Distributed Safety Arrives

In the beginning, all control was distributed in the field near each particular process. Much of this control was manual, with islands of pneumatic-based automation. Then came the inaptly named "distributed control system," which was, in fact, centralized automation in the control room and its environs via monolithic centralized controllers and accompanying I/O.

But smart instruments, local valve controllers, digital fieldbus networks and other new technologies moved control out into the field—closer to the processes and often to field-based operations personnel. This resulted in the current architecture of most process automation systems, namely, distributed control with automation and operator interfaces applied as needed in the control room and throughout the plant.

Process safety systems are following much the same path: first distributed, or often non-existent systems; then centralized via triple-modular-redundant safety controllers and local I/O; and now distributed via SIL-rated safety networks connected to safety-rated intelligent I/O, and via ever smarter and often redundant instruments and controllers.

Distributed safety is relatively new, and in the present litigious climate, many end users are reluctant to discuss safety systems. But the process safety market is growing rapidly, say analysts at Frost & Sullivan in its recent "Strategic Analysis of the European Process Safety Market" study. It predicts that Europe's process safety market will grow from just over $459 million in 2010 to more than $632 million by 2016. Part of this growth will come from distributed safety systems because they provide advantages over centralized safety.

Even process plants that don't directly purchase and implement distributed safety systems often find their facilities abound with the same in the form of process skids and packaging machines purchased from OEMs. These often have their own safety controls and at least some limited operator interface (see "Stealth Distributed Safety" in this article.)

In some instances, these skids and machines are purchased without automation, and instead are controlled by the plant's existing automation system. But even then, some safety-related control and limited operator interface are often retained to ensure safe local operation and shutdown in the event of failure of the main automation system.

Many of the advantages of distributed safety are similar to those realized with distributed control. Chief among them are independent operation and safe shutdown in the event of failure of the main automation system.
The components of safety systems in process plants are also similar to those used in distributed control. Some areas in process plants are potentially more dangerous than others, and these areas make particularly good candidates for distributed safety systems.

Taking Safety Underground

Marcus Hedlund, control engineer at Borealis AB (www.borealisgroup.com) in Stenungsund Cracker, Sweden, installed a Honeywell Safety Manager (SM) system in an underground mining cavern (Figure 1).

"Borealis installed a SM in the control building with distributed remote safety-rated I/O close to the cavern, roughly 1.5 km away," explains Hedlund. "The main benefit is that all safety functions can be programmed in one environment. Minimizing the number of systems involved is important since most of the challenges in an installation are in the interface between systems."

The Borealis application used distributed smart safety I/O communicating over Honeywell's (http://hpsweb.honeywell.com) SIL 3-rated SafeNet communication network via a redundant fiber-optic link. Another aspect of distributed safety was the local operator interface.

"There is a view-only operator station in the instrumentation room close to the cavern. This is mainly used for instrument technicians and electricians when performing troubleshooting. The main operator station is in the main control building, and only keyboard/video/mouse signals are communicated to the remote location. This simplifies maintenance, but it's also for safety reasons. Other local operator interface input consists of a few pushbuttons for emergency stop and reset," adds Hedlund.

"With full integration of the SM in the Experion DCS system, the safety functions are very clearly presented to the operators. This helps the operators a lot in troubleshooting, since safety is now out of the black box," says Hedlund.

Erik de Groot, marketing manager for safety systems at Honeywell, adds, "Everything can be programmed with the same functions. This greatly simplifies engineering, since many control and safety functions have I/O in both locations, such as alarms and overrides in the control room and transmitters and command signals in the remote location."

Another major advantage of distributed safety is easier future expansion. "Remote I/O installations are more scalable than cabled installations. Cable installations are normally done with 25% spare capacity, whereas a remote I/O installation can have virtually unlimited spare capacity simply by adding remote I/O modules," concludes de Groot.

Simplifying Distributed Safety

In many cases, simpler is better and more reliable, particularly when implementing a critical function such as safety. "Most centralized safety PLCs or DCSes cover multiple process units and, in some cases, an entire facility," says Angela Summers, president of SIS-Tech Solutions (www.sis-tech.com).

"In such a system, central system performance impacts multiple units, and its operation and maintenance can be a constraint for process turnarounds. In many cases, a distributed safety system can be less complex, easier to implement and maintain, and significantly more cost-effective," adds Summers.