormal situationsin the surrounding process.

Easier regulatorycompliance The ideal SIS, including sensor,

logic solver, and final element, isdesigned in accordance with IEC61508 and is TÜV or FM certified*. To help you address the IEC 61511standard more easily, an ideal SISshould have: safety logic signature

authorization change management of safety

logic and field deviceconfiguration/calibration

security authorization of onlinetrip point or bypass changes.

Increased availabilityAn ideal SIS increases the avail-ability of an operating process. It: increases system availability

through redundancy as required

minimizes risky manual finalelement testing throughautomatic periodic testing

reduces operator response timewith advanced alarmmanagement

manages bypasses duringstartup sequences.

Safety with less risk and increased av

The Ideal Safe

6

Because the majori ty of malfunctions in safety 

applicat ions occur in t he devices, increased logic 

solver reliability does not significantly improve 

the reliability of t he entire safety loop. Data 

intrepreted from the Offshore Reliability 

Database (OREDA).

42%—Sensor

malfunct ion 

8%—Logi c sol ver 

malfunct ion 

50%—Valve m alfu ncti on 

Basic P rocess C ontrol S ystem ( BPCS

Digital C ommunication

Page 7: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 7/32

“Today’s safetysystems need anintegrated safetyapproach wheretransmitters arepart of the safetysystem and

performautocalibration,diagnostics,validation andremote monitoring,connecting with anintelligent fieldbussuch as HART or

Foundationfieldbus.”

—Wayne Labs,CONTROL Magazine,

May 2005

bility.

nstrumented System

7

Reduced project capitalWith pressure on processmanufacturers to increase theirreturn on capital, the ideal SISreduces the engineering andinstallation effort by: simplifying safety logic

development and testing withpowerful certified functionblocks

being certified for use in SIL 1, 2and 3 applications withoutrestriction

providing a flexible architecturefor centralized or decentralizeddeployment

providing embedded simulationto fully test safety logic beforedeployment

integrating BPCS and SIS datawithout mapping orhandshaking logic while keepingthese functions separate per IEC61511

providing common engineeringtools for the BPCS and SIS.

Reduced operations andmaintenance costsLike capital budgets, operating andmaintenance budgets are underconstant pressure. The ideal SISreduces operations andmaintenance costs by:providing a common

engineering and operatorinterface for both BPCS and SIS

synchronizing time andcollecting events between BPCS

and SISperforming continuous diagnos-

tics and periodic testing of sensors and final controlelements.

It’s important to consider ongoingsupport when multiple suppliersare involved. When one supplierhas the full range of products andservices for your BPCS and SIS, youhave only one place to go for theanswers and support you need.

T he tr aditional imple me ntation of

Basic Process Control Systems and 

S afe ty Ins trume nte d S y s te ms fails to 

c ons ide r the e ntire s afe ty loop ,

requiring extra maintenance effort .

Safety I nstrumented S ystem ( SIS

Discrete S gnalOn-o ff

* Certi fied by a 3rd Part y such as TÜV.

“Today’s safetysystems need anintegrated safetyapproach wheretransmitters arepart of the safetysystem and

performautocalibration,diagnostics,validation andremote monitoring,connecting with anintelligent fieldbussuch as HART or

Foundationfieldbus.”

—Wayne Labs,CONTROL Magazine,

May 2005

Page 8: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 8/32

Smart Sensors Provi

Increased diagnost ics decreases risk.8

Sensors for pressure,

temperature, flow and 

level play an important 

role in your risk 

reduction strategy. It’s 

important to consider improvements in 

measurement 

technology as well as 

installat ion and 

maintenance pract ices.

 The health of your safety loop isonly as reliable as the weakest

component. With discretemeasurement switches, you get alevel of safety, but these devicesare susceptible to failurewithout warning.

Switches have few failure modes,but almost all are dangerous andundetectable. Regular proof testing is thus required—thesetests can themselves introduce riskbecause they are manual andrequire strict adherence to

procedures and they putmaintenance personnel inhazardous locations.

Smart devices deliverpredictive diagnosticsBy replacing switches withtransmitters, you take the first steptowards reducing undetectedfailures. Smart transmitters havefar fewer dangerous undetectedfailures than switches. In addition,

the latest generation of smartmeasurement devices extend theembedded diagnostics beyond thedevice and into the process.

Extendedhealth diagnostics Today’s leading smarttransmitters, like Emerson’sRosemount and Micro Motiondevices, go beyonddetecting component failures. They evaluate the performance of the complete measurementsystem, extending diagnostics todetect formerly undetectabledangerous failures outside thephysical bounds of thetransmitter—providingboth transmitter and processdiagnostics.

