SATO Masahito1 KUWATANI Motoichi1
We have developed system generation and maintenance functions for our ProSafe-RS safety system which forms the core of safety instrumented systems (SIS). The system generation function is designed to create application logic (logic solver) accurately and efficiently using IEC61131-3 (IEC standard)-compliant function block and ladder diagrams which are most commonly employed in the safety instrumentation area. The maintenance function has a "maintenance override" function which allows easy maintenance and inspection from the CENTUM CS 3000 HIS without affecting the safety functions of the ProSafe-RS. In addition, it accurately informs the operator of the status of safety controllers (SCS) when a fault is detected, annunciating device or process faults before they prove fatal. Furthermore, the maintenance function is systematized to promptly restore normal operation in case of a system failure or process shutdown.
|Figure 1 ProSafe-RS System Configuration|
The CENTUM CS 3000, a reliable distributed production control system, has been introduced worldwide with the objective of operating plants efficiently 24 hours a day, every day. The CS 3000 handles abnormal conditions in a plant appropriately and minimizes the chance of them developing into faults. In contrast, there is a growing need for safety instrumented systems (SIS) which comply with international safety standards and which, if an abnormal condition is detected that cannot be prevented by a production control system such as the CS 3000, shut down the plant without injuries or fatalities, damage to the environment, surroundings, equipment, or devices. Our safety system, the ProSafe-RS, has been developed to meet these demands. The ProSafe-RS shuts down a plant in response to a shutdown signal or activates fire protection and/or gas protection equipment; application logic (logic solver) is required in safety controllers (SCS).
The ProSafe-RS has a safety engineering function that allows the user to create application logic accurately and efficiently and download it to SCSs. Also, the ProSafe-RS's maintenance function includes a "maintenance override" function that allows easy maintenance from the CS 3000 HIS without affecting the safety functions of the ProSafe-RS. In addition, to check that SCSs have been operating without fail, an SCS maintenance support function provides alarm notification in the event of a fault, and then performs restoration or recovery accurately and efficiently. In this system, a PC equipped with both the safety engineering function and SCS maintenance support function is referred to as "SENG" (Figure 1).
|Figure 2 Engineering Procedure|
Figure 2 shows the general engineering procedure of the ProSafe-RS safety system. The ProSafe-RS safety engineering function was developed on the assumption that it is used in 3 software creation, 4 functional inspection, and 5 factory acceptance test (FAT) in Figure 2.
To create and manage application logic accurately and efficiently, the software creation and functional inspection is implemented in the safety engineering function (Figure 3). This section discusses the main features of the safety engineering function in light of this procedure.
Figure 3 Software Creation and Functional Inspection Procedure
|Figure 4 Multi-language Editor|
|Figure 5 Example of a Test Window|
|Figure 6 Example of
Cross Reference Analyzer
In order to perform safety functions properly, safety instrumentation systems must not be affected by other functions such as distributed control systems (DCS), yet they are required to be fully integrated with DCS HMI for operation and monitoring. The ProSafe-RS offers an SCS maintenance support function designed for SCS maintenance and the CS 3000 HIS function as a function intended for DCS operators.
SCS Maintenance Support Function
The SCS maintenance support function was developed to simplify SCS maintenance work. It has a user interface for identifying faulty areas easily and displays maintenance data required for analysis as diagnostic information messages (UI) in order of occurrence of events. This function allows maintenance personnel to act quickly in the event of SCS failure and promptly restore SCS.
The SCS maintenance support function incorporates a function for retaining maintenance-required data in an SCS internal memory and transferring it to a disk in the SENG as necessary. The SCS retains data required for maintenance work (such as diagnostic information, maintenance history, and SOE (Sequence of Event) data) in the SCS internal memory. This data is loaded as necessary into the PC as cache data. This feature is a message cache function (Figure 7), and it allows the data necessary for maintenance to be captured without fail even if the SENG has gone down.
|Figure 7 Message Cache Function||Figure 8 Window for Speeding up Maintenance Work|
The following shows the window for speeding up maintenance work (Figure 8).
|Figure 9 Overview of Maintenance Overdrive|
CS 3000 HIS's ProSafe-RS Support
The CS 3000 HIS is required to give SCS-output alarms prominence and to distinguish SCS tags and field control station (CS 3000 FCS) tags easily for the operator. This is because alarms output by SCS are important for maintaining the safety of the plant itself and they are more urgent than DCS alarms.
|Figure 10 Integrated Display Alarm Window|
In this paper we have outlined the safety engineering function and maintenance function. It is crucial that these functions work accurately in the safety system. We intend to implement and develop functions for improving the efficiency of work and preventing misidentification or malfunction, features for coordinating with Plant Resource Manager (PRM) and plant engineering tools, etc.
Released in 1998, CENTUM CS 3000 R3 was Yokogawa's first integrated production control system to feature an HMI running on the Windows OS. Thousands of these systems are in use around the world, in a wide variety of industries. CENTUM CS 3000 R3 is interoperable with both CENTUM VP and CENTUM CS systems, which makes it possible for users to upgrade to a newer system with minimum investment
The ProSafe-RS is a Safety Instrumented System that is certified by the German certification organization (TÜV) to meet Safety Integrity Level (SIL) 3 specified in IEC 61508. It has been used in over 2,100 projects, ranging from large scale integrated process automation projects to stand-alone solutions. Yokogawa's ProSafe-RS safety systems are built with competence, life cycle support and long term sustainability.
Yokogawa delivers critical operational infrastructure for process automation. Our distributed control system (DCS) enables automation and control of industrial processes and enhanced business performance. Over 10,000 plants entrust Yokogawa DCS to deliver their production goals.