Safety System Migration: The
Fieldbus Advantage
Safety System Migration: The
Fieldbus AdvantageBig Changes Ahead
PresentersPresenters
n Larry O’BrienGlobal Marketing ManagerFieldbus Foundation
IntroductionIntroduction
n Changing Landscape of Safetyn Safety System Migration Wave is Comingn Fieldbus for Process Safety?n End User Pilot Programn SIF Project and Specification Updatesn Are we Ever Going to see SIF Products?n The Human Siden Common Misconceptions
The Safety ChallengeThe Safety Challenge
n More severe and high profile plant incidents have plagued the process industries
n Bad actors have been ordered to revamp their “safety culture” n Even companies with a good safety culture must be vigilantn There is a pressing need to modernize the process safety
infrastructure
Regulatory Environment Heats UpRegulatory Environment Heats Up
n Major industry incidents are contributing to tighter legislative and regulatory environment.
n BOEMRE Strengthens Offshore Inspections Programn Increased Civil Penaltiesn NRC Rethinking Safety Requirements after
Fukushima Disastern API 560 for Fired Heaters
Developing a Safety CultureDeveloping a Safety Culture
n “The fish rots from the head down” – if upper level management does not consider safety to be a top priority, it will not trickle down to the rest of the organization.
n Safety culture means doing “the right thing at the right time in response to normal and emergency situations.“ – From International Maritime Organization
The Business Value of SafetyThe Business Value of Safetyt Hard for many end users to justify safety system
modernizationt Not always easy for people to make the connection
between safety and profitt Increasing time between turnarounds: 7-10 years in
refining, online proof testing is neededt Plants have to be more flexible and adaptive, this
presents a greater safety challenget Fewer and less trained personnelt Unplanned Downtime accounts for $20 billion in the
North American process industries
Safety Systems: The Monster Under the Bed?Safety Systems: The Monster Under the Bed?n Users don’t normally like to deal with
SISsn Conventional safety systems are
meant to lay dormant until they are needed
n Upgrade is a hassle, leave it alone as long as possible
n Upgrade projects are administrative-intensive, not “self actualizing” – John R.
n Somehow the legacy installed base has to be dealt with
n Can fieldbus make you love your safety system?
The Process Safety Modernization ConundrumThe Process Safety Modernization Conundrum
n Users are dealing with a huge installed base of process automation systems that are reaching the end of their useful life
n Most of these systems are older than 20 years according to ARC research
n In addition to these, there is a large installed base of process safety systems
n Safety system modernization is a completely different approach and has its own unique set of regulatory requirements
n The process safety system installed base profile is much older, comprised of older technology (relay based systems)
How big is the Installed Base?How big is the Installed Base?n ARC Advisory Group says $65 billion
for DCS alone.n The overall market for process safety
system is much smaller than DCS. n Even if the aging installed base of
safety systems is just 12 percent that of DCSs, it still amounts to $8 billion worldwide.
n The value of replacement is much higher due to the increased need for system engineering services and services related to regulatory compliance.
Image Courtesy of AXESS.sk
Differences Between DCS Migration and Safety System MigrationDifferences Between DCS Migration and Safety System Migrationn The state of many older
installed relay based systems has been described as “Brittle”
n No such thing as phased modernization, it’s all or nothing
n Instruments and valves replaced at the same time
n Regulatory compliance, ISA 84, IEC 61508, IEC 61511
n Must follow the safety lifecycle as outlined in these standards
Old Approaches Versus NewOld Approaches Versus Newn Most safety systems
are overspecifiedn Old approach was just
to buy a SIL 3 safety system and call it good
n Now we have to follow a new set of standards that call for a more careful evaluation of the safety lifecycle, LOPA
n This means less SIL 3 controls, more SIL 2
IEC 61511 Lifecycle ElementsIEC 61511 Lifecycle Elementsn Perform Hazard and Risk Analysis: Determine
hazards and hazardous events, the sequence of events leading to a hazardous condition, the associated process risks, the requirements of risk reduction, and the safety functions required.
n Allocate Safety Functions to Protection Layers: Check the available layers of protection. Allocate safety functions to protection layers and safety systems.
n Specify Requirements for Safety System: If tolerable risk is still out of limit, then specify the requirements for each safety system and respective safety integrity levels (SIL).
Foundation Fieldbus Safety Instrumented Functions (SIF)Foundation Fieldbus Safety Instrumented Functions (SIF)
Foundation Fieldbus SIF– FOUNDATION Fieldbus is a all-digital communications
protocol for the process industry– Can check the health of I/O and field devices– The system can incorporate sensor validation and
environmental condition monitoring– It is a cost effective alternative to traditional field wiring– Provides network diagnostics, “The Black Channel” – Has recently been beta tested successfully– Pilot projects underway
FF-SIF SummaryFF-SIF Summaryn H1 Communication (Black Channel) is unchanged.n SIF protocol detects network faults and appropriate action is taken.n New SIF Function Blocks (AI, DO, DI, Write Lock).n Function Block diagnostics detect application faults and appropriate
action is taken.
Black ChannelBlack Channel
Why FF-SIF?Why FF-SIF?
n Improved Safety: SIF will allow for improved device self-diagnostics that will detect dangerous failures…reducing the number of dangerous undetected failures.
n Improved Operability: SIF device configuration will allow a valve to trip-on-demand-only and provide new device self-diagnostics…reducing the number of process interruptions due to nuisance trips.
n Reduced Cost: Improved configuration and installation flexibility offered by SIF will reduce safety system cost via asset management tools and multi-drop architecture.
Improved SafetyImproved Safety
n Diagnostic data from devices can help eliminate process incidents
n It can also help you determine if your process assets are ready to protect you should the need arise (partial stroke testing, online proof testing)
n Fieldbus offers the best device self-diagnostics, which can be used to detect dangerous failures
n Reduce the number of failuresn Advanced network diagnostics in black channel
approach reduces risk of communication failure
Why We Need Better Field Diagnostics for Process Safety SystemsWhy We Need Better Field Diagnostics for Process Safety Systems
Source: Hydrocarbon Processing
FOUNDATION for SIF Reduces PFDFOUNDATION for SIF Reduces PFD
Chevron's Analysis Shows that FF-SIF Greatly Reduces Potential Probable Failure on Demand Compared to Conventional Safety Systems
Improved OperabilityImproved Operability
n Valve trip-on-demand-only: “Trip-on-demand only systems utilize redundant and diverse communications and embedded logic in safety critical field devices to recognize and trip only on true demand signal and to fail-steady when internal failures of the device or the communications network are detected.”
n New device self-diagnosticsn Reduced nuisance trips increase unplanned
downtime
FF-SIF Partial Stroke TestingFF-SIF Partial Stroke Testingn Online partial stroke testing through HMIn FOUNDATION-fieldbus based safety valves can provide
much faster response times for status information compared to other networks
n FOUNDATION-fieldbus based safety valves provide easier integration of higher tier diagnostic information into the host system.
Single Version of the TruthSingle Version of the Truth• You know you are getting a true measurement, no digital to analog
conversion• Persistent data storage: audit trail and reporting• Data is timestamped• FOUNDATION Fieldbus devices can indicate data quality -- whether signals communicating setpoints, PVs, etc. have good, bad or uncertain quality.
Reduced CostReduced Cost
n Smaller Footprint: how much room do you have in your control building to migrate your old relay based safety system to a modern safety system?
n Marshalling cabinetsn Overall less hardwaren Eliminating HART multiplexers reduces
complexityn With digital positioners, no solenoids or limit
switchesn Reduced wiring and terminations
SIF Application Examples & Response TimesSIF Application Examples & Response Times
FF-SIF Can Coexist within Conventional Safety SystemsFF-SIF Can Coexist within Conventional Safety Systems
Host / PE logic solver BPCS
HMI EW
JB
JB
dPt-LL
Ft
Non-safety related information from the SIS devices is available to the BPCS and operator
UZV
Other devices
H1
JB Lt
Ft
Pump start
AMS
DO DI
H1
H1 Grey shaded devices ‘speak FF SIS’
DI Grey marked devices are conventional safety devices
Engineers workstation
Asset Management System
trip
“Control bus”
FF-S
ISm
ultip
lexe
r AlarmlampPushbutton4-20mATx
Ala
rm p
anel
Ala
rm p
anel
A Solid, End User Driven Development HistoryA Solid, End User Driven Development HistorynWorking Team
– ABB Instrumentation– Emerson Process Management– Fieldbus Foundation– HIMA– Honeywell SMS bv– Invensys/Triconex– Kellogg Brown & Root– Metso Automation– Rotork Control Systems– Saudi Aramco– Shell Global Solutions– Smar– Softing– TÜV Rheinland– Yokogawa
nReviewers & Advisors– ABB– E.I. DuPont– Emerson Process Management– ExxonMobil Research &
Engineering– Fieldbus Foundation– Invensys– Rockwell Automation– Shell Global Solutions– Yokogawa
Logic Solver
Level SIF Protocol
Valve
Pres H1 Network BIFFIEmersonWestlockYamatake
EmersonHIMA
HoneywellInvensys - Triconex
Yokogawa
MagnetrolSiemens Milltronics
ABBE+HSmar
Yokogawa
MooreMTLP+F
Logic SolverEngineering Workstation
Asset Management
Basic ProcessControl System
End User Demonstration Sitesn BP – Gelsenkirchen, Germany – Honeywell Logic Solvern Chevron – Houston, TX – Emerson Logic Solvern Saudi Aramco – Dhahran – Triconex Logic Solver and Yokogawa Logic Solvern Shell Global Solutions – Amsterdam – HIMA Logic Solver
Other ProvidersFieldbus Diagnostics
RisknowlogyRuggedCom
SoftingTÜV Rheinland
TÜV SÜD
TempSmar
End User Demonstration in May 2008End User Demonstration in May 2008
Aramco’s JustificationAramco’s Justification
• Device Self-Diagnostics• Identify dangerous failures in
real-time• Provide valve partial stroke
and full stroke testing• Reduce burden of manual
proof testing
Improved Safety Improved Operability
Reduced Cost
• Trip on demand only• New/improved device self
diagnostics• Reduce safety system
nuisance trips
• Multi-drop architecture • Installation flexibility • Asset management tools
OpX
BP’s JustificationBP’s Justification
n FOUNDATION SIF technology is universal, simple and efficient
n One platform supporting FOUNDATION fieldbus and FOUNDATION SIF
n One system to learn, operate and maintain
n One scalable fault-tolerant network
BP’s JustificationBP’s Justification
n Lowest total cost of ownershipn Lowest initial cost to get started – scalable to
plantwide networkn Integrated asset data available on all levels of the
infrastructuren Enter data oncen Proven in usen Mix and match FOUNDATION fieldbus and FOUNDATION
for SIFn Can be introduced in existing fieldbus infrastructure
without additional hardware
Shell’s JustificationShell’s Justificationn Benefits in operational phasen Reliability and availability
aspectsn Diagnostics and self-checksn Control-in-the-field optionn Throughput and quality
aspectsn Accurate control, less
variabilityn Operations aspectsn Support for reduced manningn Support for remote operations
• Demanded by End Users to gain benefits of H1 in Safety Instrumented Functions
• Technical Specification Development Project Approved by BOD in October 2002
• TÜV Protocol Type Approval including SIL 3 in December 2005
• Marketing Demonstration Approved by BOD in October 2005
• Marketing Demonstration Press Day completed May 2008
• SIF_AI and Interoperability Test System released in 2008
• SIF_DO and Interoperability Test System released in 2010
• Pilot projects underway at Shell and Saudi Aramco 2009 - 2011
• SIF Registered Products Expected 2013
TimelineTimeline
Shell Project & Technology has decided that FF-SIF will be specified for use on a Nederlandse Aardolie Maatschappij (NAM) project in the Netherlands. This is the first of a number of identical projects expected to utilize the technology.
Shell is in discussions with several leading automation suppliers for commitments on the logic solver. When the instrument scope is complete, Shell is expecting the various device vendors to provide safety-approved products for the initial installations.
The Shell Project & Technology Group Process Automation Control and Optimization (PACO) will monitor the development together with our NAM project organization.
Shell Project & Technology is anxious to see industry progress in the area of FF-SIF implementation.
End User Pilot Projects: ShellEnd User Pilot Projects: Shell
Saudi Aramco successfully launched two FF-SIF pilot projects and planshave been initiated to install working FF-SIF systems within operating oil and gas facilities.
A project is planned for the Juaymah gas plant in Saudi Arabia in late 2010. Saudi Aramco expects FF-SIF installation at the Juaymah gas plant to show how the use of fieldbus communications results in lowercosts due to reduced hardwired I/O to the safety logic solver, as well as enhanced local testing and diagnostic capabilities.
A second FF-SIF installation is planned with emergency isolation valves with automated functional testing and diagnostics. This configuration will replace existing emergency isolation valves with new valve bodies and pneumatic valve actuators fitted with FF-SIF smart valve controllers.
After these smaller pilot projects are complete, Saudi Aramco plans expanded deployment of FF-SIF technology in order to exploit its benefits on larger, mega scale projects.
End User Pilot Projects: Saudi AramcoEnd User Pilot Projects: Saudi Aramco
FF-SIF Specification UpdatesFF-SIF Specification Updates
n AUSTIN, Texas, Dec. 7, 2010 — The Fieldbus Foundation today announced that updated device development solutions for its Foundation Fieldbus for Safety Instrumented Functions (FF-SIF) technology are now available. The new release includes the FF-SIF Technical Specification, Foundation for SIF Interoperability Test Kit (SIF ITK), and DD Library. These solutions support development of interoperable fieldbus devices intended for use in industrial plant SIF applications.
FF-SIF Specification UpdatesFF-SIF Specification Updatesn The latest Foundation for SIF Technical Specification
defines analog input (AI) blocks for SIF devices. n FF-SIF Function Block Specification now addresses
discrete output (DO) blocks, which is a major enhancement required for deployment of a complete fieldbus-based safety system.
n The updated specification package also includes the SIF Device ITK Profile, offering an easy way to map SIF field device requirements to existing SIF ITK versions.
n The Foundation DD Library includes standard Device Description Language (DDL) code for SIF blocks.
So Where are the Products?So Where are the Products?
n Products are being used in pilot installations right now
n Products must go through certification process with exida, TÜV or other similar organization
n This is a time consuming process, then they go to the Foundation
n We are ready to test and register products with new ITK!
n We expect first wave of products in 2012
The Human SideThe Human Side
n Different approach ,different work processes from 4-20mA
n Must use plant asset management system capabilities like AMS
n Buy in and involvement in earliest stages of the project is critical
n Training is criticaln Fieldbus Foundation has
resources for that
ConclusionsConclusions
n FF-SIF Works, has been given type approval by TÜV, and is suitable for many SIF applications
n FF-SIF is not an all or nothing proposition, it can coexist with conventional analog system
n FF-SIF provides superior safety system diagnostics and addresses the leading causes of safety system failure
n FF-SIF provides a great value for those wishing to modernize their old safety systems
Questions?Questions?