Presentation is loading. Please wait.

Presentation is loading. Please wait.

600T Safety Pressure Transmitters

Published byAnabel West Modified over 9 years ago

Similar presentations

Presentation on theme: "600T Safety Pressure Transmitters"— Presentation transcript:

1 600T Safety Pressure Transmitters
TÜV SIL2 approved IEC /ISA S84.01

2 Summary: Safety - Applicable Std & Rules 600T Safety Transmitters - General concepts Saturation & Alarms levels Key points for determining the “Safety Integrity Level”

3 Applicable Std & Rules TÜV HAZOP SIS SIL ANSI ISA S84 IEC61511 PHA
OSHA 1910 IEC61508 Safety Life Cycle PHA SIL TÜV

4 NFPA 8501 DIN VDE 0116 IEC 61511 EN 298 NFPA 8502 Application standards HSE PES ISO 10418 EN 54-2 API RP14C ISA S84.01 IEC 61508 DIN V VDE 0801 Functional Safety DIN V 19250 EN EN Basic safety/low voltage/Ex prot./EMC EN Basic Quality requirements ISO 9000

5 IEC 61508 ISA S84.01 IEC 1131 Applicable for all industries
Process Industry IEC 61511 Process Industry IEC 61513 Nuclear Industry IEC 1131 Programming Languages for PLC This specification plays and important role on programmable system for safety applications IEC 615YY Transportation IEC 615ZZ Other industries

6 Current Std Rules IEC 61508 IEC 61511 STANDARD Parte 1 CDV (May)
Parte 2,3 CDV (July) Parte 1,2,3 FDIS May 2001

7 Safety - Base Concept Safety integrity can be expressed by:
“Ability by system for carrying the safety operation in satisfactory way on demand” The evaluation of the performances of the system should be done according to the international stds (SIL in IEC) and national rules (AK in DIN). The certification can only be performed by authorized institute like TÜV.

8 Safety integrity Level (SIL)-
Safety - Base Concept Safety integrity Level (SIL)- “ Safety Probability achievable through the loop (system) on safety demand.”” A safety loop or system includes all hardware , software and all the necessary components for achieving the needed safety functions.

9 Safety - Base concept Safety Loop 35% 15% 50% Transducer & transmitter
35% % % Transducer & transmitter Safety System Actuator , valve

10 Safety Integrity Levels (SIL)
Protection of environment & comunity Human protection Protection of ownership and manufacturing Protection of plants “SIL 4” “SIL 3” “SIL 2” “SIL 1” Nuclear PFD: E-005 to< E RRF: 100,000 to 10,000 yrs. PFD: E-004 to< E-003 RRF: 10,000 to 1,000 yrs. PFD: E-003 to < E-002 RRF: 1,000 to 100 yrs. PFD: E-002 to < E-001 RRF: to 10 yrs. PFD = Probability of Failure on Demand RRF = Risk Reduction Factor (1/PFD)

11 Safety Integrity Levels, Target Failure Measures
Low Demand Mode of Operation Cont/High Demand Safety Mode of Operation Integrity Level Probability of failure to perform its Probability of a dangerous failure design function on demand per year SIL 4 >=10 -5 to <10 -4 >=10 -5 to <10 -4 SIL 3 >=10 -4 to <10 -3 >=10 -4 to <10 -3 SIL 2 >=10 -3 to <10 -2 >=10 -3 to <10 -2 SIL 1 >=10 -2 to <10 -1 >=10 -2 to <10 -1 35 % 15 % 50% E/ E/ PE Sensor-Transmitter Safety Controller Actuator

12 Safety Lifecycle - “ Sequence of the activities involved for implementing the safety system from the engineering design until the commissioning”

