Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ... Safety Considerations Guide for Trident v2 Systems - TUV ...
30 Chapter 2 Application Guidelines • Use of the maintenance override capability should be documented in a DCS or TriStation 1131 log. The documentation should include: — Begin- and end-time stamps of the maintenance override. — Identification of the maintenance engineer or operator who activates a maintenance override. If the information cannot be printed, it should be entered in a workpermit or maintenance log. — Tag name of the signal being overridden. — Communication packages that are different from a type-approved Modbus should include CRC, address check, and check of the communication time frame. — Loss of communication should lead to a warning to the operator and maintenance engineer. After loss of communication, a time-delayed removal of the override should occur after a warning to the operator. • For more information about maintenance override operation, please see the TÜV web site at http://www.tuv-fs.com/m_o202.pdf. Safety Controller Boundary The boundary of the safety controller includes the External Termination Panels (ETPs) and interconnecting cables. Triconex safety controllers must be used with approved ETPs and cables only. The use of unapproved, unauthorized cables and/or ETPs compromises the TÜV safety certification and potentially the ability of the logic solver to respond to safety demands. False trips resulting from the use of unapproved components can cause end-user economic loss. CAUTION Background IEC 61508 and IEC 61511 define a programmable electronic Safety Instrumented System (SIS) as consisting of sensors, logic solvers, and final control elements, as shown in this figure. Sensors Figure 7 Simplified SIS Together, these elements implement Safety Instrumented Functions (SIF) of the target Safety Integrity Level (SIL). In order to implement a safety-certified SIF, the system designer must choose safety-certified loop elements, including sensors, final elements, logic solvers, and other interconnecting components. Safety Considerations Guide for Trident v2 Systems When using fanned-out interface cables or third-party ETPs—such as those from P&F or MTL—please consult the Invensys Global Customer Support (GCS) Center for the safety-boundary impact of using such cables or ETPs. Logic Solver Final Elements
Guidelines for Triconex Controllers 31 In addition to the components shown in Figure 7, a typical SIS consists of components such as cables and external termination panels. These components are used to connect the sensors and final elements to the logic solvers. Figure 8 shows the SIS including these components. Approved ETPs and interconnecting cables are listed in the Planning and Installation Guide for Trident v2 Systems and the Technical Product Guide for Trident v2 Systems, which are available on the Invensys Global Customer Support (GCS) Center website. Design Control, Configuration Management, Supply Chain Management, and Quality Assurance for Triconex ETPs and cable assemblies are controlled by Invensys. Sourcing of approved ETPs and interconnecting cables is also controlled by Invensys. Certifications • TÜV approves the use of Triconex ETPs and interconnecting cables with Triconex Safety Logic Solvers. • TÜV certifies the use of Triconex Safety Logic Solvers in SIL capability 3 applications with the TÜV approved ETPs and interconnecting cables. • Triconex ETPs are certified for electrical safety in full compliance with international standards by CSA. They are qualified for general use in North America and other jurisdictions requiring compliance with these standards, as well as the European CE mark as per the Low Voltage Directive. • Triconex ETPs and interconnecting cables comply with the applicable IEC EMC standard (IEC 61326-3-1,2,), which includes the European CE mark per the EMC directive. • Triconex ETPs that are approved for hazardous locations also comply with North America Class1 Div2 (C1D2) and Zone 2 as per the European ATEX directive. Thus, the boundary of the safety controller (Triconex Safety Logic Solver) extends up to the ETPs, including the interconnecting cables, as shown in Figure 8 Safety Controller Boundary (page 32). Safety Considerations Guide for Trident v2 Systems
- Page 1 and 2: Trident v2 Systems Safety Considera
- Page 3 and 4: Contents Preface vii Summary of Sec
- Page 5 and 6: Contents v Partitioned Processes. .
