AADvance Safety Manual - Tuv-fs.com

More documents

Recommendations

Info

AADvance Safety ManualThis page intentionally left blank3-12 Document number 553630 Issue 7: February 2010
AADvance System ArchitecturesChapter 4An AADvance controller can be configured to manage non-safety, SIL 2 or SIL 3 safetyrelated system requirements and low demand or high demand fault tolerantapplications.This chapter describes the different system architectures that can be configured for anAADvance controller to meet this variety of requirements.Note: Architectures are independent of I/O module capacity therefore 8 or 16channel I/O modules can be used.In This ChapterSIL2 Architectures .............................................................................................. 4-4SIL3 Architectures .............................................................................................. 4-4Planned Certified Configurations.................................................................... 4-4Internal Diagnostics............................................................................................ 4-4SIL2 ArchitecturesDefinitions:SIL2 Fail-safe ArchitectureSIL2 architectures are recommended for fail-safe low demand applications. All SIL2architectures can be used for de-energize to trip applications; however, for energize toaction applications a SIL2 architecture configured with dual output modules is required.In any configuration when a faulty module is replaced within the MTTR then theprevious fault tolerance level is restored. For example in a fault tolerant inputarrangement and one module is faulty then the system will degrade to 1oo1D, byreplacing the faulty module the configuration is restored to 1oo2D.Low Demand Mode - is where the frequency of demands on the safety-related systemis no greater than twice the proof test frequency. Where the proof test frequencyrefers to how often the the safety system is completely tested and insured to be fullyoperational. For the AADvance System the default Proof Test Interval is 12 months.High Demand Mode - sometimes called continuous mode, is where the frequency ofdemands for operation made on a safety-related system is greater than twice the prooftest frequency.The following is a fail-safe SIL2 architecture where I/O modules operate in 1oo1Dunder no fault conditions and will fail-safe on the first detected fault. The processormodule operates in 1oo1D and will degrade to fail safe on the first detected fault.Document number 553630 Issue 7: February 2010 4-1
Page 1 and 2: ICS TriplexAADvance Safety ManualIS
Page 3 and 4: Issue RecordIssueNumberDateRevisedb
Page 5 and 6: ForewordThis technical manual defin
Page 7 and 8: ContentsChapter 1 Introduction ....
Page 11 and 12: IntroductionChapter 1This chapter p
Page 13 and 14: Chapter 1 IntroductionAssociated Do
Page 15 and 16: The AADvance SystemChapter 2.An AAD
Page 17 and 18: Chapter 2 The AADvance SystemThe AA
Page 19 and 20: Functional Safety ManagementChapter
Page 21 and 22: Chapter 3 Functional Safety Managem
Page 29: Chapter 3 Functional Safety Managem
Page 33 and 34: Chapter 4 AADvance System Architect
Page 45 and 46: Chapter 5AADvance Functional Safety
Page 47 and 48: Chapter 5 AADvance Functional Safet
Page 81 and 82:
Chapter 5 AADvance Functional Safet
Page 83 and 84:
ChecklistsChapter 6This chapter con
Page 85 and 86:
Chapter 6 ChecklistsEngineering Che
Page 87 and 88:
Chapter 6 ChecklistsInput/Output Mo
Page 89 and 90:
Chapter 6 Glossary of TermsGlossary
Page 91 and 92:
Chapter 6 Glossary of Termscoverage
Page 93 and 94:
Chapter 6 Glossary of TermsIEC 6150
Page 95 and 96:
Chapter 6 Glossary of Termsprogram
Page 97:
Chapter 6 Glossary of Termsvoting s
show all

AADvance Safety Manual - Tuv-fs.com

Create successful ePaper yourself

Delete template?

Save as template?