Safety Considerations Guide for Trident v2 Systems - TUV ...

More documents

Recommendations

Info

30 Chapter 2 Application Guidelines • Use of the maintenance override capability should be documented in a DCS or TriStation 1131 log. The documentation should include: — Begin- and end-time stamps of the maintenance override. — Identification of the maintenance engineer or operator who activates a maintenance override. If the information cannot be printed, it should be entered in a workpermit or maintenance log. — Tag name of the signal being overridden. — Communication packages that are different from a type-approved Modbus should include CRC, address check, and check of the communication time frame. — Loss of communication should lead to a warning to the operator and maintenance engineer. After loss of communication, a time-delayed removal of the override should occur after a warning to the operator. • For more information about maintenance override operation, please see the TÜV web site at http://www.tuv-fs.com/m_o202.pdf. Safety Controller Boundary The boundary of the safety controller includes the External Termination Panels (ETPs) and interconnecting cables. Triconex safety controllers must be used with approved ETPs and cables only. The use of unapproved, unauthorized cables and/or ETPs compromises the TÜV safety certification and potentially the ability of the logic solver to respond to safety demands. False trips resulting from the use of unapproved components can cause end-user economic loss. CAUTION Background IEC 61508 and IEC 61511 define a programmable electronic Safety Instrumented System (SIS) as consisting of sensors, logic solvers, and final control elements, as shown in this figure. Sensors Figure 7 Simplified SIS Together, these elements implement Safety Instrumented Functions (SIF) of the target Safety Integrity Level (SIL). In order to implement a safety-certified SIF, the system designer must choose safety-certified loop elements, including sensors, final elements, logic solvers, and other interconnecting components. Safety Considerations Guide for Trident v2 Systems When using fanned-out interface cables or third-party ETPs—such as those from P&F or MTL—please consult the Invensys Global Customer Support (GCS) Center for the safety-boundary impact of using such cables or ETPs. Logic Solver Final Elements
Guidelines for Triconex Controllers 31 In addition to the components shown in Figure 7, a typical SIS consists of components such as cables and external termination panels. These components are used to connect the sensors and final elements to the logic solvers. Figure 8 shows the SIS including these components. Approved ETPs and interconnecting cables are listed in the Planning and Installation Guide for Trident v2 Systems and the Technical Product Guide for Trident v2 Systems, which are available on the Invensys Global Customer Support (GCS) Center website. Design Control, Configuration Management, Supply Chain Management, and Quality Assurance for Triconex ETPs and cable assemblies are controlled by Invensys. Sourcing of approved ETPs and interconnecting cables is also controlled by Invensys. Certifications • TÜV approves the use of Triconex ETPs and interconnecting cables with Triconex Safety Logic Solvers. • TÜV certifies the use of Triconex Safety Logic Solvers in SIL capability 3 applications with the TÜV approved ETPs and interconnecting cables. • Triconex ETPs are certified for electrical safety in full compliance with international standards by CSA. They are qualified for general use in North America and other jurisdictions requiring compliance with these standards, as well as the European CE mark as per the Low Voltage Directive. • Triconex ETPs and interconnecting cables comply with the applicable IEC EMC standard (IEC 61326-3-1,2,), which includes the European CE mark per the EMC directive. • Triconex ETPs that are approved for hazardous locations also comply with North America Class1 Div2 (C1D2) and Zone 2 as per the European ATEX directive. Thus, the boundary of the safety controller (Triconex Safety Logic Solver) extends up to the ETPs, including the interconnecting cables, as shown in Figure 8 Safety Controller Boundary (page 32). Safety Considerations Guide for Trident v2 Systems
Page 1 and 2: Trident v2 Systems Safety Considera
Page 3 and 4: Contents Preface vii Summary of Sec
Page 5 and 6: Contents v Partitioned Processes. .
Page 7 and 8: Preface This guide provides informa
Page 9 and 10: • All other requests are handled
Page 11 and 12: 1 Safety Concepts Overview 2 Hazard
Page 13 and 14: Protection Layers Methods that prov
Page 15 and 16: Hazard and Risk Analysis Hazard and
Page 17 and 18: Sample SIL Calculation Hazard and R
Page 19 and 20: Safety Life Cycle Model Hazard and
Page 21 and 22: Hazard and Risk Analysis 11 • Eac
Page 23 and 24: CAN/CSA-C22.2 No. 61010-1-04 Safety
Page 25 and 26: 2 Application Guidelines Overview 1
Page 27 and 28: General Guidelines This section des
Page 29 and 30: General Guidelines 19 Safety Measur
Page 31 and 32: Emergency Shutdown Systems The safe
Page 33 and 34: Safety-Shutdown Guidelines for Tric
Page 35 and 36: Guidelines for Triconex Controllers
Page 37 and 38: Guidelines for Triconex Controllers
Page 39: Guidelines for Triconex Controllers
Page 43 and 44: 3 Fault Management Overview 34 Syst
Page 45 and 46: System Diagnostics System Diagnosti
Page 47 and 48: Operating Modes Each input or outpu
Page 49 and 50: Analog Output (AO) Modules Module D
Page 51 and 52: Calculation for Diagnostic Fault Re
Page 53 and 54: External Communication Module Diagn
Page 55 and 56: 4 Application Development Developme
Page 57 and 58: Array Index Errors Infinite Loops D
Page 59 and 60: Setting Scan Time 49 application. T
Page 61 and 62: Sample Safety-Shutdown Programs Sam
Page 63 and 64: Sample Safety-Shutdown Programs 53
Page 65 and 66: When Some I/O Modules Are Safety-Cr
Page 67 and 68: Sample Safety-Shutdown Programs 57
Page 69 and 70: Partitioned Processes Sample Safety
Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
Page 73 and 74: A Triconex Peer-to-Peer Communicati
Page 75 and 76: Data Transfer Time Data Transfer Ti
Page 77 and 78: Data Transfer Time 67 A typical dat
Page 79 and 80: Examples of Peer-to-Peer Applicatio
Page 81 and 82: B HART Communication Overview 72 HA
Page 83 and 84: 2008-04-01 Automation, Software and
Page 85 and 86: 2008-04-01 HART Position Paper from
Page 87 and 88: 2008-04-01 A possible impact to the
Page 89 and 90: 2008-04-01 HART Position Paper from
Page 91 and 92:
C Safety-Critical Function Blocks O
Page 93 and 94:
SYS_CRITICAL_IO Accumulates the sta
Page 95 and 96:
Library Trident and Tri-GP (TRDLIB)
Page 97 and 98:
END_IF ; PREVIOUS_RESET := RESET ;
Page 99 and 100:
Output Parameters (continued) Name
Page 101 and 102:
SYS_SHUTDOWN 91 * the safety system
Page 103 and 104:
ALARM_DISABLED_POINTS := MPX.POINTS
Page 105 and 106:
Example For shutdown examples, see
Page 107 and 108:
A abbreviations, list of viii actua
Page 109 and 110:
message errors, external communicat
Page 112:
Invensys Operations Management 5601
show all

Safety Considerations Guide for Trident v2 Systems - TUV ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?