Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
30 Chapter 2 Application <strong>Guide</strong>lines<br />
• Use of the maintenance override capability should be documented in a DCS or<br />
TriStation 1131 log. The documentation should include:<br />
— Begin- and end-time stamps of the maintenance override.<br />
— Identification of the maintenance engineer or operator who activates a maintenance<br />
override. If the in<strong>for</strong>mation cannot be printed, it should be entered in a workpermit<br />
or maintenance log.<br />
— Tag name of the signal being overridden.<br />
— Communication packages that are different from a type-approved Modbus should<br />
include CRC, address check, and check of the communication time frame.<br />
— Loss of communication should lead to a warning to the operator and maintenance<br />
engineer. After loss of communication, a time-delayed removal of the override<br />
should occur after a warning to the operator.<br />
• For more in<strong>for</strong>mation about maintenance override operation, please see the TÜV web<br />
site at http://www.tuv-fs.com/m_o202.pdf.<br />
<strong>Safety</strong> Controller Boundary<br />
The boundary of the safety controller includes the External Termination Panels (ETPs) and<br />
interconnecting cables. Triconex safety controllers must be used with approved ETPs and cables<br />
only. The use of unapproved, unauthorized cables and/or ETPs compromises the TÜV safety<br />
certification and potentially the ability of the logic solver to respond to safety demands. False<br />
trips resulting from the use of unapproved components can cause end-user economic loss.<br />
CAUTION<br />
Background<br />
IEC 61508 and IEC 61511 define a programmable electronic <strong>Safety</strong> Instrumented System (SIS) as<br />
consisting of sensors, logic solvers, and final control elements, as shown in this figure.<br />
Sensors<br />
Figure 7 Simplified SIS<br />
Together, these elements implement <strong>Safety</strong> Instrumented Functions (SIF) of the target <strong>Safety</strong><br />
Integrity Level (SIL). In order to implement a safety-certified SIF, the system designer must<br />
choose safety-certified loop elements, including sensors, final elements, logic solvers, and other<br />
interconnecting components.<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong><br />
When using fanned-out interface cables or third-party ETPs—such as<br />
those from P&F or MTL—please consult the Invensys Global Customer<br />
Support (GCS) Center <strong>for</strong> the safety-boundary impact of using such<br />
cables or ETPs.<br />
Logic<br />
Solver<br />
Final<br />
Elements