Selling Safety in All Applications
advertisement
Martin Högberg, RMU North Europe, September 2009 Control Systems College 2009 Selling Safety in All Applications Content 30 Years of experience with Safety Systems Technical information Integrated Safety SIL3 certification and standards Embedded diversity Quad CPU configuration High availability Country certification and certification process Competition information © ABB Control Systems March 24, 2016 | Slide 2 HIMA, Invensys, Siemens, Yokogawa, Honeywell, Sales arguments with some additional specification Customer and reference list of ABB customers FAQ 30 Years in Safety Unmatched experience in harsh environments 30 Years Of Experience With Safety Systems Pioneering Installations & Long-Term Support “ For an ocean of safety experience you can trust...” © ABB Control Systems March 24, 2016 | Slide 4 First safety system delivered offshore to the North Sea in 1979 Pioneering engineering efforts Close collaboration between ABB and end-users Long customer relationships with close technical support and system evolution Installed base continuously evolved and migrated to maximize customer value and minimize risk Support throughout system life-cycle from installation to de-commissioning 30 Years Of Experience With Safety Systems Technology Driver And Leader 800xA High Integrity: ABB has introduced and marketed systems based on all major accepted architectures including Simplex – 800xA High Integrity (SIL2 w/SM810) DMR – Safeguard, 800xA HI (SIL3 w/SM811) TMR - Plantguard Quad - 800xA HI (SIL3, Redundant w/SM811) Safeguard: Developed for harsh and demanding offshore conditions 800xA High Integrity employs Embedded Diversity (unique in the market place) ABB not married to any specific architecture, only to safety integrity Plantguard: © ABB Control Systems March 24, 2016 | Slide 5 30 Years Of Experience With Safety Systems Safety systems installations across the globe 17 SIL3 800xA HI projects in less than 1 year! Legend Safety installation No safety installations © ABB Control Systems March 24, 2016 | Slide 6 170 SIL2 800xA HI projects since 2005. Integrated Safety Flexible architecture for every need System Overview Separate Systems Engineering Engineering Workplace Workplace System Servers System Servers Process Automation Safety Direct communication link Variable Speed Drives MCC S800 I/O S900 I/O (Ex) System Overview Integrated BPCS and SIS Remote Clients Maintenance Workplaces Operator Engineering System Servers Control Network Process Automation Variable Speed Drives MCC S800 I/O S900 I/O (Ex) Safety SIS and BPCS – same but separated Remote Clients Variable Speed Drives MCC Same engineering tools Workplaces Same human systems interface Maintenance Operator Engineering Same Alarm Management and SOE System Servers Same historian Same audit trail Control Network Same asset and device management Process Automation Same or shared instrumentation Separate control applications for BPCS and SIS S800 I/O S900 I/O (Ex) Safety … and combine them Remote Clients Maintenance Workplaces Operator Engineering System Servers Control Network Process Automation and Safety Process Automation Variable Speed Drives MCC S800 I/O S900 I/O (Ex) Variable Speed Drives MCC S800 I/O S900 I/O (Ex) Safety SIL3 Reliability you can trust Certificates ABB Safety Certificates Product Safety Certificate Development Department Safety Certificate Safety Manual TÜV Product Service, the foremost independent certification agency in the business, has certified all product components on the 800xA Safety offering Technical information 800xA High Integrity – Meets Industry Standards © ABB Control Systems March 24, 2016 | Slide 18 Safety Controller – SIL 1-3 / AK 1-6 / CAT 1-4 certified S800 Safety I/O (AI, DI, DO) – SIL 1-3 / AK 1-6 / CAT 1-4 certified I/O Communication – SIL 1-3 / AK 1-6 / CAT 1-4 certified Standard I/O and communication modules – certified interference-free* (*Listed in safety manual) Please refer to Safety manual for further information 800xA High Integrity Controller and I/O topology Single Configuration – SIL3 SM811 © ABB Control Systems March 24, 2016 | Slide 19 PM865 TB840 Single I/O AI880, DI880 and DO880 800xA High Integrity Controller and I/O topology Redundant/Quad Configuration TB 840 SM811 BC810 PM865 Redundant I/O Optical ModuleBus CEX-bus RCU Link © ABB Control Systems March 24, 2016 | Slide 20 Redundancy and switch-over to standby unit allow continuous operation without time restriction upon failure of one of the redundant modules Reliability and availability matching and surpassing TMR 800xA High Integrity Controller and I/O topology Quad Controller Configuration (QMR) The SIL3 800xA High Integrity system enables Quad controller configuration 4 CPUs © ABB Control Systems March 24, 2016 | Slide 21 Redundant PM865 and SM811 provides 4 logic solvers creating Quad configuration Quad configuration in the 800xA High Integrity system enables availability figures comparable to or better than typical TMR systems With Quad availability up to 99.9999% possible 800xA High Integrity Controller and I/O topology SIL 3 certified I/O Modules DI880 Features Single and redundant configuration Hot Insertion and Hot Swap in redundant configuration Ex certified – Zone 2, Class 1 Division 2 according to US standard Embedded Diversity AI880A 8 Channels HART pass through functionality DO880 © ABB Control Systems March 24, 2016 | Slide 22 16 Channels 16 Channels Embedded Diversity Reducing the risks of common cause failure 800xA High Integrity Diverse Architecture, Diverse Implementation CB AC800M HI SIL3 PM SIL3 SM The SIL 3 800xA High Integrity controller (1oo2D) has parallel processing paths based on diverse technology Integrity voting between paths compliments the built in active diagnostics Controller and Supervision Module developed by diverse (different) teams (Vasteras and Malmo, Sweden) and tested by a third team (Oslo, Norway) by people with different backgrounds The two channel architecture meets SIL3 requirements for hardware fault detection and reaction Safety I/O SIL3 HFT SFF (%) < 60 60 - 90 90 - 99 > 99 0 SIL 1 SIL 2 SIL 3 1oo1D 1 SIL 1 SIL 2 SIL 3 SIL 4 1oo2D IEC61508-2 Table 3 800xA High Integrity – SIL3 Certified Embedded Diversity – Unique In The Marketplace Software diversity in logic solver – PM865 & SM811 Different operating systems Different base software layers Different un-packing procedures Hardware diversity in S800 High Integrity I/O modules Each card has two diverse execution paths based on different hardware technology, MCU and FPGA respectively 0 1 0 1 2 3 4 0 a1 Vcc1 Vcc2 b1 a2 0 a1 0 5 1 6 2 a1 b2 a2 MPU READ 7 CODE 3 a3 b3 a3 8 4 a4 GND GND b4 a4 0 Vcc1 Vcc1 RAM GND 0 b1 0 b1 b2 b3 b4 5 2 6 7 3 8 4 0 0 a2 a3 5 & b2 FPGA a4 b3 b4 GND 0 6 7 8 800xA High Integrity – SIL3 Certified Compliant At The Top Of The Range IEC61508 Requirements Safety Integrity Level Probability of Failure on Demand (PFD) SIL4 Risk Reduction Factor Typical Application >=10-5 to < 10-4 100000 to 10000 Train, Nuclear SIL3 >=10-4 to < 10-3 10000 to 1000 Emergency Shutdown (ESD) SIL2 >=10-3 to < 10-2 1000 to 100 Fire & Gas, Process Shutdown SIL1 >=10-2 to < 10-1 100 to 10 Others (Low Demand of Operation) SFF Hardware fault tolerance (see Note) 0 1 2 < 60 % Not allowed SIL 1 SIL 2 60 % - < 90 % SIL 1 SIL 2 SIL 3 90 % - < 99 % SIL 2 SIL 3 SIL 4 ≥ 99 % SIL 3 SIL 4 SIL 4 Note: HFT of N means that N+1 faults could cause a loss of the safety function 800xA High Integrity Performance 800xA High Integrity qualifies in the top range of the requirement bands Quad capability Offering the highest levels of fault tolerance Redundant Equals Quad What is a Quad or QMR Configuration? The industry recognizes the terms Quad and QMR as marketing terms - these architectures are not a true 2oo4. It has a hardware fault tolerance of 1. In real terms, these architectures are essentially dual arrangements in terms of inputs and outputs, and the “Quad” term tends to refer to having four processors (two per leg).” “2oo4D” Quad System High availability Never stop producing Availability Prediction Tool Easy to use Excel tool for calculating system availability 800xA High Integrity On-line upgrade of AC 800M HI Online upgrade of firmware of AC 800M HI CPU module supported from SV 5.0 SP1 and onwards Note: Online upgrade of firmware requires redundant CPUs Workstation & Server level must be same or higher version than Controllers Normally upgraded first Can be upgraded independently of the controller layer Enables adding controllers without upgrading all controllers in the installation General workflow 1. Decouple redundant CPUs 2. Upgrade the Backup CPU 3. Bring the Backup CPU up as Primary 4. Upgrade the new Backup CPU 5. Enable redundant CPU mode Sales and references Technical information Competency requirements on the purchaser Requirements © ABB Control Systems March 24, 2016 | Slide 38 Requirements on individuals, i.e. safety proposal-, leadand project engineers ABB require the following training scheme/competence from the purchaser: General 800xA training (e.g. T315, T314) Specific safety system training for 800xA HI systems T309 General Functional Safety training, can for instance be acquired either through ABB University (T140) or external training providers such as Exida, Risknowlogy or TUV (Note: Only sufficient competence required, not certification) Safety project experience, i.e. experience acquired though participation in safety projects Requirements for Sale and