AADvance Safety Manual - Tuv-fs.com
AADvance Safety Manual - Tuv-fs.com AADvance Safety Manual - Tuv-fs.com
AADvance Safety ManualModules for SIL3 Fail-safe I/O, Fault Tolerant ProcessorPositionModule TypeI/P A 9401/2 Digital Input Module, 24V c, 8/16 Channel +9802 Digital Input TA, 16 Channel, Dual or9431/2 Analogue Input Module, 8/16 channel +9832 Analogue Input TA, 16 Channel, DualCPU A &CPU B2 x 9110 Processor Module, 9100 Base Unit, 9300 BaseUnitO/P A 9451 Digital Output Module, 24V dc, 8 Channel +9851 Digital Output TA, 24V dc, 8 Channel, SimplexSIL3 Fault Tolerant I/O ArchitecturesA SIL3 fault tolerant processor and I/O is achieved by dual input and output moduleconfigurations with dual or triple processor modules. The processor modules operatein 1oo2D under no fault conditions, degrade to 1oo1D on the detection of the firstfault in either module and fail-safe when there are faults on both modules.Similarly the input modules operate in 1oo2D under non faulted conditions and 1oo1Don detection of the first fault in either module and will fail-safe when there are faults onboth modules.For de-energize to trip operation, the output modules operate in 2oo2D under nofault conditions, degrade to 1oo1D on detection of the first fault in either module andfail-safe when there are faults on both modules.For energize to action operation, the output modules operate in 1oo2D under no faultconditions, degrade to 1oo1D on the detection of the first fault in either module andfail-safe when there are faults on both modules.4-8 Document number 553630 Issue 7: February 2010
Chapter 4 AADvance System ArchitecturesTable 6:Modules for SIL3 Fault Tolerant ArchitecturesPositionI/P AandI/P BCPU A &CPU BO/P AandO/P BModule Type2 × 9401/2 Digital Input Module, 24V dc, 8/16 Channel, +9802 Digital Input TA, 16 Channel, Dual or2 × 9431/2 Analogue Input Module, 8/16 Channel +9832 Analogue Input TA, 16 Channel, Dual2 × 9110 Processor Module, 9100 Processor Base Unit,9300 I/O Base Unit2 × 9451 Digital Output Module, 24V dc, 8 Channel +9852 Digital Output TA, 24V dc, 8 Channel, DualSIL3 TMR Input and Processor, Fault Tolerant OutputA SIL3 TMR architecture offers the highest level of fault tolerance for an AADvancecontroller and consists of triple input modules, triple processors and dual outputmodules. The input and processor modules operate in a 2oo3D under no fault conditions,degrade to 1oo2D on detection of the first fault in any module, and degrade to1oo1D on the detection of faults in any two modules and will fail-safe when thereare faults on all three modules. For de-energized to trip operation the output modules operate in 2oo2D undernon faulted conditions and degrade to 1oo1D on detection of the first fault ineither module and fail-safe when there are faults on both modules. For energize to action operation the output modules operate a 1oo2D under nofault conditions and degrade to 1oo1D on the detection of the first fault in eithermodule and fail-safe when there are faults on both modules.In the event of a failure in any element of a channel, the channel processor will stillproduce a valid output which could be voted on because of the coupling between thechannels. This is why the triple modular redundant implementation provides aconfiguration that is inherently better than a typical 2oo3 voting system.Document number 553630 Issue 7: February 2010 4-9
- Page 1 and 2: ICS TriplexAADvance Safety ManualIS
- Page 3 and 4: Issue RecordIssueNumberDateRevisedb
- Page 5 and 6: ForewordThis technical manual defin
- Page 7 and 8: ContentsChapter 1 Introduction ....
