PLC architecture can provide high safety integrity
There's no safety like nuclear safety. Consequently, process safety instrumented systems (SIS) requiring a high safety integrity level (SIL) can benefit from a programmable logic controller (PLC) architecture used in nuclear safety systems. (See this issue's cover articles for related safety topics.
There's no safety like nuclear safety. Consequently, process safety instrumented systems (SIS) requiring a high safety integrity level (SIL) can benefit from a programmable logic controller (PLC) architecture used in nuclear safety systems. (See this issue's cover articles for related safety topics.)
For instance, a PLC module developed by Framatome Technologies is among those using redundancy and diversity to enhance reliability. If an unsafe condition is detected, the module's two safety-function microprocessors can cause any of the relay outputs to open. Watch-dog timers will open the relay outputs if either processor stops running. Also, an OR gate can be substituted for the AND gate for devices requiring a contact closure (non-failsafe output) to actuate.
Using microprocessors that differ in design, microcode, and software compiler manufacturer minimizes common mode failures that could defeat safety interlocks. Using a common functional design document, diverse software is developed by two software teams working independently. Software is then tested and validated by a third team, independent of the developers.
Different microprocessors with different software ensure the SIS will achieve its safety mission, even if a hardware and/or software fault disables one microprocessor.
Diversity aids reliability
The PLC's self-contained redundancy and diversity complements other redundant and diverse elements to provide an SIS with SIL 3 integrity. SIL 3 is quantified in the ANSI/ISA-S84.01-1996 standard, "Application of Safety Instrumented Systems for the Process Industry," as a probability of failure on demand average range (PFD avg) of 10-3to 10-4.
Specifying diversity in sensor type, manufacturer, and activation methods reduce common mode failures. For example, using one RTD (resistance thermal detector) and one thermocouple, and pressure sensors and ventvalves from different manufacturers, reduces common mode failures. Adding a hardwired, manually operated emergency shutdown circuit also provides diversity. When a high-high pressure, or high-high temperature input signal is detected, the PLC's fail-safe outputs open redundant emergency vent valves to depressurize the reactor.
PLC testing is done on line using continuous diagnostic routines. Off-line testing uses a test computer that injects simulated process signals into the PLC module. Input signals are varied by the test computer and PLC output responses are monitored. Both microprocessors are tested at the same time, and hard copy test records are developed.
Shared memory and a separate microprocessor in the PLC module handle communications with external systems. This architecture makes SIS data available, yet prevents communication interrupts from interfering with safety requirements. This PLC architecture provides the same high reliability and high availability of two PLCs.
For more information about Framatome Technologies, visit www.controleng.com/info .
- Events & Awards
- Magazine Archives
- Oil & Gas Engineering
- Salary Survey
- Digital Reports
- Survey Prize Winners
Annual Salary Survey
Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.
There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.
But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.
Read more: 2015 Salary Survey