Control.com - Nerds in Control

I am an "Instrument and Control" engineer in one of the power plants. We are looking to upgrade our DCS. I want to know, do we have any SIL certification for DCS for power plant? If not, can you please highlight the reason?

Secondly, in case of not having any SIL level for such DCS (or any DCS), what could be the criteria for judging the system's durability? Especially the DCS's hardware and software.

Regards, Yasir Shamsi

SIL. Safety Ingrity Level. Risk Reduction. Safety Instrumented Systems. Functional Safety.

What does this have to do with system durability?

All of the above equals increased cost, increased cost, and more increased cost. Overall Plant Lifecycle. Paperwork and recordkeeping which would make a nuclear power plant regulator complain. Complexity. Hazard Analysis. Risk Review.

It all sounds like, M-O-N-E-Y, money. And a hell of a lot of estimation and SWAGing (Scientific Wild-@$$ed Guessing), for which you will pay a hell of a lot of money. The bigger, I mean better, the SWAG, the more money it costs. And then you get to pay even more money for the hardware and the software to implement the SWAG.

But durability?

IEC 61508 and IEC 61511. Now there's some light reading. Actually, MTL Laboratories put out a pretty good explanation of Functional Safety and Safety Instrumented Systems and the related standards. But I don't recall anything about durability.

I would suggest you to identify the critical I/Os and go for a SIL certified PLC for those I/Os only. This way you can save a lot.

Regards

Dear Yasir
I can inform you about YOKOGAWA DCS CENTUM CS3000, that it doesn't have any SIL certification, up to my knowledge not any data sheet regarding DCS by Yokogawa claim SIL certification.

Same for Yokogawa hybrid PLC.
I never studied the SIL certified systems applications, but I guesss that first you should confirm following

"What is your application demand"
"SIL certification application areas"
"Why you require the SIL"
"Why SIL in DCS"

I hope that you will study and discuss and will increase my knowledge.

Please, Methodologist, you are very much incorrect. Yokogawa has a DCS integrated safety system. I saw it nearly two years ago in Bahrain with the Managing Director of TUV Rheinland himself, and again two weeks ago at the Fieldbus SIF demonstration meeting in Amsterdam.

You would do well to check with your local Yokogawa field rep.

Walt Boyes
Editor in Chief
Control and Controlglobal.com
www.controlglobal.com
Mailto:wboyes@putman.net
Read my blog SoundOFF!! At www.controlglobal.com/soundoff

I believe that DeltaV also has a rack with SIL rating.

I was recently involved in the specification of a Triple Redundant system (not DeltaV) for a petrochemical plant. Although the hardware was impressive and horrendously expensive, the standard of engineering and configuration was appalling.

Regards,
Roy

Yasir,

Don't get sold something you don't need, 61508 and 61511 can be used by vendors to strong arm you into buying something well over the top.

But anyway, to answer your question:

Siemens T3000 has a SIL rating as it uses the ET200 distributed safety modules, Profisafe fail safe bus network and the fail safe application runs in the S7400 CPU.

Emerson Ovation, from my last information, is currently being approved by the TuV so should have an independatly verified SIL rating soon.

ABB 800xA I am told has SIL rated I/O and logic solver but I dont know if this is fully integrated into the DCS or is a sub-system.

Hope this helps some.

My apologies if this is stating the obvious but your organisation would be well served by basing your decision about the system selected on the costs and benfits for your particular application. And on the restrictions placed upon you by your organisations operational and maintenance capabilities and environment.

A lot of the major vendors offer integrated or combined control and safety systems, ABB, Siemens, and I'm sure Honeywell and Yokogawa. Be careful about the claims made in the sales literature.

Almost all SIL certified devices have restrictions placed upon them by the certification reports and safety manuals even the humble transmitters. Unfortunately not all certifications are equal and transparently so. These restrictions may increase capex or opex or place limitations on architecture etc.

You wouldn't be the first organisation to be misled by a salesman, probably through ignorance of the detail. I'm sure most salespeople do not deliberately mislead. :)

Durability of hardware would require an understanding of the control/safety functions, system architecture, failure modes and rates - basic reliability prediction. War stories are NOT a rational basis for the selection of a system.

Durability of software is a different matter - examine the contracting organisation's design procedures, audit them against your standards and theirs. Are their design procedures subject to external audit. Audit your own design practices!

Some 1 liners to think about.

Define your requirements first. I/O count, SIL levels operational requirements, maintenance philosophy etc. etc.

Read the safety manuals, the certifying authority's report.

Don't be afraid of asking seemingly silly questions.

Do as much detail up front as you can before committing. Detail matters.

Follow the safety life cycle if you don't have a corporate standard.

Safety does cost money, no doubt about that. Not addressing safety can cost more money and other, perhaps more valuable, things. Make your own judgement.

Good luck,
David

DCSs like DeltaV are available with logic solvers that are rated for use in SIL 1, SIL 2, and SIL 3 applications and redundancy is available.

However even with this system builders tend to keep SIL systems away from the core DCS and systems like Hima-Sella are used in parallel and retain priority over the control system.

Example - Valves will have two inline control solenoid's - One controlled by the DCS and the other by the SIL system.

In the power industry, Siemens use a system called 95F (basically an S5 PLC which is very dated now), Mitsubishi (MHI) tend to use Rockwell Automation components and technology in their Diasys system and ABB use PlantGuard.

What type of power generation are you in?