Safety Considerations Guide for Triconex General ... - ICEWeb

More documents

Recommendations

Info

16 Chapter 2 Application Guidelines Overview This chapter provides information about the industry-standard guidelines applicable to safety applications. These guidelines include those that apply to all safety systems, as well as those that apply only to specific industries, such as burner management or fire and gas systems. Guidelines that apply specifically to the Tri-GP controller are also provided. Project change control guidelines and maintenance override considerations can be found at the end of this chapter. Be sure to thoroughly read and understand these guidelines before you write your safety application and procedures. TÜV Rheinland Certification TÜV Rheinland Industrie Service GmbH has certified that specific versions of Tri-GP systems meet the requirements of IEC 61508 SIL2 when used as a PES in an SIS. For the approved Tri-GP system versions, see the “List of Type Approved Programmable Logic Controllers (PES)” on the TÜV website at http://www.tuv-fs.com/plctcnx.htm. This list is published by Invensys Systems Inc. and TÜV Rheinland Industrie Service GmbH. Tristation 1131 software has been reviewed and evaluated as part of the functional safety assessment and certification of Triconex controllers according to IEC 61508. Based on the review, and evaluation during certification, TÜV Rheinland Industrie Service GmbH deems the TriStation 1131 software suitable as a development and deployment tool for SIL3 safety and critical control applications as defined by IEC 61508 and IEC 61511, when it is used in accordance with Triconex user documentation, which includes the Safety Considerations Guide. If the IEC 61508 standard applies to your application, compliance with the guidelines described in this chapter is highly recommended. Safety Considerations Guide for Triconex General Purpose v2 Systems
General Guidelines 17 General Guidelines This section describes standard industry guidelines that apply to: • All safety systems • Emergency shutdown (ESD) systems • Burner management systems • Fire and gas systems All Safety Systems These general guidelines apply to all user-written safety applications and procedures: • A design-change review, code-change review, and functional testing are recommended to verify the correct design and operation. • After a safety system is commissioned, no changes to the system software (operating system, I/O drivers, diagnostics, etc.) are allowed without type approval and recommissioning. Any changes to the application or the control application should be made under strict change-control procedures. For more information on change-control procedures, see Project Change and Control on page 23. All changes should be thoroughly reviewed, audited, and approved by a safety change control committee or group. After an approved change is made, it should be archived. • In addition to printed documentation of the application, two copies of the application should be archived on an electronic medium that is write-protected to avoid accidental changes. • Under certain conditions, a PES may be run in a mode that allows an external computer or operator station to write to system attributes. This is normally done by means of a communication link. The following guidelines apply to writes of this type: — The communication link should use Modbus or other approved protocols with CRC checks. — The communication link should not be allowed to write directly to output points. — The application must check the value (of each variable written) for a valid range or limit before its use. — For information on the potential impacts of writes to safety-related variables that result in disabling diagnostics such as Output Voter Diagnostics, see Module Diagnostics on page 36. • PID and other control algorithms should not be used for safety-related functions. Each control function should be checked to verify that it does not provide a safety-related function. • Pointers should not be used for safety-related functions. For TriStation 1131 applications, this includes the use of VAR_IN_OUT variables. • An SIS PES should be wired and grounded according to the procedures defined by the manufacturer. Safety Considerations Guide for Triconex General Purpose v2 Systems
Page 1 and 2: Triconex General Purpose v2 Systems
Page 3 and 4: Contents Preface vii Summary of Sec
Page 5 and 6: Contents v Partitioned Processes. .
Page 7 and 8: Preface This guide provides informa
Page 9 and 10: Preface ix • All other requests a
Page 11 and 12: 1 Safety Concepts Overview 2 Hazard
Page 13 and 14: Overview 3 Protection Layers Method
Page 15 and 16: Hazard and Risk Analysis 5 Hazard a
Page 17 and 18: Hazard and Risk Analysis 7 Sample S
Page 19 and 20: Hazard and Risk Analysis 9 Safety L
Page 21 and 22: Hazard and Risk Analysis 11 • Eac
Page 23 and 24: Safety Standards 13 CAN/CSA-C22.2 N
Page 25: 2 Application Guidelines Overview 1
Page 29 and 30: Guidelines for Triconex Controllers
Page 41 and 42: 3 Fault Management Overview 32 Syst
Page 43 and 44: System Diagnostics 33 System Diagno
Page 45 and 46: Operating Modes 35 Operating Modes
Page 47 and 48: Module Diagnostics 37 Analog Output
Page 49 and 50: Module Diagnostics 39 Calculation f
Page 51 and 52: Module Diagnostics 41 External Comm
Page 53 and 54: 4 Application Development Developme
Page 55 and 56: Development Guidelines 45 Array Ind
Page 57 and 58: Setting Scan Time 47 application. T
Page 59 and 60: Sample Safety-Shutdown Programs 49
Page 69 and 70: Alarm Usage 59 Alarm Usage To imple
Page 71 and 72: A Triconex Peer-to-Peer Communicati
Page 73 and 74: Data Transfer Time 63 Data Transfer
Page 75 and 76: Data Transfer Time 65 A typical dat
Page 77 and 78:
Examples of Peer-to-Peer Applicatio
Page 79 and 80:
B HART Communication Overview 70 HA
Page 81 and 82:
HART Position Paper from TÜV Rhein
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
C Safety-Critical Function Blocks O
Page 91 and 92:
SYS_CRITICAL_IO 81 SYS_CRITICAL_IO
Page 93 and 94:
SYS_CRITICAL_IO 83 Library Trident
Page 95 and 96:
SYS_CRITICAL_IO 85 END_IF ; PREVIOU
Page 97 and 98:
SYS_SHUTDOWN 87 Output Parameters (
Page 99 and 100:
SYS_SHUTDOWN 89 * the safety system
Page 101 and 102:
SYS_SHUTDOWN 91 ALARM_DISABLED_POIN
Page 103 and 104:
SYS_VOTE_MODE 93 Example For shutdo
Page 105 and 106:
Index A abbreviations, list of viii
Page 107 and 108:
Index 97 N NFPA 85 12 O operating m
Page 110:
Invensys Operations Management 5601
show all

Safety Considerations Guide for Triconex General ... - ICEWeb

Create successful ePaper yourself

Delete template?

Save as template?