Safety System Migration: The

Fieldbus Advantage

Safety System Migration: The

Fieldbus AdvantageBig Changes Ahead

PresentersPresenters

n Larry O’BrienGlobal Marketing ManagerFieldbus Foundation

IntroductionIntroduction

n Changing Landscape of Safetyn Safety System Migration Wave is Comingn Fieldbus for Process Safety?n End User Pilot Programn SIF Project and Specification Updatesn Are we Ever Going to see SIF Products?n The Human Siden Common Misconceptions

The Safety ChallengeThe Safety Challenge

n More severe and high profile plant incidents have plagued the process industries

n Bad actors have been ordered to revamp their “safety culture” n Even companies with a good safety culture must be vigilantn There is a pressing need to modernize the process safety

infrastructure

Regulatory Environment Heats UpRegulatory Environment Heats Up

n Major industry incidents are contributing to tighter legislative and regulatory environment.

n BOEMRE Strengthens Offshore Inspections Programn Increased Civil Penaltiesn NRC Rethinking Safety Requirements after

Fukushima Disastern API 560 for Fired Heaters

Developing a Safety CultureDeveloping a Safety Culture

n “The fish rots from the head down” – if upper level management does not consider safety to be a top priority, it will not trickle down to the rest of the organization.

n Safety culture means doing “the right thing at the right time in response to normal and emergency situations.“ – From International Maritime Organization

The Business Value of SafetyThe Business Value of Safetyt Hard for many end users to justify safety system

modernizationt Not always easy for people to make the connection

between safety and profitt Increasing time between turnarounds: 7-10 years in

refining, online proof testing is neededt Plants have to be more flexible and adaptive, this

presents a greater safety challenget Fewer and less trained personnelt Unplanned Downtime accounts for $20 billion in the

North American process industries

Safety Systems: The Monster Under the Bed?Safety Systems: The Monster Under the Bed?n Users don’t normally like to deal with

SISsn Conventional safety systems are

meant to lay dormant until they are needed

n Upgrade is a hassle, leave it alone as long as possible

n Upgrade projects are administrative-intensive, not “self actualizing” – John R.

n Somehow the legacy installed base has to be dealt with

n Can fieldbus make you love your safety system?

The Process Safety Modernization ConundrumThe Process Safety Modernization Conundrum

n Users are dealing with a huge installed base of process automation systems that are reaching the end of their useful life

n Most of these systems are older than 20 years according to ARC research

n In addition to these, there is a large installed base of process safety systems

n Safety system modernization is a completely different approach and has its own unique set of regulatory requirements

n The process safety system installed base profile is much older, comprised of older technology (relay based systems)

How big is the Installed Base?How big is the Installed Base?n ARC Advisory Group says $65 billion

for DCS alone.n The overall market for process safety

system is much smaller than DCS. n Even if the aging installed base of

safety systems is just 12 percent that of DCSs, it still amounts to $8 billion worldwide.

n The value of replacement is much higher due to the increased need for system engineering services and services related to regulatory compliance.

Image Courtesy of AXESS.sk

Differences Between DCS Migration and Safety System MigrationDifferences Between DCS Migration and Safety System Migrationn The state of many older

installed relay based systems has been described as “Brittle”

n No such thing as phased modernization, it’s all or nothing

n Instruments and valves replaced at the same time

n Regulatory compliance, ISA 84, IEC 61508, IEC 61511

n Must follow the safety lifecycle as outlined in these standards

Old Approaches Versus NewOld Approaches Versus Newn Most safety systems

are overspecifiedn Old approach was just

to buy a SIL 3 safety system and call it good

n Now we have to follow a new set of standards that call for a more careful evaluation of the safety lifecycle, LOPA

n This means less SIL 3 controls, more SIL 2

IEC 61511 Lifecycle ElementsIEC 61511 Lifecycle Elementsn Perform Hazard and Risk Analysis: Determine

hazards and hazardous events, the sequence of events leading to a hazardous condition, the associated process risks, the requirements of risk reduction, and the safety functions required.

n Allocate Safety Functions to Protection Layers: Check the available layers of protection. Allocate safety functions to protection layers and safety systems.

n Specify Requirements for Safety System: If tolerable risk is still out of limit, then specify the requirements for each safety system and respective safety integrity levels (SIL).

Foundation Fieldbus Safety Instrumented Functions (SIF)Foundation Fieldbus Safety Instrumented Functions (SIF)

Foundation Fieldbus SIF– FOUNDATION Fieldbus is a all-digital communications

protocol for the process industry– Can check the health of I/O and field devices– The system can incorporate sensor validation and

environmental condition monitoring– It is a cost effective alternative to traditional field wiring– Provides network diagnostics, “The Black Channel” – Has recently been beta tested successfully– Pilot projects underway

FF-SIF SummaryFF-SIF Summaryn H1 Communication (Black Channel) is unchanged.n SIF protocol detects network faults and appropriate action is taken.n New SIF Function Blocks (AI, DO, DI, Write Lock).n Function Block diagnostics detect application faults and appropriate

action is taken.

