Safety View optimizes alarms, bypasses

Sept. 14, 2021

“Safety View was developed with a lot of rigor; it’s not like a general HMI or management tool.” Schneider Electric’s Chris Stogner (left) and Diana Ivanov discussed the unique alarm management features of the company’s TÜV-certified Safety View alarm management platform.

What tool would you use to drive a nail? You could use a screwdriver or a rock, but it might break the nail or the tool, and it wouldn’t be safe. “But there’s a tool that is fit for the purpose of driving nails. It’s called a hammer,” said Chris Stogner, EcoStruxure Triconex safety and critical control leader, Schneider Electric. Similarly, for bypass and critical alarm management, Schneider has developed a specific tool, Safety View. Stogner discussed the technology as part of this week’s Schneider Electric Innovation Talks, during the session entitled, “How can Safety View help operators effectively manage bypass and critical alarms during elevated risk?”

One common method for bypassing alarms, Stogner said, is with hard-wired switch panels, but this can be costly. Another common  method of applying bypasses is via safety system configuration software to manually disable tags, but process safety standards strictly forbid the use of configuration tools to do maintenance and operations actions. For critical alarms, many people use hard-wired annunciator panels or lightboxes, which is outdated technology. The distributed control system (DCS) can be used for doing bypassing and critical alarms, but Stogner asked, “Is this efficient?”

“The DCS’s job is to manage the operations of the plant and should be kept separate from safety applications. Alarms that are critical can get lost in a myriad of events. Common industry communications protocols are well-known to cyber hackers and are prone to man-in-the-middle attacks. Using the DCS also requires a high degree of custom configuration to implement, which may not be sustainable with today’s transitional workforce,” Stogner said. Safety View modernizes these operations and lowers costs, and is safer and more profitable than  traditional methods, he added.

During the presentation, Stogner demonstrated for the audience how to use the platform to perform common operations, such as an operational handover of bypasses and alarms during a shift change. The demonstration also walked through the process for acknowledging and resetting alarms, and how master bypass key switches can be implemented in unison with Safety View to allow for bypassing oversight.

Safety View is the only TÜV-certified bypass and alarm management system. Stogner talked with Diana Ivanov, Triconex R&D senior manager for software products, Schneider Electric, about what was involved in the development process and added assurance associated with a software application which is safety and security certificated compared to standard commercial software which is not. Stogner said that while most in the industry understand the meaning of safety integrity levels (SIL) 1, SIL 2 or SIL 3 certification, software products rely on systematic capability, which is not as well understood but is of equal importance when software can affect safety instrumented functions.

Systematic capability goes hand in hand with SIL 3 certifications for the controller, Ivanov said. From the original design to unit testing, full integration testing and performance and scalability testing, the certification ensures there will be no lost messages in the system and no failures. The certification process also involves failure analysis, including failure identification and mitigation techniques.

Safety View is also the first Triconex application that is cybersecurity-certified for IEC standard 62443-4-2, which ensures strong cybersecurity for control system components, and IEC 62443-4-1, which ensures the development process follows certain procedures, including many different levels of testing. “Safety View was developed with a lot of rigor; it’s not like a general HMI or management tool,” Ivanov said. For customers, Safety View provides at a very high confidence level that when they bypass a device, the bypass will be implemented correctly. “Safety, it’s all about trust and credibility,” Ivanov added.

At the end of the session, Kenny Chua, Triconex offer manager, Schneider Electric, joined Stogner for a question-and-answer period, discussing how to configure the Safety View runtime graphics, the ability for users to configure the software themselves, using Safety View general purpose buttons to initiate manual shutdowns in lieu of hardwired push buttons, and how Safety View might interact with other controllers.

Live from Schneider Innovation Talks: 2021 Foxboro & Triconex User Groups

Our editors are reporting live from the virtual events. Keep up-to-date with the latest news from the event here!

Stogner said that for those familiar with TriStation and Triconex Safety Validator software, Triconex uses a tool called Triconex Report Generator. “It’s a kind of tie that binds the Safety Validator and the TriStation programs together, so you have no duplication of engineering efforts,” Stogner explained.

The same platform is used with Safety View, and Stogner said for the next release, it will be renamed the Triconex Digital Engineering Console. “It’s one unified place where all your Triconex-related applications can be managed and launched. It eliminates duplicate engineering. All the work as far as communications protocol and all the tags are done there,” Stogner said.

Having a vendor provided solution allows for easy standardization and removes the need for customized applications, reducing both project implementation and lifecyle support costs. While Stogner recommends using Schneider Electric’s Delivery team, he said some customers have successfully configured Safety View themselves. “To me, it’s a testament to how simple and effective Safety View is,” Stogner said.

Currently, Safety View works specifically with Triconex controllers, as the robustness of this connection enables TÜV certification. “If you have  alarms of which associated instrumentation are from other platforms such as a Foxboro DCS, they can be passed through the Triconex controller for display on the Safety View screens, with the Triconex controller acting as a data aggregator,” Stogner said.

Bottom line, for the highest degree of confidence that your Triconex safety system and Foxboro process automation system alarms and bypasses are being managed correctly and without error, turn to Safety View. Don't call on a rock or a screwdriver to do a hammer's job.