Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ... Safety Considerations Guide for Trident v2 Systems - TUV ...
98 Index disabled output voter diagnostics 23 points alarm 23, 61 Download All command 23 Download Change command 48 E emergency shutdown systems, guidelines 21 errors in external communication 18 errors, array index 47 EX01_shutdown programs 51 EX02_shutdown programs 55 EX03_shutdown programs 60 external communication diagnostics 43–44 errors in 18 safety measures for 18 external faults 36 external write modes 25 F factors SIL 4 SIS 5 fault reporting times, diagnostic calculation 41 faults, types of 36 feedback message safety measure 19 fire and gas systems, guidelines 21 flags, semaphore 43 function blocks defining for safety-critical modules 58 Peer-to-Peer 68–70 SYS_CRITICAL_I/O 83–87 SYS_SHUTDOWN 88–93 SYS_VOTE_MODE 94–96 TR_SEND 68, 70 TR_URCV 68–70 functions, Modbus master 23 G guidelines all safety systems 17–20 burner management systems 21 controllers 22 development 46 disabled output voter diagnostics 23 disabled points alarm 23, 61 Download All command 23 emergency shutdown systems 21 fire and gas systems 21 for controller 22 maintenance overrides 27–30 Safety Considerations Guide for Trident v2 Systems guidelines (continued) Modbus master functions 23 Peer-to-Peer communication 23–25 programming permitted alarm 61 remote access alarm 61 response time 23, 61 safety system boundary 30 safety-critical modules 22 safety-shutdown systems 23 scan time 23, 61 SIL fire and gas 26 SILs 25–26 H hazard and risk analysis 5 HAZOP 5, 6 I I/O modules alarms 42 processing 42 system-critical 51 IEC 61508, parts 1–7 12 incorrect sequence error 18 infinite loops 47 input module alarms analog 38 digital 39 input module diagnostics analog 38 digital 39 pulse 40 insertion error 18 internal faults 36 L layers, protection 3, 5 loss error 18 M main processors diagnostics 42 system attributes 43 Tribus 42 maintenance overrides design requirements for handling 28 documentation of 29 guidelines 27–30 operating requirements for handling 29 serial communications 27 masquerade error 18
message errors, external communication description of 18 safety measures for 18 Modbus master functions 23 modes, operating 37–38 module alarms analog input 38 analog output 39 digital input 39 digital output 40 I/O 42 pulse input 40 solid-state relay output 40 module diagnostics analog input 38 analog output 39 digital input 38 digital output 39 pulse input 40 solid-state relay output 40 modules safety-critical 22 shutdown programs for all safety-critical I/O 51–54 shutdown programs for some safety-critical I/O 55– 57 N NFPA 85 12 O operating modes 37–38 output module alarms analog 39 digital 40 solid-state relay 40 output module diagnostics analog 39 digital 39 solid-state relay 40 output operations alarm 54 output voter diagnostics 23 OVD, See output voter diagnostics overrides, maintenance guidelines 27–30 overrun, scan 50 overview, safety 5 P partitioned processes 59 Peer-to-Peer communication function blocks 68–70 function blocks, errors 67 Index 99 Peer-to-Peer communication (continued) function blocks, examples 68–70 guidelines 23–25 overview 23, 64 sending node 24 Peer-to-Peer function blocks, using with critical data 24 PFDavg, calculating 7 points alarm, disabled guidelines for 23 usage of 61 processes, partitioning 59 processing, I/O modules 42 Product Alert Notices 46 program mode 25 programmable electronic systems 4 programming permitted alarm, usage 61 programs EX01_shutdown 51 EX02_shutdown 55 EX03_shutdown 60 recommendations for DCS programs 29 shutdown for all safety-critical I/O modules 51–54 shutdown for some safety-critical I/O modules 55–57 project change control 26 protection layers 3, 5 protection, external communication 18 pulse input modules alarms 40 diagnostics 40 R redundancy with cross-checking safety measure 20 remote access alarm 61 remote mode 25 reporting times, diagnostic calculation 41 requested scan time 49 response time alarm 61 guidelines 23 usage 61 risk probability 6 risk, reduction of 3, 5, 7 risks, described 6 S safe failure fraction calculation 7 safety attribute 46 methods for 2 overviews 5 requirement specifications 10 safety integrity levels, See SILs Safety Considerations Guide for Trident v2 Systems
- Page 57 and 58: Array Index Errors Infinite Loops D
