Hi,

Usually in a process plant we use vessel mounted float type level switches for alarms and trips. Similarly we use pressure switches and other parameter switches too... Now is it possible to have a follwing configuration in a Process Plant??

I propose to use only Transmitters so that their 4 - 20mA signal comes to the Analog Input Card in DCS... I can use the High alarms/low alarm settings of the point I configure and make a software switch out of it... (something like a Digital Logic Point in TDC 3000)... Now use this same software contact directly in the PLC which is also a node on the same control network... This way, I can do away with all the physical switches from the plant and the subsequent cabling can be saved... less maintainence owing to better reliability of transmitters... Plus extremely few hardware components in field bcos with a single transmitter I can define all the alarm and trip limits for a certain vessel and also use the same point simultaneously for control and monitoring purpose as well....

Would anyone explain as to what can be a likely risk in implementing such a system...

Rahul

 

Hi there,

First of all! What's in the vessels? Second, what will the authorities say about taking the switches away? Basically I think it should be OK if you use different transmitters to measure and control functions and others for the safety functions.

But that must be considered to when knowing what's in the vessels.

BR
Björn

 

I suppose switches are for trip function & requires fastest response time for 20ms switching time. With route specified by you have following processing time

1] DCS processing time
2] DCS execution time
3] Trnasfer of Data from DCS to Gateway processor
[Gateways are last priority in DCS]
4] Gateway processor to PLC time
5] CRC check & validation time.

Do not complicate the issue, if you do not prefer switch, use transmitter with isolator with trip, alarm can be input to PLC directly. You have very reliable product available from Moore industries, http://www.miinet.com
acromag, http://www.acromag.com

We hope to have clarified the concept.

Jari
[email protected]

 

There is no risk: it's not allowed. Safety/trip systems (SIL classified) and control systems shall be totally segregated (IEC61508). This means that you can't combine the trip/control field devices.

Vincent
Process Automation & Control Engineer

 

I suggest you read up on OSHA about single-point failures. I think what you suggest is illegal. It is not only good practice, but also the law, to prevent single point failures from causing a hazardous condition.

Level switches in the tanks are usually used as emergency backups to the normal level control system.

Warren
http://www.pc-pid.com
"The PC-based PID Controller people"

 

You COULD implement your system and it COULD work well, that is, until one of your transmitters malfunctions or gets out of calibration and causes an upset that you never saw coming.

If your alarms are for safety system purposes, then your malfunctioning transmitter could cause a disater. That's the main reason why safety systems and control systems should be kept separate.

 

Hi Rahul,

You forgot one feature of your proposed system in your list:

...and with a single fault, you can kid yourself that your tank is still empty while the product is pouring out the hatches and all over the ground...

Seriously, you can use only transmitters and get better performance, as you can see that a transmitter is still "live". But it is not a good idea to rely on a single sensor for both indicated position and shut-off or alarm duty - if that transmitter fails, you have no idea and no backup.

The risk of this depends on the product, the neighbours, and a lot of other features. But in general, it is not a good idea to rely on only a single device for this sort of service. And many companies will not even use a single technology - they would use say a radar as well as a float
just in case something occurs that affects more than one float.

Bruce

 

I read all of urs suggestions... Thanks... Most messages point to only one drawback, and that is related to the risk involved if one transmitter fails... But what if I use, say two tranmsitters, one for control and indication purpose and second for Trip and alarm functions.... Also the standards that warrant segregation of Trip Loops, is also addressed by using a separate transmitter... And what's the reliablity of the vessel mounted switches...?? I have seen that the float type vessel mounted switches perform abysmally when compared with Smart Transmitters... Plus you can save a lot on cablelling flaws that might crop up... Blown fuses etc... Do all of you still think that using a separate transmitter is still a no-no option as per process philosohpy...?? As for one message that refers to a process time lag, I'll say that our Boiler process is never so fast that in a sec, something cataclysmic might happen.... and I feel any DCS PLC combination will definately be able to generate a trip in about a sec time....

awaiting more inputs...
thanks

Rahul

 

In our process plant we are using separate transmitters for control AND trip. This is based on maintenance experience and also reliability figures and flexibility. So what you propose is no problem, but like I said the control/trip loops shall be totally segregated which means that the individual transmitters shall be connected to either the DCS or the PLC (SIS/ESD). This also implies that dedicated cables shall be used: one DCS cable for the DCS transmitter(s), and one PLC (SIS/ESD) cable for the trip transmitter(s). In this way you will not achieve the cabling savings you mentioned.

If you just want to save on field cabling you can do the following: one transmitter, wire to analog input of the tripsystem (PLC), directly "connect" this signal to PLC analog output and hardwire to DCS analog input: trip setting in PLC en control in DCS. The other way around is not allowed since a lower rated system (DCS) shall not write to a higher rated system (PLC/ESD/SIS).

Regards,

Vincent
Process Automation & Control Engineer

 

If you use it for alarming it will be OK but if yo use it for tripping then it will be a problem because it jeorpadise the safety of the vesel in cases if the data was not properly trasmitted to the PLC. My recommendation is to stick to the original approach, it save you and your vessel.

Thank you

Radin

 

Dear Rahul,

The logic of using Switch for Safety independent of transmitter is, The concept of design should be different for both the measurment, i.e. DP & Flaot are 2 independent measuring principles, either of the design is always going to work.

As of response time, question is not only of response time of your boilers, question is of guranted response time for every scan of your architecture.

Jari
[email protected]

 

Switches have poor diagnostics so you should think twice about using that for safety. If the switch output is off you don't know if it is because the process is OK or because the switch failed.

To get diversity you can either use two different brands or types of pressure transmitter. Or, these days it getting common to use FoundationT Fieldbus for the controls and 4-20 mA with HART for safety.

Jonas Berge
SMAR
===========
[email protected]
www.smar.com
Learn fieldbus at your own pace: www.isa.org/fieldbuses

 

The international safety standards allow the approach you suggested provided that the two transmitters are FULLY segregated. The segregation includes the process connection (Taps), root valves, cabling, junction box and marshalling cabinet. In fact, the general trend is to move towards the smart transmitters for their advanced diagnostics and reliability.

Regards