Separate Levels of Protection Reduce Risk
Every production process harbors risks. Companies in the process industry must understand precisely the requirements of the IEC 61511 standard for functional safety, then implement them correctly. A great deal is at stake: the health of the employees, the tangible assets of the company and the environment.
To reduce the risk of downtime and accidents, IEC 61511 requires separate levels of protection for the areas of control and monitoring, prevention and containment, and emergency measures. Each of these three levels assumes specific sub-functions to minimize risk; together they reduce the hazards that derive from the overall production process.
Cleanly Separating the Safety and Process Control Systems
IEC 61511 also requires independence, diversity and physical separation for each level of protection. To meet this requirement, the functions of the different levels need to be sufficiently independent of one another. But what does this mean exactly?
Many think it is enough to use different I/O modules for the different levels. That’s not accurate, as automation systems also depend on the functions of I/O bus systems, CPUs and software.
Safety systems and process control systems are considered as autonomous safety levels, as defined by IEC 61511, only if they are based on different platforms, development principles and philosophies. In concrete terms, this means that the system architecture must be designed in such a way that none of the components of the process control system levels and the safety levels can be used concurrently.
Maximum Safety with Control System Patches
Standardized hardware and software in computer process control require patches from time to time to correct weaknesses in software and operating systems. Due to the complexity of the software architecture, however, it is difficult to impossible to assess the potential risks of a system update. Patches made in the process control system, for example, can also affect the functionalities of the integrated safety system.
To ensure that critical errors with unforeseeable consequences do not occur in safety-relevant processes, the process control system and safety system must be separated from each other technologically. Only in this way is there a guarantee that updates in the control system do not impair functional safety.
Despite Separation: Integration of Operating and Maintenance Information
Efficient Operation of safety Systems does require to integrating general operating and maintenance information. Notwithstanding the independence required HIMA systems can be easily integrated into every leading process control systems.
In doing so HIMA assumes the task of DCS SIS integration and enables the functionalities required. Integration is achieved through high-capacity, cross-manufacturer communication standards.
For data integration all interfaces to external systems are described functionally in as part of a "whitelisting". This includes:
All activities on an external interface that do not comply with the pre-defined rules will be ignored. Every function needed for the integration of a safety system can, therefore, be mapped.
IEC 61511: How to apply multiple layers of protection
Advantages of separated systems:
More than 40 years of experience in safety-critical applications have taught us this: A separation of the process control system and safety system increases operating safety and the uptime of process technology systems, which improves operating efficiency in production. To learn more about the configuration of safety systems and complying with IEC 61511, contact our experts. They are ready to advise you.