Automation World magazine’s Wes Iverson recently had a nice article, The Great Safety Debate. He described the various approaches to safety instrumented systems (SIS) and their connections with basic process control systems (BPCS). The article highlights where the SIS suppliers products fall in the ARC Advisory Group‘s four categories of SIS: separate, interfaced, integrated and common.
Separate defines complete separation between the BPCS and SIS. Interfaced defines a connection via a gateway using OPC, MODBUS or other communications method to share information, particularly at operator displays. Integrated defines a closer connection perhaps sharing common engineering tools, operator displays, alarms, etc. Common defines a single box does both control and safety.
The article references ARC’s viewpoint:
…integrated control/safety systems as one of its “top automation technologies and trends to watch in 2007.”
In the Emerson architecture, “our safety and control systems are completely segregated in all the ways that count,” says Miller. “The operating systems are different. The hardware is different. The only thing we do share are engineering tools, and even those are password protected for all safety integrated functions,” Miller points out. And while integrated DeltaV SIS and DeltaV systems are linked with a dedicated communications channel for information sharing, that link is one-way, he adds. “The SIS sends information out to the BPCS, and while the SIS can see information from the BPCS, that information does not alter the safety instrumented functions implemented in the SIS.”
Chuck also added:
“You no longer have to map your safety system into your DCS via Modbus or OPC. You no longer have to run a separate bus for time synchronization to the different subsystems, and you no longer need a stand-alone sequence-of-event system,” he explains. “All of those functional subsystems are built into our integrated BPCS/SIS environment.”
The article did point offer critiques by suppliers of other suppliers’ approaches. The SISs in the separate and interfaced categories point to issues like common mode failures, inadvertent changes in SIS and reliance on functional or logical separation instead of physical separation. The article references that some have called this FUD, as did a blog post from last year, which I confess caused me to LOL.
As the article noted:
Various integrated safety/control systems are on the market today that have met this requirement, say their vendors, as evidenced by certifications received from TÜV [hyperlink added], an independent international certification organization. And once a system is TÜV-certified as meeting international standards for use at a specific safety integrity level, or SIL, that should end any debate, these vendors contend.
If you’re looking to address your organization’s IEC 61511 safety lifecycle requirements, this article is worth a read to understand the various SIS approaches and critiques of these approaches.
Update: I received an email from DeltaV SIS Product Manager, Mike Boudreaux who notes that beyond the engineering tools, the operator station (HMI) software and asset management software (AMS Intelligent Device Manager) are also shared by both the DeltaV system and DeltaV SIS.