Black ChannelBlack Channel

Why FF-SIF?Why FF-SIF?

n Improved Safety: SIF will allow for improved device self-diagnostics that will detect dangerous failures…reducing the number of dangerous undetected failures.

n Improved Operability: SIF device configuration will allow a valve to trip-on-demand-only and provide new device self-diagnostics…reducing the number of process interruptions due to nuisance trips.

n Reduced Cost: Improved configuration and installation flexibility offered by SIF will reduce safety system cost via asset management tools and multi-drop architecture.

Improved SafetyImproved Safety

n Diagnostic data from devices can help eliminate process incidents

n It can also help you determine if your process assets are ready to protect you should the need arise (partial stroke testing, online proof testing)

n Fieldbus offers the best device self-diagnostics, which can be used to detect dangerous failures

n Reduce the number of failuresn Advanced network diagnostics in black channel

approach reduces risk of communication failure

Why We Need Better Field Diagnostics for Process Safety SystemsWhy We Need Better Field Diagnostics for Process Safety Systems

Source: Hydrocarbon Processing

FOUNDATION for SIF Reduces PFDFOUNDATION for SIF Reduces PFD

Chevron's Analysis Shows that FF-SIF Greatly Reduces Potential Probable Failure on Demand Compared to Conventional Safety Systems

Improved OperabilityImproved Operability

n Valve trip-on-demand-only: “Trip-on-demand only systems utilize redundant and diverse communications and embedded logic in safety critical field devices to recognize and trip only on true demand signal and to fail-steady when internal failures of the device or the communications network are detected.”

n New device self-diagnosticsn Reduced nuisance trips increase unplanned

downtime

FF-SIF Partial Stroke TestingFF-SIF Partial Stroke Testingn Online partial stroke testing through HMIn FOUNDATION-fieldbus based safety valves can provide

much faster response times for status information compared to other networks

n FOUNDATION-fieldbus based safety valves provide easier integration of higher tier diagnostic information into the host system.

Single Version of the TruthSingle Version of the Truth• You know you are getting a true measurement, no digital to analog

conversion• Persistent data storage: audit trail and reporting• Data is timestamped• FOUNDATION Fieldbus devices can indicate data quality -- whether signals communicating setpoints, PVs, etc. have good, bad or uncertain quality.

Reduced CostReduced Cost

n Smaller Footprint: how much room do you have in your control building to migrate your old relay based safety system to a modern safety system?

n Marshalling cabinetsn Overall less hardwaren Eliminating HART multiplexers reduces

complexityn With digital positioners, no solenoids or limit

switchesn Reduced wiring and terminations

SIF Application Examples & Response TimesSIF Application Examples & Response Times

FF-SIF Can Coexist within Conventional Safety SystemsFF-SIF Can Coexist within Conventional Safety Systems

Host / PE logic solver BPCS

HMI EW

JB

JB

dPt-LL

Ft

Non-safety related information from the SIS devices is available to the BPCS and operator

UZV

Other devices

H1

JB Lt

Ft

Pump start

AMS

DO DI

H1

H1 Grey shaded devices ‘speak FF SIS’

DI Grey marked devices are conventional safety devices

Engineers workstation

Asset Management System

trip

“Control bus”

FF-S

ISm

ultip

lexe

r AlarmlampPushbutton4-20mATx

Ala

rm p

anel

Ala

rm p

anel

A Solid, End User Driven Development HistoryA Solid, End User Driven Development HistorynWorking Team

– ABB Instrumentation– Emerson Process Management– Fieldbus Foundation– HIMA– Honeywell SMS bv– Invensys/Triconex– Kellogg Brown & Root– Metso Automation– Rotork Control Systems– Saudi Aramco– Shell Global Solutions– Smar– Softing– TÜV Rheinland– Yokogawa

nReviewers & Advisors– ABB– E.I. DuPont– Emerson Process Management– ExxonMobil Research &

Engineering– Fieldbus Foundation– Invensys– Rockwell Automation– Shell Global Solutions– Yokogawa

Logic Solver

Level SIF Protocol

Valve

Pres H1 Network BIFFIEmersonWestlockYamatake

EmersonHIMA

HoneywellInvensys - Triconex

Yokogawa

MagnetrolSiemens Milltronics

ABBE+HSmar

Yokogawa

MooreMTLP+F

Logic SolverEngineering Workstation

Asset Management

Basic ProcessControl System

End User Demonstration Sitesn BP – Gelsenkirchen, Germany – Honeywell Logic Solvern Chevron – Houston, TX – Emerson Logic Solvern Saudi Aramco – Dhahran – Triconex Logic Solver and Yokogawa Logic Solvern Shell Global Solutions – Amsterdam – HIMA Logic Solver

