Meaning of 1OO2D and 2OO2D

S
This typically corresponds to a system that uses a voting principle (redundant inputs) to determine the state of an input based on two inputs from the same device.

1oo2 (one out of two) means only one of the two inputs must be on for the input to be considered on. 2oo2 (two out of two) means that both inputs must be on for the input to be considered on.
 
D

Dennis Wright

The 'D' means diagnostics

For this architecture to be used in a safety configuration, the system must have high diagnostic coverage to meet the required SIL (Safety Integrity Level)

Regards

Dennis Wright
Technical Product Management
ABB Industri (Crawley)
 
P
One out of two, with diagnostics.
Two out of two, with diagnostics.
The concept of both is pretty similar. The safety PLC vendors use the term 1oo2D. ASCO, with their redundant solenoid package, opted for the 2oo2D
designation.

Paul Gruhn, P.E., C.F.S.E.
Siemens, Houston, TX
 
This document, pages 7-11, has a pretty good description of the voting schemes. Just remember that overall, the document is a vendor document
describing their 2OO4D system.

"http://www.honeywell.com.pl/pdf/automatyka_przemyslowa/sterowanie/Fsc2004d.pdf":http://www.honeywell.com.pl/pdf/automatyka_przemyslowa/sterowanie/Fsc2004d.pdf

Another site that has some discussion on this subject is:

"http://www.tuvam.com/frame.htm":http://www.tuvam.com/frame.htm

Bill Mostia
- - - - - -
William(Bill) L. Mostia, Jr. P.E.
Partner
exida.com
P.O. 1129
Kemah, Tx 77565
Worldwide Excellence in Dependable Automation
[email protected](b) [email protected](h)
www.exida.com 281-334-3169
 
I have evaluated ABB 800xa system and found out that ABB does not believe in these architecture terms. They go for SIL level and achieve availability by using additional CPU safety module. My Question to you sir is that does ABB manufactures QMR system??

Best Regards SHR
 
I'm interested on how you've evaluated the ABB 800XA. I have a project that involves ABB 800XA for the client's safety shutdown system but when it was designed years ago (engineered by a 3rd party company and not ABB), it was never termed as SIS logic solver because no evaluation was done. Now that I'm doing SIL verification, I'm having trouble on getting the PFD of the logic solver. Now here are my questions:

1. Are there available ABB 800XA recommended architecture/configuration to achieve different SIL ratings?

2. Which method did you use to evaluate the ABB 800XA?

3. Is it possible to get a copy of your evaluation which I can use for reference? Rest assured that your name will be referenced in my report.

4. Any recommendation on how to get a good failure rate for the ABB 800XA?

Thanks,
Aldrin
 
> Can any body explain what is the difference between 1OO2D and 2OO2D?
1 out of 2 with diagnostics (1oo2D) means that the system votes 1 out of 2 with regards to inputs, processor and outputs and has build in diagnostics to improve safety and reliability.

The diagnostics are required to give it a SIL rating equal to systems that use a higher level of voting.

2oo2D is voting 2 out of 2 with diagnostics.
 
W
Just a few additional comments:

The redundancy schemes for safety instrumented systems (SIS) are normally written with lower case letters in the center such as DW Patterson correctly uses in his discussion, e.g. 1oo2D or 2oo2D and not 1OO2D or 2OO2D as in the original post. You will also see 1oo1D, 2oo3D, and 2oo4D schemes used.

This designation for 1oo2D stands for a 1 out of 2 redundancy voting scheme with Diagnostics, e.g. by design requires that only one out of two devices or channels in a device to work for the redundancy scheme/voting to properly perform its safety functionality. In addition, there are diagnostics within the 1oo2D arrangement that check that the devices or channels are functioning properly. The diagnostics may be internal or embedded such as in a logic solver (e.g. in a safety PLC or transmitter) or externally such as in a deviation alarm between two field transmitters in a 1oo2D voting arrangement. 2oo2D redundancy scheme requires that both devices or channels work to provide its safety functionality and that the scheme has diagnostics to test each device or channel such as a transmitter deviation alarm.

You should always look closely at to how the redundancy scheme is implemented as there can sometimes be gamesmanship played, misleading statements made, or misidentification of schemes, particularly in the internal or embedded schemes. Always read the manufacturer's safety manual and certification report for a device or channel involved in a SIS redundancy scheme. One also has to be careful of the credit is taken for the diagnostics in the SIL verification calculations where claims of reliability are made or reduction of proof test interval is taken.

William (Bill) L. Mostia, Jr. PE
ISA Fellow, SIS-TECH Fellow,
FS Eng. (TUV Rheinland)
SIS-TECH Solutions, LP

"No trees were killed tosend this message, but a large number of electrons were terribly inconvenienced." Neil deGrasse Tyson

Any information is provided on a Caveat Emptor basis.
 
thanks for this wonderful info
If you have the older 800xA system, then it has no sense to calculate any PFD. The older 800xA system will never comply standards 61508/61511.
If there is a new requirement to comply 61508/61511, then non-safe CPUs and I/O modules in the safety functions can be replaced by the high integrity CPUs and I/O modules.
 
Top