safety instrumented systems engineering
DESCRIPTION
Systems engineering.TRANSCRIPT
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 1/32
Safety Instrumented Systems The Smart Approach
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 2/32
More than ever, running your plant product ively and safely requires the right
technologies and experience. With increasingly stringent regulat ions and
internat ional-standard best practices, safety instrumented systems perform
a crit ical role in providing safer, more reliable, process operations.
3The Emerson Approach toSafetyFrom sensor, to logic solver,
to final control element.
4Safety FirstNew international standardsare prompting a reexamina-tion of safety practices.
6The Ideal SafetyInstrumented SystemIntelligence embedded in theSIS loop reduces risk.
8Sensors for Reduced Risk
Sensors for pressure, temper-ature, flow and level play animportant role.
10SIS Final ElementsFinal elements with digitalvalve controllers deliverhigher reliability and safety.
12Partial-Stroke Testing forReliabilityCheck the valve’s ability to
perform on demand—auto-matically.
14Logic SolverState-of-the-art logic solverssupport digital communica-tions.
16 Intuitive SoftwareIndustry-leading DeltaVsystem software
18Tough Applications Made
Easy TÜV-certified DeltaV SIS func-tion block suite makes imple-mentation easy.
20The Health of Your LoopsIdentifying and predictingproblems is critical.
22Flexible Architecture forAny SizeSafety Instrumented Systems
come in all sizes and topolo-gies.
24Simplifying IEC 61511Compliance
The PlantWeb solution.
26Connecting with YourExisting BPCSIncrease your plant’s availabilitywith a smart SIS.
28 Integrated Yet Separate
True integration with DeltaVsoftware; complete separa-tion from hardware.
30 Industry Leading Serviceand Support
The world’s only IEC 61511certified project services.
CONTENTS
2
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 3/32
Safe operations include many
aspects—material handling
procedures, process
operations and safety
instrumented systems (SIS).
Yesterday’ s SIS solut ions
considered only the logic
solver and left it to your
maintenance organization to
manually test the entire
safety loop. Like you,
Emerson believes it’ s critical
to consider the ent ire safety
loop—from sensor, through logic solver, to final element
—as a complete ent it y.
The Smart ApproachOnly Emerson Process
Management, an Emerson
business, takes a holistic new
approach by continuously
diagnosing the sensors, logic
solvers, and final elements’ abilityto perform on demand as required
for a smart SIS solution.
Now you can minimize the costly
practices of ongoing manual proof
tests with the embedded
predictive diagnostics and the
digital communications of the
PlantWeb®architecture.
Complete Solutions—One Source.When it comes to safety
applications like emergency
shutdown systems, burner
management, and fire and
gas systems, our trained
global professional safety
personnel and project services
organizations have the knowledgeto perform, and expertise to assist
you in, process hazard analysis and
risk assessment along with safety
instrumented system design,
implementation, and
commissioning.
Emerson provides the only smart,
easiest-to-use, safety instrumented
system for the lowestlifecycle cost.
Sensor to Final Control Element,the Emerson Approach to Safety
®
“The PlantWeb
solution for safety
application is the
complete package.
It considers all
equipment in the
safety instrumented
function as well asthe simplified proof
testing. This will
change the
industry.”
—Dr. William Goble,P.E. CSFSE
Exida
3
“The PlantWeb
solution for safety
application is the
complete package.
It considers all
equipment in the
safety instrumented
function as well asthe simplified proof
testing. This will
change the
industry.”
—Dr. William Goble,P.E. CSFSE
Exida
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 4/32
Reduce regulatory compliance efforts
Safety First
4
Past solutions for safe
operat ions may no longer be
suff icient. New internat ional
standards for safety, like IEC
61508 and IEC 61511, are
prompt ing a reexaminat ion of safety practices. Planning
is required to meet increased
regulatory requirements
across the globe.
Companies that don’t plan and manage
process operational risks face fines,
production outages, equipment damage
and serious injury or loss of life.
With today’s technology and best
practices, the re is no reas on not to put
s afe ty fir s t .
There are key international standards and
concepts you and your solutions
providers must know to effectively
implement safer operations. It’s
important that you work with a supplier
that has safety instrumented system
sensors, logic solvers, and final control
elements that meet IEC 61508 standards
to help you follow IEC 61511best practices.
You need to effectively perform hazard
identification, hazard analysis, and risk
assessment studies to develop plans to
address current deficiencies.
IEC 61508Used by suppliers of safety-related
equipment, IEC 61508 defines a set of
standards for functional safety of electrical/ electronic/programmable
electronic safety-related systems.
Emerson has the broadest range of IEC
61508-certified process safety devices,
from pressure, flow, and temperature
sensors through the logic solver, to final
element.
Process manufacturers who implement
SIS equipment need to do so in
accordance with best practices, as
defined by IEC 61511.
19
DIN V 1925
DIN V VD
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 5/32
“This internationalstandard has twoconcepts which arefundamental to itsapplication; safetylifecycle and safetyintegrity levels.”
—IEC 61511-3
Global Safety
Standard
5
IEC 61511 The SIS user community has
formally collected best practices
in safety applications aligned with
IEC 61508. The result of this work
is the new IEC 61511 standard.
Only Emerson provides:
transmitters, valve controllersand logic solvers certified to
IEC 61508
services certified to IEC 61511
software that simplifies
adherence to IEC 61511 for
regulatory compliance.
IEC 61508-type data on non-
certified devices to help process
manufacturers build prior
use cases.
Emerson delivers a state-of-the-art
safety solution that reduces risk
and increases process availability.
ANSI/ISA-84.00.01-2004In 2004 the S84 committee of ISA
formally adopted the IEC 61511
standard for use in the USA. Thetwo standards are identical except
for a grandfather clause that the
S84 committee added to the
American version.
1992 1995 1998 2001 2004
NE 31
IN V 19251
EN 54,Part 2
NFPA 8501
IEC 61508
NFPA 850 2
IEC 61511
ANSI/ISA S84 .01
Key Safety Regulatory Standards
ANSI/ISA S84
“This internationalstandard has twoconcepts which arefundamental to itsapplication; safetylifecycle and safetyintegrity levels.”
—IEC 61511-3
Global Safety
Standard
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 6/32
The ideal SIS takes a new
approach to help you
reduce risks and use the
intelligence embedded in
the total SIS loop:
sensors, logic solvers,
and final control
elements to increase
safety.
Risk reduction The ideal SIS begins and ends withfield devices. Smart field devices:monitor the entire SIS loop from
sensor through the finalcontrol element
provide non-disruptive actuatorpartial-stroke testing andspurious trip prevention
proactively communicate
maintenance alerts fromintelligent sensors and actuators
support advanced diagnosticcapabilities for sensors,logic solvers and final controlelements for both self-test anddetection of abnormal situationsin the surrounding process.
Easier regulatorycompliance The ideal SIS, including sensor,
logic solver, and final element, isdesigned in accordance with IEC61508 and is TÜV or FM certified*. To help you address the IEC 61511standard more easily, an ideal SISshould have: safety logic signature
authorization change management of safety
logic and field deviceconfiguration/calibration
security authorization of onlinetrip point or bypass changes.
Increased availabilityAn ideal SIS increases the avail-ability of an operating process. It: increases system availability
through redundancy as required
minimizes risky manual finalelement testing throughautomatic periodic testing
reduces operator response timewith advanced alarmmanagement
manages bypasses duringstartup sequences.
Safety with less risk and increased av
The Ideal Safe
6
Because the majori ty of malfunctions in safety
applicat ions occur in t he devices, increased logic
solver reliability does not significantly improve
the reliability of t he entire safety loop. Data
intrepreted from the Offshore Reliability
Database (OREDA).
42%—Sensor
malfunct ion
8%—Logi c sol ver
malfunct ion
50%—Valve m alfu ncti on
Basic P rocess C ontrol S ystem ( BPCS
Digital C ommunication
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 7/32
“Today’s safetysystems need anintegrated safetyapproach wheretransmitters arepart of the safetysystem and
performautocalibration,diagnostics,validation andremote monitoring,connecting with anintelligent fieldbussuch as HART or
Foundationfieldbus.”
—Wayne Labs,CONTROL Magazine,
May 2005
bility.
nstrumented System
7
Reduced project capitalWith pressure on processmanufacturers to increase theirreturn on capital, the ideal SISreduces the engineering andinstallation effort by: simplifying safety logic
development and testing withpowerful certified functionblocks
being certified for use in SIL 1, 2and 3 applications withoutrestriction
providing a flexible architecturefor centralized or decentralizeddeployment
providing embedded simulationto fully test safety logic beforedeployment
integrating BPCS and SIS datawithout mapping orhandshaking logic while keepingthese functions separate per IEC61511
providing common engineeringtools for the BPCS and SIS.
Reduced operations andmaintenance costsLike capital budgets, operating andmaintenance budgets are underconstant pressure. The ideal SISreduces operations andmaintenance costs by:providing a common
engineering and operatorinterface for both BPCS and SIS
synchronizing time andcollecting events between BPCS
and SISperforming continuous diagnos-
tics and periodic testing of sensors and final controlelements.
It’s important to consider ongoingsupport when multiple suppliersare involved. When one supplierhas the full range of products andservices for your BPCS and SIS, youhave only one place to go for theanswers and support you need.
T he tr aditional imple me ntation of
Basic Process Control Systems and
S afe ty Ins trume nte d S y s te ms fails to
c ons ide r the e ntire s afe ty loop ,
requiring extra maintenance effort .
Safety I nstrumented S ystem ( SIS
Discrete S gnalOn-o ff
* Certi fied by a 3rd Part y such as TÜV.
“Today’s safetysystems need anintegrated safetyapproach wheretransmitters arepart of the safetysystem and
performautocalibration,diagnostics,validation andremote monitoring,connecting with anintelligent fieldbussuch as HART or
Foundationfieldbus.”
—Wayne Labs,CONTROL Magazine,
May 2005
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 8/32
Smart Sensors Provi
Increased diagnost ics decreases risk.8
Sensors for pressure,
temperature, flow and
level play an important
role in your risk
reduction strategy. It’s
important to consider improvements in
measurement
technology as well as
installat ion and
maintenance pract ices.
The health of your safety loop isonly as reliable as the weakest
component. With discretemeasurement switches, you get alevel of safety, but these devicesare susceptible to failurewithout warning.
