Process Automation Insights
This blog will focus on the challenges we face in the process industries, from operator effectiveness to safety and security to control system lifecycle concerns, and will delve into both the technology and the business aspects of these issues. Designed as a place for professionals in process industries to share ideas, we hope to create a forum for open dialog on problems, solutions, technologies and standards.  Please join the discussion.
Presented by:

 

All posts

Redundancy is not a safety issue! – Part 2

Aug 18, 2011

To reinforce the point that redundancy is not a safety issue, the marketplace already has products that can deliver SIL3 safety performance in non-redundant configurations. As fieldbuses evolve into safety networks, they too can be applied in SIL3 SIF applications using only single bus structures. And as the industry moves rapidly towards utilizing ethernet as a common communications backbone, we are seeing developments that allow ethernet to also be applied in SIL3 SIF instances. The key is to have the safety system properly execute when a demand is placed on it to do so. The key to safety is not redundancy!

Once the safety requirements are met, then process availability can be considered. This is the role of redundancy. Redundancy can maintain process availability when a fault occurs in safety system hardware and actually prevent a safe shutdown.  When a fault occurs in a non-redundant hardware configuration, the expectation would be to take the process to safe shutdown. In many businesses, such an interruption in availability can be very costly and redundancy becomes a business requirement. However, there are businesses where availability is not a key concern and in those cases, spending valuable capital on redundancy may be a poor business decision. We can also have the discussion around the idea that preventing a shutdown is a safety issue, as the most unsafe conditions are frequently shutdowns and startups. But we need to keep in mind the distinction between 1) demands that originate in the process and must be addressed with safety action and 2) faults that originate in automation hardware that may be addressed to prevent a safety action (if you have redundancy).

I expect that reliability and availability will long continue to be used in the discussion of safety automation systems. I just hope that we can all keep clear on what they actually represent within those discussions. I will also suggest that when you find yourself talking about safety automation architecture, and redundancy creeps into the conversation, just remember that “Redundancy is not a safety demand issue!”

2 Comments

  1. 1 Dave Huffman 24 Aug
    Thanks for the good comment Paul. You are right that at the field end of SIFs it is quite common practice to need redundancy to meet SIL requirements, especially at SIL3.  It also shows that I was not specific enough about identifying my topic as really being about the architecture of the logic solver. I should have been more specific and will try to do better in the future. Please feel free to keep adding to the conversation.
  2. 2 Paul Maurath 22 Aug

    I have to disagree.  "Redundancy" can be required to achieve a required SIL.  The terminology in the standard (61511) is hardware fault tolerance.  Depending on the SIL requirement and the equipment you are using, some level of hardware fault tolerance may be required.

    Consider a SIL3 application with SIL2 certified measurement devices.  Hardware fault tolerance (and SIL3) will require two sensors and 1oo2 logic.  If you add a third sensor, you could use 2oo3 logic and increase availability.  But in either case, you have redundant devices.

Comment

  4.    
     
    		 
    		  
       

Copyright ©2013 Process Automation Insights. All Rights Reserved. Privacy Policy Terms & Conditions