Safety Considerations Guide for Trident v2 Systems - TUV ...
Safety Considerations Guide for Trident v2 Systems - TUV ... Safety Considerations Guide for Trident v2 Systems - TUV ...
34 Chapter 3 Fault Management Overview The Trident controller has been designed from its inception with self-diagnostics as a primary feature. Triple-Modular Redundant (TMR) architecture (shown in Figure 9) ensures fault tolerance and provides error-free, uninterrupted control in the event of hard failures of components or transient faults from internal or external sources. As described in IEC 61508, the hardware fault tolerance of the Triconex controller is one. Each I/O module houses the circuitry for three independent channels. Each channel on the input modules reads the process data and passes that information to its respective main processor. The three Main Processor (MP) modules communicate with each other using a proprietary, high-speed bus system called the TriBus. Extensive diagnostics on each channel, module, and functional circuit quickly detect and report operational faults by means of indicators or alarms. This fault information is available to an application. It is critical that an application properly manage fault information to avoid an unnecessary shutdown of a process or plant. This section discusses the methods for properly handling faults. Field Input Input Module Hot Spare Input Channel A Input Channel B Input Channel C Channel A I/O Bus Channel B IO/ Bus MP B IOP B (SX) (IOX) Channel C I/O Bus Figure 9 Typical Triconex Controller Safety Considerations Guide for Trident v2 Systems MP A IOP A (SX) MP C (SX) TriBus & TriTime (IOX) IOP C Diagnostic Channel (IOX) Output Channel A Output Channel B Output Channel C Output Module Hot Spare Output Voter Field Output
System Diagnostics System Diagnostics 35 To improve system availability and safety, a safety system must be able to detect failures and provide the means for managing failures properly. The controller’s diagnostics may be categorized as: • Reference diagnostics: Comparing an operating value to a predetermined reference, such as a system specification. • Comparison diagnostics: Comparing one component to another, such as one independent channel with two other independent channels. • Field device diagnostics: Diagnostics are extended to a system’s field devices and wiring. Safety Considerations Guide for Trident v2 Systems
- Page 1 and 2: Trident v2 Systems Safety Considera
- Page 3 and 4: Contents Preface vii Summary of Sec
- Page 5 and 6: Contents v Partitioned Processes. .
- Page 7 and 8: Preface This guide provides informa
- Page 9 and 10: • All other requests are handled
- Page 11 and 12: 1 Safety Concepts Overview 2 Hazard
- Page 13 and 14: Protection Layers Methods that prov
- Page 15 and 16: Hazard and Risk Analysis Hazard and
- Page 17 and 18: Sample SIL Calculation Hazard and R
- Page 19 and 20: Safety Life Cycle Model Hazard and
- Page 21 and 22: Hazard and Risk Analysis 11 • Eac
- Page 23 and 24: CAN/CSA-C22.2 No. 61010-1-04 Safety
- Page 25 and 26: 2 Application Guidelines Overview 1
- Page 27 and 28: General Guidelines This section des
- Page 29 and 30: General Guidelines 19 Safety Measur
- Page 31 and 32: Emergency Shutdown Systems The safe
- Page 33 and 34: Safety-Shutdown Guidelines for Tric
- Page 35 and 36: Guidelines for Triconex Controllers
- Page 37 and 38: Guidelines for Triconex Controllers
- Page 39 and 40: Guidelines for Triconex Controllers
- Page 41 and 42: Guidelines for Triconex Controllers
- Page 43: 3 Fault Management Overview 34 Syst
- Page 47 and 48: Operating Modes Each input or outpu
- Page 49 and 50: Analog Output (AO) Modules Module D
- Page 51 and 52: Calculation for Diagnostic Fault Re
- Page 53 and 54: External Communication Module Diagn
- Page 55 and 56: 4 Application Development Developme
- Page 57 and 58: Array Index Errors Infinite Loops D
- Page 59 and 60: Setting Scan Time 49 application. T
- Page 61 and 62: Sample Safety-Shutdown Programs Sam
- Page 63 and 64: Sample Safety-Shutdown Programs 53
- Page 65 and 66: When Some I/O Modules Are Safety-Cr
- Page 67 and 68: Sample Safety-Shutdown Programs 57
- Page 69 and 70: Partitioned Processes Sample Safety
- Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
- Page 73 and 74: A Triconex Peer-to-Peer Communicati
- Page 75 and 76: Data Transfer Time Data Transfer Ti
- Page 77 and 78: Data Transfer Time 67 A typical dat
- Page 79 and 80: Examples of Peer-to-Peer Applicatio
- Page 81 and 82: B HART Communication Overview 72 HA
- Page 83 and 84: 2008-04-01 Automation, Software and
- Page 85 and 86: 2008-04-01 HART Position Paper from
- Page 87 and 88: 2008-04-01 A possible impact to the
- Page 89 and 90: 2008-04-01 HART Position Paper from
- Page 91 and 92: C Safety-Critical Function Blocks O
- Page 93 and 94: SYS_CRITICAL_IO Accumulates the sta
System Diagnostics<br />
System Diagnostics 35<br />
To improve system availability and safety, a safety system must be able to detect failures and<br />
provide the means <strong>for</strong> managing failures properly. The controller’s diagnostics may be<br />
categorized as:<br />
• Reference diagnostics: Comparing an operating value to a predetermined reference,<br />
such as a system specification.<br />
• Comparison diagnostics: Comparing one component to another, such as one<br />
independent channel with two other independent channels.<br />
• Field device diagnostics: Diagnostics are extended to a system’s field devices and<br />
wiring.<br />
<strong>Safety</strong> <strong>Considerations</strong> <strong>Guide</strong> <strong>for</strong> <strong>Trident</strong> <strong>v2</strong> <strong>Systems</strong>