13 -Identify the safety functions
1 Concept Safety analysis: -Identify the safety functions Determine the minimum safety integrity to which the safety fuction should be carried out . 2 Overall Scope Definition 3 Hazard & Risk Analysis 4 Overall Safety Requirements 5 Safety Requirements Allocation 6 7 8 Overall Operation & Maintenance Planning Overall Validation Planning Overall Planning 9 Safety-related systems: E/E/PES 10 Safety-related systems: Other Technology 11 External Risk Reduction Facilities Overall Installation & Commissioning Planning Realization Realization Realization Overall Installation & Commissioning 12 Back to appropriate Overall Safety Lifecycle phase 13 Overall Safety Validation 14 Overall Operation & Maintenance 15 Overall Modification & Retrofit 16 Decommissioning

14 Block 9: To Box 14 To Box 12 9.1 E/E/PES Safety Requirements Specification 9.1.1 Safety Functions Requirements Specification Safety Integrity Requirements Specification 9.1.2 9.2 E/E/PES Validation Planning 9.3 Design & Development 9.4 Integration 9.6 Safety Validation 9.5 E/E/PES Operation & Maintenance Procedures

15 Example for determining the Safety Integrity Level, (ISA S84.01)
SIL 1 SIL 1 SIL 1 NA NA SI 1 Level of effect against dangerous event SIL 2 SIL 2 SIL 2 NA NA NA SIL 1 SIL 1 SIL 2 High High SIL 3 SIL 3 SIL 3 NA NA SIL 1 Medium SIL 2 SIL 2 SIL 3 Medium Efficiency of other means towards a risk reduction SIL 1 SIL 1 SIL 2 Low Low Low Medium High Probability of dangerous event * NA = No SIS required * Numbers in boxes are SIL levels for SIS

16 Comparison between classifications
AK8 8 0.0001 4 AK7 7 AK6 6 99.999 0.001 3 3 AK5 5 AK4 4 99.99 0.01 2 2 AK3 3 AK2 2 99.90 0.1 1 1 AK1 1 Availability Percentage P.F.D. (Probability of Failure on Demand) ANSI/ISA S84.01 IEC 61508 Class TÜV (AK) Din V 19250 SIL

17 Safety - Philosophy It require analysis of risks and consequent evaluation of integrity according to the SIL (Safety Integrity Levels) “Think ” safety during all the life cycle of your plant “Think ” safety not only for the safety controller but for all the safety loop : Sensor/Transmitter Actuator

18 Safety Transmitter The 600T Safety Transmitter has been designed according to IEC “Functional safety of electrical/electronic/ programmable electronic safety-related systems” per Safety Integrity Level 2 (SIL2)

19 Safety Transmitter SIL2 means that the transmitter should detect every internal hardware failure giving an external alarm and programming the analogue output level at a predetermined value. The 600T Safety is intrinsically redundant either for hardware that for software . This has been achieved with a supplementary stage and through an improvement of the internal diagnostic software .

20 Saturation Limits and UP/DOWN scale (alarms) according to NE43 (NAMUR).
If input signal 105%  High Saturation = 20.8 mA If input signal -1.25% Low Saturation = 3.8 mA Saturation Levels UP Scale = 22 mA Down Scale = mA Alarm Levels

21 Saturation Limits and UP/DOWN (alarm) scale
Normal Operation Malfuntioning 22 3.7 Analogue output saturated 3.8 20.8

22 The SIL2 approval is valid only for the analog output.
Even if the SIL2 approval is valid only for the analog output being the Hart Communication Protocol not certifiable, the 600T Safety Pressure Transmitters perform the Hart communication and keeps all the Hart features with improved diagnostic information.

23 Principle of operation
600T Safety Transmitters take advantage of the intrinsic redundancy of the highly reliable 600T series differential inductive sensor which provides two independent signals proportional to input pressure The two inductive signals are separately detected by two independent ASICs and separately elaborated internally the electronics. Calculations follow independent flows and they are compared in the microcontroller in order to validate the output pressure signal.

24 Principle of operation
Internal diagnostic algorithms are implemented to check correctness and validity of all processing variables and the correct working of memories. A supplementary shut down circuitry provides a safe shut down when a fault occurs in the analog section of the electronics.

