In Safety Instrumented System (SIS), Logic solvers are very critical to the process industry handling various hydrocarbons, Oil & Gas or Nuclear, Power plant installations, SIS Logic solvers are designed in such a way that they’re robust and have very high reliability for the safe operation of the plants.
Various International Standards such as IEC, ISA & ANSI govern the requirements of SIS Logic solver design.
Logic Solver Basics
A safety instrumented system logic solver is typically made up of redundant (double or triple) processors, power supplies, and human interfaces. The safety logic solver will process many safety instrumented functions (SIF) concurrently.
SIS Logic solvers are built with very high-speed microprocessors and perform the required logical functions/calculations within a very short time period. Usually, the processing speed lies in milliseconds.
In addition to that, there will be continuous monitoring of the healthiness of the processor (also known as Watchdog), in case of anyone running the processor fails to perform, secondary logic solver takes over the control, and error is reported back to the control room via annunciation system, system alarm, etc.
Requirements for SIS Logic Solver Design
Usually dedicated Logic solvers – programming device with independent Input / Output modules & wiring is installed across many plants. In a few cases as per the LOPA/PHA study outcome some DCS controllers functions as SIS logic solver.
Safety functions implemented on a certified logic solver must follow the Safety Manual for that logic solver.
Manufacturers of logic solvers from different manufacturers shall meet the requirements of IEC61508 / 61511. Every manufacturer shall register their product with approved Safety system verifying agencies and update their Safety manual.
The number of instrumented LOPA/PHA study outcome credits implemented on a single logic solver in a given LOPA scenario must not exceed the limits of the logic solver.
SIS programming must follow specifically approved programming practices and other restrictions. Safety Instrumented Functions implemented on a certified logic solver must follow the Safety Manual for that logic solver.
Logic solvers purchased for SIS applications (Not involving burners/heaters/flame rods/ ignitors) must be certified according to IEC 61508. Logic solvers having burners for furnaces & fired heaters are to be certified according to IEC 61508, EN298 (for gas fuels), or EN230 (for liquid fuels).
SIS software, hardware, and procedures used to develop and execute the application program shall be subject to configuration management and shall be maintained under revision control.
Manufacturers
There are many reputed manufacturers in the SIS logic solver, all such manufacturers are to comply with IEC 61508 and be certified by various international agencies like TUV, Exida, etc.
Reputed manufacturers such as Schneider Electric (Triconex), Honeywell, Emerson, Yokogawa, Siemens, Omran, Allen Bradly, and ABB systems are used in the industries in various safety and critical control applications. These systems are certified and must be used in accordance with the applicable safety manual.
Certification
IEC provides all the requirements necessary to design, implement, and operate a Safety system logic solver in a safety-relevant application according to its certificate.
The certifying authority assesses each logic solver intended for use in SIS applications. The hardware, software, and safety manual of the logic solver are analyzed for the purpose of the application to be used.
New logic solvers purchased for SIS applications must be certified according to IEC 61508
Safety Manual
A safety manual accompanies each certified SIS logic solver. The safety manual describes any limitations applicable for operation and maintenance.
It also addresses diagnostics, testing, programming languages, and the SIL level for which the device is capable.
Communication
The design of any SIS communication interface shall ensure that any failure of the communication interface shall not adversely affect the ability of the SIS to achieve or maintain a safe state of the process
The communication interface is robust to withstand electromagnetic interference including power surges without causing a dangerous failure of the SIS.
Hardwired communication (DO to DI). If communication is required for SIL-2 or SIL-3, then multiple communication methods must be utilized.
Application Program
SIS Logic solver – The application program of the SIS shall be in accordance with the application program safety requirements.
The application program is to be designed in such a way that all parts of the application program are executed on every application program scan. Process safety time requirements shall be considered when establishing application program scanning requirements.
Application program and data are to be designed in such a way that they can be modified as and when required, any program revision to be monitored/controlled, version management, backup, and restoration procedure.
Independence
SIS Logic solver Software for safety functions to be made independent and separated from software for basic process control (BPCS).
The SIS code must be clearly identified in the program. Typically, in industry, the SIS is physically separated from the BPCS by the use of independent logic solvers.
Diagnostics
SIS Logic solvers shall be capable of performing ‘Diagnostics’. The functionality of processors shall be monitored and if there are any troubles in running the processor, a secondary processor to take over. Also, any errors are to be reported immediately as well
Application-level diagnostics are to be implemented such as external watchdogs, application data integrity checking, and sensor validation to meet the required SIL
Security
In logic solver applications, the Safety code must provide protection against changes to sensor ranges, sensors being placed in manual, final elements being placed in non-safe conditions, changes to SIS set points and delay timers, and SIF conditions being bypassed.
Documentation
All logic solvers must have the below documentation/approvals to be used in SIS applications.
Safety manuals with the version nos. Revision nos to be maintained for traceability.
Detailed Operation, Maintenance, and Diagnostic procedures with different types of modules installed – Processor (CPU), Input, Output & Communication modules.
Data communication/Interface requirements with HMI, Other systems.
Reference:
IEC 61508: “Functional safety – Standard for Electrical, Electronic & Programmable Electronic systems”
IEC 61511: “Functional safety – Safety instrumented systems for the process industry sector”
If you liked this article, then please subscribe to our YouTube Channel for Electrical, Electronics, Instrumentation, PLC, and SCADA video tutorials.
You can also follow us on Facebook and Twitter to receive daily updates.
Read Next: