Independent HI Technical Overview (English
Product Group Safety Independent High Integrity (HI) Technical Overview Table of Contents Independent HI Offering AC800M High Integrity Control Builder Safe Certification Diversity vs. Architecture Use of Redundancy Security Connectivity & Interfacing Systematic Capabilities © ABB Group January 12, 2017 | Slide 2 Engineering Maintenance Independent High Integrity Safety Product Offering Independent HI has the exact same certified components as the System 800xA High Integrity safety system Does not include functionality related specifically to process control (i.e. HMI or Operations) Control Builder Safe includes those items required for certified safe operations Perfect solution for many industries: © ABB Group January 12, 2017 | Slide 3 Great for industrial applications: Oil & Gas Emergency Shutdown Petrochemical Relay Interlock Chemical Remote Terminal Units Pulp & Paper Burner Management Power High Integrity Pressure Protection Independent High Integrity Safety Product Offering HI Hardware TUV certified SIL 3 controller (PM865/SM811) 24 VDC DC I/O and 4-20 ma Analog inputs Control Builder Safe Engineering IEC1131 languages Access control and override control Certified Libraries Connectivity and Interfacing ABB Control systems 3rd party software and control systems Diagnostics © ABB Group January 12, 2017 | Slide 4 Small Independent HI system with engineering and DCS Certificates High Integrity ABB Safety Certificates Product Safety Certificate Development Department Safety Certificate TÜV certification for the hardware, software and development organization © ABB Group January 12, 2017 | Slide 5 Safety Manual Certificates AC800M High Integrity – Meets Industry Standards © ABB Group January 12, 2017 | Slide 6 AC800M HI Controller – SIL 13 / CAT PLe 1-4 certified S800 Safety I/O (AI, DI, DO) – SIL 1-3 / CAT PLe 1-4 certified I/O Communication – SIL 1-3 / CAT PLe 1-4 certified System certified to IEC61508, IEC61511 / ISA84, EN54/NFPA72, NFPA85, NFPA86 Additional I/O and communication modules – certified as interference-free* (*Listed in safety manual) Diversity vs. Architecture 1st Generation Logic Solver Architectures • Duplex • 1oo2D • Triplex • 2oo3 • Quad (Bi-Duplex) • 2oo4D Independent HI – Standalone Architecture Diverse Architecture, Diverse Implementation CB AC800M HI SIL3 PM SIL3 SM The SIL 3 High Integrity controller has parallel processing paths based on diverse technology Integrity voting between paths compliments the built in active diagnostics Controller (PM) and Safety Module (SM) developed by diverse (different) teams (Vasteras and Malmo, Sweden) and tested by a third team (Oslo, Norway) by people with different backgrounds The two channel architecture meets SIL3 requirements for hardware fault detection and reaction Safety I/O SIL3 HFT SFF (%) < 60 60 - 90 90 - 99 > 99 0 SIL 1 SIL 2 SIL 3 1oo1D 1 SIL 1 SIL 2 SIL 3 SIL 4 1oo2D IEC61508-2 Table 3 © ABB Group January 12, 2017 | Slide 9 Independent High Integrity Application Execution CEX Bus ModuleBus I/O-Data+CRC 1131 SIL3 1131 SIL3 Superv. Logic Superv. Logic Safety Module SM I/O-Data I/O-Data Processing Module PM Diverse Exec. I/O-Data Diverse Exec. I/O-Data+CRC Safety I/O Parallel diverse execution allows a hardware fault tolerance of 1 for SIL3 applications HFT = 1 (SIL 3 Execution) SFF Hardware fault tolerance 0 1 2 < 60 % Not allowed SIL 1 SIL 2 60 % - < 90 % SIL 1 SIL 2 SIL 3 90 % - < 99 % SIL 2 SIL 3 SIL 4 ≥ 99 % SIL 3 SIL 4 SIL 4 IEC 61508-2, Table 3 © ABB Group January 12, 2017 | Slide 10 Independent High Integrity Safe Failure Fraction (SFF) Modern design techniques allows the AC800M HI achieve near 100% diagnostics coverage without needing to resort to use HFT factors to reduce PFD SFF Hardware fault tolerance 0 1 2 < 60 % Not allowed SIL 1 SIL 2 60 % - < 90 % SIL 1 SIL 2 SIL 3 90 % - < 99 % SIL 2 SIL 3 SIL 4 ≥ 99 % SIL 3 SIL 4 SIL 4 IEC 61508-2, Table 3 AC800M HI controller does not rely on voting schemes like TMR to increase the safety integrity © ABB Group January 12, 2017 | Slide 11 S880 High Integrity I/O Family Features with Embedded Diversity Single and