 The end result is greater creditfor failure on demand calculations,easier compliance with

IEC 61511, higher safe failurefractions, less redundancy, and lessproof testing, less often.

IEC 61511 defines two approachesfor selecting the right device foryour safety measurements. Bothmethods have merit and are usedextensively.

Prior use This method requires

that you havesufficient failure datato be able toinvestigate andcalculate theprobability offailure on demandand the safe failurefraction. As theleading fielddevice supplier,Emerson canprovide the reliability

data you need forthese calculations.

Page 9: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 9/32

Both Transmitter and Process Diagnostics

“Most of thesediagnostics can beperformed only inthe field devicesthemselves, and notthrough higher-level expert or

‘abnormal situationmanagement’systems, becausethey requireextremely highspeed resolutionand accuracy.”

—Steve Brown

E.I. duPont deNemours & CoChem ical Engi neerin g

Magazine, July ‘03

9

 This method provides you withmore transmitter choices at thecost of maintaining databases toprovide evidence of prior use perIEC 61511.

 This approach requires extensivetracking management—a laborioustask.

Designed to IEC 61508 Temperature and pressure

transmitters from Rosemount andflow transmitters from MicroMotion change all of this. Theseare standard BPCS sensors that canbe used in safety applications. Nowyou can get Emerson reliability in acertified transmitter.

Sensors are one key piece in theideal safety system. Final elementsare the next critical piece.

AMS TM S uite: Inte llig e nt D evic e Manage r 

provides the means to identif y and cor- 

rect potential transmit ter problems.

“Most of thesediagnostics can beperformed only inthe field devicesthemselves, and notthrough higher-level expert or

‘abnormal situationmanagement’systems, becausethey requireextremely highspeed resolutionand accuracy.”

—Steve Brown

E.I. duPont deNemours & CoChem ical Engi neerin g

Magazine, July ‘03

Page 10: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 10/32

SIS Final Elements D

10

Reduce final element risk.

The next step in the ideal 

SIS is to equip the final 

elements with digital 

valve controllers that 

provide the diagnostics 

to extend the proof test interval, while delivering 

higher reliabilit y and 

safety.

Manual testingProcess manufacturers have goneto great lengths, adding bypassvalves, manual jamming devices,and expensive pneumatic panels

to facilitate proof testing of finalcontrol elements.

Beyond the increased capitalexpense, safety valve testing ofteninvolves the installation andsubsequent removal of mechanical valve interlocks. This can expose maintenancepersonnel and operators tohazardous locations in theprocess. And if the interlocks arenot removed after the testing, the

performance of the safetyinstrumented system maybe severely compromised. The majority of plant incidents arecaused by personnel and

procedural error, so removing theneed for manual proof tests whilemaintaining the overall SISintegrity is key in SIS applications.

FIELDVUE digital valvecontrollerFIELDVUE digital valve controller

instruments provide automatedperformance monitoring andtesting by enabling remote partialstroke testing while the safetyvalve is online. This keepspersonnel safely away from thevalves’ locations. The FIELDVUEDVC6000 for emergencyshutdown solutions is TÜV-certified for use in SIL 3applications.

FIELDVUE instruments haveextensive diagnostics to monitortravel deviation, pressuredeviation, valve packing frictionand more. Information iscommunicated back to the DeltaVsystem and the AMS DeviceManager software.

SIL-PAC solution The EmersonS IL-PAC TM

final element solution usesEmerson actuators controlled

by the FieldVUE DVC6000ESD to operate the valve. Theseinclude the Bettis®G and CBA-series, HyTork®and El-O-Matic TM

actuators currently used in manyESD type applications.

Proven in safety applications formany years, the Bettis actuatorsare certified for use in SIL 3applications when periodicpartial-stroke testing isperformed.

Page 11: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 11/32

“The principalsources of faultshave remained inthe field; we needto recognize andeliminate these fail-ures at the source.”

—Erik R. BruynExxonMobil Refinery

“The Role ofInstrumentation in Plant

Asset Management”Internationa

Instruments UsersAssoc., Apr ‘03, Hague,

The Netherlands

ver Higher Reliability and Safety

11

 TheS IL-PAC final control solutionis valve neutral—meaning that itcan be mounted on the safetyvalve that best meets yourapplication requirements.

From 350 inch pounds of torqueto over 13 million inch pounds,

S IL-PAC options include:ASCO solenoids for redundancy local shutdown options configurable closing/

opening times

diagnostic/configuration toolsunusual and severe types of 

services.

With theS IL-P AC solution fromEmerson, you get the flexibility,reliability, and functionality youneed to meet your requirements

and support your installationthroughout its life.

AMS Intelligent Device Manager wit h the ValveLink 

Snap-On applicat ion makes troubleshooting devices 

from a remote location easy and safe.

The FIELDVUE inst rument automat ically

checks the condition of the final control

element dur ing each partial-stroke test.

“The principalsources of faultshave remained inthe field; we needto recognize andeliminate these fail-ures at the source.”

—Erik R. BruynExxonMobil Refinery

“The Role ofInstrumentation in Plant

Asset Management”Internationa

Instruments Users’Assoc., Apr ‘03, Hague,

The Netherlands

Page 12: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 12/32

During each partial-stroke test,pneumatic supply, actuatorpressure, and valve position are

tested to verify whether the valvecomponents will perform.

 This partial stroke testingprovides: less human errorbetter maintenance practicesbetter documentation less risk.

 There’s no more guessing whena safety valve needs to bemaintained. You have a betterunderstanding of the overallelectro-mechanical condition of the valve.

Less risk 

Automated partial stroke testingin the FIELDVUE DVC6000 and theAMS Device Manager softwareapplication keeps operators andmaintenance personnel awayfrom the field while extending thetime intervals between full-stroketests and providing confidencethat the valve will perform ondemand—reducing personneland operational risk and therisk of trips.

Better maintenancepracticesA valve signature generatedduring the partial-stroke testprovides your maintenancepersonnel with insight into:valve frictionair-path leakagevalve stickingactuator spring rate inherent diaphragm

pressure range.

 This information gives your

maintenance personnel the abilityto schedule repairs rather thanhaving to react to unexpectedfailures. Determining when asafety valve needs to bemaintained is no longer aguessing game.

Better documentation The FIELDVUE instrument receivesscheduled partial-stroke testcommands from the logic solverand applies a time and datestamp to each partial-stroke test. This information is automaticallysaved on a workstation, makingyour regulatory complianceefforts much easier.

Partial-stroke Testing F

Drag-and-drop configurat ion.12

Safety valves equipped with Emerson’s FIELDVUE DVC6000 

perform part ial-stroke testing, automat ically checking the 

valve’s abilit y to perform on demand.

Page 13: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 13/32

Reliability

“It’s not onlypossible to check valves, but we canalso do so moresafely, at less cost,and with greaterefficiency.”

—Patrick FlandersSaudi Aramco

In addition, thoroughdocumentation of each test ismaintained per regulatoryrequirements.

 The right sensors, final elements,and AMS Device Manager build astrong foundation for the nextelement in the smart SIS, thelogic solver.

13

AMS Device Manager wit h the 

ValveLink snap-on application auto- 

mat ically generates detailed reports of 

the part ial-stroke test for regulatory 

bodies. Valve testing reveals the need 

for scheduled maintenance.

Part ial stroke test on a 

problem valve.

“It’s not onlypossible to check valves, but we canalso do so moresafely, at less cost,and with greaterefficiency.”

—Patrick FlandersSaudi Aramco

Page 14: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 14/32

Bulky logic solvers and 

mult iplexers can now 

be replaced with state- 

of-the-art logic solvers 

that support digital 

communications for continuous health 

monitoring of every 

complete Safety Instru- 

mented Function (SIF).

The DeltaV SISWhile other safety systemsuppliers focus only on the logicsolver, the Emerson smart SIS

solution considers the entire SIFto increase safety whiledecreasing spurious trips, therebyincreasing reliability from sensorto final element.

 The SLS 1508 logic solver, built fordigital communications withsafety sensors and final elements,uses the power of predictive fieldintelligence to increase the overallreliability of the entire safetyinstrumented function.

It is TÜV-certified for use in SIL 1-3rated safety applications asdefined by IEC 61508 and fire-detection and alarms as definedin ENS4-2.

SLS 1508 logic solverKey capabilities of the SLS 1508

logic solver include:24V DC redundant power16 channels per logic solver in

any combination of HART AI,HART two-state output, DI, DO

line fault detection on all I/O separate I/O processor and

redundant CPUs50msec executiondownloadable on-line flexible architecture -40° to 70°C temperature

rating ISA G3 (corrosive environment

rating)NAMUR NE21 electromagnetic

compatibility rating

Redundant logic solver You can increase the availability of your process with a redundantpair of SLS logic solvers. The twomodules work in parallel with noconcept of master/slave. Thisensures bumpless transfers, and

allows automatic online proof testing of the logic solvers.

