Anda di halaman 1dari 32

Safety Instrumented Systems

The Smart Approach

More than ever, running your plant productively and safely requires the right
technologies and experience. With increasingly stringent regulations and
international-standard best practices, safety instrumented systems perform
a critical role in providing safer, more reliable, process operations.

CONTENTS

3 The Emerson Approach to

Safety
From sensor, to logic solver,
to final control element.

4 Safety First

New international standards


are prompting a reexamination of safety practices.

6 The Ideal Safety

Instrumented System
Intelligence embedded in the
SIS loop reduces risk.

8 Sensors for Reduced Risk

Sensors for pressure, temperature, flow and level play an


important role.

10 SIS Final Elements

Final elements with digital


valve controllers deliver
higher reliability and safety.

12 Partial-Stroke Testing for

22 Flexible Architecture for

14 Logic Solver

24 Simplifying IEC 61511

Reliability
Check the valves ability to
perform on demandautomatically.

State-of-the-art logic solvers


support digital communications.

16 Intuitive Software

Industry-leading DeltaV
system software

18 Tough Applications Made

Easy
TV-certified DeltaV SIS function block suite makes implementation easy.

20 The Health of Your Loops


Identifying and predicting
problems is critical.

Any Size
Safety Instrumented Systems
come in all sizes and topologies.

Compliance
The PlantWeb solution.

26 Connecting with Your

Existing BPCS
Increase your plants availability
with a smart SIS.

28 Integrated Yet Separate

True integration with DeltaV


software; complete separation from hardware.

30 Industry Leading Service

and Support
The worlds only IEC 61511
certified project services.

Sensor to Final Control Element,


the Emerson Approach to Safety
Safe operations include many
aspectsmaterial handling
procedures, process
operations and safety
instrumented systems (SIS).
Yesterdays SIS solutions
considered only the logic
solver and left it to your
maintenance organization to
manually test the entire
safety loop. Like you,
Emerson believes its critical
to consider the entire safety
loopfrom sensor, through
logic solver, to final element
as a complete entity.

Now you can minimize the costly


practices of ongoing manual proof
tests with the embedded
predictive diagnostics and the
digital communications of the
PlantWeb architecture.

Complete Solutions
One Source.
When it comes to safety
applications like emergency
shutdown systems, burner
management, and fire and
gas systems, our trained
global professional safety
personnel and project services
organizations have the knowledge
to perform, and expertise to assist
you in, process hazard analysis and
risk assessment along with safety

The Smart Approach

instrumented system design,

Only Emerson Process

implementation, and

Management, an Emerson

commissioning.

business, takes a holistic new


approach by continuously

Emerson provides the only smart,

diagnosing the sensors, logic

easiest-to-use, safety instrumented

solvers, and final elements ability

system for the lowest

to perform on demand as required

lifecycle cost.

The PlantWeb
solution for safety
application is the
complete package.
It considers all
equipment in the
safety instrumented
function as well as
the simplified proof
testing. This will
change the
industry.
Dr. William Goble,
P.E. CSFSE
Exida

for a smart SIS solution.

Safety First
You need to effectively perform hazard
identification, hazard analysis, and risk
assessment studies to develop plans to
address current deficiencies.

IEC 61508
Used by suppliers of safety-related
equipment, IEC 61508 defines a set of
standards for functional safety of
electrical/ electronic/programmable
electronic safety-related systems.

Past solutions for safe


operations may no longer be
sufficient. New international
standards for safety, like IEC
61508 and IEC 61511, are
prompting a reexamination
of safety practices. Planning
is required to meet increased
regulatory requirements
across the globe.

Companies that dont plan and manage


process operational risks face fines,
production outages, equipment damage
and serious injury or loss of life.
With todays technology and best
practices, there is no reason not to put
safety first.
There are key international standards and

Emerson has the broadest range of IEC


61508-certified process safety devices,
from pressure, flow, and temperature
sensors through the logic solver, to final
element.
Process manufacturers who implement
SIS equipment need to do so in
accordance with best practices, as
defined by IEC 61511.

concepts you and your solutions


providers must know to effectively
implement safer operations. Its
important that you work with a supplier
that has safety instrumented system
sensors, logic solvers, and final control
elements that meet IEC 61508 standards
to help you follow IEC 61511

DIN V VDE 0801


DIN V 19250

best practices.

1989

Reduce regulatory compliance efforts.


4

IEC 61511

Emerson delivers a state-of-the-art

The SIS user community has

safety solution that reduces risk

formally collected best practices

and increases process availability.

in safety applications aligned with


IEC 61508. The result of this work
is the new IEC 61511 standard.

