Online migration from Safeguard 400 to AC800M HI
I've seen that you're an expert in Safeguard Controllers, so I'm contanting you regarding the questions that I have about those Controllers. My name is Hrvoje and I'm working on a project of replacement of the old Safeguard 400 Dual Controller System with a new redundant AC800M HI controller. The replacement will be made online while the plant is running and we will move/rewire each IO signal from Safeguard termination/connection units to AC800M IO modules (signal by signal). So to be able to do this, we will have to make Inhibit/Block Input/Block Output for each Safeguard signal, untill finally all signals will be moved to AC800M HI. I have been analyzing the Safeguard Configuration file (which I'm sending you in the attachment) for the controller to be replaced. Regarding the bypass managment, I've noticed this configuration code: .bypassm 0, (), '', '', 0, 00000, 0, 0, 0, 0, 0, ''; As I've conluded by this configuration parameters, there are no bypass restrictions applied to this Safeguard Controller. Only one parameter called "No_of_override" is concerning me. This parameter is set to 0, and 0 means "no override allowed". So as I see it according to this configuration file, no signal is allowed to be inhibited/bypassed by operator station. Am I right? But on site the operators can activate inhibits/bypasses from the operator stations. Do you know maybe what's the catch with this? Also, do you have any suggestions regarding the online replacement of Safeguard? Maybe some potential problems that we could experience with Safeguard while inhibiting/overriding moved IO signals? Is the attached Safeguard Configuration File revealing something to you? I'm relatively new in Safeguard so any suggestion would be helpful.
Thank you in advance!
Voted best answer
Somehow you are right about your concern when number of overrides = 0 and it is still possible to make overrides. I can just say, those who have programmed the configuration file probably did not know much about it :-)
You are right, setting 0 in number of overrides means you cannot make overrides on any signal that is part of BypassManagement. The parameter I have Highlighted "Except_class" is default 79, meaning any database tag with class 79 is excepted from BypassManagement. As DB elements default have Class = 0 and someone has chosen to set "Except_class" = 0 in Configuration file, means that all DB elements having Class = 0 are excepted from BypassManagement and therefor possible to override.
So again, the designer/programmer did not know what they where doing - sorry to say so.
Hopefully this answer your question
Functional Safety Expert (TÜV Rheinland #161/11, SIS)