Logic Solvers Conti

Higher process availabilit y through im14

Page 15: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 15/32

usly Monitor Health of Every SIF

“We installedDeltaV SIS in ourcritical distillationheaters during our

latest turnaround.We plan to installmore in our refineryas we continue ourmodernizationprogram.”

—Cornel Cirligeanu

RominservElectrical & I&CDivision

oved diagnost ics.15

For greater process 

availabil it y, the SLS 

1508 logic solvers are 

optionally redundant.

Smart logic solverscontinuously monitor 

loop health and perform 

part ial-stroke tests.

“We installedDeltaV SIS in ourcritical distillationheaters during our

latest turnaround.We plan to installmore in our refineryas we continue ourmodernizationprogram.”

—Cornel Cirligeanu,

RominservElectrical & I&CDivision

Page 16: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 16/32

All of the DeltaV system’s 

ease-of-use advances like 

plug-and-play hardware,

drag-and-drop, and 

explorer-based software,

are built in to the DeltaV 

SIS software.

A full palette of TÜV-certified

smart function blocks designedspecifically for DeltaV SIS functionsis available. Special blocks likeMooN voter blocks with bypassmanagement reduce what used tobe pages and pages of ladder toengineer, test, and commissioninto a simple drag-and-dropspecification activity. Easymaintenance with less complexityreduces your life cycle costsand risks.

All of the function blocks are

certified by TÜV for safetyapplications.

Other capabilities making theDeltaV SIS software intuitiveinclude:built-in sequence of events

handler with automatic first-outtrapping

built-in bypass handlingbuilt-in override bundling automatic compliance to

IEC 61511 standard. off-line simulationbuilt-in alarm state engine per

EEMUA 191 standard optional operator interface.

Intuitive Softwa

Drag-and-drop from voter palette—eas16

Page 17: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 17/32

“High compre-hensibility of theprogrammedfunctions is theultimate ambitionof safety-relatedprogramming.Therefore, there is aneed for a preciseand compact pro-gram structure andrepresentation.”

—Dirk HablawetzBASF AG

“The Practical use ofthe internationa

standard IEC 61508”TÜViTConference, Jan ‘03, Augsburg

Germany

nd Powerful Function Blocks

17

Voter simpli fies device upset and 

diagnostic condit ion handling to avoid 

spurious trips while automat ing bypass 

management.

Powerful function

blocks deliver engineering

savings and operational benefit s.

Cause and Effect Matrix (CEM) block 

great ly simplif ies the logic solver 

configuration.

State Transition Diagram provides 

simple fill-in of state, transition 

inputs, and desired outputs saving 

hours of engineering.

Step Sequencer saves hours of 

engineering over convent ional ladder 

logic approaches.

“High compre-hensibility of theprogrammedfunctions is theultimate ambitionof safety-relatedprogramming.Therefore, there is aneed for a preciseand compact pro-gram structure andrepresentation.”

—Dirk HablawetzBASF AG

“The Practical use ofthe international

standard IEC 61508”TÜViTConference, Jan ‘03, Augsburg

Germany

Page 18: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 18/32

With the rich TÜV- 

certified DeltaV SIS 

function block suite, the 

toughest safety 

applications can be easily 

implemented.

SIS applicationsConsider a typical example likely tobe found in every plant.

 You have an application and needto monitor level (triplicatedmeasurement) and take action inthe event that the pressure (2oo3)is too high. Given the application,

you need to be sure that the valvewill perform on demand. You needto change the test frequency of your SIF from six months to theturnaround scheduled everyfour years.

 There are key requirements foryour safety logic: Trip the plant if two of the level

measurements exceed the triplimit.

Generate a deviation alarm if any of the level inputs deviatesfrom the others.

Provide user interface displaywhere all active bypasses arelisted for management byoperators.

If any of the measurementdevices reports bad status,then generate an alarmindicating that the SIF isrunning in degradedmode (2oo2) and removethe device from the votinglogic.

Be able to configure triplimits, deviationpercentages, pre-tripalarm, degradationbehavior and start-upoverrides.

Monitor the performanceof the valve by partiallystroking it every month toensure it will perform ondemand. Send an alarm tooperations and maintenance if 

the partial stroke test fails oranother advanced diagnosticalert is detected.

Allow bypassing during startupwith all SIS bypasses beingreported on an SIS or BPCSdisplay.

Set bypasses to automaticallyremove after a configurable timeperiod.

Provide warning to the operator

an appropriate time before abypass is automaticallyremoved.