ANSI/ISA-84.00.012004
In 2004 the S84 committee of ISA

Only Emerson provides:

formally adopted the IEC 61511

transmitters, valve controllers

standard for use in the USA. The

and logic solvers certified to

two standards are identical except

IEC 61508

for a grandfather clause that the

services certified to IEC 61511

S84 committee added to the

software that simplifies

American version.

adherence to IEC 61511 for


regulatory compliance.
IEC 61508-type data on noncertified devices to help process
manufacturers build prior

This international
standard has two
concepts which are
fundamental to its
application; safety
lifecycle and safety
integrity levels.

use cases.

Key Safety Regulatory Standards


EN 54,Part 2
NFPA 8501
ANSI/ISA S84.01
NE 31
DIN V 19251

IEC 61508
NFPA 8502

IEC 61511-3
IEC 61511
ANSI/ISA S84

1992

1995

1998

2001

Global Safety
Standard

2004

The Ideal Safety


The ideal SIS takes a new
approach to help you
reduce risks and use the
intelligence embedded in
the total SIS loop:
sensors, logic solvers,
and final control
elements to increase
safety.

42%Sensor
malfunction

8%Logic solver
malfunction

50%Valve malfunction
Because the majority of malfunctions in safety
applications occur in the devices, increased logic
solver reliability does not significantly improve
the reliability of the entire safety loop. Data
intrepreted from the Offshore Reliability
Database (OREDA).

Risk reduction
The ideal SIS begins and ends with
field devices. Smart field devices:
monitor the entire SIS loop from
sensor through the final
control element
provide non-disruptive actuator
partial-stroke testing and
spurious trip prevention
proactively communicate
maintenance alerts from
intelligent sensors and actuators
support advanced diagnostic
capabilities for sensors,
logic solvers and final control
elements for both self-test and
detection of abnormal situations
in the surrounding process.

Easier regulatory
compliance
The ideal SIS, including sensor,
logic solver, and final element, is
designed in accordance with IEC
61508 and is TV or FM certified*.
To help you address the IEC 61511
standard more easily, an ideal SIS
should have:
safety logic signature
authorization
change management of safety
logic and field device
configuration/calibration
security authorization of online
trip point or bypass changes.

minimizes risky manual final


element testing through
automatic periodic testing
reduces operator response time
with advanced alarm
management
manages bypasses during
startup sequences.

Basic Process Control System (BPCS)

Digital Communication

Increased availability
An ideal SIS increases the availability of an operating process. It:
increases system availability
through redundancy as required

Safety with less risk and increased avail


6

Instrumented System
Reduced project capital
With pressure on process
manufacturers to increase their
return on capital, the ideal SIS
reduces the engineering and
installation effort by:
simplifying safety logic
development and testing with
powerful certified function
blocks
being certified for use in SIL 1, 2
and 3 applications without
restriction
providing a flexible architecture
for centralized or decentralized
deployment
providing embedded simulation
to fully test safety logic before
deployment

Safety Instrumented System (SIS)

Discrete Signal

On-o
off

integrating BPCS and SIS data


without mapping or
handshaking logic while keeping
these functions separate per IEC
61511
providing common engineering
tools for the BPCS and SIS.

Reduced operations and


maintenance costs
Like capital budgets, operating and
maintenance budgets are under
constant pressure. The ideal SIS
reduces operations and
maintenance costs by:
providing a common
engineering and operator
interface for both BPCS and SIS
synchronizing time and
collecting events between BPCS
and SIS
performing continuous diagnostics and periodic testing of
sensors and final control
elements.
Its important to consider ongoing
support when multiple suppliers
are involved. When one supplier
has the full range of products and
services for your BPCS and SIS, you
have only one place to go for the
answers and support you need.

The traditional implementation of


Basic Process Control Systems and
Safety Instrumented Systems fails to
consider the entire safety loop,
requiring extra maintenance effort.

ability.

Todays safety
systems need an
integrated safety
approach where
transmitters are
part of the safety
system and
perform
autocalibration,
diagnostics,
validation and
remote monitoring,
connecting with an
intelligent fieldbus
such as HART or
Foundation
fieldbus.
Wayne Labs,
CONTROL Magazine,
May 2005

*Certified by a 3rd Party such as TV.

Smart Sensors Provide


Sensors for pressure,
temperature, flow and
level play an important
role in your risk
reduction strategy. Its
important to consider
improvements in
measurement
technology as well as
installation and
maintenance practices.
The health of your safety loop is
only as reliable as the weakest
component. With discrete
measurement switches, you get a
level of safety, but these devices
are susceptible to failure
without warning.
Switches have few failure modes,
but almost all are dangerous and
undetectable. Regular proof
testing is thus requiredthese
tests can themselves introduce risk
because they are manual and
require strict adherence to
procedures and they put
maintenance personnel in
hazardous locations.