- Page 59 and 60: Setting Scan Time 49 application. T
- Page 61 and 62: Sample Safety-Shutdown Programs Sam
- Page 63 and 64: Sample Safety-Shutdown Programs 53
- Page 65 and 66: When Some I/O Modules Are Safety-Cr
- Page 67 and 68: Sample Safety-Shutdown Programs 57
- Page 69 and 70: Partitioned Processes Sample Safety
- Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
- Page 73 and 74: A Triconex Peer-to-Peer Communicati
- Page 75 and 76: Data Transfer Time Data Transfer Ti
- Page 77 and 78: Data Transfer Time 67 A typical dat
- Page 79 and 80: Examples of Peer-to-Peer Applicatio
- Page 81 and 82: B HART Communication Overview 72 HA
- Page 83 and 84: 2008-04-01 Automation, Software and
- Page 85 and 86: 2008-04-01 HART Position Paper from
- Page 87 and 88: 2008-04-01 A possible impact to the
- Page 89 and 90: 2008-04-01 HART Position Paper from
- Page 91 and 92: C Safety-Critical Function Blocks O
- Page 93 and 94: SYS_CRITICAL_IO Accumulates the sta
- Page 95 and 96: Library Trident and Tri-GP (TRDLIB)
- Page 97 and 98: END_IF ; PREVIOUS_RESET := RESET ;
- Page 99 and 100: Output Parameters (continued) Name
- Page 101 and 102: SYS_SHUTDOWN 91 * the safety system
- Page 103 and 104: ALARM_DISABLED_POINTS := MPX.POINTS
- Page 105 and 106: Example For shutdown examples, see
- Page 107: A abbreviations, list of viii actua
- Page 112: Invensys Operations Management 5601
message errors, external communication<br />
description of 18<br />
safety measures <strong>for</strong> 18<br />
Modbus master functions 23<br />
modes, operating 37–38<br />
module alarms<br />
analog input 38<br />
analog output 39<br />
digital input 39<br />
digital output 40<br />
I/O 42<br />
pulse input 40<br />
solid-state relay output 40<br />
module diagnostics<br />
analog input 38<br />
analog output 39<br />
digital input 38<br />
digital output 39<br />
pulse input 40<br />
solid-state relay output 40<br />
modules<br />
safety-critical 22<br />
shutdown programs <strong>for</strong> all safety-critical I/O 51–54<br />
shutdown programs <strong>for</strong> some safety-critical I/O 55–<br />
57<br />
N<br />
NFPA 85 12<br />
O<br />
operating modes 37–38<br />
output module alarms<br />
analog 39<br />
digital 40<br />
solid-state relay 40<br />
output module diagnostics<br />
analog 39<br />
digital 39<br />
solid-state relay 40<br />
output operations alarm 54<br />
output voter diagnostics 23<br />
OVD, See output voter diagnostics<br />
overrides, maintenance guidelines 27–30<br />
overrun, scan 50<br />
overview, safety 5<br />
P<br />
partitioned processes 59<br />
Peer-to-Peer communication<br />
function blocks 68–70<br />
function blocks, errors 67<br />
Index 99<br />
Peer-to-Peer communication (continued)<br />
function blocks, examples 68–70<br />
guidelines 23–25<br />
overview 23, 64<br />
sending node 24<br />
Peer-to-Peer function blocks, using with critical data 24<br />
PFDavg, calculating 7<br />
points alarm, disabled<br />
guidelines <strong>for</strong> 23<br />
usage of 61<br />
processes, partitioning 59<br />
processing, I/O modules 42<br />
Product Alert Notices 46<br />
program mode 25<br />
programmable electronic systems 4<br />
programming permitted alarm, usage 61<br />
programs<br />
EX01_shutdown 51<br />
EX02_shutdown 55<br />
EX03_shutdown 60<br />
recommendations <strong>for</strong> DCS programs 29<br />
shutdown <strong>for</strong> all safety-critical I/O modules 51–54<br />
shutdown <strong>for</strong> some safety-critical I/O modules 55–57<br />
project change control 26<br />
protection layers 3, 5<br />
protection, external communication 18<br />
pulse input modules<br />
alarms 40<br />
diagnostics 40<br />
R<br />
redundancy with cross-checking safety measure 20<br />
remote access alarm 61<br />
remote mode 25<br />
reporting times, diagnostic calculation 41<br />
requested scan time 49<br />
response time<br />
alarm 61<br />
guidelines 23<br />
usage 61<br />
risk probability 6<br />
risk, reduction of 3, 5, 7<br />
risks, described 6<br />
S<br />
safe failure fraction calculation 7<br />
safety<br />
attribute 46<br />
methods <strong>for</strong> 2<br />
overviews 5<br />
requirement specifications 10<br />
safety integrity levels, See SILs<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong>