Editor’s choice Figure 2. The STA utilized as a single loop logic solver for each separator high-pressure SIF.
attain high integrity of the separator pressure SIF, the diagnostics of the logic solver shall be monitored continuously. Should the logic solver experience any faults or separator pressure breach its high-pressure limit, a shutdown of the separator should take place.
All separator SIFs require that logic solvers be IEC 61508 certified and SIL 2 capable. Due to limited power supply and remote locations, the logic solver shall power the connected pressure transmitter and be suitable for outdoor installation and harsh environments.
SEPARATOR PRESSURE SIF REQUIREMENTS
1. Logic solvers used for each separator SIF must be IEC 61508 certified and SIL 2 capable.
2. The logic solver must be able to provide power to the pressure transmitter on the separator.
3. Outdoor installation location requires an ambient operating temperature range of -40 to 85°C.
4. A High-Pressure alarm needs to be configured for shutdown initiation.
5. Logic solver internal diagnostics/faults must be continuously monitored.
6. Logic solver shall shutdown separator operation in the event of high pressure or logic solver fault.
STA AS A LOGIC SOLVER IN A SEPARATOR HIGH-PRESSURE SIF The STA Safety Trip Alarm is a single-loop logic solver that responds to potentially hazardous process conditions by providing emergency shutdown or early warning indication in an SIS. It is certified by exida and is SIL 2/3 capable. The STA is pushbutton or PC-configured and has a local readout to show separator pressure. An auxiliary 24V power supply is available on the input terminals to provide power to the separator’s pressure transmitter. The STA provides two process alarms and one fault relay output. Each alarm is tied to a failsafe SPDT relay output. The STA has a fault relay that is triggered if the internal diagnostics uncover any hardware or firmware faults. If any faults are detected, the fault relay will be
Instrumentation Monthly September 2024
Figure 3. The SLA is used as a multiloop SIS logic solver handling three SIFs, one for each separator. Internal voting logic is used in the SLA to initiate a separator shutdown if either high pressure is reached, or a fault is detected with the SLA.
SLA AS A MULTILOOP LOGIC SOLVER IN SEPARATOR HIGH-PRESSURE SIFS The SLA is an exida-certified SIL 2/3 capable Multiloop Safety Logic Solver and Alarm that performs as a single or multiloop logic solver incorporating enhanced math, voting, and logic capability to act on potentially hazardous process conditions in a SIS. The SLA is an ideal logic solver for this application example given its SIL 2/3 capability and multiloop ability to handle up to three safety loops. The SLA accepts six analogue inputs, four discrete inputs and includes auxiliary 24V power for connected transmitters. While redundant pressure sensors are not required for this specific application, the SLA could be configured to monitor two pressure inputs per separator with automatic failover capability, should one pressure sensor fail. Unlike single-loop logic solvers that have limited alarm capabilities, the SLA includes 16
engaged. As Figure 2 illustrates, the hi- pressure alarm relay output and the STA fault relay are physically wired in series with the shutdown circuit or final actuator. Since the STA process relays and fault relay are failsafe (de-energise to trip), the separator shutdown circuit will be initiated if there is a hi-pressure alarm, STA fault, or power loss to the STA. Since the STA is a single-loop logic solver and only accepts one input, three STAs will need to be installed to handle each of the three separator SIFs. If the SIF needs to meet SIL 3, two STAs could be used as the logic solver element for each SIF in a 1oo2 voting scheme. This would require the process relays and fault relays of each STA to be wired in series to initiate the shutdown circuit. In addition, the sensors and final actuators should be assessed for their SIL 3 capabilities.
configurable internal alarms that can be assigned to any, or multiple, of the SLA’s four relay outputs. Voting scenarios can also be easily implemented with any combination of internal alarms, discrete inputs, internal logic statements, faults, or even relay outputs. This along with the SLA’s math and logic capability, provides an extensive array of alarming or safety shutdown schemes. As was required with the STA single loop logic solver, the logic solver’s faults must be continuously monitored to provide the desired safety availability. Fortunately, the SLA has the ability to internally monitor the status of the fault relay and use it in any voting logic, equation, or alarming scheme necessary. High- pressure internal alarms are configured in the SLA for each of the three separators. One additional internal alarm is configured to monitor the SLA’s fault relay should any faults or failures be detected. Now that four internal alarms have been configured, each of the three separator SIFs can utilise a dedicated failsafe relay output to initiate high-pressure separator shutdown. As illustrated in Figure 3, relay outputs 1-3 use voting logic within the SLA to determine if a high-pressure condition or SLA fault has been detected. If either scenario exists, the respective failsafe relay output is triggered, and separator shutdown follows. While three independent single-loop logic solvers were required in the prior example, the multiloop and internal voting capability within the SLA allows for one logic solver to be used for all three high-pressure separator SIFs, thus reducing cost, maintenance, and wiring complexity.
The SLA was designed to be more capable, powerful, and flexible than single-loop logic solvers, but easy to program. While safety PLCs can certainly handle much higher point counts than the SLA, many safety practitioners have applications that require just a few loops or smaller point counts but don’t need or want the complexity of programming and maintaining a safety PLC. To alleviate these concerns, all SLA configuration is accomplished in an open and royalty-free DTM/FDT environment. FDT programming environments such as PACTware are free to end users and offer simple and
Figure 4. PACTware configuration screen depicting how each of the three separator high-pressure alarms would be configured in the SLA.
Continued on page 12... 11
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92 |
Page 93 |
Page 94 |
Page 95 |
Page 96 |
Page 97 |
Page 98 |
Page 99 |
Page 100
