ABB Safety Triguard 2 TMR Safety Products

ABB TMR Safety and Control

August Systems, founded in 1978, was the worldwide pioneer in the development of Triple Modular Redundant (TMR) processing for real time, fault tolerant control. August Systems became an ABB company in 1997 adding TMR technology to the well established Dual Redundant Safety systems developed within ABB. The new business group of ABB Safety has been established to offer a broad range of safety solutions to industry. The Triguard SC300E products are available as engineered systems from ABB or products for integration by third party system integrators and OEMs, enabling the technology to be made available to a wide range of customers and applications.

ADNOC AGIP AMEC Arabian Industrial Fibers Azot – Russia Bechtel BP/AMOCO British Nuclear Fuels Cegelec Chiyoda Conoco Crescent Petroleum Dow Ecopetrol Elf Enterprise EPA – Taiwan Exxon/Mobil Foster Wheeler Gas Authority India Gazprom Hanwha Chemical Huntsman Chemicals Hyundai Petrochemical IOCL – India KBR KNPC Madras Refinery

McDermott Pacific Gas & Electric Pemex Petrobras Petrokemya Petromin Petronas Gas Qatar Gas QGPC Ralph M Parsons Saipem SARAS – Italy Sarawak Shell Saudi Aramco Snamprogetti Southern Petrochemical Technip Technipgeoproduction Tecnimont Thai Aromatics Torch Energy Total Toyo Engineering Co UK Atomic Energy US Steel Westlake Group

Contents

SC300E Features and Benefits 4 – 5             

SC300E Product Description 6 – 13

SC300E Software Description 14 – 15

International Standards 16

Global Support 17

Product Summary 18

Product Specifications 19

Triguard SC300E

The ABB Triguard SC300E is the                  1.   Safety Shutdown

evolution of 20 years of combined                2.   Electrical Stability and Load Contro

vendor and customer experience                  3.   Process Shutdown

integrated into the design of the                   4.   Reactor Control

ultimate TMR product. Building on a              5.   Emergency Shutdown

proven platform, the Triguard SC300E            6.   Critical Batch Processing

combines features that will maintain               7.   Sequence and Interlock Control

excellence well into the future.                       8.   Fire & Gas Protection and Detection 

                                                                   9.   Critical Process Control

Today ABB is a global supplier with                 10.   Burner Management and Control

key operating bases in North America              11.   Turbine and Compressor Control

Europe, Middle East and Asia Pacific.                12.    Wellhead/Sub-Sea Contro

The Company has successfully                         13.    Unmanned Installations

supplied TMR products and systems to              14.    FPSOs

meet an ever increasing diverse range of 

applications, including

Product Family

The ABB Triguard SC300E TMR product family gives unrivalled performance in areas of reliability, availability, test coverage, diagnostics and simplicity of operation. Advances in technology and improved production methods add cost benefits that give significant price/performance advantages.

• Fewer unscheduled stoppages

highest availability, fault tolerant electronics with transient immunity and 3–2–0 or 3–2–1–0 voting

• Security for plant, product and people

fail-safe operation at all levels provides plant, product and personnel with the highest security

• Quality data

sequence of event and extensive diagnostics keep the operator informed

Highest Availability

The Triguard SC300E achieves the highest possible TMR availability (99.999%) 

by maximising the Mean Time To Failure (MTTF) and decreasing the Mean Time T

o Repair (MTTR). Modern low power integrated technology allows the TMR archite

cture to be cost effective for an increasing range of high integrity applications.

Simple to Use, Operate and Maintain

The Triguard SC300E TMR product functions as a single set of hardware

 and software. The three processors and triplicated I/O circuitry are trans

parent to the user. Purchasing a Triguard SC300E system will provide:

• Lowest Life Cycle Cost 

• The Maximum Safety and Availability 

• The Highest Level of Safety and On-Line Maintenance

Fail Safe Operation

Failure modes of the processors, input/output circuitry, control program

 and watchdog timer circuits are managed so that circuits will default to

 a predetermined safe state.

Highest Speed of Response

By using advanced processor technology, whilst maintaining the stability of the original 

core software, Triguard SC300E delivers an unrivalled scan time resolution of 10ms.

Product Hardware and Software Description

The ABB Triguard SC300E TMR product has a fully triplicated system architecture from input module to output module. Each system comprises one or more identical chassis housing the power supplies, processors, I/O and communications modules as required by the application.

Each processor correlates and corrects its memory image of the current state of the system using a software vote, logging any discrepancies in the diagnostic table. Each processor then executes its programmed application logic and sets its respective outputs to the required state.

of the customer application. Extension chassis are always complete with two power supply units and three bus extender modules.

