AADvance Safety Manual - Tuv-fs.com

More documents

Recommendations

Info

AADvance Safety ManualEach safety function shall be responsible for the control of the corresponding outputs.Sharing of outputs between functions shall not be permitted.Individual Safety Related FunctionsMinimize Logic DepthThe AADvance Workbench allows the definition of up to 250 individual programswithin a single project. This facility should be exploited to enable the allocation ofindividual safety related functions to separate programs. Where such programs containindependent logic paths, these should be investigated to determine if they are separatesafety functions. Where they are separate, it is recommended that these be furtherallocated to their own program, subject to conforming to the recommendation tominimizing the coupling between programs.Cases should be looked for that allow the creation of individual logic paths by repeatingsmall sections of logic rather than fanning out the resultant signal(s).Where possible, the logic depth should be minimized. This helps reduce visualcomplexity, simplifies testing, minimizes the number of interconnects required andimproves program efficiency.Where there is nested logic, it shall be possible to establish the correct operation of allintermediate logic connections.The use of memory (latch) components within the safety function shall be minimized.Similarly, the permutation of conditions that lead to their activation shall be minimized.Communications InteractionThe AADvance system provides a range of communications options to allowinteraction with external systems. Where this communication is used for reporting (orout-going) communications, there are no specific safety requirements.Data received from external equipment that either controls safety-related functions oraffects their operation must be handled with caution. The Application Program shallhandle the received data.The received data should be such that it is limited to interactions which: Initiates safety operations, i.e. initiates shutdown sequences Resets signals, with the reset action only possible once the initiating conditionshave been removed Initiate timed start-up override signals which are removed automatically either onexpiration of the start period or once the associated signal has stabilized in thenormal operating condition Adjust control parameters within defined safe operational limits, i.e. lowering oftrip thresholds.5-30 Document number 553630 Issue 7: February 2010
Chapter 5 AADvance Functional Safety SystemImplementationWhere the interaction does not fall within these categories, the affects of incorrectvalues and sequences of values shall be considered and measures taken to ensure thatthe system will respond safely in the event of erroneous data. Alternatively, measuresmay be implemented within the application to ensure the integrity and validity of thedata.Program TestingEven with a small number of inputs, it is possible to reach a point where the number oftests becomes unreasonable. Eliminating impossible or unlikely scenarios should beused to reduce the number of logic path tests that need to be performed. Theselection of what constitutes a scenario that does not require testing can be performedonly after a suitable hazard analysis.The scenarios should include possible plant conditions, sequences of plant conditions,and system conditions including partial power conditions, module removal and faultconditions.Where it is not possible to define a representative suite of test cases, all permutationsof input conditions, i.e. all possible states on all possible inputs, shall be exercised.Where the logic includes memory or timing elements, additional tests shall be definedto exercise all the possible sequences of input permutations leading to their operation.All safety-related functions shall be tested and the results of the tests recorded.The tests shall include the system scan time, fault detection time, fault reaction timeand throughput delay for shutdown logic. The system scan time, including Peer-to-PeerCommunications where appropriate, shall be less than ½ PST.Functional testing of all safety related programs is considered to be 100% if: All inputs are exercised through their entire allowable range All outputs are exercised through their entire program determined range All logic paths are exercised All timers have been tested regarding their timing characteristics without changingtiming parameters All combinatorial permutations of digital signals, with the exception of 100% testedfunction blocks, are tested, including fault states. All combinatorial permutations of analogue signals, with the exception of 100%tested function blocks, are tested within the safety accuracy granularity. All timing properties of each safety loop have been verifiedDocument number 553630 Issue 7: February 2010 5-31
Page 1 and 2:
ICS TriplexAADvance Safety ManualIS
Page 3 and 4:
Issue RecordIssueNumberDateRevisedb
Page 5 and 6:
ForewordThis technical manual defin
Page 7 and 8:
ContentsChapter 1 Introduction ....
Page 11 and 12:
IntroductionChapter 1This chapter p
Page 13 and 14:
Chapter 1 IntroductionAssociated Do
Page 15 and 16:
The AADvance SystemChapter 2.An AAD
Page 17 and 18:
Chapter 2 The AADvance SystemThe AA
Page 19 and 20:
Functional Safety ManagementChapter
Page 21 and 22:
Chapter 3 Functional Safety Managem
Page 23 and 24: Chapter 3 Functional Safety Managem
Page 31 and 32: AADvance System ArchitecturesChapte
Page 33 and 34: Chapter 4 AADvance System Architect
Page 45 and 46: Chapter 5AADvance Functional Safety
Page 47 and 48: Chapter 5 AADvance Functional Safet
Page 73: Chapter 5 AADvance Functional Safet
Page 83 and 84: ChecklistsChapter 6This chapter con
Page 85 and 86: Chapter 6 ChecklistsEngineering Che
Page 87 and 88: Chapter 6 ChecklistsInput/Output Mo
Page 89 and 90: Chapter 6 Glossary of TermsGlossary
Page 91 and 92: Chapter 6 Glossary of Termscoverage
Page 93 and 94: Chapter 6 Glossary of TermsIEC 6150
Page 95 and 96: Chapter 6 Glossary of Termsprogram
Page 97: Chapter 6 Glossary of Termsvoting s
show all

AADvance Safety Manual - Tuv-fs.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?