Switches have few failure modes,but almost all are dangerous andundetectable. Regular proof testing is thus required—thesetests can themselves introduce riskbecause they are manual andrequire strict adherence to
procedures and they putmaintenance personnel inhazardous locations.
Smart devices deliverpredictive diagnosticsBy replacing switches withtransmitters, you take the first steptowards reducing undetectedfailures. Smart transmitters havefar fewer dangerous undetectedfailures than switches. In addition,
the latest generation of smartmeasurement devices extend theembedded diagnostics beyond thedevice and into the process.
Extendedhealth diagnostics Today’s leading smarttransmitters, like Emerson’sRosemount and Micro Motiondevices, go beyonddetecting component failures. They evaluate the performance of the complete measurementsystem, extending diagnostics todetect formerly undetectabledangerous failures outside thephysical bounds of thetransmitter—providingboth transmitter and processdiagnostics.
The end result is greater creditfor failure on demand calculations,easier compliance with
IEC 61511, higher safe failurefractions, less redundancy, and lessproof testing, less often.
IEC 61511 defines two approachesfor selecting the right device foryour safety measurements. Bothmethods have merit and are usedextensively.
Prior use This method requires
that you havesufficient failure datato be able toinvestigate andcalculate theprobability offailure on demandand the safe failurefraction. As theleading fielddevice supplier,Emerson canprovide the reliability
data you need forthese calculations.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 9/32
Both Transmitter and Process Diagnostics
“Most of thesediagnostics can beperformed only inthe field devicesthemselves, and notthrough higher-level expert or
‘abnormal situationmanagement’systems, becausethey requireextremely highspeed resolutionand accuracy.”
—Steve Brown
E.I. duPont deNemours & CoChem ical Engi neerin g
Magazine, July ‘03
9
This method provides you withmore transmitter choices at thecost of maintaining databases toprovide evidence of prior use perIEC 61511.
This approach requires extensivetracking management—a laborioustask.
Designed to IEC 61508 Temperature and pressure
transmitters from Rosemount andflow transmitters from MicroMotion change all of this. Theseare standard BPCS sensors that canbe used in safety applications. Nowyou can get Emerson reliability in acertified transmitter.
Sensors are one key piece in theideal safety system. Final elementsare the next critical piece.
AMS TM S uite: Inte llig e nt D evic e Manage r
provides the means to identif y and cor-
rect potential transmit ter problems.
“Most of thesediagnostics can beperformed only inthe field devicesthemselves, and notthrough higher-level expert or
‘abnormal situationmanagement’systems, becausethey requireextremely highspeed resolutionand accuracy.”
—Steve Brown
E.I. duPont deNemours & CoChem ical Engi neerin g
Magazine, July ‘03
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 10/32
SIS Final Elements D
10
Reduce final element risk.
The next step in the ideal
SIS is to equip the final
elements with digital
valve controllers that
provide the diagnostics
to extend the proof test interval, while delivering
higher reliabilit y and
safety.
Manual testingProcess manufacturers have goneto great lengths, adding bypassvalves, manual jamming devices,and expensive pneumatic panels
to facilitate proof testing of finalcontrol elements.
Beyond the increased capitalexpense, safety valve testing ofteninvolves the installation andsubsequent removal of mechanical valve interlocks. This can expose maintenancepersonnel and operators tohazardous locations in theprocess. And if the interlocks arenot removed after the testing, the
performance of the safetyinstrumented system maybe severely compromised. The majority of plant incidents arecaused by personnel and
procedural error, so removing theneed for manual proof tests whilemaintaining the overall SISintegrity is key in SIS applications.
FIELDVUE digital valvecontrollerFIELDVUE digital valve controller
instruments provide automatedperformance monitoring andtesting by enabling remote partialstroke testing while the safetyvalve is online. This keepspersonnel safely away from thevalves’ locations. The FIELDVUEDVC6000 for emergencyshutdown solutions is TÜV-certified for use in SIL 3applications.
FIELDVUE instruments haveextensive diagnostics to monitortravel deviation, pressuredeviation, valve packing frictionand more. Information iscommunicated back to the DeltaVsystem and the AMS DeviceManager software.
SIL-PAC solution The EmersonS IL-PAC TM
final element solution usesEmerson actuators controlled
by the FieldVUE DVC6000ESD to operate the valve. Theseinclude the Bettis®G and CBA-series, HyTork®and El-O-Matic TM
actuators currently used in manyESD type applications.
Proven in safety applications formany years, the Bettis actuatorsare certified for use in SIL 3applications when periodicpartial-stroke testing isperformed.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 11/32
“The principalsources of faultshave remained inthe field; we needto recognize andeliminate these fail-ures at the source.”
—Erik R. BruynExxonMobil Refinery
“The Role ofInstrumentation in Plant
Asset Management”Internationa
Instruments UsersAssoc., Apr ‘03, Hague,
The Netherlands
ver Higher Reliability and Safety
11
TheS IL-PAC final control solutionis valve neutral—meaning that itcan be mounted on the safetyvalve that best meets yourapplication requirements.
From 350 inch pounds of torqueto over 13 million inch pounds,
S IL-PAC options include:ASCO solenoids for redundancy local shutdown options configurable closing/
opening times
diagnostic/configuration toolsunusual and severe types of
services.