• A Remote Master Chassis

Always equipped with two power supply units and three fibre optic

A single system may be as small as one chassis or as large as 15, giving a maximum of 9,500

 I/O. The system is designed to achieve the highest possible reliability, 

safety and availability and still provide economic advantage. System availa

bilities in excess of 99.999% can readily be realised, maximising the potent

ial uptime for a customers process plant. All SC300E inp

ut and output modules interface to three isolated I/O communication buses, each being controlled by one of the three processor modules. Field input signals are filtered and split, via isolating circuits on the inpu

t modules, into three identical signal processing p

aths. Each path is controlled by a micro-controller to coordinate processing, testing and status reporting to the respective processor. Each processor communicates with its two neighbours via isolated, read only, 

high speed links to synchronise input, output and diagnostic status information at least once every scan. Commanded output status from the processors are received by an output module wh

ich, using a 2oo3 hardware voter, sets the outputs to the field

. Any discrepancy is detected by the micro-control

lers and reported to the processors. All input and output modules can

 be optionally configured with a hot spare partner module. Thi

s allows repairs to be carried out without affecting the operation of the system.

Triguard SC300E Chassis System

There are four basic types of chassis, all using the same mechanics,

 each providing 10 slot positions for I/O modu

les and redundant power supplies.

• The Main Chassis

One per system is required and is always complete with two po

wer supply units, three processor module

s, the chassis backplane with triple bus systems and plug/socket syste

m module connectors.

• An Extension Chassis

Up to 14 chassis can be connected to a main chassis to suit the capac

ity master bus extender modules. The master chassis can service 

up to four remote chassis.

• A Remote Chassis

Always equipped with two power supply units and three fi

bre optic slave bus extender modules. A remote chassis ca

n be sited up to 2km away from a remote maste

Processor

Each Triguard SC300E TMR system contains three processors. Each processor operates asynchronously in parallel with the other two processor modules and receives power from the redundant power supply units in the main chassis. A triplicated bus system on the chassis backplane connects Key features of the processor modules:

• Intel processor 

• Battery backed static RAM for application logic 

• RAM Battery backup supply for six months 

• 1 Mbyte of EPROM 

• Real time clock for data logging to 10ms resolution

each of the three processors to the I/O and communications modules. The Triguard SC300E has an operating system known as the Real Time Task Supervisor (RTTS), which is installed in each of the three processors. The operating system has been proven by well over 10 million operational hours. RTTS is transparent to the user, it controls the off-line/start-up and on-line continuous diagnostic and voting functions, and provides a single environment for the application programming. On power up, comprehensive diagnostic routines check and validate the correct operating parameters of each processor. The Triguard SC300E operating system, RTTS, will permit the processors to operate in a 3–2–1 format allowing a system to continue to function with one healthy processor. A replaced processor will automatically acquire the data it requires to become operational from the on-line processor before going

Input/Output Modules

All I/O module types share an element of common design, providing component rationalisation and implementing distributed processing. The three isolated TMR signal paths of all input/output modules are supervised by a micro-controllers which:

• Provides fault isolation 

• Co-ordinate signal processing 

• Provides diagnostics • Provides on-line to off-line switching (hot repair) 

• Provides data validation routines 

• Provides data to the processor 

• Provides latent fault detection

A fault in one signal path cannot be passed to another. I/O modules can

be fitted in any of the 10 slots in any chassis. “Hot Repair” is a customer

 configurable option on a per module basis. All modules are “keyed” to prevent

 improper installation

Software

The Triguard SC300E supports three main application software packages, all are Windows compatible: 

• TriBuildTM for developing and programming application logic 

• TriCommandTM a display and control system workstation (WONDERWARE©) 

• TriLogTM simple PC based alarm/event logger

The TriBuild Workstation is connected to a Triguard SC300E TMR system via the communications module

. TriBuild provides on and off-line configuration, programming, documentation and testing functions. Progr

amming uses both conventional ladder logic displays, function block programming and structured networks.

TriBuildTM software provides

• A comprehensive library of programming elements, eg logic, arithmetic, data conversion, timers, counters, block elements, bit shift, comparators, mid value select, NooM voting blocks 

• An environment for users to develop special functions, function blocks, custom programs for

TriBuildTM

TriBuild is an easy to use, menu driven, software package running under Windows NTTM. It is used for the creation of system application logic of the Triguard SC300E control system. Key features of TriBuild:

• System Configurator – easy guide for system build 

• Ladder Annotator – adds notes to the ladder logic 

• Network Editor – on-line/off-line editing of logic functions 

• On-Line Help – reduces need to refer to printed manual 

• Ladder Simulator – allows testing during program development 

• Built-In Compiler – for high level user functions 

• Password Protection – selective access and protection 

• Function Block Programming – using IEC 1131 standard function as applicable to safety These can be developed quickly and effectively with the assistance of search and replace, cut and paste and a standard library of logic symbols and programming functions. Completed control programs can be loaded into a Triguard SC300E system and the execution of the control program can be monitored on-line with the TriBuild workstation. advanced fault tolerant control applications 

• Application specific control functions, eg auto-test routines, gas detection calibration tables, advanced control 

• System interrogation 

• Control and user changes with date and time 

• Off-line configuration, simulation and applications testing of the control programs

TriBuild provides a secure environment to make program changes on-line and without interrupting the normal process operations. TriCommandTM TriCommand is a PC-based operator workstation, utilising Wonderware’s InTouchTM products. TriCommand

provides real time system control and monitoring facilities. It can operate as part of a Triguard SC300E system in a single station configuration or as multiple TriCommand stations for distributed applications. TriCommand workstations can be connected to a Triguard SC300E system via peer to peer, single, or dual serial communication links, networked via single or dual redundant LANs. TriCommand is Windows NTTM compliant. Standard off-the-shelf hardware makes customer ownership and support easy to achieve. TriCommand workstations may be installed in the control room for operator display and control or at a remote location where there may be a need for local information and control. TriCommand allows a user to start small and expand into an integrated environment providing a single seamless network. Expansion is simple and cost effective. Key features of TriCommand:

• A real time database of up to 32,000

points that can be mapped to field

or virtual I/O points

• Dynamic Data Exchange (DDE)

allowing TriCommand to pass data

to other Windows applications, eg

ExcelTM

• Supports a comprehensive range of

industry standard protocols, such as

TCP/IP via the DDE server library

• Can display an almost unlimited

number of mimic pages

• Extensive alarm handling

capabilities, including accept, reset,

cross functions (for multiple

systems), zone hierarchy, first out,

status, prioritising, displays,

summaries

• Data logging, data archiving, data

trending

• Event status, event history, event

display, event printing

• Fault diagnostics – communication,

systems

• Advanced control – digital, analogue

• Multi-level security access

The Graphical User Interface for

operators, engineers and managers is

a multiple Windows display on a

single screen. Displays can however

be locked on full screen making the

Windows feature unavailable.

Operators can choose different means

of navigating and interacting with the

system, from full keyboard to a

restricted pushbutton selection pad.

Engineers can develop graphical

displays using a powerful display

builder which can be tailored to the

needs of the process operation.

TriLogTM

TriLog is a message logger, it is designed to monitor up to four Triguard SC300E systems accepting and storing sequence of event and alarm messages from each system. It uses a dedicated PC with Windows NTTM compliance. Windows are allocated to display time and date together with current and archived information from each system

International Standards

Quality

ABB quality system meets International Standards and is certified to the requirements of BS EN ISO 9001 1994, Certificate Number FM 1353 for safety systems and products. The certification for Quality Assurance at ABB, covers all aspects of design, manufacturing, testing, software verification, software validation and service activities.

Third Party Certification

With the ever increasing demand for independent international certification and end user specific approvals, ABB’s products meet the requirements outlined in the standards and guide lines as follows: TUV Rheinland/Berlin Brandenburg (and Product Services) Safety Related Applications – Requirement Class 5 and 6/VDE 0801 Suitable up to Safety Integrity Level 3 (SIL 3)/IEC61508 see http://www.tuvasi.com European Union CE Mark Low voltage directive EMC directive USA/Canada UL/C Industrial Control Equipment GOST Russian guidelines for safety related systems IEC 61508 Functional safety requirements to Safety Integrity Levels 1 to 3 NFPA 72 8501 and 8502 EN

Rigorous control of any hardware or software change is maintained and internal and external audits are performed at regular intervals to ensure the highest quality of product prior to shipment. Product pre-delivery quality assurance includes a 100% test to ensure product quality to the customer on delivery.

Increased awareness of safety integral design has been brought about by the introduction of international legislation IEC 61508. These standards require formal assessment of hazards to take place and the use of certified systems for all hazardous processes. Comprehensive product testing is performed at board and system levels including temperature and power cycling to eliminate infant mortality failures

Global Support

Support services can be obtained from any of the ABB Worldwide

Business and Engineering Centres. The resources and expertise within

the company can be channelled into any region as required to suit a

particular customer demand. Each region can support the following range

Product Technical Support

ABB operates a worldwide product technical support service for all OEM’s and System Integrators. Additionally, where required, ABB can provide installation supervision, commissioning and site acceptance testing

• Software/firmware upgrades 

• Remote diagnostics and problem solving 

• Maintenance and operations

Recommendations may include: 

• All spares held by the customers 

• Minimum spares held by customer, guaranteed replacement times from ABB 

• Planned maintenance contracts 

• Total support contracts by ABB 

• Emergency callouts

Consultancy and Application

Engineering consultancy services are designed to provide assistance with the assessment of reliability and availability applied to the use and application of TMR Systems. Suppliers of systems are frequently requested to provide

• Markov modelling 

• Fault tree analysis 

• Failure mode effects and criticality analysis 

• Reliability/availability calculations 

• Life cycle cost analysis 

• Functional design specifications 

• Engineering assessments Application engineering support and assistance is available pre-sales and post-sales, and includes advice on: 

• Correct hardware configuration 

• Communications and interfacing 

• Programming

Spares and Repairs

All regions carry a quantity of product inventory to support the installed base. Each region has sufficient Triguard SC300E equipment to perform customer demonstrations, hardware and software application testing, and first line troubleshooting for any product problem solving. Spares and repairs policies can be recommended to provide customers with the support necessary to maximise the performance of their TMR system, minimising life-cycle cost.

Product Training

Comprehensive training facilities and training courses are available and can cover every aspect of the maintenance and application of TMR technology. Courses are available for: 

• OEM/Integrator Configurations 

• Project Design Engineers 

• Plant Technicians/Maintenance Engineering 

• Operations Personnel 

• Management Teams