Redundant configuration Hot Insertion and Hot Swap in redundant configuration G3 Coating EX certified – Zone 2, Class 1 according to US standard © ABB Group January 12, 2017 | Slide 13 Embedded Diversity Two diverse execution paths based on different hardware technology Both MCU and FPGA Each individual single IO module has an internal 1oo2 architecture Use of Redundancy Meet SIL 3 Criteria without Redundancy Single Configuration SM811 © ABB Group January 12, 2017 | Slide 15 PM865 TB840 Single I/O AI8880, DI880 and DO880 AC800M High Integrity Redundant Controller Configuration for Availability AC800M High Integrity offers availability figures comparable to or better than typical TMR systems 4 CPUs © ABB Group January 12, 2017 | Slide 16 Availability up to 99.9999% Redundancy and switch-over to stand-by unit allow continuous operation without time restriction upon failure of one of the redundant modules Security Security Safety Module Security and Indication C C P P “Reset all forces” © ABB Group January 12, 2017 | Slide 18 Hot Insert Reset All Forces – Enable a quick reset of all forces in the controller Access Enable – Activates the access enable function Hot insert – Initiates hot insertion of SM811 (in redundant configuration) Force Indicator – Active if one or more signals are in force System Alarm Indicator – Active if there are one or more system alarms Force Indicator System Alarm Independent High Integrity System Security And Embedded Firewalls * Based Windows security model with: Configurable restrictions per user Auditing Authentication and Digital signature Functions for protection of SIL classified applications in AC800M HI Controllers SIL Access Control and Authorization Force Control / Override Control / Bypass Management Confirmed Online Write / Confirmed Operation Embedded firewalls and confirmation procedures protect the SIL application from inadvertent / accidental control actions * Possible via Remote Desktop to Engineering Station © ABB Group January 12, 2017 | Slide 19 Security Roles & Responsabilities Users can be assigned with different permissions according to their responsabilities Restriction of access to the SIS (engineering and operation from Engineering Station) High flexibility © ABB Group January 12, 2017 | Slide 20 Security Audit Trail Enables audit of all operator and engineering actions Possible to disabled during commissioning Audit log contains: Date and time for the operation Node from which the operation was performed User name of the individual performing the operation Type of operation Object, property or aspect affected by the operation Audit actions examples © ABB Group January 12, 2017 | Slide 21 Configuration changed Signal forced Download Reserved/Released Connectivity & Interfacing Independent High Integrity Connectivity and Interfacing Available protocols… Safety Peer to Peer OPC ABB protocols Modbus TCP * RS232 * ..to connect to.. AC800M HI controllers Process panels ABB or 3rd party DCS & PLC 3rd party HMI software © ABB Group January 12, 2017 | Slide 23 * Planned for a future release Independent High Integrity Communication Interfaces © ABB Group January 12, 2017 | Slide 24 Communication certified “interference free” Not intended for a safety critical functions All certified interference free modules listed in the ABB Safety Manual Freelance and Independent High Integrity (HI) Solution Example Modbus Essential Automation Freelance System: One AC 900F controller to process approximately 400 I/O signals, One engineer station combined with operator station S700 I/O or S800 remote I/O or S900 I/O contact main controller via Profibus DP Redundant Ethernet (Optional) Independent High Integrity (HI) SIL3/SIL2 Application 1 AC 800M HI controller to process 350 I/O signals S800 HI I/O One Control Builder Engineering Station Redundant Ethernet (Optional) Connectivity and Interfacing OPC (preferred for SIS supervision) Alternative communication module CI853 (RS-232) via Modbus to interface to Freelance AC 900F Controller Systematic Capabilities: Engineering Engineering SIL Compliant Application Environment Engineering tool automatically limits