Flexibility Without Compromise

June 7, 2010
Emerson's I/O on Demand Approach Transformed Users' Ability to Flexibly Deploy Modular, Distributed Safety Applications

In addition to a fundamental rethinking of how input/output gets done in process control and monitoring applications, Emerson's I/O on Demand approach has transformed the ability of users to flexibly deploy modular, distributed safety applications while ensuring the robust isolation of safety functions and the elimination of single points of failure.

Further, the transparent integration of DeltaV SIS with DeltaV automation systems used for basic process control system (BCPS) applications allows the leveraging of safety I/O data to make better informed process control decisions.

Fully Configurable I/O

Starting with upfront design and engineering tasks, complexity is greatly reduced by the use of fully configurable I/O in DeltaV SIS. This configurable I/O functionality allows users to design application-specific safety instrumented functions (SIFs) without limitations on I/O type per logic solver or the added complexity of I/O card wiring. This simplifies both engineering and maintenance.

Field devices are wired to the logic solver as needed, and the I/O channels are then configured appropriately. Specifying the I/O hardware requires only two pieces of information—the total number of I/O and whether (and where) redundancy is required.  Redundancy allows for the on-line replacement, on-line upgrade and on-line proof-testing. However, DeltaV SIS logic solvers are SIL 3-rated in both simplex and redundant configurations. There are no time-out issues should a redundant pair fail.

Modular and Scalable

With the DeltaV SIS architecture, users can add I/O capacity in increments of as few as 16 fully configurable I/O points—up to a maximum of 30,000 points in a single system. Because the I/O is directly connected to the logic solver, memory and processing power increase whenever I/O is added; this negates any concerns over the abillity to effectively run the configured logic, regardless of system size.

Each DeltaV SIS logic solver is in effect a container for a small number of SIFs, and there can be no unplanned interaction between them. This is very different from the traditional approach where hundreds of SIFs are all placed in a single safety PLC, and the effect of changing a single register or the addition of a SIF could affect all of the logic.

For complex applications that may require multiple SIFs acting on the same final element, input data is shared among multiple logic solvers so that cause-and-effect logic can easily be implemented in a single SIS module. Given this flexibility, the DeltaV SIS system is well-suited to the full range of safety applications, from small burner management applications to large emergency shutdown (ESD) and fire and gas applications.

The DeltaV SIS system architecture also enables SIS applications to be geographically distributed in local junction boxes across a plant or facility. This ability is especially appealing for large plant complexes as well as for applications such as distributed oil and gas wellheads and pipelines (Figure 1).

Figure 1. Within the scalable DeltaV SIS architecture, multiple SISnet domains can be used to distribute safety applications throughout a facility.

"The DeltaV SIS modular, distributed architecture enables users to custom-fit the system to their SIS application with the flexibility to locate safety logic and I/O near the process," says Larry O'Brien, ARC Advisory Group analyst. "This SIF-based approach isolates safety instrumented functions, eliminates single points of failure, and simplifies change management."

Integrated Safety and Control

To facilitate better decision-making, plant operators have one common operating environment for both the BPCS and SIS when using the DeltaV control and safety platforms. This integrated view (Figure 2) includes alarm handling, time synchronization, user security and device health monitoring. Meanwhile, the DeltaV SIS power supplies, communication channels, hardware and real-time operating systems are physically separate and independent of the control system, maintaining the separation required by IEC 61508 and IEC 61511 standards.

Figure 2. The integrated but separate architecture of the DeltaV SIS and BPCS platforms ensures that safety information is available through familiar and intuitive applications, yet meets IEC 61508 and IEC 61511 requirements for physical separation and independence of safety and control.

"Not only is DeltaV SIS itself modularly scalable, but it can be transparently integrated with DeltaV systems used for process control," explains Duncan Schleiss, Emerson vice president of platform strategy.

All DeltaV SIS information is communicated to the control network via the DeltaV controllers. This eliminates work that is traditionally required to map data between the two systems with two different engineering and operations environments. It also eliminates the time and cost of training personnel to use two different systems. "The DeltaV SIS system delivers the benefits of total integration and total separation," Schleiss adds, "without the tradeoffs associated with the two extremes."