Safety Logic in Modular Batch Automation
In the early days of batch automation there was usually a central computer that controlled everything. This computer ran recipes, executed sequential logic, did data acquisition of process variables and also performed direct digital control (DDC) of analog and discrete devices. Since one computer did every thing from sequencing to DDC it was only natural to imbed the shutdown and safety logic into the batch sequential code that was running normal operations. And since one huge monolithic program ran the entire process, the safety logic was always running. In modern S88 (IEC61512) based modular batch automation systems the monolithic code has been replaced by smaller reusable phases controlled by a batch manager that runs recipes. Many who have grown up with DDC imbed safety logic inside the phases. This approach requires an active equipment phase at all times to keep safety logic available at all times. There is a problem with this approach. Phases are transient by nature. They have a beginning and an end. You cannot guarantee that there will always be an active equipment phase. Although there may be some holding logic associated only with a specific phase, often this logic is generic and should be moved up to the unit level. This paper looks at methods available to the user for safety and exception recovery logic in current modular batch systems. Included are case studies of five separate batch projects where recognizing exception conditions and executing safety shutdown logic was essential.
Author: Thomas E. Crowl, Principal Application Engineer, Siemens Moore Process Automation Inc; Cynthia L. Benedict, Lead Project Engineer, Siemens Moore Process Automation Inc. | File Type: PDF
Find more white papers on Batch Management