With theS IL-P AC solution fromEmerson, you get the flexibility,reliability, and functionality youneed to meet your requirements
and support your installationthroughout its life.
AMS Intelligent Device Manager wit h the ValveLink
Snap-On applicat ion makes troubleshooting devices
from a remote location easy and safe.
The FIELDVUE inst rument automat ically
checks the condition of the final control
element dur ing each partial-stroke test.
“The principalsources of faultshave remained inthe field; we needto recognize andeliminate these fail-ures at the source.”
—Erik R. BruynExxonMobil Refinery
“The Role ofInstrumentation in Plant
Asset Management”Internationa
Instruments Users’Assoc., Apr ‘03, Hague,
The Netherlands
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 12/32
During each partial-stroke test,pneumatic supply, actuatorpressure, and valve position are
tested to verify whether the valvecomponents will perform.
This partial stroke testingprovides: less human errorbetter maintenance practicesbetter documentation less risk.
There’s no more guessing whena safety valve needs to bemaintained. You have a betterunderstanding of the overallelectro-mechanical condition of the valve.
Less risk
Automated partial stroke testingin the FIELDVUE DVC6000 and theAMS Device Manager softwareapplication keeps operators andmaintenance personnel awayfrom the field while extending thetime intervals between full-stroketests and providing confidencethat the valve will perform ondemand—reducing personneland operational risk and therisk of trips.
Better maintenancepracticesA valve signature generatedduring the partial-stroke testprovides your maintenancepersonnel with insight into:valve frictionair-path leakagevalve stickingactuator spring rate inherent diaphragm
pressure range.
This information gives your
maintenance personnel the abilityto schedule repairs rather thanhaving to react to unexpectedfailures. Determining when asafety valve needs to bemaintained is no longer aguessing game.
Better documentation The FIELDVUE instrument receivesscheduled partial-stroke testcommands from the logic solverand applies a time and datestamp to each partial-stroke test. This information is automaticallysaved on a workstation, makingyour regulatory complianceefforts much easier.
Partial-stroke Testing F
Drag-and-drop configurat ion.12
Safety valves equipped with Emerson’s FIELDVUE DVC6000
perform part ial-stroke testing, automat ically checking the
valve’s abilit y to perform on demand.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 13/32
Reliability
“It’s not onlypossible to check valves, but we canalso do so moresafely, at less cost,and with greaterefficiency.”
—Patrick FlandersSaudi Aramco
In addition, thoroughdocumentation of each test ismaintained per regulatoryrequirements.
The right sensors, final elements,and AMS Device Manager build astrong foundation for the nextelement in the smart SIS, thelogic solver.
13
AMS Device Manager wit h the
ValveLink snap-on application auto-
mat ically generates detailed reports of
the part ial-stroke test for regulatory
bodies. Valve testing reveals the need
for scheduled maintenance.
Part ial stroke test on a
problem valve.
“It’s not onlypossible to check valves, but we canalso do so moresafely, at less cost,and with greaterefficiency.”
—Patrick FlandersSaudi Aramco
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 14/32
Bulky logic solvers and
mult iplexers can now
be replaced with state-
of-the-art logic solvers
that support digital
communications for continuous health
monitoring of every
complete Safety Instru-
mented Function (SIF).
The DeltaV SISWhile other safety systemsuppliers focus only on the logicsolver, the Emerson smart SIS
solution considers the entire SIFto increase safety whiledecreasing spurious trips, therebyincreasing reliability from sensorto final element.
The SLS 1508 logic solver, built fordigital communications withsafety sensors and final elements,uses the power of predictive fieldintelligence to increase the overallreliability of the entire safetyinstrumented function.
It is TÜV-certified for use in SIL 1-3rated safety applications asdefined by IEC 61508 and fire-detection and alarms as definedin ENS4-2.
SLS 1508 logic solverKey capabilities of the SLS 1508
logic solver include:24V DC redundant power16 channels per logic solver in
any combination of HART AI,HART two-state output, DI, DO
line fault detection on all I/O separate I/O processor and
redundant CPUs50msec executiondownloadable on-line flexible architecture -40° to 70°C temperature
rating ISA G3 (corrosive environment
rating)NAMUR NE21 electromagnetic
compatibility rating
Redundant logic solver You can increase the availability of your process with a redundantpair of SLS logic solvers. The twomodules work in parallel with noconcept of master/slave. Thisensures bumpless transfers, and
allows automatic online proof testing of the logic solvers.
Logic Solvers Conti
Higher process availabilit y through im14
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 15/32
usly Monitor Health of Every SIF
“We installedDeltaV SIS in ourcritical distillationheaters during our
latest turnaround.We plan to installmore in our refineryas we continue ourmodernizationprogram.”
—Cornel Cirligeanu
RominservElectrical & I&CDivision
oved diagnost ics.15
For greater process
availabil it y, the SLS
1508 logic solvers are
optionally redundant.
Smart logic solverscontinuously monitor
loop health and perform
part ial-stroke tests.
“We installedDeltaV SIS in ourcritical distillationheaters during our
latest turnaround.We plan to installmore in our refineryas we continue ourmodernizationprogram.”
—Cornel Cirligeanu,
RominservElectrical & I&CDivision
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 16/32
All of the DeltaV system’s
ease-of-use advances like
plug-and-play hardware,
drag-and-drop, and
explorer-based software,
are built in to the DeltaV
SIS software.
