Foundation Fieldbus SIS-- we CAN all get along!

May 20, 2008
Rich Timoney, president of the Fieldbus Foundation, likened it to the difference between forensics and diagnostic medicine. One figures out what happened after you're dead, the other keeps you alive and healthy. That's the point to the five year effort to develop Safety Instrumented Systems using Foundation Fieldbus. In December 2005, TÜV Rheinland Industrie Service GmbH, Automation, Software and Information Technology, a global, independent and accredited testing agency, granted Type Approval...
Rich Timoney, president of the Fieldbus Foundation, likened it to the difference between forensics and diagnostic medicine. One figures out what happened after you're dead, the other keeps you alive and healthy. That's the point to the five year effort to develop Safety Instrumented Systems using Foundation Fieldbus. In December 2005, TÜV Rheinland Industrie Service GmbH, Automation, Software and Information Technology, a global, independent and accredited testing agency, granted Type Approval for the Fieldbus Foundation’s Safety Instrumented Systems (SIS) protocol specifications. The foundation’s SIS protocol specification is suitable to fulfill Safety Integrity Level (SIL) requirements of the International Electrotechnical Commission (IEC) 61508 standard (functional safety of electrical/electronic/programmable electronic safety-related systems) up to and including SIL 3. Move clears way for standards-based devices With the TÜV Type Approval, FOUNDATION fieldbus technology has been extended to provide a comprehensive solution for Safety Instrumented Functions (SIFs) in a wide range of industrial plant applications. The specifications enable manufacturers to build FOUNDATION fieldbus devices in compliance with IEC 61508. Third-party test agencies such as TÜV will certify that these devices are suitable for use in safety-instrumented systems. End-users will be able to choose devices meeting the requirements of IEC 61511 (functional safety: safety instrumented systems for the process industry sector) from multiple suppliers, instead of being restricted to devices designed specifically for a proprietary safety system platform. IEC 61511 is also available as an ANSI/ISA Standard: ANSI/ISA-84.00.01-2004. Cooperative effort achieves major milestones The FOUNDATION SIF project was initiated by end users and approved by the Fieldbus Foundation's board of directors in October 2002. Companies participating in the SIF demonstration working group project include: ABB, BIFFI, BP, Chevron, Dresser-Masonelian, Emerson Process Management, Endress+Hauser, Fieldbus Diagnostics, HIMA, Honeywell, Invensys, Magnetrol, Metso Automation, Moore Industries, MTL, Pepperl+Fuchs, Risknowlogy B.V., RuggedCom, Saudi Aramco, Siemens, Shell Global Solutions, Smar, Softing, TopWorx, TÜV Rheinland, TÜV SÜD, Westlock Controls, Yamatake, and Yokogawa. Westlock Controls’ marketing manager, Marcelo Dultra, stated, “Our participation in the project team has allowed Westlock to be in the forefront of the development of products utilizing this exciting technology.” He further noted, “Westlock understands the potential of the technology to provide the industries we service with best-in-class solutions for their SIF applications.” The SIF development team achieved its first major milestone at the end of 2003 with TÜV approval of the overall system concept. The development team met with external experts at a meeting hosted by Shell Global Solutions in Amsterdam, The Netherlands, in March 2004 to review the initial specifications. Comments from this review were resolved and the management team developed the top-level project plan for laboratory validation testing. During the lab test phase, each prototype supplier independently implemented the Fieldbus Foundation’s SIS specifications. In parallel, the test team separately developed test cases and prepared expected test results. Specifications meet the demands of plant safety According to the Fieldbus Foundation’s director of technology development, David A. Glanzer, extensive laboratory testing and application analysis has verified that the foundation’s SIS protocol meets the needs of industrial end-users, who regard these systems as critical to their overall plant operating strategy. “TÜV Type Approval will help meet the growing worldwide demand for commercial, standards-based, safety instrumented system products incorporating FOUNDATION fieldbus technology,” said Glanzer. “End-users can now adopt the powerful diagnostics available with FOUNDATION fieldbus, and at the same time, maintain the protection in a SIL3 environment. No changes were required to our existing H1 protocol to add the SIS protocol extensions, clearly indicating the value of the comprehensive, forward-thinking design of FOUNDATION technology.” End users anxious for fieldbus safety solutions Process industry leaders have voiced their support for FOUNDATION fieldbus SIF technology. Many end-users are anxious to move away from proprietary safety system platforms in favor of open, interoperable, fieldbus-based safety solutions. Saudi Aramco, a key global oil & gas producer, has been at the forefront of efforts to spur development of FOUNDATION fieldbus safety products. Patrick Flanders, engineering specialist for Saudi Aramco’s Process Instrumentation Division, said, “The FOUNDATION SIF solution offers the potential to provide close integration of the complete emergency shutdown loop. This close integration reduces the installation cost. In addition, integration improves the capabilities of field devices in providing self-diagnostic information, which is communicated directly to the safety logic solver. At Saudi Aramco, we see this as a breakthrough in the advancement of SIS design.” Flanders was, unfortunately, unable to attend today's demo because he was asked to a meeting with President Bush and the Saudi King. The end user demonstration, was conducted at the Shell Global Solutions facility in Amsterdam, to promote adoption of the foundation’s SIF technology in the process worldwide process industries.  