Smart devices deliver


predictive diagnostics
By replacing switches with
transmitters, you take the first step
towards reducing undetected
failures. Smart transmitters have
far fewer dangerous undetected
failures than switches. In addition,
the latest generation of smart
measurement devices extend the
embedded diagnostics beyond the
device and into the process.

Extended
health diagnostics
Todays leading smart
transmitters, like Emersons
Rosemount and Micro Motion
devices, go beyond
detecting component failures.
They evaluate the performance of
the complete measurement
system, extending diagnostics to
detect formerly undetectable
dangerous failures outside the
physical bounds of the
transmitter providing
both transmitter and process
diagnostics.

IEC 61511 defines two approaches


for selecting the right device for
your safety measurements. Both
methods have merit and are used
extensively.

Prior use
This method requires
that you have
sufficient failure data
to be able to
investigate and
calculate the
probability of
failure on demand
and the safe failure
fraction. As the
leading field
device supplier,
Emerson can
provide the reliability
data you need for
these calculations.

The end result is greater credit


for failure on demand calculations,
easier compliance with
IEC 61511, higher safe failure
fractions, less redundancy, and less
proof testing, less often.

Increased diagnostics decreases risk.


8

Both Transmitter and Process Diagnostics

AMSTM Suite: Intelligent Device Manager


provides the means to identify and correct potential transmitter problems.

This method provides you with


more transmitter choices at the
cost of maintaining databases to
provide evidence of prior use per
IEC 61511.
This approach requires extensive
tracking managementa laborious
task.

Designed to IEC 61508


Temperature and pressure
transmitters from Rosemount and
flow transmitters from Micro
Motion change all of this. These
are standard BPCS sensors that can
be used in safety applications. Now
you can get Emerson reliability in a
certified transmitter.

Most of these
diagnostics can be
performed only in
the field devices
themselves, and not
through higherlevel expert or
abnormal situation
management
systems, because
they require
extremely high
speed resolution
and accuracy.
Steve Brown
E.I. duPont de
Nemours & Co.
Chemical Engineering
Magazine, July 03

Sensors are one key piece in the


ideal safety system. Final elements
are the next critical piece.

SIS Final Elements Del


The next step in the ideal
SIS is to equip the final
elements with digital
valve controllers that
provide the diagnostics
to extend the proof test
interval, while delivering
higher reliability and
safety.
Manual testing
Process manufacturers have gone
to great lengths, adding bypass
valves, manual jamming devices,
and expensive pneumatic panels
to facilitate proof testing of final
control elements.
Beyond the increased capital
expense, safety valve testing often
involves the installation and
subsequent removal of
mechanical valve interlocks.
This can expose maintenance
personnel and operators to
hazardous locations in the
process. And if the interlocks are
not removed after the testing, the
performance of the safety
instrumented system may
be severely compromised.
The majority of plant incidents are
caused by personnel and

procedural error, so removing the


need for manual proof tests while
maintaining the overall SIS
integrity is key in SIS applications.

FIELDVUE digital valve


controller
FIELDVUE digital valve controller
instruments provide automated
performance monitoring and
testing by enabling remote partial
stroke testing while the safety
valve is online. This keeps
personnel safely away from the
valves locations. The FIELDVUE
DVC6000 for emergency
shutdown solutions is TVcertified for use in SIL 3
applications.
FIELDVUE instruments have
extensive diagnostics to monitor
travel deviation, pressure
deviation, valve packing friction
and more. Information is
communicated back to the DeltaV
system and the AMS Device
Manager software.

SIL-PAC solution
The Emerson SIL-PPACTM
final element solution uses
Emerson actuators controlled
by the FieldVUE DVC6000
ESD to operate the valve. These
include the Bettis G and CBAseries, HyTork and El-O-MaticTM
actuators currently used in many
ESD type applications.

Proven in safety applications for


many years, the Bettis actuators
are certified for use in SIL 3
applications when periodic
partial-stroke testing is
performed.

Reduce final element risk.


10

iver Higher Reliability and Safety


The SIL-PPAC final control solution
is valve neutralmeaning that it
can be mounted on the safety
valve that best meets your
application requirements.
From 350 inch pounds of torque
to over 13 million inch pounds,
SIL-PPAC options include:
ASCO solenoids for redundancy
local shutdown options
configurable closing/
opening times

diagnostic/configuration tools
unusual and severe types of
services.
With the SIL-PPAC solution from
Emerson, you get the flexibility,
reliability, and functionality you
need to meet your requirements
and support your installation
throughout its life.

