Online migration from Safeguard 400 to AC800M HI

Hello Carsten,

I've seen that you're an expert in Safeguard Controllers, so I'm contanting you regarding the questions that I have about those Controllers. My name is Hrvoje and I'm working on a project of replacement of the old Safeguard 400 Dual Controller System with a new redundant AC800M HI controller. The replacement will be made online while the plant is running and we will move/rewire each IO signal from Safeguard termination/connection units to AC800M IO modules (signal by signal). So to be able to do this, we will have to make Inhibit/Block Input/Block Output for each Safeguard signal, untill finally all signals will be moved to AC800M HI. I have been analyzing the Safeguard Configuration file (which I'm sending you in the attachment) for the controller to be replaced. Regarding the bypass managment, I've noticed this configuration code: .bypassm 0, (), '', '', 0, 00000, 0, 0, 0, 0, 0, ''; As I've conluded by this configuration parameters, there are no bypass restrictions applied to this Safeguard Controller. Only one parameter called "No_of_override" is concerning me. This parameter is set to 0, and 0 means "no override allowed". So as I see it according to this configuration file, no signal is allowed to be inhibited/bypassed by operator station. Am I right? But on site the operators can activate inhibits/bypasses from the operator stations. Do you know maybe what's the catch with this? Also, do you have any suggestions regarding the online replacement of Safeguard? Maybe some potential problems that we could experience with Safeguard while inhibiting/overriding moved IO signals? Is the attached Safeguard Configuration File revealing something to you? I'm relatively new in Safeguard so any suggestion would be helpful.

Thank you in advance!
Hrvoje

Controller1.txt

Comments (0) New comment

hrksa Rank: 141

Asked 1 year ago

Answer this question Follow

Voted best answer

Hi

Somehow you are right about your concern when number of overrides = 0 and it is still possible to make overrides. I can just say, those who have programmed the configuration file probably did not know much about it :-)

You are right, setting 0 in number of overrides means you cannot make overrides on any signal that is part of BypassManagement. The parameter I have Highlighted "Except_class" is default 79, meaning any database tag with class 79 is excepted from BypassManagement. As DB elements default have Class = 0 and someone has chosen to set "Except_class" = 0 in Configuration file, means that all DB elements having Class = 0 are excepted from BypassManagement and therefor possible to override.

So again, the designer/programmer did not know what they where doing - sorry to say so.

Hopefully this answer your question

Best regards
Henrik Skovsgaard
Functional Safety Expert (TÜV Rheinland #161/11, SIS)
DKABB

Comments (8) New comment

by Carsten Jakobsen Rank: 61 on 11/28/2018 10:11:43 PM | Like (0) | Report

Hi Henrik
Thanks for your clarifications.
BR Carsten

by hrksa Rank: 141 on 12/4/2018 7:48:29 AM | Like (0) | Report

Thank you for the answer. There is also the second part of the question: do you have any suggestions regarding the online replacement of Safeguard? Maybe some potential problems that we could experience with Safeguard while inhibiting/overriding moved IO signals? One colleague said that we could have problems when we will be disconnecting DO signals. He says that maybe some Safeguard protection could be activated and it could completely shutdown the Safeguard because of the DO cards test signal..?

by henrik.skovsgaard Rank: 971 on 12/5/2018 1:51:10 AM | Like (0) | Report

When moving Normally Energized DO signals you must be careful and they need external 24V supply during the change period - otherwise they will shutdown. Normally De-energized signals can be moved without any problems. Be aware that during 24 V external power is on, no S/D signal will be effective on the DO signals. Typically you will move 7 at the time(one MasterVote Unit)

by hrksa Rank: 141 on 12/5/2018 4:41:41 AM | Like (0) | Report

Of course. But we will not apply the external 24V power supply on NE DO signals while migration (disconnected signals will go to shutdown, but they will be mechanically bypassed, so in example valves will not be closed. They will recieve electrical SD signal, but they will be mechanically stucked in open position for couple minutes). But what I meant to ask is when we'll disconnect NE DO signal one by one, will the Safeguard firmware detect that nothing is connected to DO channel, and will the complete Safeguard go into halt/shutdown?

by henrik.skovsgaard Rank: 971 on 12/5/2018 5:23:29 AM | Like (0) | Report

You have degraded mode time set to 150 hours and Halt on I/O board monitoring is disabled in configuration file.
Isolation on no pulse response and shutdown order is enabled in config.file so if the process give a S/D signal while channel test gives an error you will S/D all 7 signals on that MasterVote (output parameter section #5) But I do not see that as a big issue

by hrksa Rank: 141 on 12/5/2018 6:02:56 AM | Like (0) | Report

Tnx. a lot. One last question. I suppose this degraded mode timer can be resestted by a local switch ISOLATE A/ISOLATE B controller? I'm asking this because the replacement will last for more than 150 hours.

by henrik.skovsgaard Rank: 971 on 12/6/2018 12:04:27 AM | Like (0) | Report

Manuel reset of degraded mode timer can only happen by Warm start the controller. (Isolate - warm start) Instead I suggest you change the parameter in config file to the maximum 2000 hours and load the config file again before you start your change-procedure. Then you have about 3 months...

by hrksa Rank: 141 on 12/10/2018 11:39:11 PM | Like (0) | Report

Hi Henrik, I have one more question. During the replacement, we are planning first to migrate the DI signals from DI boards DSDI 110A. I've been looking in the manual whether DSDI 110A has a line monitoring function (does it detect the open loop channel), and I haven't found it anywhere. I suppose only DO boards have this functionality. Could you confirm that assumption?

Add new comment

henrik.skovsgaard Rank: 971

Answered 1 year ago

Capture.PNG

Question details

Online migration from Safeguard 400 to AC800M HI

Voted best answer

Other questions needing answers

Related topics

AKS experts