With Emerson’s smart SIS solutionfor safety applications, this is easy.With Rosemount and Micro

Motion transmitters, DeltaV SIS,AMS Intelligent Device Managerand Fisher DVC, the architecture isin place. With the patent-pendingDeltaV SIS voter and partial-stroketest function blocks, configurationof this logic is a few mouseclicks away.

Tough Applicatio

Experience on which you can rely.18

All of the funct ionalit y described on this page can be 

implement w ith this simple configuration.

Page 19: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 19/32

Made Easy

“While developingthe concept of thesafety instru-mented system, theaspect of main-tenance and startupshould be taken

into consideration.Possibilities foreasy check andaccess to allcomponents shouldbe kept in mindwhile designing thesystem.”

—NE31 Standard

19

Fast configurationwith cause-and-effectmatrix functions Traditional SIS projectrequirements are typically definedusing cause-and-effect matrices(CEM). Once approved, these are

often translated into logicdiagrams and ultimately intoladder logic of the selectedsupplier.N o more —with the CEM

function block, the cause-and-effect diagrams can be deployeddirectly in the logic solver. TheCEM table executes as it ispresented.

Documentation is easy, since theCEM configuration is the logic thatexecutes.

CEM logic is configured per WYSIWYG: 

what you see is what you get. End user 

requirements are executed as 

documented eliminat ing project 

phases and risks associated with 

implementat ion errors.

“While developingthe concept of thesafety instru-mented system, theaspect of main-tenance and startupshould be taken

into consideration.Possibilities foreasy check andaccess to allcomponents shouldbe kept in mindwhile designing thesystem.”

—NE31 Standard

Page 20: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 20/32

The Health of Yo

20

Realt ime information when and whe

Identifying and 

predict ing problems in 

the sensors, logic solvers,

final elements, and the 

surrounding process is 

critical. Sending this information quickly to 

the people who can take 

corrective action is 

equally important .

Detect

Detection starts at the process.Only Emerson’s PlantWebarchitecture for safety applicationscontinuously monitors loop andprocess health.

NarrowCastShould a problem be detected in adevice or the supporting process,a PlantWeb alert is generated. This alert travels to the logicsolver, which is configured tonarrowcast the alert to theappropriate personnel and themaintenance system.

In some cases, it is desired todirect the alarm/alert to thepersonnel who man theplant—twenty-four hours, sevendays a week—such as theoperators of the BPCS. This isdone via drag-and-dropconfiguration. In addition toidentifying the alert as a safety

alert, the operator is providedwith information identifying theroot cause of the problem, withcontext sensitive guidance forcorrective measures.

In other cases, it is desired thatall safety personnel be alertedto every safety alert. Emerson’sMessenger software is thesolution. Emerson’s Messengersoftware uses web services to

deliver PlantWeb Alerts to themaintenance personnelresponsible for solving the

problem via email, phone,pager or SMS. These time-critical alerts can be sent viaXML to your ComputerizedMaintenance ManagementSystem (CMMS) to generatework orders automatically.

With the optional SIS ReportingMessenger plug-in, detailedSIS diagnostic test results fromactuator partial-stroke tests,sensor tests, and SIS loophealth tests are automaticallytransmitted via email orprinted to satisfy regulatoryreporting requirements.

Diagnose and correctWith notification delivered to theright people, the AMS suite’sIntelligent Device Managersoftware provides quick access todetailed device diagnostics.

 The bottom line—the PlantWebarchitecture provides a platformfor more reliable safetyoperations, from early detectionthrough notification and

correction.

2

13

Page 21: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 21/32

“Monitoring thehealth of theinstruments in anisolated environ-

ment like ours givesus the ability to findout what’s wrongbefore we sendsomebody out tothe field and that’svery importantgiven our limited

staff. Being able tomonitor the healthof the equipment,positions us to beproactive with ourmaintenanceprograms. Thishelps us improve

our overall processavailability.”

—George Cushon,OPTI Canada Inc

oops

21

t counts.

Smart field devices send crit ical health

informat ion to the right people at the right t ime.

Wit h AMS Intelligent Device 

Manager, device health can be 

determined remotely.

Diagnose and cor rect 3

Detect 1

Crit ical alerts can be sent directly

via email, pager or phone.

NarrowCast  “Monitoring thehealth of theinstruments in anisolated environ-

ment like ours givesus the ability to findout what’s wrongbefore we sendsomebody out tothe field and that’svery importantgiven our limited

staff. Being able tomonitor the healthof the equipment,positions us to beproactive with ourmaintenanceprograms. Thishelps us improve

our overall processavailability.”