AMS Intelligent Device Manager with the ValveLink


Snap-On application makes troubleshooting devices
from a remote location easy and safe.

The principal
sources of faults
have remained in
the field; we need
to recognize and
eliminate these failures at the source.
Erik R. Bruyn
ExxonMobil Refinery

The Role of
Instrumentation in Plant
Asset Management
International
Instruments Users
Assoc., Apr 03, Hague,
The Netherlands

The FIELDVUE instrument automatically


checks the condition of the final control
element during each partial-stroke test.

11

Partial-stroke Testing For


Safety valves equipped with Emersons FIELDVUE DVC6000
perform partial-stroke testing, automatically checking the
valves ability to perform on demand.
Less risk

During each partial-stroke test,


pneumatic supply, actuator
pressure, and valve position are
tested to verify whether the valve
components will perform.
This partial stroke testing
provides:
less human error
better maintenance practices
better documentation
less risk.
Theres no more guessing when
a safety valve needs to be
maintained. You have a better
understanding of the overall
electro-mechanical condition of
the valve.

Automated partial stroke testing


in the FIELDVUE DVC6000 and the
AMS Device Manager software
application keeps operators and
maintenance personnel away
from the field while extending the
time intervals between full-stroke
tests and providing confidence
that the valve will perform on
demandreducing personnel
and operational risk and the
risk of trips.

Better maintenance
practices
A valve signature generated
during the partial-stroke test
provides your maintenance
personnel with insight into:
valve friction
air-path leakage
valve sticking
actuator spring rate
inherent diaphragm
pressure range.

This information gives your


maintenance personnel the ability
to schedule repairs rather than
having to react to unexpected
failures. Determining when a
safety valve needs to be
maintained is no longer a
guessing game.

Better documentation
The FIELDVUE instrument receives
scheduled partial-stroke test
commands from the logic solver
and applies a time and date
stamp to each partial-stroke test.
This information is automatically
saved on a workstation, making
your regulatory compliance
efforts much easier.

Drag-and-drop configuration.
12

Reliability
Partial stroke test on a
problem valve.

AMS Device Manager with the


ValveLink snap-on application automatically generates detailed reports of
the partial-stroke test for regulatory
bodies. Valve testing reveals the need
for scheduled maintenance.

Its not only


possible to check
valves, but we can
also do so more
safely, at less cost,
and with greater
efficiency.
Patrick Flanders
Saudi Aramco

In addition, thorough
documentation of each test is
maintained per regulatory
requirements.
The right sensors, final elements,
and AMS Device Manager build a
strong foundation for the next
element in the smart SIS, the
logic solver.

13

Logic Solvers Continu


Bulky logic solvers and
multiplexers can now
be replaced with stateof-the-art logic solvers
that support digital
communications for
continuous health
monitoring of every
complete Safety Instrumented Function (SIF).
The DeltaV SIS
While other safety system
suppliers focus only on the logic
solver, the Emerson smart SIS
solution considers the entire SIF
to increase safety while
decreasing spurious trips, thereby
increasing reliability from sensor
to final element.
The SLS 1508 logic solver, built for
digital communications with
safety sensors and final elements,
uses the power of predictive field
intelligence to increase the overall
reliability of the entire safety
instrumented function.

It is TV-certified for use in SIL 1-3


rated safety applications as
defined by IEC 61508 and firedetection and alarms as defined
in ENS4-2.

SLS 1508 logic solver


Key capabilities of the SLS 1508
logic solver include:
24V DC redundant power
16 channels per logic solver in
any combination of HART AI,
HART two-state output, DI, DO
line fault detection on all I/O
separate I/O processor and
redundant CPUs
50msec execution
downloadable on-line
flexible architecture
-40 to 70C temperature
rating
ISA G3 (corrosive environment
rating)
NAMUR NE21 electromagnetic
compatibility rating

Redundant logic solver


You can increase the availability of
your process with a redundant
pair of SLS logic solvers. The two
modules work in parallel with no
concept of master/slave. This
ensures bumpless transfers, and
allows automatic online proof
testing of the logic solvers.

Higher process availability through imp


14

ously Monitor Health of Every SIF

For greater process


availability, the SLS
1508 logic solvers are
optionally redundant.

We installed
DeltaV SIS in our
critical distillation
heaters during our
latest turnaround.
We plan to install
more in our refinery
as we continue our
modernization
program.

Smart logic solvers


continuously monitor
loop health and perform
partial-stroke tests.

Cornel Cirligeanu,
Rominserv
Electrical & I&C
Division

roved diagnostics.
15

Intuitive Software

All of the DeltaV systems


ease-of-use advances like
plug-and-play hardware,
drag-and-drop, and
explorer-based software,
are built in to the DeltaV
SIS software.
A full palette of TV-certified
smart function blocks designed
specifically for DeltaV SIS functions
is available. Special blocks like
MooN voter blocks with bypass
management reduce what used to
be pages and pages of ladder to
engineer, test, and commission
into a simple drag-and-drop
specification activity. Easy
maintenance with less complexity
reduces your life cycle costs
and risks.

All of the function blocks are


certified by TV for safety
applications.
Other capabilities making the
DeltaV SIS software intuitive
include:
built-in sequence of events
handler with automatic first-out
trapping
built-in bypass handling
built-in override bundling
automatic compliance to
IEC 61511 standard.
off-line simulation
built-in alarm state engine per
EEMUA 191 standard
optional operator interface.

Drag-and-drop from voter paletteeasy.


16

and Powerful Function Blocks

Powerful function
blocks deliver engineering
savings and operational benefits.
Voter simplifies device upset and
diagnostic condition handling to avoid
spurious trips while automating bypass
management.
Cause and Effect Matrix (CEM) block
greatly simplifies the logic solver
configuration.
Step Sequencer saves hours of
engineering over conventional ladder
logic approaches.
State Transition Diagram provides
simple fill-in of state, transition
inputs, and desired outputs saving
hours of engineering.

High comprehensibility of the


programmed
functions is the
ultimate ambition
of safety-related
programming.
Therefore, there is a
need for a precise
and compact program structure and
representation.
Dirk Hablawetz
BASF AG
The Practical use of
the international
standard IEC 61508
TViT Conference,
Jan 03, Augsburg
Germany

17

Tough Applications
With the rich TVcertified DeltaV SIS
function block suite, the
toughest safety
applications can be easily
implemented.
SIS applications
Consider a typical example likely to
be found in every plant.
You have an application and need
to monitor level (triplicated
measurement) and take action in
the event that the pressure (2oo3)
is too high. Given the application,
you need to be sure that the valve
will perform on demand. You need
to change the test frequency of
your SIF from six months to the
turnaround scheduled every
four years.
There are key requirements for
your safety logic:
Trip the plant if two of the level
measurements exceed the trip
limit.
Generate a deviation alarm if
any of the level inputs deviates
from the others.
Provide user interface display
where all active bypasses are
listed for management by
operators.

If any of the measurement


devices reports bad status,
then generate an alarm
indicating that the SIF is
running in degraded
mode (2oo2) and remove
the device from the voting
logic.
Be able to configure trip
limits, deviation
percentages, pre-trip
alarm, degradation
behavior and start-up
All of the functionality described on this page can be
overrides.
implement with this simple configuration.
Monitor the performance
of the valve by partially
stroking it every month to
With Emersons smart SIS solution
ensure it will perform on
for safety applications, this is easy.
demand. Send an alarm to
With Rosemount and Micro
operations and maintenance if
Motion transmitters, DeltaV SIS,
the partial stroke test fails or
AMS Intelligent Device Manager
another advanced diagnostic
and Fisher DVC, the architecture is
alert is detected.
in place. With the patent-pending
Allow bypassing during startup
DeltaV SIS voter and partial-stroke
with all SIS bypasses being
test function blocks, configuration
reported on an SIS or BPCS
of this logic is a few mouse
display.
clicks away.
Set bypasses to automatically
remove after a configurable time
period.
Provide warning to the operator
an appropriate time before a
bypass is automatically
removed.

Experience on which you can rely.


18

Made Easy
Fast configuration
with cause-and-effect
matrix functions
Traditional SIS project
requirements are typically defined
using cause-and-effect matrices
(CEM). Once approved, these are
often translated into logic
diagrams and ultimately into
ladder logic of the selected
supplier. No morewith the CEM

function block, the cause-andeffect diagrams can be deployed


directly in the logic solver. The
CEM table executes as it is
presented.
Documentation is easy, since the
CEM configuration is the logic that
executes.

CEM logic is configured per WYSIWYG:


what you see is what you get. End user
requirements are executed as
documented eliminating project
phases and risks associated with
implementation errors.

While developing
the concept of the
safety instrumented system, the
aspect of maintenance and startup
should be taken
into consideration.
Possibilities for
easy check and
access to all
components should
be kept in mind
while designing the
system.
NE31 Standard

19

The Health of Your


Identifying and
predicting problems in
the sensors, logic solvers,
final elements, and the
surrounding process is
critical. Sending this
information quickly to
the people who can take
corrective action is
equally important.