- Page 7 and 8: Preface This guide provides informa
- Page 9 and 10: • All other requests are handled
- Page 11 and 12: 1 Safety Concepts Overview 2 Hazard
- Page 13 and 14: Protection Layers Methods that prov
- Page 15 and 16: Hazard and Risk Analysis Hazard and
- Page 17 and 18: Sample SIL Calculation Hazard and R
- Page 19 and 20: Safety Life Cycle Model Hazard and
- Page 21 and 22: Hazard and Risk Analysis 11 • Eac
- Page 23 and 24: CAN/CSA-C22.2 No. 61010-1-04 Safety
- Page 25 and 26: 2 Application Guidelines Overview 1
- Page 27 and 28: General Guidelines This section des
- Page 29 and 30: General Guidelines 19 Safety Measur
- Page 31 and 32: Emergency Shutdown Systems The safe
- Page 33 and 34: Safety-Shutdown Guidelines for Tric
- Page 35 and 36: Guidelines for Triconex Controllers
- Page 37 and 38: Guidelines for Triconex Controllers
- Page 39: Guidelines for Triconex Controllers
- Page 43 and 44: 3 Fault Management Overview 34 Syst
- Page 45 and 46: System Diagnostics System Diagnosti
- Page 47 and 48: Operating Modes Each input or outpu
- Page 49 and 50: Analog Output (AO) Modules Module D
- Page 51 and 52: Calculation for Diagnostic Fault Re
- Page 53 and 54: External Communication Module Diagn
- Page 55 and 56: 4 Application Development Developme
- Page 57 and 58: Array Index Errors Infinite Loops D
- Page 59 and 60: Setting Scan Time 49 application. T
- Page 61 and 62: Sample Safety-Shutdown Programs Sam
- Page 63 and 64: Sample Safety-Shutdown Programs 53
- Page 65 and 66: When Some I/O Modules Are Safety-Cr
- Page 67 and 68: Sample Safety-Shutdown Programs 57
- Page 69 and 70: Partitioned Processes Sample Safety
- Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
- Page 73 and 74: A Triconex Peer-to-Peer Communicati
- Page 75 and 76: Data Transfer Time Data Transfer Ti
- Page 77 and 78: Data Transfer Time 67 A typical dat
- Page 79 and 80: Examples of Peer-to-Peer Applicatio
- Page 81 and 82: B HART Communication Overview 72 HA
- Page 83 and 84: 2008-04-01 Automation, Software and
- Page 85 and 86: 2008-04-01 HART Position Paper from
- Page 87 and 88: 2008-04-01 A possible impact to the
- Page 89 and 90: 2008-04-01 HART Position Paper from
<strong>Guide</strong>lines <strong>for</strong> Triconex Controllers 31<br />
In addition to the components shown in Figure 7, a typical SIS consists of components such as<br />
cables and external termination panels. These components are used to connect the sensors and<br />
final elements to the logic solvers. Figure 8 shows the SIS including these components.<br />
Approved ETPs and interconnecting cables are listed in the Planning and Installation <strong>Guide</strong> <strong>for</strong><br />
<strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong> and the Technical Product <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong>, which are available on<br />
the Invensys Global Customer Support (GCS) Center website.<br />
Design Control, Configuration Management, Supply Chain Management, and Quality<br />
Assurance <strong>for</strong> Triconex ETPs and cable assemblies are controlled by Invensys. Sourcing of<br />
approved ETPs and interconnecting cables is also controlled by Invensys.<br />
Certifications<br />
• TÜV approves the use of Triconex ETPs and interconnecting cables with Triconex<br />
<strong>Safety</strong> Logic Solvers.<br />
• TÜV certifies the use of Triconex <strong>Safety</strong> Logic Solvers in SIL capability 3 applications<br />
with the TÜV approved ETPs and interconnecting cables.<br />
• Triconex ETPs are certified <strong>for</strong> electrical safety in full compliance with international<br />
standards by CSA. They are qualified <strong>for</strong> general use in North America and other<br />
jurisdictions requiring compliance with these standards, as well as the European CE<br />
mark as per the Low Voltage Directive.<br />
• Triconex ETPs and interconnecting cables comply with the applicable IEC EMC<br />
standard (IEC 61326-3-1,2,), which includes the European CE mark per the EMC<br />
directive.<br />
• Triconex ETPs that are approved <strong>for</strong> hazardous locations also comply with North<br />
America Class1 Di<strong>v2</strong> (C1D2) and Zone 2 as per the European ATEX directive.<br />
Thus, the boundary of the safety controller (Triconex <strong>Safety</strong> Logic Solver) extends up to the<br />
ETPs, including the interconnecting cables, as shown in Figure 8 <strong>Safety</strong> Controller Boundary<br />
(page 32).<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong>