hfc-6000 safety control systemhftests.com/common/brochures/product_line/hfc-6000/hfc... · 2014. 6....

.

HFC-6000 Safety Control System Product Line Overview

- USNRC Safety Evaluation (SE) Report

- TUV SIL-3 Certificate

- Korea KINS Qualified

Leading the World in Safety Control System Technology

Technical innovation, quality products, and excellent customer service have always been important trademarks at HFC. We are committed to supplying you with proven, reliable control systems designed in accordance with your needs and specifications, delivered on time at competitive prices. We look forward to working with you to fulfill your process control and automation needs.

Doosan HF Controls Corporation 1624 West Crosby Road Suite 124 Carrollton, TX 75006 USA Toll Free: 866.501.9954 Phone: 469-568-6500 Fax: 469-568-6599 www.HFControls.com [email protected] A Subsidiary of Doosan Heavy Industries & Construction Co Copyright © 2000-2011 HF Controls Corporation All rights reserved

HFC-6000 Safety Control System The HFC-6000 Safety Control System represents the culmination of over 30 years of control system research and development efforts. Specially designed for control and monitoring of the most critical applications, the system is capable of functional operation even in the most intense physical, electrical, and seismic environments. The overall system architecture, coupled with rugged, robust system components combines to reduce installation, maintenance, and spare parts cost, while assuring a long operation life. The flexibility and scalability in overall system design provides a customizable solution capable of meeting the most rigorous safety control system requirements. Based on these features, the HFC-6000 becomes the optimal choice for the functions being performed. The HFC-6000 architecture is based on a field-proven design which can be found in hundreds of fossil and nuclear power plant installations worldwide. The system design is based on a thorough understanding of critical plant conditions, the ongoing events that trigger them, and the prompt resolution of such conditions. The architectural features of this platform for control and safety systems provide significant economic advantages during commercial operation while maintaining the reliability and flexibility standards in the overall system design. By utilizing in-house application software algorithms and communication protocols common to HFC control systems, the HFC-6000 is compatible with legacy control systems and is also capable of future upgrades, maximizing system longevity and return on investment. This emphasis on equipment and the preservation of future upgrade ability avoids the cost associated with system obsolescence and new product development. Capable of being implemented in a Redundant or Triple Module Redundant (TMR) configuration for safety control application, the HFC-6000 platform architecture eliminates single point of failure for maximum fault-tolerant operation. HFC can structure the system to incorporate redundancy specific to certain critical areas, and the segregation of functions provides a multitude of operational and maintenance benefits, reducing overall operating costs. The system architecture virtually precludes propagation of failure modes. Indication, the advanced, system-wide diagnostics continuously monitor system hardware, software, and communication parameters in real-time; and the resulting status data enable isolation of system anomalies all the way down to a single I/O channel. Enhanced operator and maintenance functions are facilitated by a variety of Control Room strategies ranging from a traditional, discrete Man-Machine Interface (MMI) to high-resolution, digital flat panel displays with touch screen capability. A dedicated safety flat panel display is available for environmental and seismic sensitive applications. The HFC-6000 has the flexibility to present high-level process displays for an overall, system status overview, or more detailed displays which are particular to a specific process operation, increasing operational and maintenance benefits.

HFC-6000 Technical Specification Controller Processors: Intel Embedded Pentium System Redundancy : Controller Communications Power Supply I/O Modules (Option) I/O Modules Support: Discrete Input/Output Analog Input/Output Thermocouple Input RTD input Pulse Input Special functions/nuclear Control Switch Module Manual/Auto Station Safety Features: Loop Integrity Coil Continuity Seal-In function ±0.1% Analog accuracy Single channel ADC (24 B) 20 ms response time/loop Ground Fault detection

Nuclear Special Input/Output Modules Motor Operating Valve (MOV) Starter Control (HFC-DC33/HFC-DC35) 2-channel/1 channel 120vac Digital Outputs 11-channel 24vdc inputs 16-bit microprocessor based architecture Input Indicator LEDs Control dual or single coil motor operating valve

starters while monitoring coil continuity, overloads and the position of the valve.

Onboard support for seal-in function Onboard watchdog timer Electrically Operated Breaker (EOB) Control (HFC-DC34) 2-channel 125vdc Digital Outputs 11-channel 24vdc inputs 16-bit microprocessor based architecture Input Indicator LEDs Coil continuity monitor Monitoring Electrically Operated Breakers (EOB)

for overloads. Onboard support seal-in function Other HFC-6000 Dedicated Components I/O Termination Boards and Cables Dedicated HFC-HUB16 & HFC-HUB16E HUBs HFC-GFD06 Ground Fault detection HFC-FOT06 Fiber Optic Transmitter Hot-swappable Power Supply, Plug-in type Control Switch Modules (CSM) Manual/Auto (M/A) Station Flat-Panel Device (FPD)

Nuclear I&C Manufacturing Facility HFC has 40,000 sq. ft. nuclear I&C manufacturing facility locate in Carrollton, Texas (about 15 minutes driving distance from DFW international airport). It is operated under NQA-1 quality procedures and working instructions. Commercial Grade Dedication The Commercial Grade Dedication (CGD) and evaluation work has been performed in HFC’s Carrollton facility. All components and assemblies used for nuclear class 1E are required to be evaluated and tested according to CGD procedures.

Communications Features

Input-Output Interface With QIO protocol

Dual-channel configuration with secondary loopback function High-speed data transfer rate Deterministic master/slave polling protocol Connection of up to 32 I/O modules on one physical link Local or remote I/O accessible

Safety Communication-Link (C-Link) and Communication Master Link (CM Link) with Proprietary Token Passing Protocol

Dual-channel configuration with synchronization scheme 10/100MB per sec high-speed data transfer via fiber optic, or CAT5 Fiber-optic cable connection for physical and electrical isolation Dedicated HFC-6000 HUB and Fiber-optic Transmitter Continuous error checking to prevent system degradation or data loss Local communication error isolation to prevent propagation to the whole system Multiple layers for different media to be located on separate layers

Safety Protection With Communication Gateway Controller and Firewall

Only proprietary communication protocols used in safety networks Safety channel gateway controller installed per cabinet Proprietary software firewall protection for cyber security Ground fault detection reported on rack basis

10 1

HFC Nuclear Plant Experience

Year Plant Safety Application/Events 2011-2012 All 20+ Korea Nuclear

Power Plants Safety Trip System Automatic Seismic Trip System (ASTS)

2009-2010 Shin Wolsong NPP unit 1 & 2

Class 1E & Non-1E 1000 MW*2 HFC-6000 NPP Plant wide Control System

2008-2009 Shin Kori NPP unit 1 & 2


2008-2009 Ulchin NPP unit 1&2

Class 1E & Non-1E Alternate AC Diesel Generator Control

2008-2009 Yonggwang NPP unit 1 & 2


2005-2006 Korea Hydro & Nuclear Power /Doosan

Safety Reactor Cooling Pump Speed Sense System (RCPSSS) Core Protection Control System (CE Reactor)

2005 Doosan R&D Center

Non-safety Control Rod Control System (CRCS)

2005 ASCO NPP Spain Unit 1 & 2

Non-safety ICCMS Display and Monitoring System

2004-2005 Kori NPP unit 1, 2, 3 & 4


2003 KEDO NPP unit 1 & 2 (Contract Cancelled)


2002-2004 Ulchin NPP unit 5 & 6


2001 Kori NPP unit 1, 2, 3 & 4

Class 1E Emergency Diesel Generator Control (Relay)





Note: Plant wide Control System (PCS) controls up to 80% of Nuclear Power Plant (NPP) equipment and includes Control Room equipment, Balance of Plant, Load Sequencer, Engineering Safety Features Actuation System (ESFAS), Feedwater and Chiller Control, HVAC Control, Diesel Generator and Alternate AC Diesel Generator Control, Turbine Monitoring, Emergency Shut-Down system, and Radwaste Control and Monitoring. Fact: Since the commission of the first set of plant wide digital control system in Yonggwang NPP 1994, HFC delivered and installed near 10,000 microprocessor based controllers in NPP successfully. The long operation history of field-proven nuclear safety control systems is the solid base of HFC’s nuclear I&C technology. HFC is not only a manufacturer of high-quality control systems, but also an engineering firm capable of providing a variety of custom solutions through the use of advanced hardware and software solutions. HFC has a demonstrated record of supplying high integrity control system solutions in partnership with our end users. HFC can confidently and realistically address the pressing concerns of the plant by providing long-term support without risk of system obsolescence resulting in a lower cost of ownership over the operational life of a control system.