1 Detect
Detection starts at the process.
Only Emersons PlantWeb
architecture for safety applications
continuously monitors loop and
process health.

2 NarrowCast
Should a problem be detected in a
device or the supporting process,
a PlantWeb alert is generated.
This alert travels to the logic
solver, which is configured to
narrowcast the alert to the
appropriate personnel and the
maintenance system.
In some cases, it is desired to
direct the alarm/alert to the
personnel who man the
planttwenty-four hours, seven
days a week such as the
operators of the BPCS. This is
done via drag-and-drop
configuration. In addition to
identifying the alert as a safety
alert, the operator is provided
with information identifying the
root cause of the problem, with
context sensitive guidance for
corrective measures.
In other cases, it is desired that
all safety personnel be alerted
to every safety alert. Emersons
Messenger software is the
solution. Emersons Messenger
software uses web services to
deliver PlantWeb Alerts to the
maintenance personnel
responsible for solving the

problem via email, phone,


pager or SMS. These timecritical alerts can be sent via
XML to your Computerized
Maintenance Management
System (CMMS) to generate
work orders automatically.
With the optional SIS Reporting
Messenger plug-in, detailed
SIS diagnostic test results from
actuator partial-stroke tests,
sensor tests, and SIS loop
health tests are automatically
transmitted via email or
printed to satisfy regulatory
reporting requirements.

3 Diagnose and correct


With notification delivered to the
right people, the AMS suites
Intelligent Device Manager
software provides quick access to
detailed device diagnostics.
The bottom linethe PlantWeb
architecture provides a platform
for more reliable safety
operations, from early detection
through notification and
correction.

Realtime information when and where


20

Loops

2 NarrowCast
Critical alerts can be sent directly
via email, pager or phone.

3 Diagnose and correct


With AMS Intelligent Device
Manager, device health can be
determined remotely.

1 Detect
Smart field devices send critical health
information to the right people at the right time.

Monitoring the
health of the
instruments in an
isolated environment like ours gives
us the ability to find
out whats wrong
before we send
somebody out to
the field and thats
very important
given our limited
staff. Being able to
monitor the health
of the equipment,
positions us to be
proactive with our
maintenance
programs. This
helps us improve
our overall process
availability.
George Cushon,
OPTI Canada Inc.

it counts.
21

Flexible Architecture
Applications that require safety instrumented systems to
reduce risk come in all sizes and topologies. You need an
SIS offering that can handle the smallest to the largest
application and one that has the flexibility to address
widely distributed architectures.

Flexible architecture
Whether you have an isolated
boiler or a large ESD application,
DeltaV SIS scales to provide you
with the safety coverage you
require for your SIL 1, 2 and 3 SIFs.
Unlike other approaches, the
modular logic solver hardware
scales in steps of 16 configurable
I/O. This means you automatically
add memory and CPU every time
you add a logic solver. The days of
running out of memory or CPU
power are over.
The architecture of DeltaV SIS
allows you to concentrate on the
design of each SIFeach logic
solver is a container for a small
number of SIFs and there can be no
unplanned interaction between

them. This is very different from


the traditional approach where
hundreds of SIFs are all placed in a
single safety PLC
and the effect of changing a single
register could affect all of the logic.
DeltaV SIS scales as the number of
SIFs scalessimply add logic
solvers to contain more safety
functions with no impact on the
performance of the existing
system. On a large plant these
logic solvers can be placed in
nodes close to the process unit
being protected; an intuitive
design with fewer opportunities for
maintenance errors that has the
added advantage of wiring savings.

Given this scalability,


DeltaV SIS is ideally suited
for all safety applications
up to SIL 3: small burner
management applications,
large ESD and fire and gas
applications.

Completely integratedready to deploy.


22

for Any Size


Configuration Workstation may optionally be
used for SIS Alarm Management, Operator
Interface and/or Device Maintenance.

Ethernet configuration network


SISnetA redundant fiber optic
network spanning kilometers.

The scalability of
it really impresses
methat you can
put in one module
for just a few
loops, or you can
build a complete
safety system.
Global Chemical
Producer

DeltaV SIS easily scales to fit


the size and distribution of
your safety applications.

23

Simplifying IEC 61511


The PlantWeb solution
for safety applications
has been designed to
assist customers in
following the IEC 61511
standard for SIS
deployment.
DeltaV SIS helps to automatically
document and simplify your
compliance with this international
safety standard, along with
additional regulatory requirements
particular to your operating
region.
Not only will the upfront costs of
engineering, installing and
commissioning your system be
lower, but so will the ongoing
maintenance and management
costs to satisfy your safety and
regulatory requirements.

