Safety Considerations Guide for Trident v2 Systems - TUV ...

More documents

Recommendations

Info

56 Chapter 4 Application Development Table 12 Input Parameters for SYS_SHUTDOWN Function Block in EX02_SHUTDOWN Parameter Description CI Control In If false, then CO is false—no change in the output value If true and ERROR_NUM is 0, then CO is true IO_CO Critical I/O control out IO_TMR All critical I/O points are operating in triple modular redundant mode IO_GE_DUAL All critical I/O points are operating are operating in dual or TMR mode IO_GE_SINGLE All critical I/O points are operating are operating in single, dual, or TMR mode IO_NO_VOTER_FLTS If true, then no voter faults exist on a critical I/O module If false, then a voter fault exists on a critical I/O module IO_ERROR Error number: Zero indicates no error. Non-zero indicates a programming or configuration error MAX_TIME_DUAL Maximum time with only two channels operating MAX_TIME_SINGLE Maximum time with only one channel operating MAX_SCAN_TIME 50% of the maximum response time Table 13 Output Parameters for SYS_SHUTDOWN Function Block in EX02_SHUTDOWN Parameter Description CO Control Out OPERATING When true, all safety-critical modules are operating properly When false, the time in degraded operation exceeds the specified limits; therefore, the control program should shut down the process TMR System is operating in triple modular redundant mode DUAL At least one safety-critical point is controlled by two channels SINGL At least one safety-critical point is controlled by one channel ZERO At least one safety-critical point is not controlled by any channel TIMER_RUNNING Time left to shutdown is decreasing TIME_LEFT Time remaining before shutdown ALARM_PROGRAMMING_PERMITTED True if application changes are permitted Safety Considerations Guide for Trident v2 Systems
Sample Safety-Shutdown Programs 57 Table 13 Output Parameters for SYS_SHUTDOWN Function Block in EX02_SHUTDOWN Parameter Description ALARM_REMOTE_ACCESS True if remote-host writes are enabled ALARM_RESPONSE_TIME True if actual scan time is greater than MAX_SCAN_TIME ALARM_DISABLED_POINTS True if one or more points are disabled ERROR_NUM Error Number: 0 = No error 1 = Error in maximum time 2 = I/O function block error. IO_ERROR is nonzero 3 = Function block error. System status or MP Status Table 14 Alarm Output Parameter Operation in EX02_SHUTDOWN Parameter Description ALARM_PROGRAMMING_PERMITTED To remind the operator to lock out programming changes after a download change, or for applications in which download changes are not allowed, connect the ALARM_PROGRAMMING_PERMITTED output to an alarm ALARM_REMOTE_ACCESS For applications in which remote changes are not allowed, connect the ALARM_REMOTE_ACCESS output to an alarm ALARM_RESPONSE_TIME Total response time depends primarily on the actual scan time. To meet the required response time of the process, set the MAX_SCAN_TIME input to less than 50% of the required response time. When the actual scan time exceeds the MAX_SCAN_TIME value, the ALARM_RESPONSE_TIME output becomes true ALARM_DISABLED_POINTS A project should not contain disabled points unless there is a specific reason for disabling them, such as initial testing or maintenance. To remind an operator that some points are disabled, connect the ALARM_DISABLED_POINTS output to an alarm Safety Considerations Guide for Trident v2 Systems
Page 1 and 2:
Trident v2 Systems Safety Considera
Page 3 and 4:
Contents Preface vii Summary of Sec
Page 5 and 6:
Contents v Partitioned Processes. .
Page 7 and 8:
Preface This guide provides informa
Page 9 and 10:
• All other requests are handled
Page 11 and 12:
1 Safety Concepts Overview 2 Hazard
Page 13 and 14:
Protection Layers Methods that prov
Page 15 and 16: Hazard and Risk Analysis Hazard and
Page 17 and 18: Sample SIL Calculation Hazard and R
Page 19 and 20: Safety Life Cycle Model Hazard and
Page 21 and 22: Hazard and Risk Analysis 11 • Eac
Page 23 and 24: CAN/CSA-C22.2 No. 61010-1-04 Safety
Page 25 and 26: 2 Application Guidelines Overview 1
Page 27 and 28: General Guidelines This section des
Page 29 and 30: General Guidelines 19 Safety Measur
Page 31 and 32: Emergency Shutdown Systems The safe
Page 33 and 34: Safety-Shutdown Guidelines for Tric
Page 35 and 36: Guidelines for Triconex Controllers
Page 43 and 44: 3 Fault Management Overview 34 Syst
Page 45 and 46: System Diagnostics System Diagnosti
Page 47 and 48: Operating Modes Each input or outpu
Page 49 and 50: Analog Output (AO) Modules Module D
Page 51 and 52: Calculation for Diagnostic Fault Re
Page 53 and 54: External Communication Module Diagn
Page 55 and 56: 4 Application Development Developme
Page 57 and 58: Array Index Errors Infinite Loops D
Page 59 and 60: Setting Scan Time 49 application. T
Page 61 and 62: Sample Safety-Shutdown Programs Sam
Page 63 and 64: Sample Safety-Shutdown Programs 53
Page 65: When Some I/O Modules Are Safety-Cr
Page 69 and 70: Partitioned Processes Sample Safety
Page 71 and 72: Alarm Usage Alarm Usage 61 To imple
Page 73 and 74: A Triconex Peer-to-Peer Communicati
Page 75 and 76: Data Transfer Time Data Transfer Ti
Page 77 and 78: Data Transfer Time 67 A typical dat
Page 79 and 80: Examples of Peer-to-Peer Applicatio
Page 81 and 82: B HART Communication Overview 72 HA
Page 83 and 84: 2008-04-01 Automation, Software and
Page 85 and 86: 2008-04-01 HART Position Paper from
Page 87 and 88: 2008-04-01 A possible impact to the
Page 89 and 90: 2008-04-01 HART Position Paper from
Page 91 and 92: C Safety-Critical Function Blocks O
Page 93 and 94: SYS_CRITICAL_IO Accumulates the sta
Page 95 and 96: Library Trident and Tri-GP (TRDLIB)
Page 97 and 98: END_IF ; PREVIOUS_RESET := RESET ;
Page 99 and 100: Output Parameters (continued) Name
Page 101 and 102: SYS_SHUTDOWN 91 * the safety system
Page 103 and 104: ALARM_DISABLED_POINTS := MPX.POINTS
Page 105 and 106: Example For shutdown examples, see
Page 107 and 108: A abbreviations, list of viii actua
Page 109 and 110: message errors, external communicat
Page 112: Invensys Operations Management 5601
show all

Safety Considerations Guide for Trident v2 Systems - TUV ...

Create successful ePaper yourself

Delete template?

Save as template?