Safety Considerations Guide for Triconex General ... - ICEWeb
Safety Considerations Guide for Triconex General ... - ICEWeb Safety Considerations Guide for Triconex General ... - ICEWeb
10 Chapter 1 Safety Concepts Developing an SIS Using the Safety Life Cycle Note 1 Develop a safety requirement specification (SRS). An SRS consists of safety functional requirements and safety integrity requirements. An SRS can be a collection of documents or information. Safety functional requirements specify the logic and actions to be performed by an SIS and the process conditions under which actions are initiated. These requirements include such items as consideration for manual shutdown, loss of energy source, etc. Safety integrity requirements specify a SIL and the performance required for executing SIS functions. Safety integrity requirements include: • Required SIL for each safety function • Requirements for diagnostics • Requirements for maintenance and testing • Reliability requirements if the spurious trips are hazardous 2 Develop the conceptual design, making sure to: • Define the SIS architecture to ensure the SIL is met (for example, voting 1oo1, 1oo2, 2oo2, 2oo3). • Define the logic solver to meet the highest SIL (if different SIL levels are required in a single logic solver). • Select a functional test interval to achieve the SIL. • Verify the conceptual design against the SRS. 3 Develop a detailed SIS design including: • General requirements • SIS logic solver • Field devices • Interfaces • Energy sources • System environment • Application logic requirements • Maintenance or testing requirements Some key ANSI/ISA S84.01 requirements are: • The logic solver shall be separated from the basic process control system (BPCS). • Sensors for the SIS shall be separated from the sensors for the BPCS. • The logic system vendor shall provide MTBF data and the covert failure listing, including the frequency of occurrence of identified covert failures. Triconex controllers do not contain undiagnosed dangerous faults that are statistically significant. Safety Considerations Guide for Triconex General Purpose v2 Systems
Hazard and Risk Analysis 11 • Each individual field device shall have its own dedicated wiring to the system I/O. Using a field bus is not allowed! • The operator interface may not be allowed to change the SIS application software. • Maintenance overrides shall not be used as a part of application software or operating procedures. • When online testing is required, test facilities shall be an integral part of the SIS design. 4 Develop a pre-start-up acceptance test procedure that provides a fully functional test of the SIS to verify conformance with the SRS. 5 Before startup, establish operational and maintenance procedures to ensure that the SIS functions comply with the SRS throughout the SIS operational life, including: • Training • Documentation • Operating procedures • Maintenance program • Testing and preventive maintenance • Functional testing • Documentation of functional testing 6 Before start-up, complete a safety review. 7 Define procedures for the following: • Start-up • Operations • Maintenance, including administrative controls and written procedures that ensure safety if a process is hazardous while an SIS function is being bypassed • Training that complies with national regulations (such as OSHA 29 CFR 1910.119) • Functional testing to detect covert faults that prevent the SIS from operating according to the SRS • SIS testing, including sensors, logic solver, and final elements (such as shutdown valves, motors, etc.) 8 Follow management of change (MOC) procedures to ensure that no unauthorized changes are made to an application, as mandated by OSHA 29 CFR 1910.119. 9 Decommission an SIS before its permanent retirement from active service, to ensure proper review. Safety Considerations Guide for Triconex General Purpose v2 Systems
- Page 1 and 2: Triconex General Purpose v2 Systems
- Page 3 and 4: Contents Preface vii Summary of Sec
- Page 5 and 6: Contents v Partitioned Processes. .
- Page 7 and 8: Preface This guide provides informa
- Page 9 and 10: Preface ix • All other requests a
- Page 11 and 12: 1 Safety Concepts Overview 2 Hazard
- Page 13 and 14: Overview 3 Protection Layers Method
- Page 15 and 16: Hazard and Risk Analysis 5 Hazard a
- Page 17 and 18: Hazard and Risk Analysis 7 Sample S
- Page 19: Hazard and Risk Analysis 9 Safety L
- Page 23 and 24: Safety Standards 13 CAN/CSA-C22.2 N
- Page 25 and 26: 2 Application Guidelines Overview 1
- Page 27 and 28: General Guidelines 17 General Guide
- Page 29 and 30: Guidelines for Triconex Controllers
- Page 31 and 32: Guidelines for Triconex Controllers
- Page 33 and 34: Guidelines for Triconex Controllers
- Page 35 and 36: Guidelines for Triconex Controllers
- Page 37 and 38: Guidelines for Triconex Controllers
- Page 39 and 40: Guidelines for Triconex Controllers
- Page 41 and 42: 3 Fault Management Overview 32 Syst
- Page 43 and 44: System Diagnostics 33 System Diagno
- Page 45 and 46: Operating Modes 35 Operating Modes
- Page 47 and 48: Module Diagnostics 37 Analog Output
- Page 49 and 50: Module Diagnostics 39 Calculation f
- Page 51 and 52: Module Diagnostics 41 External Comm
- Page 53 and 54: 4 Application Development Developme
- Page 55 and 56: Development Guidelines 45 Array Ind
- Page 57 and 58: Setting Scan Time 47 application. T
- Page 59 and 60: Sample Safety-Shutdown Programs 49
- Page 61 and 62: Sample Safety-Shutdown Programs 51
- Page 63 and 64: Sample Safety-Shutdown Programs 53
- Page 65 and 66: Sample Safety-Shutdown Programs 55
- Page 67 and 68: Sample Safety-Shutdown Programs 57
- Page 69 and 70: Alarm Usage 59 Alarm Usage To imple
Hazard and Risk Analysis 11<br />
• Each individual field device shall have its own dedicated wiring to the system I/O.<br />
Using a field bus is not allowed!<br />
• The operator interface may not be allowed to change the SIS application software.<br />
• Maintenance overrides shall not be used as a part of application software or<br />
operating procedures.<br />
• When online testing is required, test facilities shall be an integral part of the SIS<br />
design.<br />
4 Develop a pre-start-up acceptance test procedure that provides a fully functional test of<br />
the SIS to verify con<strong>for</strong>mance with the SRS.<br />
5 Be<strong>for</strong>e startup, establish operational and maintenance procedures to ensure that the SIS<br />
functions comply with the SRS throughout the SIS operational life, including:<br />
• Training<br />
• Documentation<br />
• Operating procedures<br />
• Maintenance program<br />
• Testing and preventive maintenance<br />
• Functional testing<br />
• Documentation of functional testing<br />
6 Be<strong>for</strong>e start-up, complete a safety review.<br />
7 Define procedures <strong>for</strong> the following:<br />
• Start-up<br />
• Operations<br />
• Maintenance, including administrative controls and written procedures that ensure<br />
safety if a process is hazardous while an SIS function is being bypassed<br />
• Training that complies with national regulations (such as OSHA 29 CFR 1910.119)<br />
• Functional testing to detect covert faults that prevent the SIS from operating<br />
according to the SRS<br />
• SIS testing, including sensors, logic solver, and final elements (such as shutdown<br />
valves, motors, etc.)<br />
8 Follow management of change (MOC) procedures to ensure that no unauthorized<br />
changes are made to an application, as mandated by OSHA 29 CFR 1910.119.<br />
9 Decommission an SIS be<strong>for</strong>e its permanent retirement from active service, to ensure<br />
proper review.<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Triconex</strong> <strong>General</strong> Purpose v2 Systems
Change language