A full palette of TÜV-certified
smart function blocks designedspecifically for DeltaV SIS functionsis available. Special blocks likeMooN voter blocks with bypassmanagement reduce what used tobe pages and pages of ladder toengineer, test, and commissioninto a simple drag-and-dropspecification activity. Easymaintenance with less complexityreduces your life cycle costsand risks.
All of the function blocks are
certified by TÜV for safetyapplications.
Other capabilities making theDeltaV SIS software intuitiveinclude:built-in sequence of events
handler with automatic first-outtrapping
built-in bypass handlingbuilt-in override bundling automatic compliance to
IEC 61511 standard. off-line simulationbuilt-in alarm state engine per
EEMUA 191 standard optional operator interface.
Intuitive Softwa
Drag-and-drop from voter palette—eas16
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 17/32
“High compre-hensibility of theprogrammedfunctions is theultimate ambitionof safety-relatedprogramming.Therefore, there is aneed for a preciseand compact pro-gram structure andrepresentation.”
—Dirk HablawetzBASF AG
“The Practical use ofthe internationa
standard IEC 61508”TÜViTConference, Jan ‘03, Augsburg
Germany
nd Powerful Function Blocks
17
Voter simpli fies device upset and
diagnostic condit ion handling to avoid
spurious trips while automat ing bypass
management.
Powerful function
blocks deliver engineering
savings and operational benefit s.
Cause and Effect Matrix (CEM) block
great ly simplif ies the logic solver
configuration.
State Transition Diagram provides
simple fill-in of state, transition
inputs, and desired outputs saving
hours of engineering.
Step Sequencer saves hours of
engineering over convent ional ladder
logic approaches.
“High compre-hensibility of theprogrammedfunctions is theultimate ambitionof safety-relatedprogramming.Therefore, there is aneed for a preciseand compact pro-gram structure andrepresentation.”
—Dirk HablawetzBASF AG
“The Practical use ofthe international
standard IEC 61508”TÜViTConference, Jan ‘03, Augsburg
Germany
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 18/32
With the rich TÜV-
certified DeltaV SIS
function block suite, the
toughest safety
applications can be easily
implemented.
SIS applicationsConsider a typical example likely tobe found in every plant.
You have an application and needto monitor level (triplicatedmeasurement) and take action inthe event that the pressure (2oo3)is too high. Given the application,
you need to be sure that the valvewill perform on demand. You needto change the test frequency of your SIF from six months to theturnaround scheduled everyfour years.
There are key requirements foryour safety logic: Trip the plant if two of the level
measurements exceed the triplimit.
Generate a deviation alarm if any of the level inputs deviatesfrom the others.
Provide user interface displaywhere all active bypasses arelisted for management byoperators.
If any of the measurementdevices reports bad status,then generate an alarmindicating that the SIF isrunning in degradedmode (2oo2) and removethe device from the votinglogic.
Be able to configure triplimits, deviationpercentages, pre-tripalarm, degradationbehavior and start-upoverrides.
Monitor the performanceof the valve by partiallystroking it every month toensure it will perform ondemand. Send an alarm tooperations and maintenance if
the partial stroke test fails oranother advanced diagnosticalert is detected.
Allow bypassing during startupwith all SIS bypasses beingreported on an SIS or BPCSdisplay.
Set bypasses to automaticallyremove after a configurable timeperiod.
Provide warning to the operator
an appropriate time before abypass is automaticallyremoved.
With Emerson’s smart SIS solutionfor safety applications, this is easy.With Rosemount and Micro
Motion transmitters, DeltaV SIS,AMS Intelligent Device Managerand Fisher DVC, the architecture isin place. With the patent-pendingDeltaV SIS voter and partial-stroketest function blocks, configurationof this logic is a few mouseclicks away.
Tough Applicatio
Experience on which you can rely.18
All of the funct ionalit y described on this page can be
implement w ith this simple configuration.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 19/32
Made Easy
“While developingthe concept of thesafety instru-mented system, theaspect of main-tenance and startupshould be taken
into consideration.Possibilities foreasy check andaccess to allcomponents shouldbe kept in mindwhile designing thesystem.”
—NE31 Standard
19
Fast configurationwith cause-and-effectmatrix functions Traditional SIS projectrequirements are typically definedusing cause-and-effect matrices(CEM). Once approved, these are
often translated into logicdiagrams and ultimately intoladder logic of the selectedsupplier.N o more —with the CEM
function block, the cause-and-effect diagrams can be deployeddirectly in the logic solver. TheCEM table executes as it ispresented.
Documentation is easy, since theCEM configuration is the logic thatexecutes.
CEM logic is configured per WYSIWYG:
what you see is what you get. End user
requirements are executed as
documented eliminat ing project
phases and risks associated with
implementat ion errors.
“While developingthe concept of thesafety instru-mented system, theaspect of main-tenance and startupshould be taken
into consideration.Possibilities foreasy check andaccess to allcomponents shouldbe kept in mindwhile designing thesystem.”
—NE31 Standard
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 20/32
The Health of Yo
20
Realt ime information when and whe
Identifying and
predict ing problems in
the sensors, logic solvers,
final elements, and the
surrounding process is
critical. Sending this information quickly to
the people who can take
corrective action is
equally important .
