Safety Considerations Guide for Trident v2 Systems - TUV ...

More documents

Recommendations

Info

54 Chapter 4 Application Development Table 11 Alarm Output Parameter Operation in EX01_SHUTDOWN Parameter Description ALARM_PROGRAMMING_PERMITTED To remind the operator to lock out programming changes after a download change, or for applications in which download changes are not allowed, connect the ALARM_PROGRAMMING_PERMITTED output to an alarm. ALARM_REMOTE_ACCESS For applications in which remote changes are not allowed, connect the ALARM_REMOTE_ACCESS output to an alarm. ALARM_RESPONSE_TIME Total response time depends primarily on the actual scan time. To meet the required response time of the process, set the MAX_SCAN_TIME input to less than 50% of the required response time. When the actual scan time exceeds the MAX_SCAN_TIME value, the ALARM_RESPONSE_TIME output becomes true. ALARM_DISABLED_POINTS A project should not contain disabled points unless there is a specific reason for disabling them, such as initial testing or maintenance. To remind an operator that some points are disabled, connect the ALARM_DISABLED_POINTS output to an alarm. Safety Considerations Guide for Trident v2 Systems
When Some I/O Modules Are Safety-Critical Sample Safety-Shutdown Programs 55 For some applications, not all modules may be critical to a process. For example, an output module that interfaces to the status indicators on a local panel is usually not critical to a process. The EX02_SHUTDOWN sample program shows how to increase system availability by detecting the status of safety-critical modules. The user-defined function block CRITICAL_IO checks the safety-critical I/O modules. The CRITICAL_IO outputs are connected to the inputs of the CRITICAL_MODULES function block. Note The sample program is an element of project TdTUV.pt2 included as part of the TriStation 1131 software installation. The default location of the project is C:\Documents and Settings\\My Documents\Triconex\TriStation 1131 4.x\Projects. When the output CRITICAL_MODULES_OPERATING is true, all critical modules are operating properly. The input MAX_TIME_DUAL specifies the maximum time allowed with two channels operating (with no connection, defaults to 40000 days). The input MAX_TIME_SINGLE specifies the maximum time allowed with one channel operating (three days in the example). Note In typical applications, the operating time restrictions in the table on page 25 should be followed. When CRITICAL_MODULES_OPERATING is false, the time in degraded operation exceeds the specified limits; therefore, the control program should shut down the plant. CAUTION Program EX02_SHUTDOWN CRITICAL_IO EX02_CRITICAL_IO CI RELAY1_OK 001 CO TMR GE_DUAL GE_SINGLE NO_VOTER_FLTS ERROR T#3d T#400ms EX02_SHUTDOWN does not handle detected field faults, rare combinations of faults detected as field faults, or output voter faults hidden by field faults. The application, not the SYS_SHUTDOWN function block, must read the NO_FLD_FLTS module status or FLD_OK point status to provide the required application-specific action. CRITICAL_MODULES SYS_SHUTDOWN CI CO IO_CO OPERATIING IO_TMR TMR IO_GE_DUAL DUAL IO_GE_SINGLE SINGL IO_NO_VOTER_FLTS ZERO IO_ERROR TIMER_RUNNING MAX_TIME_DUAL TIME_LEFT MAX_TIME_SINGLE ALARM_PROGRAMMING_PERMITTED MAX_SCAN_TIME 002 ALARM_REMOTE_ACCESS ALARM_RESPONSE_TIME ALARM_DISABLED_POINTS ERROR Figure 11 EX02_SHUTDOWN Sample Program CRITICAL_MODULES_OPERATING ALARM_PROGRAMMING_PERMITTED ALARM_REMOTE_ACCESS ALARM_RESPONSE_TIME ALARM_DISABLED_POINTS Safety Considerations Guide for Trident v2 Systems
Page 1 and 2:
Trident v2 Systems Safety Considera
Page 3 and 4:
Contents Preface vii Summary of Sec
Page 5 and 6:
Contents v Partitioned Processes. .
Page 7 and 8:
Preface This guide provides informa
Page 9 and 10:
• All other requests are handled
Page 11 and 12:
1 Safety Concepts Overview 2 Hazard
Page 13 and 14: Protection Layers Methods that prov
Page 15 and 16: Hazard and Risk Analysis Hazard and
Page 17 and 18: Sample SIL Calculation Hazard and R
Page 19 and 20: Safety Life Cycle Model Hazard and
Page 21 and 22: Hazard and Risk Analysis 11 • Eac
Page 23 and 24: CAN/CSA-C22.2 No. 61010-1-04 Safety
Page 25 and 26: 2 Application Guidelines Overview 1
Page 27 and 28: General Guidelines This section des
Page 29 and 30: General Guidelines 19 Safety Measur
Page 31 and 32: Emergency Shutdown Systems The safe
Page 33 and 34: Safety-Shutdown Guidelines for Tric
Page 35 and 36: Guidelines for Triconex Controllers
Page 43 and 44: 3 Fault Management Overview 34 Syst
Page 45 and 46: System Diagnostics System Diagnosti
Page 47 and 48: Operating Modes Each input or outpu
Page 49 and 50: Analog Output (AO) Modules Module D
Page 51 and 52: Calculation for Diagnostic Fault Re
Page 53 and 54: External Communication Module Diagn
Page 55 and 56: 4 Application Development Developme
Page 57 and 58: Array Index Errors Infinite Loops D
Page 59 and 60: Setting Scan Time 49 application. T
Page 61 and 62: Sample Safety-Shutdown Programs Sam
Page 63: Sample Safety-Shutdown Programs 53
Page 67 and 68: Sample Safety-Shutdown Programs 57
Page 69 and 70: Partitioned Processes Sample Safety
Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
Page 73 and 74: A Triconex Peer-to-Peer Communicati
Page 75 and 76: Data Transfer Time Data Transfer Ti
Page 77 and 78: Data Transfer Time 67 A typical dat
Page 79 and 80: Examples of Peer-to-Peer Applicatio
Page 81 and 82: B HART Communication Overview 72 HA
Page 83 and 84: 2008-04-01 Automation, Software and
Page 85 and 86: 2008-04-01 HART Position Paper from
Page 87 and 88: 2008-04-01 A possible impact to the
Page 89 and 90: 2008-04-01 HART Position Paper from
Page 91 and 92: C Safety-Critical Function Blocks O
Page 93 and 94: SYS_CRITICAL_IO Accumulates the sta
Page 95 and 96: Library Trident and Tri-GP (TRDLIB)
Page 97 and 98: END_IF ; PREVIOUS_RESET := RESET ;
Page 99 and 100: Output Parameters (continued) Name
Page 101 and 102: SYS_SHUTDOWN 91 * the safety system
Page 103 and 104: ALARM_DISABLED_POINTS := MPX.POINTS
Page 105 and 106: Example For shutdown examples, see
Page 107 and 108: A abbreviations, list of viii actua
Page 109 and 110: message errors, external communicat
Page 112: Invensys Operations Management 5601
show all

Safety Considerations Guide for Trident v2 Systems - TUV ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?