HFC-SCG06A Communication Gateway Controller Multiple (3) microprocessors based controller Intel-based architecture DSTni80186 for two 100 Mbps redundant LAN links

control as the gateway device for safety system 8MB flash memory 16MB volatile RAM memory Redundant with modern FPGA technology HFC-PCC06 Peripheral Communication Controller Control Switch Module (CSM) and M/A station

Multiplexer 8 interface channels 32-bit Intel 80386EX microprocessor Communicates with CSM and M/A station via

separated link Digital Input (DI32I/DI16I) 32/16 Optically isolated channels 16-bit microprocessor based architecture SOE capability with 3000 event queue per card Input Indicator LEDs Interrogation voltage is optically isolated from

logic circuits Each set of four channels has a common

interrogation voltage feed and fuse The status of each interrogation voltage feed is

monitored separately. Digital Output (DO16J/DO16C) 16 Form C relay digital output channels Separate, optically coupled relays for each DO

channel. Onboard watchdog timer 16-bit microprocessor based architecture Up to 30 VDC with 5 A maximum current (Relay

rating - resistive load) Up to 250VAC with 5 A maximum current (Relay

rating - general use) Onboard LEDs provide visual indication of board

status. Analog Input & Output (HFC-AC36FD) Four (4) Analog Input Channels Four (4) Analog Output Channels Onboard watchdog timer Onboard 24-Bit A/D Converter per channel Built-in Calibration Channels High-speed DSP based

Thermocouple Card (HFC-AI8LD) Eight (8) Isolated Input Channels >120 dB CMRR On Card 24-Bit A/D Converter for independent

channel Cold Junction Reference Built-in Calibration Channels Supports type E, J, K, T ±0.1% accuracy High-speed DSP based RTD Card (HFC-AI8MD/AI8TD) Eight (8) Isolated 3-Wire Channels 100-Ohm/ 2K-Ohm Platinum Onboard watchdog timer >120 dB Common Mode Rejection Rate Onboard 24-Bit A/D Converter per channel Temperature Range: 0oC to 50oC, 100oC, 200oC Built in Calibration Channels ±0.1% accuracy High-speed DSP based Analog Input (HFC-AI16FD) 16 Analog Input Channels Onboard watchdog timer Onboard 24-Bit A/D Converter for independent

channel Built-in Calibration Channels ±0.1% accuracy High-speed DSP based Analog Output (HFC-AO8FD) 8 Analog Output Channels Onboard watchdog timer Onboard 16-Bit D/A Converter Built-in Calibration Channels ±0.1% accuracy High-speed DSP based Pulse Input (HFC-AI4K/AI4K2) 4 Pulse input channels (24-bit resolution) Accumulate/Rate Mode Onboard watchdog timer Built-in Calibration Channels ±0.1% accuracy

BENEFITS & FEATURES The HFC-6000 Safety Grade Control System overcomes the deficiencies associated with traditional analog systems through the provision of the following features and benefits:

Increased System Performance Controller computations and logic execution is performed utilizing a high-speed, dedicated Intel Pentium® processor (64-bit), which provides extremely fast system response times. Communication functions are conducted through separate, dedicated processors (32-bit) for increased data throughput. The high performance processors and high-speed communications reduce the required amount of equipment, simplifying overall system design. The system provides reliability, flexibility, and technology not available in traditional analog systems.

Field-Proven Architecture

The high-integrity system architecture is found in many fossil and nuclear power installations worldwide. The simplification of the hardware and software design decreases system complexity, reducing maintenance and testing costs and minimizing the probability of system errors.

