why not in my dcs? - honeywell · • so why is bpcs given only one credit in isa 84.00.01 ? •...
TRANSCRIPT
![Page 1: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/1.jpg)
Why not in my DCS? Critical safety safeguards in a DCS are not a good idea Leoncio Esteves-Reyes, Performance Materials Technologies
![Page 2: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/2.jpg)
2 © 2015 Honeywell International All Rights Reserved
Introduction
• If I have this • Why do I need that?
![Page 3: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/3.jpg)
3 © 2015 Honeywell International All Rights Reserved
This is your DCS’ mission
• Drives plant operations within normal range
• Always acting: sensing and intervening
• Generates actions and alarms
• Informs, so operators can act
![Page 4: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/4.jpg)
4 © 2015 Honeywell International All Rights Reserved
Can the DCS act like an SIS?
…become that?• With the right coding, will this…
![Page 5: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/5.jpg)
5 © 2015 Honeywell International All Rights Reserved
Let’s check for compliance
IEC 61508 written to help design and develop SIL rated products for any industry. IEC 61511 and ISA84.00.01 (almost identical) written to help analyze, design, implement, install, commission and maintain SIL loops for the Process industry.
![Page 6: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/6.jpg)
6 © 2015 Honeywell International All Rights Reserved
IEC 61511 (ANSI-ISA 84) says
An SIS: • Implements SIF(s) to keep the process safe • The SIF(s) are defined by their SIL
- Success rate at keeping process safe state - Four levels of probability
• Is composed of three elements • Sensors, Logic Solvers and Actuating Devices
![Page 7: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/7.jpg)
7 © 2015 Honeywell International All Rights Reserved
What about the SIL?
SIL: • Four levels used to specify SIS requirements • Based on probabilities of success over time SIL Levels: • 1 Lowest • 4 Highest
![Page 8: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/8.jpg)
8 © 2015 Honeywell International All Rights Reserved
Standards say this is SIS’ mission
• Brings process back from the brink and takes the process to a safe state
• Acts infrequently and sparingly
• Only informs after taking corrective action
![Page 9: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/9.jpg)
9 © 2015 Honeywell International All Rights Reserved
Let’s compare BPCS and SIS
Hardware: • Redundancy • Failure • SIL
Software: • Programming language • Firmware • Diagnostics • Application complexity
![Page 10: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/10.jpg)
10 © 2015 Honeywell International All Rights Reserved
Let’s compare BPCS and SIS (II)
Functionality: • Main use • Demand • Place as protection layer • Controller interactions • Response time
![Page 11: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/11.jpg)
11 © 2015 Honeywell International All Rights Reserved
Let’s compare BPCS and SIS (III)
Operator Intervention: • Management of Change (MOC) • Operator mistakes • Logic changes • Handling by-passes
![Page 12: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/12.jpg)
12 © 2015 Honeywell International All Rights Reserved
An application from industry
PIC-1
PSH-102PSV-1
PCV-1
PT-1
PT-2
ESDV-1 ESDV-2
PT-3
![Page 13: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/13.jpg)
13 © 2015 Honeywell International All Rights Reserved
BPCS credits
• So why is BPCS given ONLY ONE credit in ISA 84.00.01 ?
• Why can’t I take additional credit if I have a configuration as below for PIC-101 and PSH-102 ?
HMISafety
StationServer
DCS Controllers
Applications
(S)NTP
PTP
PIC-101
PSH-102
![Page 14: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/14.jpg)
14 © 2015 Honeywell International All Rights Reserved
For BPCS, let’s see what happens if…
Operator Intervention: • Puts 101 in manual
and, after a few days… • PSH-102 is by-passed
Application Software: • New “Go To” loop
applied before PSH-102 logic…
• Never validated (not required)
HMISafety
StationServer
DCS Controllers
Applications
(S)NTP
PTP
PIC-101
PSH-102
![Page 15: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/15.jpg)
15 © 2015 Honeywell International All Rights Reserved
For BPCS, let’s see what happens if… (II) Firmware: • DCS OS is upgraded
and… • Bug affects all PID
controllers Third Party Interface: • A local PLC sends a
garbled message to DCS…
• Local logic is affected
HMISafety
StationServer
DCS Controllers
Applications
(S)NTP
PTP
PIC-101
PSH-102
![Page 16: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/16.jpg)
16 © 2015 Honeywell International All Rights Reserved
SIS credits
• PIC-101 is part of BPCS• PSH-102 is part of SIS
HMISafety
StationServer
DCS Controllers
Applications
(S)NTP
PTP
PIC-101
PSH-102
![Page 17: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/17.jpg)
17 © 2015 Honeywell International All Rights Reserved
Let’s see what happens if…
Operator Intervention: • Puts 101 in manual and,
after a few days… • PSH-102 in SIS is by-
passed
Application Software: • New “Go To” loop
applied before PSH-102 logic in SIS
• PIC-101 is part of BPCS• PSH-102 is part of SIS
HMISafety
StationServer
DCS Controllers
Applications
(S)NTP
PTP
PIC-101
PSH-102
![Page 18: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/18.jpg)
18 © 2015 Honeywell International All Rights Reserved
Let’s see what happens if… (II)
Firmware: • DCS OS is upgraded
and SIS OS upgraded… • Bug affects all PID
controllers
Third Party Interface: • A local PLC sends a
garbled message to DCS…
• Local logic is affected
• PIC-101 is part of BPCS• PSH-102 is part of SIS
HMISafety
StationServer
DCS Controllers
Applications
(S)NTP
PTP
PIC-101
PSH-102
![Page 19: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/19.jpg)
19 © 2015 Honeywell International All Rights Reserved
To avoid risks and disaster
Need to add or modify DCS • Add diagnostics • Modify firmware • Forbid operator changes • Forbid exchanges with other controllers
In other words: Redesign the DCS to make it behave as an SIS Why bother if we already have designed SIS’?
![Page 20: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/20.jpg)
20 © 2015 Honeywell International All Rights Reserved
Conclusions
BPCS and SIS have distinct and specific roles Let’s leave each do its job The standard is clear about the
characterization of a BPCS, as a system “…which does not perform any safety
instrumented functions with a claimed SIL ≥ 1”
![Page 21: Why not in my DCS? - Honeywell · • So why is BPCS given ONLY ONE credit in ISA 84.00.01 ? • Why can’t I take additional credit if I have a configuration as below for PIC-101](https://reader033.vdocuments.mx/reader033/viewer/2022041413/5e1942eb010abd0c2242fa65/html5/thumbnails/21.jpg)
21 © 2015 Honeywell International All Rights Reserved