FlexiSafe software from ICS Triplex Technology provides a pre-certified environment up to SIL3, and enables faster, easier creation of SIL-certified products.
Many end users are buying SIL3 systems, but most don’t meet SIL3 requirements. As they adopt the IEC 61511 standard and apply proper HAZOP and HAZAN tools, users realize they must certify their entire loop to meet SIL3 requirements, while other loops don’t need to meet SIL3. To apply the right SIL, safety engineers are demanding more flexible, cost-effective safety solutions. Vendors are developing more SIL-certified products. However, because expertise for designing SIL-certified products usually is unavailable in-house, the needs of a SIL-certified product often aren’t met and costs are underestimated.
To remedy these problems, FlexiSafe software from ICS Triplex Technology provides a pre-certified environment up to SIL3, and enables faster, easier creation of SIL-certified products. FlexiSafe speeds up certification by introducing certified software into the design cycle that doesn’t require the recertification traditionally needed for safety system development. FlexiSafe covers many control and interlock applications, including emergency shutdown, process control, fire and gas detection/protection, rotating machinery control, burner management, boiler and furnace control, and distributed monitoring and control.
“Throughout its history, ICS Triplex has led the safety industry by introducing cutting-edge technologies. Our latest innovation, FlexiSafe, is the cornerstone technology for any OEM wishing to implement a SIL1-3 platform,” says Peter Mottershead, ICS Triplex’s CEO. “It’s a unique combination of pre-certified SIL 3 software technologies that enables automation vendors to develop SIL-certified safety products on the hardware platform and certified O/S of their choice. This is a major breakthrough in the safety market. Certification, implementation and time to market are all dramatically reduced.”
ICS adds that FlexiSafe is cost-effective because it can handle an application’s safety and non-safety aspects in the same system. The software also provides a foundation for most control functions by supporting distributed applications, mixed safety and non-safety functionality, safety management, application lifecycle tools, and communications infrastructure. Another fundamental FlexiSafe concept is that it supports multiple hardware platforms, and offers SIL-certified firmware and configuration up to SIL3, reduced time to market, standardization and full compatibility with IEC 61131 and IEC 61499 standards, and can adapt to most hardware platforms using a SIL-certified OS.
Essential Elements
FlexiSafe consists of four basic physical elements: a control network, workstations, controllers, and portals. In addition, FlexiSafe offers all the components required to build and certify the physical elements of a system, including optional SIL-certified operating system, SIL checkers, and SIL3-certified: System Interface library, Portable Control engine, communication layer, TIC code compiler, and configuration toolset. FlexiSafe’s firmware can snap onto any OS that has a SIL certification.
FlexiSafe is based on ISaGRAF technology adapted to meet SIL3 requirements. ISaGRAF generates target independent code (TIC) for control algorithms, which aids certification because they can be thoroughly tested for each implementation. The combination of ISaGRAF certified kernel, ISaGRAF IXL, and SIL3 TIC code generation is the core of the FlexiSafe’s firmware. This allows FlexiSafe to test and independently certify ever control code using test harnesses. If these steps are followed, the resulting FlexiSafe-based solution will be TUV certified to SIL3, and the FlexiSafe implementation will retain the lowest SIL-certification of the hardware or the OS kernel.
“FlexiSafe encompasses the flexibility and power of the ISaGRAF platform with the years of experience from ICS Triplex Technology in the domain of SIL technology implementation,” says Allan Rentcome, ICS Triplex’s CTO. “This produces the most flexible integration of safety, IEC 61131 languages and IEC 61499 compliance ever offered to the OEM marketplace.”
To simplify its processes, FlexiSafe accepts SIL0 to SIL3 devices, but the presence of devices of inferior SIL levels doesn’t affect the SIL level of the other devices on the network. This is the non-interfering element of the design. By TUV’s normal definition, it’s not that the other devices’ SIL level isn’t affected, it’s that the failure of the device will not interfere with safe operation of the network’s other devices.
In addition, safety and availability requirements for an individual controller must be localized to it. The control network is considered a “black channel” when used to transport distributed application data. All other FlexiSafe elements should be considered non-interfering. All controllers must have a defined SIL rating that can be associated with each I/O point and the logic-solving portion of the controller, even if it’s not safety related. The logic-solving portion would include the ISaGRAF Kernel and FlexiSafe specific communication protocols in its SIL rating.
Meanwhile, provided SIL ratings are used by FlexiSafe’s Toolset to verify the SIL rating of a control loop. The software’s Workbench knows each configuration’s required resources, available memory/storage and performance characteristics, and makes sure the intended SIL rating and individual elements are fulfilled. Likewise, FlexiSafe’s Simulator uses a port of the standard ISaGRAF Kernel software to create an environment in which a user can test the software application.
| Product Exclusive |