user configuration choices to ensure integrity Safety functions protect and control download to the process and runtime environment Download is prevented unless all SIL requirements are met Embedded firewall mechanisms include: CRC protection on different levels Double code generation with comparison Compiler with revalidation © ABB Group January 12, 2017 | Slide 27 Engineering Compiler Restrictions The compiler warns and / or prevents the engineer from designing dangerous code For example complex code structures, loops etc The compiler checks that all restrictions and rules necessary to achieve the intended SIL of the application are adhered to An error is reported when a rule is violated and the attempted download to the controller is blocked © ABB Group January 12, 2017 | Slide 28 Engineering On-line changes Online changes can be downloaded to the controller without interfering with the running process FB/CM parameters (e.g. trip limit) Hardware settings (e.g. ISP value) Logic Downloads are protected by the “Access enable” function Re-authentication can be configured to ensure that the user is authorized © ABB Group January 12, 2017 | Slide 29 This is also recorded in the audit trail Engineering Difference Report Reports the differences between the project running in the controller and the project in the Control Builder M Presented before download to the controller Changes may be rejected (in which case the download is cancelled) Each difference report is saved and stored automatically and can be reviewed at any time This, together with audit trail functionality and more, provides a well documented and traceable history © ABB Group January 12, 2017 | Slide 30 Engineering Certified Libraries © ABB Group January 12, 2017 | Slide 31 System AlarmEventLib BasicLib FireGasLib MMSCommLib ProcessObjBasicLib ProcessObjExtLib SerialCommLib SignalBasicLib SignalLib SignalSupportLib SupervisionBasicLib SupervisionLib Engineering SIL Applications SIL2 SIL3 Supported Languages Function Block X X Structured Text X X Sequential Function Chart X SIL level can be configured independently by application Supported languages Control Modules IEC 61131-3 © ABB Group January 12, 2017 | Slide 32 Systematic Capabilities: Maintenance Maintenance Force Control The AC 800M HI supports supervision and control over the forces in SIL classified applications Each SIL application has a configurable maximum number of allowed forces (0 by default) Offers easy overview of the current status of the SIS and the ability to quickly restore all safety functions to full functionality Hardware signals Reset All Forces (Input) Any Force Active (Output) ForcedSignals FB © ABB Group January 12, 2017 | Slide 34 Force supervision and reset SIL3 certified Maintenance Inhibit © ABB Group January 12, 2017 | Slide 35 Avoid spurious trips during maintenance procedures Inhibit action limits Alarms will be shown to the operator but no safety action will be taken Configurable automatic reset of all overrides with the Maintenance Engineer confirmation Safety Product Offering Independent High Integrity HI Hardware TUV certified SIL 3 controller (PM865/SM811) 24 VDC DC I/O and 4-20 ma Analog inputs Control Builder Safe Engineering IEC1131 languages Access control and override control Certified Libraries Connectivity and Interfacing ABB Control systems 3rd party software and control systems Diagnostics © ABB Group January 12, 2017 | Slide 36 Small Independent HI system with engineering and DCS Safety Product Offering Conclusion ABB’s High Integrity safety offerings are TUV certified to the most recent version of the standards (IEC61508 Edition 2) We rely on diversity, not architecture, to meet SIL i.e. you aren’t paying for unnecessary redundancy Our architecture is very flexible, you can have: Integrated (same hardware, network etc.) Combined (same controller) Single or redundant controller configuration Interfaced with any HMI or DCS (Independent HI) High Integrity is accepted (approved) by most major Oil & Gas companies ABB has expertise, support and partners all over the world © ABB Group January 12, 2017 | Slide 38
© Copyright 2024