Detect
Detection starts at the process.Only Emerson’s PlantWebarchitecture for safety applicationscontinuously monitors loop andprocess health.
NarrowCastShould a problem be detected in adevice or the supporting process,a PlantWeb alert is generated. This alert travels to the logicsolver, which is configured tonarrowcast the alert to theappropriate personnel and themaintenance system.
In some cases, it is desired todirect the alarm/alert to thepersonnel who man theplant—twenty-four hours, sevendays a week—such as theoperators of the BPCS. This isdone via drag-and-dropconfiguration. In addition toidentifying the alert as a safety
alert, the operator is providedwith information identifying theroot cause of the problem, withcontext sensitive guidance forcorrective measures.
In other cases, it is desired thatall safety personnel be alertedto every safety alert. Emerson’sMessenger software is thesolution. Emerson’s Messengersoftware uses web services to
deliver PlantWeb Alerts to themaintenance personnelresponsible for solving the
problem via email, phone,pager or SMS. These time-critical alerts can be sent viaXML to your ComputerizedMaintenance ManagementSystem (CMMS) to generatework orders automatically.
With the optional SIS ReportingMessenger plug-in, detailedSIS diagnostic test results fromactuator partial-stroke tests,sensor tests, and SIS loophealth tests are automaticallytransmitted via email orprinted to satisfy regulatoryreporting requirements.
Diagnose and correctWith notification delivered to theright people, the AMS suite’sIntelligent Device Managersoftware provides quick access todetailed device diagnostics.
The bottom line—the PlantWebarchitecture provides a platformfor more reliable safetyoperations, from early detectionthrough notification and
correction.
2
13
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 21/32
“Monitoring thehealth of theinstruments in anisolated environ-
ment like ours givesus the ability to findout what’s wrongbefore we sendsomebody out tothe field and that’svery importantgiven our limited
staff. Being able tomonitor the healthof the equipment,positions us to beproactive with ourmaintenanceprograms. Thishelps us improve
our overall processavailability.”
—George Cushon,OPTI Canada Inc
oops
21
t counts.
Smart field devices send crit ical health
informat ion to the right people at the right t ime.
Wit h AMS Intelligent Device
Manager, device health can be
determined remotely.
Diagnose and cor rect 3
Detect 1
Crit ical alerts can be sent directly
via email, pager or phone.
NarrowCast “Monitoring thehealth of theinstruments in anisolated environ-
ment like ours givesus the ability to findout what’s wrongbefore we sendsomebody out tothe field and that’svery importantgiven our limited
staff. Being able tomonitor the healthof the equipment,positions us to beproactive with ourmaintenanceprograms. Thishelps us improve
our overall processavailability.”
—George Cushon,OPTI Canada Inc.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 22/32
Flexible architectureWhether you have an isolatedboiler or a large ESD application,DeltaV SIS scales to provide youwith the safety coverage yourequire for your SIL 1, 2 and 3 SIFs.
Unlike other approaches, themodular logic solver hardwarescales in steps of 16 configurableI/O. This means you automaticallyadd memory and CPU every timeyou add a logic solver. The days of running out of memory or CPUpower are over.
The architecture of DeltaV SISallows you to concentrate on thedesign of each SIF—each logicsolver is a container for a smallnumber of SIFs and there can be nounplanned interaction between
them. This is very different fromthe traditional approach wherehundreds of SIFs are all placed in asingle safety PLC
and the effect of changing a single
register could affect all of the logic.DeltaV SIS scales as the number of SIFs scales—simply add logicsolvers to contain more safetyfunctions with no impact on theperformance of the existingsystem. On a large plant theselogic solvers can be placed innodes close to the process unitbeing protected; an intuitivedesign with fewer opportunities formaintenance errors that has the
added advantage of wiring savings.
Given this scalability,DeltaV SIS is ideally suitedfor all safety applicationsup to SIL 3: small burnermanagement applications,large ESD and fire and gas
applications.
Flexible Architectu
Completely integrated–ready to deplo22
Applications that require safety instrumented systems to
reduce risk come in all sizes and topologies. You need an
SIS offering that can handle the smallest to the largest
application and one that has the flexibility to address
widely distributed architectures.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 23/32
or Any Size
“The scalability of it really impressesme—that you canput in one modulefor just a fewloops, or you canbuild a completesafety system.”
—Global ChemicalProducer
23
Configuration Workstat ion may optionally be
used for SIS Alarm Management, Operator
Interface and/ or Device Maintenance.
SISnet—A redundant fiber opt ic
network spanning kilometers.
DeltaV SIS easily scales to fi t
the size and distribut ion of
your safety applications.
Ethernet configuration network
“The scalability of it really impressesme—that you canput in one modulefor just a fewloops, or you canbuild a completesafety system.”
—Global ChemicalProducer
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 24/32
Simplifying IEC 615
Easier regulatory compliance.24
The PlantWeb solution
for safety applications
has been designed to
assist customers in
following the IEC 61511
standard for SIS deployment.
DeltaV SIS helps to automaticallydocument and simplify yourcompliance with this internationalsafety standard, along withadditional regulatory requirementsparticular to your operatingregion.
Not only will the upfront costs of engineering, installing andcommissioning your system belower, but so will the ongoingmaintenance and managementcosts to satisfy your safety andregulatory requirements.