Unparalleled System Longevity

The system architecture permits future upgrades with minimal modifications as well as backwards compatibility to legacy HFC control systems. Unsurpassed system operating life provides an exceptional return on investment.

Improved Maintenance and Testing Facilities

A wide breadth of configuration, diagnostic, and maintenance tools assist operators and maintenance personnel in the identification and prompt resolution of system abnormalities. Corrective maintenance is also

HFC-6000 Safety Control System

8 3

M/A CSM CSM

Field I/O Signals

OWS EWS

Remote I/O Chassis

Local I/O Chassis

OWS

Fiber Optic Transceivers

Redundant Fiber Optic C-Link

Hub Class 1E Flat Panel Display

(FPD)

facilitated through the ability of ‘hot swapping’ failed modules without the disrupting other ongoing, critical processes. Real-time system tests and diagnostics algorithms continuously perform sanity analysis and monitor system-wide status parameters. System alarms can be generated upon detection of any kind of process/system anomaly. Maintenance personnel are able to observe detailed system status displays and perform various system tests through the Maintenance Subsystem.

Increased Reliability & Flexibility The utilization of field-proven hardware and system-wide redundancy results in improved fault-tolerant operation. The system architecture effectively eliminates single points of failure and is designed to any failure from compromising other system components. In its full, redundant form, a 99.999% system reliability rating can be achieved. System flexibility is exhibited by providing redundancy specific to critical areas where it is required and by the wide variety of Man-Machine interface configurations and displays that are available.

Comprehensive Debugging & Simulation Capability Local and remote diagnostics allow the diagnosis and debugging of problems quickly. The operator can view any object on any page, set break points, single-step through control logic, and perform wiring and installation testing all in the comfort of one workstation. Forcing internal and external coils, contacts, and analog floating point values simplifies design and troubleshooting. Simulation capability provides test features capable of emulating an entire process. Applications can be simulated on a PC, reducing your development time and providing operators with an easy-to-use training aid.

HFC-6000 High Integrity Controllers

The redundant HFC-SBC06 controllers provide reliable, fail-safe, and field proven industrial process control technology. Redundancy is performed through Dual-Ported Memory (DPM) modules which allow simultaneous controller imaging by both controllers. All dynamic data transfer from the primary controller to the secondary controller on a user configurable periodical base (Digital) or event base (Analog). A maintenance failover mechanism allows routine checking of the integrity of both controllers and ensures bump-less transfer from the primary controller to the secondary controller. HFC’s field-proven digital and analog control algorithms are executed with digital quality words, analog double quality words, initialization bit, questionable bit, and antiwindup for the highest level of process control. All HFC-SBC06 controllers act as nodes on the redundant, fiber optics data highway with Token Passing protocol.

HFC-SBC06 Pentium Process Controller Multiple (3) microprocessor controller Intel-based architecture 64-bit Pentium® processor for logic control 32-bit 386EX for LAN and IO control Ethernet and RS-232/485 Communications 8MB flash memory 16MB volatile RAM memory Redundant or Triple Redundant configuration Redundant with Dual-Ported Memory HFC standard control algorithms Modern FPGA technology HFC-SBC04A Safety Loop Controller Dual (2) microprocessor controller Intel-based architecture DSTni80186 for logic controller DSP-based communication processor 8MB flash memory 16MB volatile RAM memory HFC standard control algorithms

HFC-6000 High Integrity Input/Output Modules

HFC provides a complete library of I/O cards to handle both Digital and Analog signals, all of which feature built-in self-diagnostics, hot swappable capability, and automatic address scheme. The extensive I/O library includes standard inputs/outputs and a series of special function cards. The I/O module conventions are defined as follows:

HFC- (a)(b)(c)(d)

a. D – Digital, A – Analog, C- Combination b. I – Input, O – Output, C – Combination c. Number of points 8, 16 or 32