The Audit Trail automatically


records changes to a devices
configuration and includes the
following information for each
event:
date and time of the event
user who made the change.

Engineering
The DeltaV SIS reduces your IEC
61511 compliance efforts by
incorporating our experience of
satisfying tough regulatory
requirements for change
management.

Compliance is simplified with AMS Device Manager Audit Trail.

All changes to the DeltaV logic


solver configuration including
details of the change, who made it,
and when it was made, are
automatically captured.

Audit Trail

Maintenance
Complying with the verification
and documentation requirements
of IEC 61511 is simplified with the
AMS Device Manager Audit
Trail software.

Change
Changes are automatically
captured with embedded version
control and audit trail.

Edit

Easier regulatory compliance.


24

Compliance
Operations
Should an emergency stop be
required for the application, two
mechanisms may be used. You
may hard-wire a physical ESD
(emergency shutdown) mushroom
button to the I/O of a logic solver.
If, instead, you choose to soft-wire
an emergency shutdown button
from a graphic on the Operator
Workstation then you will need to
ensure that the communications
are secure. In keeping with IEC
61511, DeltaV SIS requires a
repeat confirmation on the
emergency shutdown action
before it will take effect
protecting the logic solver
functionality. This repeat
confirmation is automatically
executed for every on-line
command from all Workstations to
every logic solver, including
operational functions that require
data security such as bypasses and
trip limit changes.

For example, any bypass is


automatically flagged in the
operator interface and logged in
the event journal file.
The bottom line: built-in
capabilities in the PlantWeb
architecture, such as repeat
confirmation, change
management, download control,
device audit trail and others,
reduce the IEC 61511
compliance challenge.

DeltaV SIS was


best suited for our
safety shutdown
applications
because of its
modularity,
integration with
the control system,
and safety loop
diagnostics.
Steve Schmitz,
Rohm and Haas

Other capabilities have


been added to ensure safe
operation and maintenance
of your SIS.

25

Connecting with Your Existing


No matter what DCS or PLC you are using
as your basic process control system, you
can increase your plants availability using
Emersons smart safety instrumented
solution.

Reliable,
proven integration
With the advent of open
standards, integration of BPCS
and safety instrumented systems
has become easier. The OPC
standard introduced in 1996
provides an excellent mechanism
for high data transfer rates in realtime from an SIS to a BPCS. For
those with smaller data transfer
needs, the Modbus protocol may
be an alternative.

OPC integration
OLE for Process Control (OPC) has
become the de facto standard for
communications between
disparate systems in the process
industries. DeltaV SIS connects
with your legacy BPCS via OPC.
All operating and event
information is available to your
operator interfaces and history
collection software using an OPC
interface.

OPC Data Access (DA) provides


real-time data integration. With
Emersons field-proven OPC
Mirror, data from DeltaV SIS is
easily mapped into the OPC
Server of the installed BPCS.
Completing the integration is
OPC Alarms and Events, which
provides a means to include SIS
alarms and events into your
selected plantwide event
historian.
An excellent event collection
candidate for this function is
Emersons PlantWide Event
Historian, which provides a SQL
database for collecting timestamped events from multiple
sources into a single enterprise
event historian.

Modbus integration
Modbus may also be used to
interface the SIS and BPCS.
Modbus brings the advantage of
familiarity to most users, as
well as the comfort of
decades of proven reliability.

Modbus is often used


for communicating
process-related data
between SIS and BPCS,
while OPC is perfectly
suited to transferring
large amounts of SIS
data to be presented
on the BPCS displays.

Integration services
Our global solutions organization
has a long history of providing
these integration services if you
require them.
And since Emerson has offices
around the globe, we can provide
the ongoing support you need to
maintain efficient operations.
Bear in mindunlike the
integrated Emerson solution
shown on Pages 28 & 29these
traditional connectivity methods
require manual change
management procedures and
costly ongoing support.

Connect with your existing system


26

Basic Process Control System (BPCS)

OPC DA and OPC A/E may be


used for real-time and alarm
integration, respectively.

Redundant servers provide


increased availability.

OPC Mirror allows data to


be mapped between BPCS
and DeltaV SIS.

The standard OPC


communication
protocol built into
the DeltaV system
will make interfaces
between the
various network
applications
seamless.
David Greer
Shell Philippines
Exploration B.V.

Traditional Modbus may also be used.

easy.
27

Integrated Yet
If you already have a
DeltaV system or are
considering the DeltaV
system as your BPCS, the
DeltaV SIS solution
provides the true
integration youve
always wanted between
your BPCS and SIS, with
the separation required
by IEC 61508 and IEC
61511 standards.