MaintenanceComplying with the verificationand documentation requirementsof IEC 61511 is simplified with the
AMS Device Manager Audit Trail software.
The Audit Trail automaticallyrecords changes to a device’sconfiguration and includes thefollowing information for eachevent:date and time of the eventuser who made the change.
Engineering The DeltaV SIS reduces your IEC61511 compliance efforts byincorporating our experience of satisfying tough regulatoryrequirements for changemanagement.
All changes to the DeltaV logicsolver configuration includingdetails of the change, who made it,and when it was made, are
automatically captured.
Compliance is simplif ied wit h AMS Device Manager Audit Trail.
Change
Audit Trail
Edit
Changes are automatically
captured wi th embedded version
control and audit trail.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 25/32
OperationsShould an emergency stop berequired for the application, twomechanisms may be used. Youmay hard-wire a physical ESD(emergency shutdown) mushroombutton to the I/O of a logic solver.
If, instead, you choose to soft-wirean emergency shutdown buttonfrom a graphic on the OperatorWorkstation then you will need toensure that the communicationsare secure. In keeping with IEC61511, DeltaV SIS requires arepeat confirmation on theemergency shutdown actionbefore it will take effect –protecting the logic solverfunctionality. This repeatconfirmation is automaticallyexecuted for every on-linecommand from all Workstations toevery logic solver, includingoperational functions that requiredata security such as bypasses andtrip limit changes.
Other capabilities havebeen added to ensure safeoperation and maintenance
of your SIS.
For example, any bypass isautomatically flagged in theoperator interface and logged inthe event journal file.
The bottom line: built-incapabilities in the PlantWeb
architecture, such as repeatconfirmation, changemanagement, download control,device audit trail and others,reduce the IEC 61511compliance challenge.
“DeltaV SIS wasbest suited for oursafety shutdownapplicationsbecause of itsmodularity,integration withthe control system,and safety loopdiagnostics.”
—Steve SchmitzRohm and Haas
Compliance
25
“DeltaV SIS wasbest suited for oursafety shutdownapplications
because of itsmodularity,integration withthe control system,and safety loopdiagnostics.”
—Steve SchmitzRohm and Haas
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 26/32
Connecting with Your Existi
26
Connect with your exist ing system
No matter what DCS or PLC you are using
as your basic process control system, you
can increase your plant’s availabilit y using
Emerson’s smart safety instrumented
solution.
Reliable,proven integrationWith the advent of openstandards, integration of BPCSand safety instrumented systemshas become easier. The OPCstandard introduced in 1996provides an excellent mechanismfor high data transfer rates in real-time from an SIS to a BPCS. Forthose with smaller data transfer
needs, the Modbus protocol maybe an alternative.
OPC integrationOLE for Process Control (OPC) hasbecome the de facto standard forcommunications betweendisparate systems in the processindustries. DeltaV SIS connectswith your legacy BPCS via OPC.
All operating and eventinformation is available to youroperator interfaces and historycollection software using an OPCinterface.
OPC Data Access (DA) providesreal-time data integration. WithEmerson’s field-proven OPCMirror, data from DeltaV SIS iseasily mapped into the OPCServer of the installed BPCS.
Completing the integration isOPC Alarms and Events, whichprovides a means to include SISalarms and events into your
selected plantwide eventhistorian.
An excellent event collectioncandidate for this function isEmerson’s PlantWide EventHistorian, which provides a SQLdatabase for collecting time-stamped events from multiplesources into a single enterpriseevent historian.
Modbus integrationModbus may also be used tointerface the SIS and BPCS.Modbus brings the advantage of familiarity to most users, aswell as the comfort ofdecades of proven reliability.
Modbus is often usedfor communicatingprocess-related databetween SIS and BPCS,while OPC is perfectlysuited to transferringlarge amounts of SISdata to be presentedon the BPCS displays.
Integration servicesOur global solutions organizationhas a long history of providingthese integration services if yourequire them.
And since Emerson has officesaround the globe, we can providethe ongoing support you need tomaintain efficient operations.
Bear in mind—unlike theintegrated Emerson solution
shown on Pages 28 & 29—thesetraditional connectivity methodsrequire manual changemanagement procedures andcostly ongoing support.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 27/32
Basic Process Control System (BPCS)
“The standard OPCcommunicationprotocol built intothe DeltaV systemwill make interfacesbetween thevarious network
applicationsseamless.”
—David GreerShell PhilippinesExploration B.V
27
asy.
OPC DA and OPC A/E may be
used for real-time and alarm
integrat ion, respectively.
Tradit ional Modbus may also be used.
OPC Mirror allows data to
be mapped between BPCS
and DeltaV SIS.
Redundant servers provide
increased availabi lit y.
“The standard OPCcommunicationprotocol built intothe DeltaV systemwill make interfacesbetween thevarious network
applicationsseamless.”
—David GreerShell PhilippinesExploration B.V.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 28/32
Integrated Y
Easier to configure and maintain.28
If you already have a
DeltaV system or are
considering the DeltaV
system as your BPCS, the
DeltaV SIS solut ion
provides the true integration you’ve
always wanted between
your BPCS and SIS, with
the separat ion required
by IEC 61508 and IEC
61511 standards.