33: 2 - 120vac outputs, 12 - 48vdc inputs 34: 2 - 125vdc outputs, 12 - 48vdc inputs 35: 1 - 120vac output, 12 - 48vdc inputs 36: 8 channels 4 to 20ma outputs 8 channels 4 to 20ma inputs 37: 8 channels 0 to 10v outputs 8 channels 0 to 10v inputs 38: 4 channels 0 to 10v outputs 4 channels 0 to 10v inputs

d. Voltage A - 120vac, B - 125vdc, C - 24vdc, D - 48vdc, E - 0 to 10vdc, F - 4 to 20ma, G - 250vdc, H - 220vdc, I - 48vdc SOE, J - Form C contact, K - Pulse, L - Thermocouple, M - RTD 100ohms, N - RTD 200ohms, T - RTD 2000ohms, Q - Special

The last letter – D DSP processor based

Obsolescence Management Control of hardware manufacturing and

development Compatibility with past systems Upgrades supported System changes and additions can be

made without our involvement Focus on client service Expected to last 40 years.

Quality Management Systems

ISO 9001-2000 10 CFR 50 Appendix B IEEE 603 EPRI TR-107330 NFPA TUV Certified Successful licensed nuclear safety systems in

Korea US licensing topical report under review

Control strategies 1 millisecond SOE (without special modules) 20~100 millisecond system response time I/O point not tethered to specific controller

Maintenance Direct connection to Termination Board for I/O modules Hot swap of components

Quality tagging (Non-nuclear) Quality tags propagate throughout calculated points and

graphics Tracking and display of point quality Supports special treatment of quality data

Alarming Multiple levels, types, priorities of alarms, routing Intelligent alarming

Historian Native and third party historical archiving software

Advanced, open system Standard switched Ethernet TCP/IP network “Plug and go” Third party accommodation

Advanced system design ONE STEP configuration Self documenting System configuration can be managed by SQL database Data elements easily up/downloaded via TCP/IP

Software V&V Process

RFP Customer request for proposal PDP Project Development Plan; IEEE 1058-1998, IEEE 1490-1998 PQP Project Quality Plan; IEEE 730-1998, IEEE 730.1-1995 SRS Software Requirements Specification; IEEE 830-1998 SVVP Software Verification and Validation Plan SDD Software Design Description; IEEE 1016-1998, IEEE 1074-1997 STP Software Test Plan; IEEE 829-1998, IEEE 1008-1987, IEEE 1012-1998 SIP Software Integration Plan; IEEE 1074-1997 SCMP Software Configuration Management Plan; IEEE 828-1998, IEEE 1042-1987 SAR Software Safety Analysis Report SVVR Software Verification and Validation Report; IEEE 1012-1998 Project Post-Mortem Report

Post-project evaluation report; IEEE 1490-1998

4 7

The HFC-6000 Safety Control System represents the culmination of over 30 years of control system research

and development efforts. The platform was specifically designed for control and monitoring of the most critical applications, and built to survive the most intense physical electrical and seismic environments. The field-proven architecture, coupled with rugged, robust system components combine to reduce installation, maintenance, and spare parts costs, while assuring a long operational life. The highly modular and scalable design can accommodate both large and small systems. Segregation of functions provides enhanced maintenance and operational benefits with a choice of traditional, discrete Man-Machine Interfaces (MMI), and high resolution, digital flat panel displays.

• HFC-6000 is an effective approach to safety critical I&C Single board controllers for

single loop and multiple loop control

Wide selection of I/O modules

Flat panel displays Dedicated Control Switch

Modules and M/A stations for manual control of outputs

One product for all safety

critical applications Modular design for easier

mounting in standard 19” racks

• Redundant and Triple Modular

Redundant architectures • Single board Controller design

based on a long operating history Key product for HFC fossil

projects Used in Boiler Control and

Safety Systems USA installations Wide spread applications

worldwide Technology Approved by

USNRC, TUV, Korea KINS for Nuclear Class 1E and functional safety applications

Quality Assurance HF Controls is very proud of its solid Quality Assurance Program. All of the different departments within the company work closely to achieve the goal of a continuously improving level of product quality. The solid Quality Assurance Program enables HFC to provide the highest possible quality of service to its customers. HFC remains committed to continued support of its original products. The original customers in 1980 have been able to take advantage of the latest technology features through simple, inexpensive upgrades designed to add another 20 years of operational life. The control systems, rather than being analyzed on the basis of the usual 10 or 15 year payback, can be reasonably expected to last 40 years, maximizing the return on the original investment.