- Page 11 and 12: IntroductionChapter 1This chapter p
- Page 13 and 14: Chapter 1 IntroductionAssociated Do
- Page 15 and 16: The AADvance SystemChapter 2.An AAD
- Page 17 and 18: Chapter 2 The AADvance SystemThe AA
- Page 19 and 20: Functional Safety ManagementChapter
- Page 21 and 22: Chapter 3 Functional Safety Managem
- Page 23 and 24: Chapter 3 Functional Safety Managem
- Page 25 and 26: Chapter 3 Functional Safety Managem
- Page 27 and 28: Chapter 3 Functional Safety Managem
- Page 29 and 30: Chapter 3 Functional Safety Managem
- Page 31 and 32: AADvance System ArchitecturesChapte
- Page 33 and 34: Chapter 4 AADvance System Architect
- Page 35 and 36: Chapter 4 AADvance System Architect
- Page 37: Chapter 4 AADvance System Architect
- Page 41 and 42: Chapter 4 AADvance System Architect
- Page 43 and 44: Chapter 4 AADvance System Architect
- Page 45 and 46: Chapter 5AADvance Functional Safety
- Page 47 and 48: Chapter 5 AADvance Functional Safet
- Page 49 and 50: Chapter 5 AADvance Functional Safet
- Page 51 and 52: Chapter 5 AADvance Functional Safet
- Page 53 and 54: Chapter 5 AADvance Functional Safet
- Page 55 and 56: Chapter 5 AADvance Functional Safet
- Page 57 and 58: Chapter 5 AADvance Functional Safet
- Page 59 and 60: Chapter 5 AADvance Functional Safet
- Page 61 and 62: Chapter 5 AADvance Functional Safet
- Page 63 and 64: Chapter 5 AADvance Functional Safet
- Page 65 and 66: Chapter 5 AADvance Functional Safet
- Page 67 and 68: Chapter 5 AADvance Functional Safet
- Page 69 and 70: Chapter 5 AADvance Functional Safet
- Page 71 and 72: Chapter 5 AADvance Functional Safet
- Page 73 and 74: Chapter 5 AADvance Functional Safet
- Page 75 and 76: Chapter 5 AADvance Functional Safet
- Page 77 and 78: Chapter 5 AADvance Functional Safet
- Page 79 and 80: Chapter 5 AADvance Functional Safet
- Page 81 and 82: Chapter 5 AADvance Functional Safet
- Page 83 and 84: ChecklistsChapter 6This chapter con
- Page 85 and 86: Chapter 6 ChecklistsEngineering Che
- Page 87 and 88: Chapter 6 ChecklistsInput/Output Mo
Chapter 4 <strong>AADvance</strong> System ArchitecturesTable 6:Modules for SIL3 Fault Tolerant ArchitecturesPositionI/P AandI/P BCPU A &CPU BO/P AandO/P BModule Type2 × 9401/2 Digital Input Module, 24V dc, 8/16 Channel, +9802 Digital Input TA, 16 Channel, Dual or2 × 9431/2 Analogue Input Module, 8/16 Channel +9832 Analogue Input TA, 16 Channel, Dual2 × 9110 Processor Module, 9100 Processor Base Unit,9300 I/O Base Unit2 × 9451 Digital Output Module, 24V dc, 8 Channel +9852 Digital Output TA, 24V dc, 8 Channel, DualSIL3 TMR Input and Processor, Fault Tolerant OutputA SIL3 TMR architecture offers the highest level of fault tolerance for an <strong>AADvance</strong>controller and consists of triple input modules, triple processors and dual outputmodules. The input and processor modules operate in a 2oo3D under no fault conditions,degrade to 1oo2D on detection of the first fault in any module, and degrade to1oo1D on the detection of faults in any two modules and will fail-safe when thereare faults on all three modules. For de-energized to trip operation the output modules operate in 2oo2D undernon faulted conditions and degrade to 1oo1D on detection of the first fault ineither module and fail-safe when there are faults on both modules. For energize to action operation the output modules operate a 1oo2D under nofault conditions and degrade to 1oo1D on the detection of the first fault in eithermodule and fail-safe when there are faults on both modules.In the event of a failure in any element of a channel, the channel processor will stillproduce a valid output which could be voted on because of the coupling between thechannels. This is why the triple modular redundant implementation provides aconfiguration that is inherently better than a typical 2oo3 voting system.Document number 553630 Issue 7: February 2010 4-9