Delivery of 800xA High Integrity Products Safety Channel Partner Program © ABB Control Systems March 24, 2016 | Slide 39 Minimize risk to humans, assets and the environment by ensuring correct deliveries of safety systems based on 800xA High Integrity products Ensure that ABB acts as a responsible safety product supplier Minimize business and other risk to ABB Safety Channel Partner Program, please contact your respective Regional Market Unit through the corresponding contact person: Northern Europe (in Sweden) Martin Hogberg Central Europe, Middle East and Africa (in Germany) Peter Rother Americas (in United States) Luis Duran Asia Pacific (in Singapore) Darran Lim Competition information World wide volume and competition split others 18% Invensys 23% Rockwell 2% Yokogawa 6% Siemens 6% Honeywell 15% Hima 8% ICS Triplex 11% ARC 2005= $923.1 M © ABB Control Systems March 24, 2016 | Slide 40 ABB 11% Competition information World wide target markets split Power, Nuclear 3% Other 5% Power, Fossil 8% Pharma 1% Oil&Gas 40% Chemical 20% ARC 2005= $923,1 Mio © ABB Control Systems March 24, 2016 | Slide 41 Refining 23% Customer and reference list of ABB customers First Integrated System Control system evolution of integrated process control and safety systems solution optimize safety and control When Gullfaks A, North Sea the Gullfaks A platform went online in 1984 it featured the very first large scale integrated Process Control and Safety System, essentially constituting the starting point for ABB’s 25+ years experience with integrated safety systems. Live (no shutdown) retrofit of Control and Fire & Gas systems through three (3) generations of systems. © ABB Control Systems March 24, 2016 | Slide 42 Customer and reference list of ABB customers Worlds Largest Platform The largest platform on the planet Troll A is the largest platform ever built. It produces about 75 million sccm of natural gas and 10,000 bpd of NGL condensates per day. The original Infi90 based control and safety system for the platform was delivered in 1995. The new safety system went online in June 2009 and constitutes the first SIL3 capable 800xA High Integrity installation in the world. Troll A, North Sea © ABB Control Systems March 24, 2016 | Slide 43 Customer and reference list of ABB customers Safety Consulting SIL Determination in gas separation plant –Compañía Mega (Argentina) Utilizing ABB’s Argentinean Safety Execution Center as coordinator and consultant, implemented a plan for the functional safety of their separator plant, fractionating plant and 600km of their pipeline. The project began with SIL determination of more than 500 safety instrumented functions through utilization of the Calibrated Risk Graph method, in accordance with the IEC61511 standard. Compañía Mega, Argentina © ABB Control Systems March 24, 2016 | Slide 44 Dong Naturgas Nybro Gas Storage / Terminal Facility Upgrade Emergency Shutdown System Expected Operation October 2009 6 Redundant Controllers Recent Safety Enhancements Autronica Autrosafe Suite SIL2 certified interface between the Autronica Autrosafe Fire & Gas Central and 800xA High Integrity The interface product is not part of the BU PIP 800xA High Integrity system, but a separate licensed product from BU OGP Norway For more technical information and pricelist, please contact ABB OGP in Norway Contact: Roy Vidar Andreassen E-mail: roy-vidar.andreassen@no.abb.com System Configuration Example SIL2 Certified Serial Communication Link Living Quarters Control Room Local Fire Alarm System HVAC Addressable Fire detection loop Sprinkler Gas Processing Summary Sales arguments with some additional specification SIL3 800xA HI System © ABB Control Systems March 24, 2016 | Slide 54 Seamless integration on All levels reduces complexity Common HMI simplifies operational excellence Single engineering environment reduces engineering Engineering functions Operation functions Embedded firewalls Asset Management functions Common system reduces training Single supplier provides single support organization Sales arguments with some additional specification SIL3 800xA HI System advantages © ABB Control Systems March 24, 2016 | Slide 55 Embedded safety bypass management during different states of control The control application can read parameters within the safety application in real time to optimize control of safety distances The SIF (safety instrumented function) instruments can also be used in the BPCS application Highly engineered Certified Application Libraries ESD F&G What to remember © ABB Control Systems March 24, 2016 | Slide 56 ABB provides 30 years safety solutions The SIL 3 800xA HI Safety system can be engineered up to a Quad configuration with availability up to 99.9999% True seamless integration.
