First integrated intelligent safety management solution
March 1st 2004

Emerson Process Management has extended its digital PlantWeb architecture with the launch of its Smart SIS solution that offers users safer plants, increased availability, lower lifecycle cost and simplified regulatory compliance. At the formal launch recently Emersons MD, Steve Brown described the significance of the launch saying In the same way as when Digital Plant Architecture changed the game for process control we are at the next inflexion point. IP&E reports The problems and issues facing users concerning safety in process industries are varied and complex involving technology, legislation, insurance, litigation and productivity. At the present time Process Automation is carried out by a BPCS (Basic Process Control System) whether it is a DCS, PLCs or a digital automation system. Separately an SIS (Safety Instrumented System) is installed for safe process shutdown in the case of a hazard alert, whether cause by equipment malfunction or failure of the BPCS. Despite their name, BPCSs are very complicated and powerful and not in the least bit basic. They are under operator control, modified frequently to meet new requirements, and have the main task of working to control the process. On the other hand the SIS is not under control of the operator, is typically passive and takes action only when a dangerous condition is detected. Because of this passivity the working order of all the elements of an SIS is vital and therefore the design must consider and specify regular testing. Any SIS system installed on a plant has to have dedicated sensors and valves, with a Logic Solver as the safety system controller, functioning independently of the BPCS, meaning that end users are spending money effectively doubling up on equipment. The question arises Do I need a SIS in my plant? How much risk can I assume? and the answer is a complicated one with risk varying from end user to end user depending on the process, the regulatory authority, insurance and litigation environment in their country. Risk Reduction Classification Those responsible for process plant safety will be familiar with questions such as ?Tell me about your PFD (Probability of Failure on Demand), and equipment Safety Integrity Level (SIL).To reduce the risk from a process plant a safety system with a low PFD would be specified: to achieve this the equipment used in it would have a high SIL rating, of say SIL3. To achieve a Risk Reduction Factor (RRF) of 1000 on a plant the safety system would need to have a PFD of < 10-3, and SIL3. A Safety Instrumented System typically contains many safety loops, or SIFs (Safety Instrumented Function), each with its own SIL rating. The PFD of the loop is dependent on all the components of the SIF i.e. transmitter, logic solver, valve, and establishes the RRF achieved for the plant by adding the SIF. According to Duncan Schleiss, VP marketing of Emerson Process Systems based in the USA Sometime in the future you know with absolute certainty that your [pressure] transmitter or your final control element (shutdown valve) is going to fail to operate correctly the question is when? This highlights the fact that one of the existing problems with todays process environment is that in order to keep the PFD low, regular proof tests must be carried out. However, as Duncan says When you have to test the safety equipment its usually not safe for people. To illustrate his point Duncan related an anecdote, that is probably repeated throughout the world, where as a junior employee working in a process plant his was the job to enter a highly dangerous environment to test a piece of safety equipment that might have been perfectly serviceable. While being tested the equipment is not available and so would not carry out the safety function if an emergency situation arose. The employee one senior to him was the person instructed to drag him out in the case of an accident. The point here is that if the safety equipment could have been tested remotely, without impacting on productivity then perhaps a manual test would be needed less frequently therefore dramatically reducing the risk to human life. Increasing Regulation The fact is that in all aspects of safety end users are facing increased regulation. IEC 61508 standard contains requirements for suppliers of process control equipment for safety applications. End users typically seek products certified to conform to this standard by a reputable independent agency. IEC 61511 is an international standard targeted at process industries that covers the procedure for an end user to follow in planning, implementing and maintaining a SIS. The entire SIS life cycle is covered including: risk analysis; performance based design; operations and maintenance. As Duncan Schleiss says The number of users using this standard is almost zero.. But with the twin demands of insurance and litigation forever pushing toward greater regulation this will not be the case for very long. SIS Failures Valves/ transmitters/ logic solvers this is the statistical order for frequency of failure, but safety personnel will frequently focus on logic solvers for two reasons, the first being logic solvers are sexy in comparison to valves, and logic solver failure is extremely serious, since with current designs it would typically affect all the SIF safety loops on the plant, while valve or transmitter failure is less so, since it affects only one SIF. The weak links are statistically the measurement equipment and the final element in the process, these are the ones that fail. How then can we countenance eliminating yearly on-line proof testing of these elements? The answer is through equipment selection and automated testing, producing diagnostic signals for analysis. Is there an automated test procedure that can be deployed to ensure the valve will close on demand? Is there a means to test this periodically without human intervention? Users need a system that self-tests the entire SIF, delivering increased safety through: automated proof tests verifying SIF health; eliminating potentially risky manual procedures; eliminating exposure during proof tests when SIS is offline. Plus, this must all be done while maximising availability with no spurious trips and no associated emissions. The reality is that there is not a safety system on the planet today that can fulfil these functions says Duncan Schleiss Until now that is. PlantWeb Smart SIS architecture With the launch of its new PlantWeb Smart SIS safety management architecture Emerson Process Management has extended its proven digital process automation architecture to enable safer process plants and facilities. First to employ digital intelligence and diagnostics from sensor-to-logic solver-to-final-control, and to take an integrated complete safety loop approach, the PlantWeb SIS safety management solution offers automated safety loop testing and other features that increase system availability, while reducing life cycle cost and easing regulatory compliance. The new Smart SIS solutions are built from proven PlantWeb technologies intelligent field devices, predictive diagnostics and digital communications. For safety applications, PlantWeb Smart SIS solutions provide assurance of a SIL3 approach that