CG080501_ABB_Cano
CG080501_ABB_Cano
CG080501_ABB_Cano
CG080501_ABB_Cano
CG080501_ABB_Cano

An Integrated Approach to Process Control and Safety

May 1, 2008
Satisfy Safety Requirements for Independence Using Methods That Don’t Require Physical Separation

ABB’s customers want to combine process control and safety in one system to reduce total cost of ownership, improve operational excellence and increase engineering efficiency, according to Santiago Cano, ABB project engineer and TÜV functional safety engineer for industrial systems in the process automation division. Recent advances in hardware reliability and software-based diagnostics allow ABB to create various options to satisfy these customer demands, Cano said. These and other advances also allow ABB to provide modular and scalable systems with forward and backward compatibility.

“We can satisfy safety requirements for independence using methods that don’t require physical separation.” ABB’s Santiago Cano on the company’s integrated approach to basic process control and safety instrumented systems.

“Safety systems need independent layers of protection to eliminate common-cause errors,” Cano explained.

“ISA and IEC standards allow ABB to satisfy safety requirements for independence using methods that don’t require physical separation of process control and safety,” adds Cano.

The first method for performing process control and safety is the traditional route of providing two separate and unconnected systems. These systems may be purchased from the same or from two different vendors. This is the highest-cost option, both in terms of up-front expenditures and on-going outlays for operations and maintenance.

The second method is top-level integration of the human-machine interface (HMI) function. This method relies on a single supplier to provide separate controllers that are both connected to one HMI via a network.

Because the controllers are separate and different, two engineering workstations are required for controller programming. As with the first method, common mode failures are minimized. Costs are lower than with the first method because common hardware is used at the HMI level.

The third method uses two HMIs, two controllers and two networks, like the first method, but features two controllers from the same vendor. This allows both controllers to be programmed from the same engineering workstation. This cuts training time.

The fourth method uses common HMIs and two controllers from the same family of a single vendor’s products. Both controllers are connected to the HMIs via a single network. “Method four is the lowest-cost option because common HMIs and common engineering workstations are employed. An example is a system that uses the ABB AC800M process controller and the ABB AC800M HI safety controller,” explained Cano.

A refinement of method four uses one common controller. The ABB AC800M HI (high integrity) safety controller, for example, provides logical separation of control and safety functions and meets international safety standards. The unit communicates with both normal and safety-rated I/O. ABB’s ModuleBus allows installation of both types of I/O in one bus unit.

Using one controller for both process and safety provides a host of advantages, according to Cano. Up-front purchase costs are low because only one controller needs to be purchased. Depending on the configuration, an ABB safety controller is only 30% to 40% more expensive than a comparable process controller. This means that most systems that have basic process and safety I/O will be less costly to deploy with one safety-rated controller instead of two separate controllers.

Configuration costs are low because one engineering workstation running one software program can be used for controller programming. Software license costs are minimized, as are spare-part requirements.

A single controller system also provides maximum flexibility for abnormal operating situations such as start-ups, maintenance and product changes. “Flexibility is maximized because the SIS window on our safety controllers can be modified as necessary,” said Cano. Modifying the SIS window allows users to add and remove I/O from the safety regime of the controller to cope with abnormal operating conditions.

Both the process and safety control functions of the safety controller share redundant hardware components and exhibit the required high degree of internal diversity. Spurious trips are less likely because a single controller minimizes the number of components that can fail.