HFC-6000 Unique Design Features

HFC is a qualified nuclear I&C vendor capable of providing digital control systems for modernized nuclear power plants and any other mission-critical control environment. The HFC-6000 is HFC’s platform for safety-critical control system applications. The following list of HFC-6000 unique design features illustrates HFC’s strong nuclear I&C experiences and mature safety design concept.

1. HFC’s nuclear class 1E auto-documentation

tool provides the single source for: A. Engineering Logic Diagram in CAD format B. I/O configuration C. Database allocation D. Operator I/F graphics with dynamic status

display

“The drawings the engineer designed are the same graphics that operators monitor in plant operation.”

2. The modernized HFC-6000 safety control

system provides: A. Faster response time from input, logic

execution to output B. Total isolated and independent HSIM (High

Speed Interface Module) for critical points between trains/divisions

C. Thorough system online diagnostic software capable of monitoring every bit in a system from controllers to I/O cards

D. Modular system configuration provides scalability from single loop/multi-loops to DCS for entire plant control

E. High reliability and maintainability design includes: 1. Full Redundant or Triple Modular

Redundant hardware configuration 2. Dedicated CSM, M/A and FPD

interface per loop 3. Maintenance failover enable/disable 4. Unique Loop-Back I/O

communication path 5. Redundant I/O capability 6. Nuclear special function boards with

coil continuity and seal-in function 7. Ground fault detection and reporting

by rack 8. Open/short field wiring detection 9. Hot-swappable power supplies and

P.C. Boards 10. Four-channel protection system with

four uni-direction high speed communication channels

5 6

HFC’s Equipment Qualification

HFC has a long history of providing nuclear class 1E and non-class 1E equipment to nuclear power plants. The equipment development, qualification, and manufacturing are performed in accordance with requirements of NQA1. The proposed HFC’s HFC-6000 product line has been qualified as nuclear class 1E on several Korean units. The following table provides a summary of recent qualification tests that have been completed.

Year & System Safety Control Projects Testing Facility

2001 SBC-04N System (Single Loop Model of HFC-6000) ECS MUX System

UCN unit 5&6 Nuclear Power Plant Control System (PCS)

Wyle Laboratory Alabama, USA

2003 HFC-6000 System

US NRC Topical Report Wyle Laboratory Alabama, USA

2005 HFC-6000 System

KORI unit 1-4 Nuclear Power Plant Alternate Diesel Generator

Qualification and Analysis at HFC

2006 HFC-6000 System With MUX System

SKN unit 1& 2, SWN unit 1&2 Nuclear Power Plant Control System (PCS)

Wyle Laboratory Alabama, USA

2007 HFC-6000 System YGN unit 1&2, UCN unit1&2 Nuclear Power Plant Alternate Diesel Generator

Qualification and Analysis at HFC

2007 ECS MUX System

Sipat Fossil Power Plant, India SIL Project

TUV branch USA

2009 HFC-6000 System with SBC06 controller

SIL3 application on Triple Modular Redundant (TMR) control

TUV branch USA

2012 HFC-6000 system with FPC08 controller

SIL3 application on Triple Modular Redundant (TMR) control

TUV Germany

The Sole Provider of Safety Control System

HFC provides the design of safety control applications including engineering, Equipment Qualification, QA, V&V, documentation, manufacturing, commercial grade dedication, safety system required test, site installation and services by using HFC’s existing HFC-6000 safety control platform. The HFC safety project team will work with customer and the engineering firm to manage the project schedule, system integration testing, document approvals and submittals, and project engineering process.

Ownership of HFC’s safety control system HFC owns the entire Intellect Property for this safety control system technology and has extensive capability and experience needed to provide safety control systems.

hfc-6000 safety control systemhftests.com/common/brochures/product_line/hfc-6000/hfc... · 2014. 6....

Documents