Other ProvidersFieldbus Diagnostics

RisknowlogyRuggedCom

SoftingTÜV Rheinland

TÜV SÜD

TempSmar

End User Demonstration in May 2008End User Demonstration in May 2008

Aramco’s JustificationAramco’s Justification

• Device Self-Diagnostics• Identify dangerous failures in

real-time• Provide valve partial stroke

and full stroke testing• Reduce burden of manual

proof testing

Improved Safety Improved Operability

Reduced Cost

• Trip on demand only• New/improved device self

diagnostics• Reduce safety system

nuisance trips

• Multi-drop architecture • Installation flexibility • Asset management tools

OpX

BP’s JustificationBP’s Justification

n FOUNDATION SIF technology is universal, simple and efficient

n One platform supporting FOUNDATION fieldbus and FOUNDATION SIF

n One system to learn, operate and maintain

n One scalable fault-tolerant network

BP’s JustificationBP’s Justification

n Lowest total cost of ownershipn Lowest initial cost to get started – scalable to

plantwide networkn Integrated asset data available on all levels of the

infrastructuren Enter data oncen Proven in usen Mix and match FOUNDATION fieldbus and FOUNDATION

for SIFn Can be introduced in existing fieldbus infrastructure

without additional hardware

Shell’s JustificationShell’s Justificationn Benefits in operational phasen Reliability and availability

aspectsn Diagnostics and self-checksn Control-in-the-field optionn Throughput and quality

aspectsn Accurate control, less

variabilityn Operations aspectsn Support for reduced manningn Support for remote operations

• Demanded by End Users to gain benefits of H1 in Safety Instrumented Functions

• Technical Specification Development Project Approved by BOD in October 2002

• TÜV Protocol Type Approval including SIL 3 in December 2005

• Marketing Demonstration Approved by BOD in October 2005

• Marketing Demonstration Press Day completed May 2008

• SIF_AI and Interoperability Test System released in 2008

• SIF_DO and Interoperability Test System released in 2010

• Pilot projects underway at Shell and Saudi Aramco 2009 - 2011

• SIF Registered Products Expected 2013

TimelineTimeline

Shell Project & Technology has decided that FF-SIF will be specified for use on a Nederlandse Aardolie Maatschappij (NAM) project in the Netherlands. This is the first of a number of identical projects expected to utilize the technology.

Shell is in discussions with several leading automation suppliers for commitments on the logic solver. When the instrument scope is complete, Shell is expecting the various device vendors to provide safety-approved products for the initial installations.

The Shell Project & Technology Group Process Automation Control and Optimization (PACO) will monitor the development together with our NAM project organization.

Shell Project & Technology is anxious to see industry progress in the area of FF-SIF implementation.

End User Pilot Projects: ShellEnd User Pilot Projects: Shell

Saudi Aramco successfully launched two FF-SIF pilot projects and planshave been initiated to install working FF-SIF systems within operating oil and gas facilities.

A project is planned for the Juaymah gas plant in Saudi Arabia in late 2010. Saudi Aramco expects FF-SIF installation at the Juaymah gas plant to show how the use of fieldbus communications results in lowercosts due to reduced hardwired I/O to the safety logic solver, as well as enhanced local testing and diagnostic capabilities.

A second FF-SIF installation is planned with emergency isolation valves with automated functional testing and diagnostics. This configuration will replace existing emergency isolation valves with new valve bodies and pneumatic valve actuators fitted with FF-SIF smart valve controllers.

After these smaller pilot projects are complete, Saudi Aramco plans expanded deployment of FF-SIF technology in order to exploit its benefits on larger, mega scale projects.

End User Pilot Projects: Saudi AramcoEnd User Pilot Projects: Saudi Aramco

FF-SIF Specification UpdatesFF-SIF Specification Updates

n AUSTIN, Texas, Dec. 7, 2010 — The Fieldbus Foundation today announced that updated device development solutions for its Foundation Fieldbus for Safety Instrumented Functions (FF-SIF) technology are now available. The new release includes the FF-SIF Technical Specification, Foundation for SIF Interoperability Test Kit (SIF ITK), and DD Library. These solutions support development of interoperable fieldbus devices intended for use in industrial plant SIF applications.

FF-SIF Specification UpdatesFF-SIF Specification Updatesn The latest Foundation for SIF Technical Specification

defines analog input (AI) blocks for SIF devices. n FF-SIF Function Block Specification now addresses

discrete output (DO) blocks, which is a major enhancement required for deployment of a complete fieldbus-based safety system.

n The updated specification package also includes the SIF Device ITK Profile, offering an easy way to map SIF field device requirements to existing SIF ITK versions.

n The Foundation DD Library includes standard Device Description Language (DDL) code for SIF blocks.

So Where are the Products?So Where are the Products?

n Products are being used in pilot installations right now

n Products must go through certification process with exida, TÜV or other similar organization

n This is a time consuming process, then they go to the Foundation

n We are ready to test and register products with new ITK!

n We expect first wave of products in 2012

The Human SideThe Human Side

n Different approach ,different work processes from 4-20mA

n Must use plant asset management system capabilities like AMS

n Buy in and involvement in earliest stages of the project is critical

n Training is criticaln Fieldbus Foundation has

resources for that

ConclusionsConclusions

n FF-SIF Works, has been given type approval by TÜV, and is suitable for many SIF applications

n FF-SIF is not an all or nothing proposition, it can coexist with conventional analog system

n FF-SIF provides superior safety system diagnostics and addresses the leading causes of safety system failure

n FF-SIF provides a great value for those wishing to modernize their old safety systems

Questions?Questions?