SIL3 Fire and Gas Library
We are doing a project using AC 800M HI controller for Fire and Gad gas system.
Our customer wants SIL3 application for FGS instead of SIL2! We informed the customer that, we don't have the standard certfied SIL3 library for Fire and Gas like, SupervisionLib.
Now customer wants ABB to prepare new SIL3 library for FGS which shall be similar to SupervisionLib library interms of programming, functionalities, graphic elements etc..
The detector control modules like, Detector1Real, Detector2Real, DetectorBool and vote control module uses "DetectorConnection" data type for connecting detector modules to Vote or OutputOrder control modules. This data type is protected and we cannot see the componets of it except Forward and Backward components.
I request to throw some light on components of "DetectorConnection" data type or possibilities of developing similar data type like DetectorConnection to connect Detector modules to vote or output order as attached (Standard SIL2 library connection).
Create an application using the datatype which you need to see and go online. Then you can expand and see the components of the same datatype.
Are you going to develop a new library with SIL-3? Do you have the code for the modules that you are planning to develop? I wonder this can be time consuming and difficult task.
In general, F&G applications requires SIL-2 and ESD applications requires SIL-3 as ESD demands higher availability of system (1/PFD) than F&G. For example, F&G application may have Normally De-Energized outputs and ESD uses only Normally Energized outputs. i.e. ESD system needs to act on line fault but it is acceptble that F&G availablility can be compromised on line fault.
I would suggest to check the actual requirement of SIL level for F&G based on LOPA. Check whether the particular SIF can be acheived for SIL-3 or not. Then you can take a call.
Adding to Manikandan VS point, normally in F&G system we dont use the risk based SIL determination. In risk based calculation, we normally have to take into account following few things like number of people getting impacted, escape procedure, hazardous environment and classification etc. However, in F&G system most of the time it is like prescriptive approach, where we have no arguments and we use standard proven-in system and approach (which is identified as SIL2). Otherwise, you have to use the some of the methods like LOPA, Fault Tree Analysis, Risk graph methods.
Regarding DetectorConnection data type, I think you need to have open library as these data types are protected with password. I am doubtful whether you will get these data types opened. You may have to send special request to the library team through local service desk.
If customer insists to USE SIL3 F&G for any reason. We can USe SupervisionBasic Lib. Obviously it has a drawback due to lack of graphic elements of fire and gas.
In this case customer graphic elements and functionality will drive the new FGS library.
CMTs to be modified / cutomized to acheive C&E Logic
Thanks all for sharing more information on this thread. To clarify the INPRK comment, I am giving this.
I guess there is a confusion over the terms NDE and DE. Normally De-Energized output means that it will be 'off' state and active control output will make the contact closed to energize the final element. Normally Energized output will work in the other way and is being used in Safety critical systems as it will act even when control system fails. I have attached an image for the better description. Hope this clears the misunderstanding.
I agree with some of the answers above about justification of SIL3 for F&G. Our experience with certification of a F&G library is that we are struggling with the certification company to justify 'intended use' and ended with SIL1-2 for our F&G library. However, this is completely ok; we got no relevant complaints so far.
I am afraid this justification also applies to you and your project and that you are about losing quite some money on trying to develop a F&G library that is SIL3 compliant, which might not be accepted at the end due to lack of 'intended use' case, ref. IEC61508 Ed.2. According to IEC61508, there shall be an assessment during the project; I would expect that this would come up as an issue for you in that phase. This is at least my experience, I just wanted to share it with you.
Dear skhpatnaik and Manikandan,
Thanks for valuable inputs.
My answer for the question is:
I feel SIL assessment/ SIL determination/ SIL classification is not done properly by the customer in this case. Usually SIS will be used to reduce the risk by reducing frequency of failure of the instruments but not reducing the severity of the consequence. Best example is ESD system. Considering F&G as SIS always gives room to debate. F&G system starts to act after happening of the events such as gas leakage, rupture of the pipes, fire occurrence. F&G system will not prevent these events (gas leakage, rupture of the pipes, fire occurrence), hence F&G system is mitigative layer (not preventive layer). Risk reduction using F&G system will be purely done by reducing the severity of the consequence but not reducing the frequency of failure of the instruments. Moreover, installing F&G system alone would not help to detect the Fire and Gas, it is also important to place the F&G detectors at proper place and at proper height to detect the events accurately.
Hence assigning SIL 3 for F&G system would not make sense. More importantly, it is hard to meet SIL3 requirement with existing hardware in current market (from Systematic design, Architectural constraints and probabilistic calculations point of view). Also, it is critical to test and ensure meeting SIL3 requirement throughout the plant mission time.
Conclusoin: Eventhough SIL3 library for F&G will be used for application programming, it is hard to get hardware which meets SIL3 requirement. Eventhoguh it is possible to make software and hardware which meet SIL3, it does not make sense to go for SIL3 F&G system.