—George Cushon,OPTI Canada Inc.

Page 22: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 22/32

Flexible architectureWhether you have an isolatedboiler or a large ESD application,DeltaV SIS scales to provide youwith the safety coverage yourequire for your SIL 1, 2 and 3 SIFs.

Unlike other approaches, themodular logic solver hardwarescales in steps of 16 configurableI/O. This means you automaticallyadd memory and CPU every timeyou add a logic solver. The days of running out of memory or CPUpower are over.

 The architecture of DeltaV SISallows you to concentrate on thedesign of each SIF—each logicsolver is a container for a smallnumber of SIFs and there can be nounplanned interaction between

them. This is very different fromthe traditional approach wherehundreds of SIFs are all placed in asingle safety PLC

and the effect of changing a single

register could affect all of the logic.DeltaV SIS scales as the number of SIFs scales—simply add logicsolvers to contain more safetyfunctions with no impact on theperformance of the existingsystem. On a large plant theselogic solvers can be placed innodes close to the process unitbeing protected; an intuitivedesign with fewer opportunities formaintenance errors that has the

added advantage of wiring savings.

Given this scalability,DeltaV SIS is ideally suitedfor all safety applicationsup to SIL 3: small burnermanagement applications,large ESD and fire and gas

applications.

Flexible Architectu

Completely integrated–ready to deplo22

Applications that require safety instrumented systems to

reduce risk come in all sizes and topologies. You need an

SIS offering that can handle the smallest to the largest 

application and one that has the flexibility to address 

widely distributed architectures.

Page 23: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 23/32

or Any Size

“The scalability of it really impressesme—that you canput in one modulefor just a fewloops, or you canbuild a completesafety system.”

—Global ChemicalProducer

23

Configuration Workstat ion may optionally be 

used for SIS Alarm Management, Operator 

Interface and/ or Device Maintenance.

SISnet—A redundant fiber opt ic

network spanning kilometers.

DeltaV SIS easily scales to fi t 

the size and distribut ion of 

your safety applications.

Ethernet configuration network 

“The scalability of it really impressesme—that you canput in one modulefor just a fewloops, or you canbuild a completesafety system.”

—Global ChemicalProducer

Page 24: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 24/32

Simplifying IEC 615

Easier regulatory compliance.24

The PlantWeb solution 

for safety applications 

has been designed to 

assist customers in 

following the IEC 61511 

standard for SIS deployment.

DeltaV SIS helps to automaticallydocument and simplify yourcompliance with this internationalsafety standard, along withadditional regulatory requirementsparticular to your operatingregion.

Not only will the upfront costs of engineering, installing andcommissioning your system belower, but so will the ongoingmaintenance and managementcosts to satisfy your safety andregulatory requirements.

MaintenanceComplying with the verificationand documentation requirementsof IEC 61511 is simplified with the

AMS Device Manager Audit Trail software.

 The Audit Trail automaticallyrecords changes to a device’sconfiguration and includes thefollowing information for eachevent:date and time of the eventuser who made the change.

Engineering The DeltaV SIS reduces your IEC61511 compliance efforts byincorporating our experience of satisfying tough regulatoryrequirements for changemanagement.

All changes to the DeltaV logicsolver configuration includingdetails of the change, who made it,and when it was made, are

automatically captured.

Compliance is simplif ied wit h AMS Device Manager Audit Trail.

Change 

Audit Trail 

Edit 

Changes are automatically 

captured wi th embedded version 

control and audit trail.

Page 25: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 25/32

OperationsShould an emergency stop berequired for the application, twomechanisms may be used. Youmay hard-wire a physical ESD(emergency shutdown) mushroombutton to the I/O of a logic solver.

If, instead, you choose to soft-wirean emergency shutdown buttonfrom a graphic on the OperatorWorkstation then you will need toensure that the communicationsare secure. In keeping with IEC61511, DeltaV SIS requires arepeat confirmation on theemergency shutdown actionbefore it will take effect –protecting the logic solverfunctionality. This repeatconfirmation is automaticallyexecuted for every on-linecommand from all Workstations toevery logic solver, includingoperational functions that requiredata security such as bypasses andtrip limit changes.

Other capabilities havebeen added to ensure safeoperation and maintenance

of your SIS.

For example, any bypass isautomatically flagged in theoperator interface and logged inthe event journal file.

 The bottom line: built-incapabilities in the PlantWeb

architecture, such as repeatconfirmation, changemanagement, download control,device audit trail and others,reduce the IEC 61511compliance challenge.

