Luis Duran Product Marketing Manager Safety Systems Dec

Luis Duran, Product Marketing Manager Safety Systems, Dec 2011 Another look at Integrated Safety What is it again? © ABB Group October 31, 2020 | Slide 1

Agenda © ABB Group October 31, 2020 | Slide 2 § Access to critical information for efficient decision making § Independent Protection Layers § Interface vs. Integrate § Safety Standards and Integration § Advantages of Integration over Interfaces § Integration of Field Devices and Final Elements § Effective response to Abnormal Conditions § Human Factors, the engineering responsibility § Conclusions

Is about access to information… © ABB Group October 31, 2020 | Slide 3

Seamlessly and in context © ABB Group October 31, 2020 | Slide 4

From Independent Protection Layers (IPL) § § § Each IPL must independently protect against the hazard they are designed to safeguard Hazard occurs when a layer fails to respond to the process demand Objective of SIS IPL must be maintained Plant response Community response Containment Dike, Bunker, etc Safety relief valve Rupture disk, etc Automatic SIS Operator Intervention Process variable © ABB Group October 31, 2020 | Slide 5 SIS ALARMS BPCS

Functional and independent systems shouldn’t mean. . . © ABB Group October 31, 2020 | Slide 6

Interface Control & Safety System! Why ? Plant response Community response Safety System Containment Dike, Bunker, etc Interface Safety relief valve Control System Rupture disk, etc Automatic SIS Operator Intervention Process variable © ABB Group October 31, 2020 | Slide 7 SIS C Physical Separation ALARMS BPCS S

What is an Interfaced Control & Safety System? Remote Clients Engineering Workplace System Servers Control Network Process Automation Safety Communication Interface SIS operation shall not be dangerously affected by Failures, Operation or Maintenance of the BPCS © ABB Group October 31, 2020 | Slide 8 8

What are the requirements for such “Interface”? Integrated Control and Safety Systems (ICSS) Bypass & Override Management of Change Audit Trail Safety Related Alarm & Events Engineering Workplace Access Control Workplace SIS Health Information Engineering System Servers Workplace System Servers Control Network Process Automation Write Protection Safety Module Bus Operation Confirmation © ABB Group October 31, 2020 | Slide 9 Additional Information on TUV Cooperation Website www. tuv-fs. com

IEC 61511 Part 1, 9. 5. 1 § The design of the protection layers shall be assessed to ensure that the likelihood of § common cause, § common mode § and dependent failures § between protection layers § and between protection layers and the BPCS § are sufficiently low in comparison to the overall safety integrity requirements of the protection layers. § The assessment may be qualitative or quantitative. Source: IEC 61511 © ABB Group October 31, 2020 | Slide 10

From IEC 61511 Part 2 § Diversity of design and physical separation are two effective methods of reducing the likelihood of common cause failures. § This is usually the preferred approach. § 9. 5. 2 § § physical separation will reduce the impact of common cause failures due to physical causes. 11. 2. 4 § Physical separation between BPCS and SIS may not be necessary provided independence is maintained, and the equipment arrangements and the procedures applied ensure the SIS will not be dangerously affected by failures of the BPCS; Source: IEC 61511 © ABB Group October 31, 2020 | Slide 11

The Advantage of Integrated vs. Interfaced © ABB Group October 31, 2020 | Slide 12 § Potential common cause are analyzed and minimized during the design phase by the product development team and independently reviewed by the assessor during the certification of the product § Access control is implemented as a standard off-the shelf feature including write protection and bypassing and override mechanism § Integrated testing is performed during the design validation and verification test, which includes also Network Security as part of the test protocol § Version control, compatibility and interoperability testing are all part of the release procedure

Security System Security And Embedded Firewalls § § © ABB Group October 31, 2020 | Slide 13 Provides functions for protection of SIL classified applications in AC 800 M HI Controllers § SIL Access Control and Authorization § Force Control / Override Control / Bypass Management § Confirmed Online Write / Confirmed Operation Embedded firewalls and confirmation procedures protect the SIL application from inadvertent / accidental control actions

Security Roles & Responsibilities § High flexibility Operate BPCS Operate SIS Engineer BPCS Engineer SIS © ABB Group October 31, 2020 | Slide 14 X X Safety Engineer Restriction of access to the SIS (operation and engineering) Process Engineer § Safety Operator Users can be assigned with different permissions according to their responsibilities Process Operator § X X

Built in familiarity. . . to minimize human error Changes after commissioning 21% Installation & commissioning 6% Operation & maintenance 15% Specification 43% ISA-84. 00. 01 -2004 part 2: “Identical separation between the SIS and BPCS!!may have 58% some advantages in design and maintenance because it reduces the likelihood of Design & maintenance errors. ” implementation 15% Source: Out of control: Why control systems go wrong and how to prevent failure HSE Books © ABB Group October 31, 2020 | Slide 15

Systematic Capabilities § Concept developed for systematic safety integrity compliance for elements and sub-systems § Replaces the term: “effectiveness against systematic failure” § Measure on a scale 1 -4 that the systematic safety integrity of an element fulfills the given safety function § Considering the instructions stated in the safety manual Source: IEC 61508 Clause 7. 4. 7. 6 © ABB Group October 31, 2020 | Slide 16

Safety Layer Architectural design to meet target SIL requirements Sensors © ABB Group October 31, 2020 | Slide 17 Logic Solver Actuators