25 Principle of operation
The output stage is also checked by reading back the analog output signal. The feedback loop is obtained by an additional A/D converter put at the end of the output stage, which translates the 4-20 signal into a digital form suitable to be compared by the microcontroller.

26 Summary of Key Points for Safety Integrity
Excitation and reading integrity Sensor integrity CPU integrity

27 Summary of Key Points for Safety Integrity
Analog Output stage integrity CPU working - software sequences Clock integrity Power Supply monitoring

28 Primary signal detection
Excitation and reading integrity The pick-up values are read by two independent circuitry and transferred to the Analog to Digital conversion on two independent lines. The values are checked to test the correct circuit working and the readings consistency

29 Sensor integrity Pressure values are calculated independently from the two pick-ups. To check the consistency between the measurement of the two pick-ups and therefore the sensor integrity the results are independently evaluated and compared between them. In case of failure in the comparison the output is driven to up or down scale.

30 Hardware and software redundancy
TÜV SIL2 Approved IEC ISA S84.01 Dual element Sensor Microprocessor A/D Power supply & analog output COMPARATOR CLOCK 2 CLOCK 1 WATCHDOG PRESSURE DETECTION ELEMENT 1 LINEARIZATION & COMPENSATION VOTING HART VALIDATION D / A 420 mA OUTPUT 1 420 mA FAIL SAFE ENABLE 420 mA SAFE OUTPUT Temperature sensor COMPARATOR To better understand the architecture and the structure of the transmitters we can use this block diagram: We have mainly a main information path and a redundant information path which carries out the diagnostics: The main information path is in green. The pick up values are read in the primary electronics board where they are converted to a characteristic proprietary signal; in the secondary unit the A/D conversion and the linearization and compensation are performed. Then the digital variable is converted to an analog value that drives the output stage. In the redundant path another reading is performed. The obtained values are converted, linearized and compared with the results of the main information path. In red there are the control and diagnostic blocks: firstly the two measures are checked between them, then two different value of pressure calculated are compared between them. All the sequences are monitored by a watchdog circuit. In case of serious failure in the microcontroller a supplementary independent shut-down circuit provides to shut-down the system. This block is driven by a redundand supplementary clock and by the microcontroller that provides to act on it in case the output stage fails. This last detection is obtained by a feedback reading of the real output that is compared in the microcontroller with the digital variable. VERIFY SUPPLY PRESSURE DETECTION ELEMENT 2 LINEARIZATION & COMPENSATION A / D VERIFY OUTPUT OUTPUT 2 Base schematic Redundancy Diagnostic Redundancy Diagnostic Previous Benefits

31 600T Inductive Sensor Feedthrough Measuring diaphragm Ferrite Plate
Coil Ferrite Pot-Core

32 Random hardware failure
Conclusions Failure Avoid by: more reliable components additional defences against common mode failures increased diagnostic coverage increased redundancy Random hardware failure More info Back

33 Random hardware failure
Avoid by: design features that control (tolerate) systematic faults in actual operation. techniques and measures that avoid systematic faults during design and development. Random hardware failure - Systematic failures - Specification errors - Equipment errors - Software errors More info Back

34 CPU Integrity Pressure values are calculated independently from the two pick-ups. To check the consistency between the measurement of the two pick-ups and therefore the sensor integrity the results are independently evaluated and compared between them. In case of failure in the comparison the output is driven to up or down scale.

35 Output Analog stage integrity
The analog output 4-20 mA signal is read in feedback and compared with the digital 4-20 mA produced internally the microcontroller to verify the integrity of the output stage. In case of failure of this check the transmitter goes in alarm status. A supplementary output stage provides in this case to deliver a 21.6 mA signal.

36 CPU working - software sequences
At the end of any calculation loop a watchdog is reset. If it doesn’t happen it would mean that there is an error in the microcontroller operations; after a further verification and a true error detection status an alarm signal (21.6 or 3.6 mA) is generated

37 Clock integrity A secondary clock provides to verify the correct functionality of the primary clock. In case of failure the supplementary output stage provides to deliver a 21.6 mA signal

38 Power supply monitoring
If the voltage exceeds the minimum or maximum limit the signal is driven to the alarm condition.