“DeltaV SIS wasbest suited for oursafety shutdownapplicationsbecause of itsmodularity,integration withthe control system,and safety loopdiagnostics.”

—Steve SchmitzRohm and Haas

Compliance

25

“DeltaV SIS wasbest suited for oursafety shutdownapplications

because of itsmodularity,integration withthe control system,and safety loopdiagnostics.”

—Steve SchmitzRohm and Haas

Page 26: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 26/32

Connecting with Your Existi

26

Connect with your exist ing system

No matter what DCS or PLC you are using 

as your basic process control system, you 

can increase your plant’s availabilit y using 

Emerson’s smart safety instrumented 

solution.

Reliable,proven integrationWith the advent of openstandards, integration of BPCSand safety instrumented systemshas become easier. The OPCstandard introduced in 1996provides an excellent mechanismfor high data transfer rates in real-time from an SIS to a BPCS. Forthose with smaller data transfer

needs, the Modbus protocol maybe an alternative.

OPC integrationOLE for Process Control (OPC) hasbecome the de facto standard forcommunications betweendisparate systems in the processindustries. DeltaV SIS connectswith your legacy BPCS via OPC.

All operating and eventinformation is available to youroperator interfaces and historycollection software using an OPCinterface.

OPC Data Access (DA) providesreal-time data integration. WithEmerson’s field-proven OPCMirror, data from DeltaV SIS iseasily mapped into the OPCServer of the installed BPCS.

Completing the integration isOPC Alarms and Events, whichprovides a means to include SISalarms and events into your

selected plantwide eventhistorian.

An excellent event collectioncandidate for this function isEmerson’s PlantWide EventHistorian, which provides a SQLdatabase for collecting time-stamped events from multiplesources into a single enterpriseevent historian.

Modbus integrationModbus may also be used tointerface the SIS and BPCS.Modbus brings the advantage of familiarity to most users, aswell as the comfort ofdecades of proven reliability.

Modbus is often usedfor communicatingprocess-related databetween SIS and BPCS,while OPC is perfectlysuited to transferringlarge amounts of SISdata to be presentedon the BPCS displays.

Integration servicesOur global solutions organizationhas a long history of providingthese integration services if yourequire them.

And since Emerson has officesaround the globe, we can providethe ongoing support you need tomaintain efficient operations.

Bear in mind—unlike theintegrated Emerson solution

shown on Pages 28 & 29—thesetraditional connectivity methodsrequire manual changemanagement procedures andcostly ongoing support.

Page 27: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 27/32

Basic Process Control System (BPCS)

“The standard OPCcommunicationprotocol built intothe DeltaV systemwill make interfacesbetween thevarious network 

applicationsseamless.”

—David GreerShell PhilippinesExploration B.V

27

asy.

OPC DA and OPC A/E may be 

used for real-time and alarm 

integrat ion, respectively.

Tradit ional Modbus may also be used.

OPC Mirror allows data to 

be mapped between BPCS 

and DeltaV SIS.

Redundant servers provide 

increased availabi lit y.

“The standard OPCcommunicationprotocol built intothe DeltaV systemwill make interfacesbetween thevarious network 

applicationsseamless.”

—David GreerShell PhilippinesExploration B.V.

Page 28: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 28/32

Integrated Y

Easier to configure and maintain.28

If you already have a 

DeltaV system or are 

considering the DeltaV 

system as your BPCS, the 

DeltaV SIS solut ion 

provides the true integration you’ve 

always wanted between 

your BPCS and SIS, with 

the separat ion required 

by IEC 61508 and IEC 

61511 standards.

Architecturallyindependent The PlantWeb architecture forsafety applications fits easily withyour DeltaV BPCS. Perfect forapplications requiring SIS riskreduction on only a few loops, theDeltaV logic solver can be presenton the same carrier as a standardDeltaV module. The powersupplies, communicationchannels, hardware, and real-timeoperating systems are c omp lete ly 

inde p e nde nt of the standardDeltaV cards and the DeltaV logicsolver, maintaining the separationrequired by IEC 61508.

All operations, engineering and

maintenance functions for thetwo systems are integratedincluding: alarm handling configuration time synchronization user security device health monitoring.

 The integrated configurationenvironment simplifies andstreamlines the engineering

effort. This integrated approacheliminates time-wasting, difficultto maintain data mapping, andhandshaking logic that iscommon in existing solutions.

Operators have one commonoperating environment for boththe DeltaV BPCS and DeltaV SIS tomore effectively operatethe plant.

