Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com
Share Embed Flag
Download ePaper

Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com

Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com Safety Considerations Guide, Tricon v9.0 - Tuv-fs.com

tuv.fs.com
13.07.2015 Views

20 TÜV Rheinland CertificationTÜV Rheinland CertificationWhen used as a PES in an SIS, the Tricon controller and its companionprogramming workstation, the TriStation 1131 Developer’s Workbench, havebeen certified by TÜV Rheinland/Berlin-Brandenburg to meet the requirements ofDIN 19250 AK5-AK6 and IEC 61508 SIL3. If these standards apply to yourapplication, compliance with the guidelines described in this chapter is highlyrecommended.General GuidelinesAll Safety SystemsThis section describes standard industry guidelines that apply to:• All safety systems• Emergency shutdown (ESD) systems• Fire and gas systems• Burner management systemsThe following general guidelines apply to all user-written safety applicationprograms and procedures:• Functional testing is recommended to verify the correct design andoperation.• After a safety system is commissioned, no changes to the system software(operating system, I/O drivers, diagnostics, etc.) are allowed without typeapproval and re-commissioning. Any changes to the application or thecontrol program should be made under strict change-control procedures. Formore information on change-control procedures, see section “ProjectChange and Control” on page 30. All changes should be thoroughlyreviewed, audited, and approved by a safety change control committee orgroup. After an approved change is made, it should be archived.• In addition to printed documentation of the application program, two copiesof the program should be archived on an electronic medium which is writeprotectedto avoid accidental changes.Tricon Safety Considerations Guide

General Guidelines 21• Under certain conditions, a PES may be run in a mode which allows anexternal computer or operator station to write to system attributes. This isnormally done by means of a communication link. The following guidelinesapply to writes of this type:– Serial communication should use Modbus or another approved protocolwith CRC checks.– Serial communication should not be allowed to write directly to outputpoints.– For information about writes to safety-related variables that result indisabling safety action, see section “Module Diagnostics” on page 43.• PID and other control algorithms should not be used for safety-relatedfunctions. Each control function should be checked to verify that it does notprovide a safety-related function.• An SIS PES should be wired and grounded according to the proceduresdefined by the manufacturer.Emergency Shutdown SystemsThe safe state of the plant should be a de-energized or low (0) state.For ESD functions, it is recommended that the hardware devices connected to PESoutputs should be made of fail-safe components or should have two separate,independent shutdown paths which are periodically inspected.Burner Management SystemsThe safe state of the plant should be a de-energized or low (0) state.When a safety system is required to conform with the DIN 0116 standard forelectrical equipment in furnaces, PES throughput time should ensure that a safeshutdown can be performed within one second after a problem in the process isdetected.Chapter 2Application Guidelines

General <strong>Guide</strong>lines 21• Under certain conditions, a PES may be run in a mode which allows anexternal <strong>com</strong>puter or operator station to write to system attributes. This isnormally done by means of a <strong>com</strong>munication link. The following guidelinesapply to writes of this type:– Serial <strong>com</strong>munication should use Modbus or another approved protocolwith CRC checks.– Serial <strong>com</strong>munication should not be allowed to write directly to outputpoints.– For information about writes to safety-related variables that result indisabling safety action, see section “Module Diagnostics” on page 43.• PID and other control algorithms should not be used for safety-relatedfunctions. Each control function should be checked to verify that it does notprovide a safety-related function.• An SIS PES should be wired and grounded according to the proceduresdefined by the manufacturer.Emergency Shutdown SystemsThe safe state of the plant should be a de-energized or low (0) state.For ESD functions, it is re<strong>com</strong>mended that the hardware devices connected to PESoutputs should be made of fail-safe <strong>com</strong>ponents or should have two separate,independent shutdown paths which are periodically inspected.Burner Management SystemsThe safe state of the plant should be a de-energized or low (0) state.When a safety system is required to conform with the DIN 0116 standard forelectrical equipment in furnaces, PES throughput time should ensure that a safeshutdown can be performed within one second after a problem in the process isdetected.Chapter 2Application <strong>Guide</strong>lines

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!