39 End of slide show.

40 Who is TÜV? TÜV is a testing agency based in Germany that provides Functional Safety assessment for safety instrumented systems per a number of different standards including VDS0801/A1 (the primary standard), IEC 61508, ISA 84.01, and a number of other DIN electrical and application specific standards. The certification of safety-related programmable controllers/logic solvers has gained an influential world-wide reputation, particularly in the petrochemical industry. Is there legal obligation for considering Functional Safety? Yes. In Europe, USA and Germany statutory regulations address the possible malfunction of safety-related equipment. Europe – Machine Directive Gaseous Fuel Directive, Medical Device Directive; USA: OSHA regulations in particular CFR § ; Germany: German Geratesicherheitsgesetz (Device Safety Law) and StØ rfallverordnung (Safety Incident Regulation).

41 What are the requirements for Functional Safety?
In the US process industry, ISA S84.01 has been established to address the application of safety instrumented systems and internationally the IEC is expected to become the dominant, world-wide standard for functional safety. These standards define the requirements for Safety Integrity Level 1,2,3 and 4 certification.

42 Headline

Download ppt "600T Safety Pressure Transmitters"

Similar presentations

IEC – IEC Presentation G.M. International Safety Inc.

IEC – IEC Presentation G.M. International Safety Inc.
IEC – IEC Presentation G.M. International s.r.l

IEC – IEC Presentation G.M. International s.r.l
Automation I. Introduction. transmitter actuator Structure of control system Process or plant Material flow sensorstransducers actuating units actuating.

Automation I. Introduction. transmitter actuator Structure of control system Process or plant Material flow sensorstransducers actuating units actuating.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
Lecture # 2 : Process Models

Lecture # 2 : Process Models
Functional Safety Demystified

Functional Safety Demystified
NERC Lessons Learned Summary December 2014. NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.

NERC Lessons Learned Summary December NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.
1 Safety Instrumented Systems ANGELA E. SUMMERS, PH.D., P.E. SIS-TECH Solutions, LLC We’re Proven-in-Use.

1 Safety Instrumented Systems ANGELA E. SUMMERS, PH.D., P.E. SIS-TECH Solutions, LLC We’re Proven-in-Use.
Rexroth IndraDrive Integrated Safety Technology

Rexroth IndraDrive Integrated Safety Technology
Data Acquisition Risanuri Hidayat.

Data Acquisition Risanuri Hidayat.
E VERY L IFE H AS A P URPOSE… FlameGard 5 UV/IR Flame Detector The Benefits of HART on Installation and Maintenance of Flame Detectors.

E VERY L IFE H AS A P URPOSE… FlameGard 5 UV/IR Flame Detector The Benefits of HART on Installation and Maintenance of Flame Detectors.
Functional Safety Overview

Functional Safety Overview
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
CSE 466 – Fall 2000 - Introduction - 1 Safety  Examples  Terms and Concepts  Safety Architectures  Safe Design Process  Software Specific Stuff 

CSE 466 – Fall Introduction - 1 Safety  Examples  Terms and Concepts  Safety Architectures  Safe Design Process  Software Specific Stuff 
Testing safety-critical software systems

Testing safety-critical software systems
Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.

Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
Part II AUTOMATION AND CONTROL TECHNOLOGIES

Part II AUTOMATION AND CONTROL TECHNOLOGIES
© ABB Group August 13, 2015 | Slide 1 Power Generation Service Life Cycle Management for Power Plants Daniel Looser, Power Gen Europe in Amsterdam, June.

© ABB Group August 13, 2015 | Slide 1 Power Generation Service Life Cycle Management for Power Plants Daniel Looser, Power Gen Europe in Amsterdam, June.
Unit 3a Industrial Control Systems

Unit 3a Industrial Control Systems

Similar presentations

Ads by Google