Unlike any other SIS solution;engineering, operating, andmaintaining the DeltaVintegrated- yet-separatearchitecture is easy.

SIS informat ion can be 

displayed and alarmed 

like any BPCS data.

Page 29: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 29/32

“As data-drivensystems becomelarger, makingmore extensive useof data, theidentification andmanagement of data integritybecomes asignificant factor inthe demonstrationthat the requiredsystem integrityhas been achieved.”

—Alastair FaulknerCSE International Ltd

Separate

29

DeltaV BPCS and SIS are

configured and operated 

with t he same soft ware.

Wit h separate power supplies and TÜV approved

dedicated safet y networks, SIS and BPCS components

may be mixed in the same cabinet for smaller applications.

“As data-drivensystems becomelarger, makingmore extensive useof data, theidentification andmanagement of data integritybecomes asignificant factor inthe demonstrationthat the requiredsystem integrityhas been achieved.”

—Alastair FaulknerCSE International Ltd.

Page 30: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 30/32

Emerson leads the 

industry in providing 

services throughout the 

lifecycle of your 

operations, no matter 

where you operate on the globe. From project 

planning, through plant 

commissioning, to 

optim izing and 

support ing your 

operations, Emerson

has the experience you 

can depend on to

be successful.

Emerson—provenexperienceSafety instrumented systems playan important role in your overallprocess automation strategy.Emerson Process Management, aglobal leader in processautomation, delivers the

technology and expertise requiredfor safer, more reliable operations.

With a heritage of financialstrength, Emerson has the stabilityto invest in the technologiesrequired to help you reduce risk inyour process, while lowering thecosts. Emerson is the global leaderin transmitters and actuators withonline, self-testing capabilities—keys to a more robust SIS solution.

Differentiated safetyservicesEmerson has extensive globalcoverage for MAC (MainAutomation Contractor) servicesworldwide. These services includeall aspects of your automationproject from concept through:

Proven scalable project processfor Integrated Control andSafety System to MAC scope

Certified compliance by TÜVto IEC 61511 best practices:Services covering the entirelifecycle from conception todecommissioningGlobal coverage with sameIEC 61511 practices in placeEmerson certified field safetyengineers available in yourlocale for the support andmaintenance of your SIS.

Emerson Process Managementhas the technology, expertise, andexperience for your processautomation and safety needs.

Industry Leading S

Emerson—Consider it solved.30

Page 31: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 31/32

ice and Support

“Emerson’s projectexecutioncapabilities were acritical part of ourproject’s success.”

—David WhiteheadClough Engineering

31

Emerson can help you at any stage of the 

IEC 61511 Safety Life Cycle.

“Emerson’s projectexecutioncapabilities were acritical part of ourproject’s success.”

—David WhiteheadClough Engineering

Page 32: Safety Instrumented Systems Engineering

7/18/2019 Safety Instrumented Systems Engineering

http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 32/32

As a core element of the PlantWeb digital architecture,

the DeltaV systems makes 

control ling your process easy.

 The contents of this publication are presented for informational purposes only, and while everyeffort has been made to ensure their accuracy, they are not to be construed as warranties or guar-antees, express or implied, regarding the products or services described herein or their use orapplicability. All sales are governed by our software licensing agreement and terms and condi-tions, which are available upon request. We reserve the right to modify or improve the designs orspecifications of our product and services at any time without notice.

© 2005 Fisher-Rosemount Systems, Inc. All rights reserved.

 The Emerson logo is a trademark and service mark of Emerson Electric Co.

PlantWeb, DeltaV, the DeltaV design, SureService, the SureService design, Emerson ProcessManagement and the Emerson Process Management design are marks of one of the Emerson ProcessManagement group of companies. All other marks are the property of their respective owners.

Emerson Process Management12301 Research Blvd.Research Park Plaza, Building IIIAustin, Texas 78759 USA

 T +1 512.835.2190F +1 512.832.3443www.EasyDeltaV.com

Customers w ho h ave r equested t his b rochure h ave a lso r equested t he

following b rochures:

SureServicebrochure—for maximum return on your automationinvestment throughout its lifecycle.

Visit: www.SureService.com

FIELDVUE® Instrumentsbrochure—Visit: www.EmersonProcess.com/fisher

SIL-PAC TM Valve Automation Solution ForSafety Systems brochure—Visit: www.EmersonProcess.com/

valveautomation/bettis

Project Servicesbrochure—when success is the only option, call uponEmerson experts.Visit: www.EmersonProcess.com/

solutions/projectservices