Certified Field Devices, what’s wrong with the old one? IEC 61508 certification or “Proven in Use” § Less risks or “Proven in Use” solution? With this certification users can use transmitters in safety loops § © ABB Group October 31, 2020 | Slide 18 The IEC 61508 certification, issued by TUV NORD, allows installation up to SIL 2 (1 oo 1) and SIL 3 (redundant conf. ) § No Hardware Fault Tolerance (HFT=0) § For more critical application use 268, i. e. the only product on the market with redundant measurement, certified Hardware Fault Tolerance 1 (HFT=1)

Emerging Digital Fieldbus requires Certified systems, network, devices and final elements Operation Engineering Operation Proprietary SIS Network Logic Solver Engineering Asset Management HSE Fieldbus Logic Solver Conventional Hardwired I/O © ABB Group October 31, 2020 | Slide 19 H 1 Fieldbus

HART and Asset Management/Asset Integrity Partial Valve Stroke example § SIL 3 ESD safety valve controller § Enable integrated PST functionality § Launching a PST § Manual (DTM) § Local buttons § Analog Output (set to 16. 4 m. A ) § Scheduler (DTM) © ABB Group October 31, 2020 | Slide 20

What are the benefits of ICSS to Operations? Better response to abnormal conditions § Integrated control and safety system implementations enable end-users to fully leverage the capabilities on the BPCS (800 x. A) § Information Management § Reporting § Alarm Management § Sequence Of Events § Asset Optimization § Engineering § Etc Integration must be designed to avoid Common Cause Failures © ABB Group October 31, 2020 | Slide 21

Thanks to a Common Operation Environment… …Operator can take timely action Monitor the Process and respond to Abnormal Conditions © ABB Group October 31, 2020 | Slide 22

More Efficient and Effective Troubleshooting Safety relevant information is readily available § Alarms, Events, Audit Trail, and SOE displays for root cause analysis § Real-time information § Standard functionality for inhibiting of specific safety functions § Status supervision of Safety System Elements § Flexible Report Creation and Scheduling § © ABB Group October 31, 2020 | Slide 23 Valve Leak Test, Verification, Automatic Shutdown Reporting, SIL status

It’s all about safe operations… If you think safety is expensive… It is critical for an operator to sustain a high level of alertness and understanding of the progress through the production cycle during the slow times and, at the same time, have real -time access to critical information in context to be able to make correct decisions immediately when circumstances dictate. This is the challenge operators face in the process industries and the reason why operational errors are the highest single cause for unscheduled slowdowns and shutdowns. Source ARC View June 2011 Improving Operational Performance by Improving the Operator Experience © ABB Group October 31, 2020 | Slide 24

What about safety standards? Is already in IEC 61511, 11. 7. 1. 1 § The operator should be given enough information on one display to rapidly convey critical information. § Display consistency is important and § § methods, § alarm conventions § and display components used should be consistent with the BPCS displays. Source: IEC 61511 © ABB Group October 31, 2020 | Slide 25

Are ICSS Good, Bad or Ugly? Advantages and Challenges § Lower engineering & lifecycle cost § Increased risk of common cause failures § Lower training & maintenance expenses § § Easier time synchronization Need careful design to ensure that BPCS failure does not affect SIS § Improved asset & event management § Greater management challenges All personnel involved with safety systems shall be sufficiently competent … …and follow appropriate Functional Safety Management System Source: ARC The Coming Wave of Safety Systems Migration

Engineering Responsibilities Competence § § Architectural Design to meet target SIL requirements § PFD Calculations using appropriate reliability data for the desired loop configuration § SIL capability § SIS Design Hardware and Software Integration § Verification and Validation § Functional Safety Assessments § Information on operation and maintenance requirements - Building on Manufacturers supplied data § Instructions for testing § Installation and commissioning § Functional Safety Management for Design and Built activities Source: IEC 61511 © ABB Group October 31, 2020 | Slide 27

Looking for design and implementation guidelines? Safety Lifecycle and Functional Safety Management 1 Safety Life-Cycle structure and planning Management of functional safety and functional safety assessment and auditing 10 11 Source: IEC 61511 © ABB Group October 31, 2020 | Slide 28 Hazard and Risk Assessment Allocation of safety functions to protection layers 2 Safety Requirements specification for the safety 3 instrumented system Design & Development of other means of risk reduction Verification 4 Design & Engineering of Safety Instrumented System Installation, Commissioning and Validation 5 6 Operation and Maintenance 7 Modification 8 Decommissioning 9

Total Safety Offering SIS Systems • TUV Certified • Flexible and Scalable • System 800 x. A Field Instrumentation • SIL rated • Instrumentation • Actuators Alarm Management • Benchmarking • EEMUA 191 • Training • Support SIL Determination • Analysis • TRAC • Training • Mentoring © ABB Group October 31, 2020 | Slide 29 Proof Testing Support • TRAMs • Proof test period • Maintenance • Lifecycle Support Installed Systems Review • SIL assessment • Benchmarking IEC 61508/IEC 61511 Compliance • Compliance Management • FSMS

Conclusion © ABB Group October 31, 2020 | Slide 30 § ABB has not only addressed the fundamental design elements to maintain independent protection layers while fully integrating safety systems into 800 x. A § ABB developed a leading edge family of field devices § …and introduced the consulting services to support you in the process of designing, implementing and maintaining a safety system through the IEC 61511 safety lifecycle § ABB provides the enabling technology to integrate safety to the core of your operations

© ABB Group October 31, 2020 | Slide 31