Following the end user demonstrations, the project will go on to include development of SIF best practices and guidelines, training, test tools, and a field demonstration of compliant safety instruments, logic solvers, and other equipment. Companies participating in the demonstration working group include: ABB, BIFFI, BP, Chevron, Dresser-Masonelian, Emerson Process Management, Endress+Hauser, Fieldbus Diagnostics, HIMA, Honeywell, Invensys, Magnetrol, Metso Automation, Moore Industries, MTL, Pepperl+Fuchs, Risknowlogy B.V., RuggedCom, Saudi Aramco, Siemens, Shell Global Solutions, Smar, Softing, TopWorx, TÜV Rheinland, TÜV SÜD, Westlock Controls, Yamatake, and Yokogawa. John Joosten of Honeywell and Heinko Rind of BP gave a presentation on the end user demonstration they had conducted at the BP facilities in Germany. Vincent Palughi of Chevron presented on the end user demo done at Chevron's facility in Houston earlier this month, and then Control's (and ISP's) John Rezabek gave the Saudi Aramco presentation, substituting for the absent Patrick Flanders. What was absolutely fascinating about this day, and the Foundation Fieldbus project that was the whole purpose of the day, was the fact that vendor companies (and end user companies, for that matter, CAN work together for the common good. If only ISA100 would get to that point. I wish I had a camera. There was a terrific scene in the lobby of the Shell engineering headquarters this morning. Standing chatting were John Berra of Emerson Process Management, Satoru Kurosu of Yokogawa, Mark Taft of ABB, John Joosten of Honeywell, and a couple more vendors. They were talking about how well the project had gone from the point of their companies all working together. Audun Gjerde, of Shell, did the demo. His goals were, he said, "to have the Logic solver fully operational and operable with all available SIS devices; the asset management system fully integrated with all devices, and to have SIS PST/VST (partial stroke testing/valve stroke testing --ed.) fully integrated."   The test consisted of a DCS controlled Demo Rig with Graphic panels showing the safety devices and functions, and an Operator Interface for asset management diagnostic information in PRM and in the DCS. The test functions were: *Level Transmitter  -High level trip  -Low level trip (Pump protection) *Measurement Validation Comparison (Level radar device vs. DP level device ) DCS  -Dry probe Diagnostic alarm *Temperature Transmitter  -Low temperature alarm/trip  -Loss of temperature element with voting (1 out of 1 voting) *Pressure Transmitter  -Loss of Device with voting (2 out of 2 voting)  -2 out of 3 Voting Pressure trip *Partial stroke test (PST)  -Normal Test scenario   -Hybrid device FF to DCS and DO   -FF-SIS device  -Test Scenario with Safety demand interrupt  -Shutdown on Process Demand (timing) *Manual Trip – Push Button *Device maintenance – Temperature Transmitter And here's what Audun did: 1. Low level Trip SIEMENS SIS device --SUCCESSFUL 2. High Level Trip Magnetrol level device--SUCCESSFUL 3. PST (Partial Stroke Test) on Emerson valve SIS device--SUCCESSFUL 4. PST (Partial Stroke Test) METSO Hybrid valve device--SUCCESSFUL 5. PST (Partial Stroke Test) on Emerson SIS device interrupted by plant ESD.--SUCCESSFUL 6. Low Temperature Trip SMAR SIS temperature device--SUCCESSFUL 7. 2oo3 Operation (Yokogawa, Smar, and E+H SIS Devices)--SUCCESSFUL 8. Loss of temperature probe (diagnostic) SMAR Temperature device--SUCCESSFUL 9. Measurement Validation Alarm (MVC) Magnetrol SIS device vs E+H dp level device.--SUCCESSFUL 10. High Pressure Trip (2oo3) Yokogawa, Smar, and E+H SIS devices.--SUCCESSFUL 11. High trip on SIEMENS SIS device--SUCCESSFUL 12. Diagnostic alarm from Magnetrol SIS device (Dry probe)--SUCCESSFUL EVERYTHING WORKED!  So why did Shell, Chevron, BP, Saudi Aramco and about 15 automation vendors and the Fieldbus Foundation spend five years getting to this point? Every presentation said it, but here's what Gjede's presentation had to say. Shell expects, Gjede said, "enhanced diagnostic through a fully integrated Asset Management System. Less testing of final elements. Able to take credit for real demand as test.Smart testing/diagnostic and online testing / partial stroke testing. Early detection of dangerous device failure and less spurious trips." Gjede went on, "The Operator will not notice a difference in operating the plant.The added diagnostic will help the engineers and the Maintenance department increasing the integrity of the plant by adding maintenance were and when needed.By adding smart testing online and diagnostic, we will be able to run for longer without shutting down the plant for testing purposes. Or save on cost of adding a second or third device." The obvious next question is when these devices and this system will be on the market. According to most of the end users, and Heinz Gall, of TUV-Rheinland, it will be sometime in 2011 when vendors will have gone through the approval cycles necessary to get full approval and have complete product lines.  

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.