Architecturallyindependent The PlantWeb architecture forsafety applications fits easily withyour DeltaV BPCS. Perfect forapplications requiring SIS riskreduction on only a few loops, theDeltaV logic solver can be presenton the same carrier as a standardDeltaV module. The powersupplies, communicationchannels, hardware, and real-timeoperating systems are c omp lete ly
inde p e nde nt of the standardDeltaV cards and the DeltaV logicsolver, maintaining the separationrequired by IEC 61508.
All operations, engineering and
maintenance functions for thetwo systems are integratedincluding: alarm handling configuration time synchronization user security device health monitoring.
The integrated configurationenvironment simplifies andstreamlines the engineering
effort. This integrated approacheliminates time-wasting, difficultto maintain data mapping, andhandshaking logic that iscommon in existing solutions.
Operators have one commonoperating environment for boththe DeltaV BPCS and DeltaV SIS tomore effectively operatethe plant.
Unlike any other SIS solution;engineering, operating, andmaintaining the DeltaVintegrated- yet-separatearchitecture is easy.
SIS informat ion can be
displayed and alarmed
like any BPCS data.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 29/32
“As data-drivensystems becomelarger, makingmore extensive useof data, theidentification andmanagement of data integritybecomes asignificant factor inthe demonstrationthat the requiredsystem integrityhas been achieved.”
—Alastair FaulknerCSE International Ltd
Separate
29
DeltaV BPCS and SIS are
configured and operated
with t he same soft ware.
Wit h separate power supplies and TÜV approved
dedicated safet y networks, SIS and BPCS components
may be mixed in the same cabinet for smaller applications.
“As data-drivensystems becomelarger, makingmore extensive useof data, theidentification andmanagement of data integritybecomes asignificant factor inthe demonstrationthat the requiredsystem integrityhas been achieved.”
—Alastair FaulknerCSE International Ltd.
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 30/32
Emerson leads the
industry in providing
services throughout the
lifecycle of your
operations, no matter
where you operate on the globe. From project
planning, through plant
commissioning, to
optim izing and
support ing your
operations, Emerson
has the experience you
can depend on to
be successful.
Emerson—provenexperienceSafety instrumented systems playan important role in your overallprocess automation strategy.Emerson Process Management, aglobal leader in processautomation, delivers the
technology and expertise requiredfor safer, more reliable operations.
With a heritage of financialstrength, Emerson has the stabilityto invest in the technologiesrequired to help you reduce risk inyour process, while lowering thecosts. Emerson is the global leaderin transmitters and actuators withonline, self-testing capabilities—keys to a more robust SIS solution.
Differentiated safetyservicesEmerson has extensive globalcoverage for MAC (MainAutomation Contractor) servicesworldwide. These services includeall aspects of your automationproject from concept through:
Proven scalable project processfor Integrated Control andSafety System to MAC scope
Certified compliance by TÜVto IEC 61511 best practices:Services covering the entirelifecycle from conception todecommissioningGlobal coverage with sameIEC 61511 practices in placeEmerson certified field safetyengineers available in yourlocale for the support andmaintenance of your SIS.
Emerson Process Managementhas the technology, expertise, andexperience for your processautomation and safety needs.
Industry Leading S
Emerson—Consider it solved.30
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 31/32
ice and Support
“Emerson’s projectexecutioncapabilities were acritical part of ourproject’s success.”
—David WhiteheadClough Engineering
31
Emerson can help you at any stage of the
IEC 61511 Safety Life Cycle.
“Emerson’s projectexecutioncapabilities were acritical part of ourproject’s success.”
—David WhiteheadClough Engineering
7/18/2019 Safety Instrumented Systems Engineering
http://slidepdf.com/reader/full/safety-instrumented-systems-engineering 32/32
As a core element of the PlantWeb digital architecture,
the DeltaV systems makes
control ling your process easy.
The contents of this publication are presented for informational purposes only, and while everyeffort has been made to ensure their accuracy, they are not to be construed as warranties or guar-antees, express or implied, regarding the products or services described herein or their use orapplicability. All sales are governed by our software licensing agreement and terms and condi-tions, which are available upon request. We reserve the right to modify or improve the designs orspecifications of our product and services at any time without notice.
© 2005 Fisher-Rosemount Systems, Inc. All rights reserved.
The Emerson logo is a trademark and service mark of Emerson Electric Co.
PlantWeb, DeltaV, the DeltaV design, SureService, the SureService design, Emerson ProcessManagement and the Emerson Process Management design are marks of one of the Emerson ProcessManagement group of companies. All other marks are the property of their respective owners.
Emerson Process Management12301 Research Blvd.Research Park Plaza, Building IIIAustin, Texas 78759 USA
T +1 512.835.2190F +1 512.832.3443www.EasyDeltaV.com
Customers w ho h ave r equested t his b rochure h ave a lso r equested t he
following b rochures:
SureServicebrochure—for maximum return on your automationinvestment throughout its lifecycle.
Visit: www.SureService.com
FIELDVUE® Instrumentsbrochure—Visit: www.EmersonProcess.com/fisher
SIL-PAC TM Valve Automation Solution ForSafety Systems brochure—Visit: www.EmersonProcess.com/
valveautomation/bettis
Project Servicesbrochure—when success is the only option, call uponEmerson experts.Visit: www.EmersonProcess.com/
solutions/projectservices