Practice Safe Sensing

With process safety and sensors, sometimes garbage in equals more than garbage out. Because these devices measure pressure, temperature, flow, level, and other process parameters, they play a pivotal role in determining a process unit’s output. A wrong reading can produce waste or create a catastrophe that costs lives and makes national news.


With process safety and sensors, sometimes garbage in equals more than garbage out. Because these devices measure pressure, temperature, flow, level, and other process parameters, they play a pivotal role in determining a process unit’s output. A wrong reading can produce waste or create a catastrophe that costs lives and makes national news.

Now, thanks to advances in technology, sensor systems have greater intelligence and therefore more diagnostic capabilities. Today, sensors can be certified by third parties to meet safety integrity levels, or SIL, designations found in IEC 61508. One positive result of this is the potential to use fewer sensors without compromising safety, leading to a decrease in wiring and installation costs. Another positive effect is the potential for improved process control, largely due to increasingly intelligent sensors.

“Certified products deliver higher design quality,” asserts William Goble, principal partner and co-founder of exida, a company that offers functional safety training, technical support, and expertise from its North American headquarters in Sellersville, PA. (The company’s European base is in Fischbachau, Germany.) This better design is due not to success but rather to failure, notes Goble. “Nearly half of the products that attempt certification fail on the first try. Only when the design process is improved and diagnostics are added do they pass.”

Goble’s data shows that the number of certified sensors has exploded in recent years, with the cumulative total of such devices moving from five in 2003 to eight in 2005 and 24 in 2007. There have been indications that vendors are converting, or will soon convert, entire future sensor lines to certified products. Goble notes that taking full advantage of such sensors will require that systems be configured correctly. For example, running diagnostics in certified sensors may send the reading out of range. An incorrectly configured controller will interpret this as a fault, shutting down the process unnecessarily. A better approach would be to implement a hold-last-value strategy, with action taken only if a reading stays out of range for longer than a specified time.

A loading bay for Shell petroleum products in the U.K. makes use of safety-certified mass flowmeters. Courtesy Endress+Hauser.
A loading bay for Shell petroleum products in the U.K. makes use of safety-certified mass flowmeters. Courtesy Endress+Hauser.

Known failures

One of the first companies to offer a certified sensor was bought a few years ago by Siemens Energy and Automation (SEA). Louis DiNapoli is application engineering and technical support manager for the SEA process instrumentation unit that makes safety certified sensors. DiNapoli says that these sensors differ from non-certified equivalents.

For example, they often contain two microprocessors, from different vendors, which are based on different technology and implementations. Each microprocessor takes input from the transducer, the unit that translates the physical parameter into an electrical output. The results of the two different calculations can then be compared, with similar results ensuring that the microprocessors are performing correctly. Another failsafe feature of the new sensors includes the ability to force the sensor via software to a predetermined level, such as 80% of full scale. This result can then be measured and compared to what’s expected, providing another indication that the sensor is working correctly.

A key point to be aware of regarding these features is that they do not function to ensure a correct sensor reading. They also don’t prevent a failure. But, notes DiNapoli, that’s not what a safety-certified sensor is designed to achieve. “You don’t care that it fails. You care that it fails in a known fashion,” he says. What is transmitted in the case of sensor failure is a known, pre-determined quantity, allowing that failure to be detected. Of course, the system has to be configured not only to detect the fault but also not act on the value, since it is the result of a failure.

While internal computations and values transmitted to the outside world are checked, sensor systems may have only one transducer in them. This front end of the entire chain, says DiNapoli, turns out to be the area where it is most difficult to assure reliable operation, in part because there’s only one process measurement. Since there’s nothing to provide a check or reference, assurance has to be inferred.

However, increasing intelligence, along with some sophisticated algorithms, may make such indirect checking easier to do so. Five years ago, sensor packages were relatively dumb. Today, they’re much more intelligent and provide information that helps ensure safe operation as well as improve the process.

For example, sensors can have registers that count every time the pressure goes above one of three set points. One of those points could be the process design maximum. From those counts, a simple histogram could reveal important information, such as the process being above design maximum pressure a majority of the time. These types of results may indicate a design flaw or a control system isn’t working well, says DiNapoli.

Another company with a long history in safety-rated sensors is Endress+Hauser of Reinach, Switzerland. The company has local sales centers and representatives, with the U.S. headquarters in Greenwood, IN. Endress+Hauser also partners with Rockwell Automation.

Safety-certified mass flowmeters are used in the oil and gas industry. Courtesy Endress+Hauser
Safety-certified mass flowmeters are used in the oil and gas industry. Courtesy Endress+Hauser

Gerold Klotz-Engmann is head of department technical safety for the company’s German sales center. He notes that the company designs products to conform to IEC 61508; all new product designs will meet this standard. Achieving that requires self diagnostics so that passive internal component faults can be spotted, along with steps to ensure no software glitches or problems.

Nearly all company products have undergone third party assessment and can be used in SIL 2 or SIL 3 safety instrumented systems. The system architecture determines how many compliant sensors should be used. For example, if a SIL 2 level is required, then the situation is relatively simple, says Klotz-Engmann. “Normally a single channel architecture with a SIL 2 compliant sensor is sufficient.” Things get more complicated if a higher level of safety is required, he adds. Then it may be necessary to use two or three sensors, with the sensors voting to arrive at a consensus measurement. The advantage of the three sensor arrangement is increased safety and greater availability, since the trio will continue to provide information even if one or two sensors fail.

Carl Sonoda, marketing manager for field instrument solutions at the Yokogawa Electric Corporation of Tokyo, says the company’s first certified sensor appeared in 2003. Today, Yokogawa has a series of temperature sensors, pressure transmitters, and multivariable transmitters, all safety-rated and designed to achieve a SIL 2 or 3 performance.

The best practice for a safety loop design, he notes, is to use multiple transmitters, with each voting. Adding to redundancy costs are the number of devices, wiring, post-installation testing, and ongoing maintenance.

A safety-rated device can help reduce the number of sensors required and thereby cut such expenses. “Our IEC SIL 2/3 certified transmitter can provide functionality so that it’s possible to use one safety transmitter instead of two standard transmitters,” says Sonoda.

Deployment choice: many or few

The question about how many sensors to use isn’t clear cut. Dale Perry, pressure marketing manager for the Chanhassen, MN-based Rosemount division of Emerson Process Management, notes that using fewer sensors is a mixed blessing. Fewer sensors increase the possibility of a false alarm, which carries a cost since it might shut down a process needlessly. Thus, the total outlay of any solution will have to be carefully considered. The correct answer about how to implement a sensor strategy will depend upon many factors in addition to installation and commissioning costs.

A safety-certified transmitter helps keep a pharmaceutical process running smoothly and safely. Courtesy Siemens Energy and Automation
A safety-certified transmitter helps keep a pharmaceutical process running smoothly and safely. Courtesy Siemens Energy and Automation

Rosemount’s history with safety certified sensors parallels that of other manufacturers. Initially, safety certified products were unique, and they faced a distinctive requirement in that they had to meet the applicable standard. Over time, incorporating the features needed for certification into standard devices became a company best practice. This evolution explains why the price differential between standard and safety-rated sensors has diminished significantly.

However, it may never disappear entirely. A certified device carries extra expenses, not all of which can be found in hardware or software. At Rosemount, for example, Perry says incoming orders are checked to ensure that all options ordered with the device are within the safety certification scope.

Also, a copy of the product safety certificate, a document listing the certified failure modes, effects, and diagnostic analysis (FMEDA), as well as the device serial number and failure data are shipped with each transmitter. Doing so provides required documentation says Perry. The same intelligence that makes sensors safer increasingly supplies other capabilities, he says. Users demand predictive diagnostics beyond the sensor. They want this functionality because more insight into a process helps prevent abnormal, and potentially unprofitable or dangerous, situations. These demands could lead to changes in safety-rated sensors, says Perry. “We see these advanced process diagnostics, as well as loop diagnostics, being included in future safety certified products.”

Year Cumulative total
Source: Control Engineering and exida

The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
Pipe fabrication and IIoT; 2017 Product of the Year finalists
The future of electrical safety; Four keys to RPM success; Picking the right weld fume option
A new approach to the Skills Gap; Community colleges may hold the key for manufacturing; 2017 Engineering Leaders Under 40
Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
The cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Power system design for high-performance buildings; mitigating arc flash hazards
VFDs improving motion control applications; Powering automation and IIoT wirelessly; Connecting the dots
Natural gas engines; New applications for fuel cells; Large engines become more efficient; Extending boiler life

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Maintenance Manager; California Oils Corp.
Associate, Electrical Engineering; Wood Harbinger
Control Systems Engineer; Robert Bosch Corp.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me