Architecturally
independent
The PlantWeb architecture for
safety applications fits easily with
your DeltaV BPCS. Perfect for
applications requiring SIS risk
reduction on only a few loops, the
DeltaV logic solver can be present
on the same carrier as a standard
DeltaV module. The power
supplies, communication
channels, hardware, and real-time
operating systems are completely
independent of the standard
DeltaV cards and the DeltaV logic
solver, maintaining the separation
required by IEC 61508.
All operations, engineering and
maintenance functions for the
two systems are integrated
including:
alarm handling
configuration
time synchronization
user security
device health monitoring.
The integrated configuration
environment simplifies and
streamlines the engineering
effort. This integrated approach
eliminates time-wasting, difficult
to maintain data mapping, and
handshaking logic that is
common in existing solutions.

SIS information can be


displayed and alarmed
like any BPCS data.

Operators have one common


operating environment for both
the DeltaV BPCS and DeltaV SIS to
more effectively operate
the plant.
Unlike any other SIS solution;
engineering, operating, and
maintaining the DeltaV
integrated- yet-separate
architecture is easy.

Easier to configure and maintain.


28

Separate

DeltaV BPCS and SIS are


configured and operated
with the same software.

As data-driven
systems become
larger, making
more extensive use
of data, the
identification and
management of
data integrity
becomes a
significant factor in
the demonstration
that the required
system integrity
has been achieved.
Alastair Faulkner
CSE International Ltd.

With separate power supplies and TV approved


dedicated safety networks, SIS and BPCS components
may be mixed in the same cabinet for smaller applications.

29

Industry Leading Ser


Differentiated safety
services
Emerson has extensive global
coverage for MAC (Main
Automation Contractor) services
worldwide. These services include
all aspects of your automation
project from concept through:
Proven scalable project process
for Integrated Control and
Safety System to MAC scope

Emerson leads the


industry in providing
services throughout the
lifecycle of your
operations, no matter
where you operate on
the globe. From project
planning, through plant
commissioning, to
optimizing and
supporting your
operations, Emerson
has the experience you
can depend on to
be successful.

Emersonproven
experience
Safety instrumented systems play
an important role in your overall
process automation strategy.
Emerson Process Management, a
global leader in process
automation, delivers the
technology and expertise required
for safer, more reliable operations.
With a heritage of financial
strength, Emerson has the stability
to invest in the technologies
required to help you reduce risk in
your process, while lowering the
costs. Emerson is the global leader
in transmitters and actuators with
online, self-testing capabilities
keys to a more robust SIS solution.

Certified compliance by TV
to IEC 61511 best practices:
Services covering the entire
lifecycle from conception to
decommissioning
Global coverage with same
IEC 61511 practices in place
Emerson certified field safety
engineers available in your
locale for the support and
maintenance of your SIS.
Emerson Process Management
has the technology, expertise, and
experience for your process
automation and safety needs.

EmersonConsider it solved.
30

vice and Support

Emersons project
execution
capabilities were a
critical part of our
projects success.
David Whitehead
Clough Engineering

Emerson can help you at any stage of the


IEC 61511 Safety Life Cycle.

31

Customers who have requested this brochure have also requested the
following brochures:

SIL-PAC TM Valve Automation Solution For


Safety Systems brochure
Visit: www.EmersonProcess.com/
valveautomation/bettis

FIELDVUE Instruments brochure


Visit: www.EmersonProcess.com/fisher

SureService brochure
for maximum return on your automation
investment throughout its lifecycle.

Visit: www.SureService.com

Project Services brochure


when success is the only option, call upon
Emerson experts.

Visit: www.EmersonProcess.com/
solutions/projectservices

As a core element of the


PlantWeb digital architecture,
the DeltaV systems makes
controlling your process easy.

The contents of this publication are presented for informational purposes only, and while every
effort has been made to ensure their accuracy, they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or
applicability. All sales are governed by our software licensing agreement and terms and conditions, which are available upon request. We reserve the right to modify or improve the designs or
specifications of our product and services at any time without notice.
2005 Fisher-Rosemount Systems, Inc. All rights reserved.
The Emerson logo is a trademark and service mark of Emerson Electric Co.
PlantWeb, DeltaV, the DeltaV design, SureService, the SureService design, Emerson Process
Management and the Emerson Process Management design are marks of one of the Emerson Process
Management group of companies. All other marks are the property of their respective owners.

Emerson Process Management


12301 Research Blvd.
Research Park Plaza, Building III
Austin, Texas 78759 USA
T +1 512.835.2190
F +1 512.832.3443
www.EasyDeltaV.com

Form B-00003 / Printed in USA / 15K AQ / 10K A4 / 12-05