includes transmitters and valve controllers certified to IEC 61508 and SIL3 ratified safety systems. Emerson professional safety personnel and services organisations can help users plan and implement Smart SIS solutions to comply with the new IEC 61511 safety standard. Services include assisting the end user with process hazard analysis and risk assessment along with Smart SIS design, implementation and commissioning. Facilitated by PlantWeb technologies, the Smart SIS solutions are easily integrated with mainstream BPCS to enable facility wide overview, while maintaining separation of safety critical elements as required by IEC standards. Safety data and alarms are presented on Emersons DeltaV operator interfaces, stored in its historians, and passed to the AMS Suite: Intelligent Device Manager for integrated documentation and management. Intelligent components that combine to deliver ease of use of PlantWeb Smart SIS safety management solutions include: DeltaV SIS Systems These communicate with safety certified sensors and final control elements. This safety system uses the same engineering tools and interfaces as Emersons DeltaV digital automation system for process control, enabling the viewing of safety system data from any control system interface. Sensors Such as the IEC 61508 certified Rosemount 3051S pressure and 3144P temperature transmitters. For the first time (with the 3051S pressure transmitter range) a field-proven, reliable device for process control can be easily converted to a TV certified pressure transmitter for use in SIL2 or SIL3 safety instrumented systems. Supervisory electronics are added to the transmitter either at the time of order or after purchase in the field as a plug and play upgrade. Existing users of Rosemount 3144P temperature transmitters can also upgrade to a safety certified transmitter by replacing standard electronics with a safety certified assembly. The transmitters are components of Emersons PlantWeb Smart SIS safety management architecture where they are integrated with safety certified final control elements and safety systems in digital intelligent safety loops that enable users to implement safer plants. Using the devices for safety applications eases user compliance to the new IEC 61511 standard and minimises the costly documentation and analysis efforts associated with the alternative prior-use methodology. Customer costs are further reduced by eliminating duplicate training, maintenance and inventory costs because the same pressure instrument can be used in both basic process control and safety instrumented systems. To improve plant safety both devices go beyond certification to the IEC 61508 standard. Required proof testing levels can be stretched to five years enabling considerable maintenance cost savings, elimination of unnecessary process interruptions and risk to personnel. Other sensors will be certified soon and are currently available for SIL3 applications based on proven in use experience. Final Control Elements The PlantWeb Smart SIS safety management architecture uses automated partial stroke testing of final control elements. Scheduled partial stroking of final control elements improves the safety level, reduces personnel trips into the field and increases the mandatory proof test level. Final control elements also employ digital intelligence with on-line diagnostics to deliver final control health information. Featured in Emersons SIL3 Fisher DVC6000 digital valve controller and SIL-PAC final control system, together, these provide partial stroke testing and valve diagnostics to increase reliability of Emergency Shutdown (ESD) valve solutions in SIS. ESD valves in an SIS perform final control; they are required to take the process to a safe state when conditions dictate. The SIL-PAC ESD solution from Emerson comprises a Bettis, Hytork or El-O-Matic actuator and Fisher FIELDVUE DVC6000 digital valve controller, combined with any manufacturers valve to provide an integrated and tested unit. The actuators are suitable for use in SIL3 systems and the DVC6000 has been TV certified for use in SIL 1, 2 and 3 applications. The PlantWeb Smart SIS safety solution minimises safety system valve faults by using the Fisher DVC6000 ESD device to predict and identify many of the common problems that would prevent the ESD valve from operating. The solution uses Emersons AMS Suite: Intelligent Device Manager that provides ValveLink software to automate testing and eliminate manual intervention. The AMS Device manager schedules and initiates a partial stroke of the valve, and captures data on valve movement, including friction build up, air input, output and supply deviations. Alerts are generated if the valve fails to move when under test, or moves when not under test, and also if the supply pressure drops. Logic solver Bulky logic solvers and multiplexers can be replaced with new logic solvers that support digital communication for continuous health monitoring of the complete SIF (Safety Instrumented Function). The DeltaV SLS 1508 logic solver built for digital communications with safety sensors and final control elements, uses predictive field intelligence to increase the overall reliability of the entire safety instrumented function. It is TV certified (Final TV approval pending) without exception for use in SIL1 to 3 applications. Key capabilities include: 24v DC redundant power; 16 channels per logic solver in any combination of HART AI, HART AO, DI DO; line fault detection on all I/O; separate I/O processor and CPU; redundant CPU processor; additional CPU per I.S. logis solvers. Also, you can increase the availability of your SIS loops with a redundant pair of SLS logis solvers. Key capabilities include: dedicated redundancy link; separate power; separate logical address; I/O published locally every scan on redundant peer-to-peer links; same input data for each logic solver; CRC checking every scan. DeltaV safety system software Includes an exclusive palette of TV certified smart function blocks, enabling users to employ drag and drop techniques to accomplish tasks that required pages of coding in traditional safety system. Integration of the BPCS with the SIS is not desirable, IEC 61511 specifies that BPCS and SIS should be kept separate essential for operating according to best practice. Emerson through its new DeltaV logic solver has found a way to retain the separation between BPCS and SIS, conforming to IEC 61511, and yet seamlessly integrate the two together. This produces benefits of commonality in design, set-up, operation and maintenance, plus it also allows plant integration and overview within one operating system . The technology now available to install this integrated yet separate system, and the information that the Emerson SIS provides, will according to Koen Leekens of Emerson Process Management, lead to a confident New philosophy among those responsible for safety in process plants. Through its market research the company is confident of quick acceptance and according to Dr. William Goble of Exida The PlantWeb solution for safety application is the complete package. It considers all equipment in the safety instrumented function as well as the simplified proof testing. This will change industry.

More articles from Emerson Process Management: