The June 2009 release of the ISA18.2 standard, www.chemicalprocessing.com/ISA-18.2, has accelerated the pace of convergence of control and safety systems and is leading practitioners to take steps to treat the two holistically. However, some see that approach as counter to the principles of safety systems. A debate is raging about the wisdom of combining these two systems in a single environment.
Results of a 2009 online CP poll about SIS preference (www.ChemicalProcessing.com/articles/2009/134.html) show how polarized positions are. More respondents (63%) chose "separate from the control system" than "integrated with the control system" (37%). Not a single person selected "no preference" or "don't know."
As Figure 2 indicates, safety systems are one part of the "layers of protection" strategy used to keep a process from entering unsafe conditions. The process design itself is where the principles of safe design must begin. Safety systems serve as the final automation-based step to control a plant disruption before mechanical protection must take over. So, safety systems must have the highest levels of reliability — this involves removing or at least markedly reducing possible single points of failure of the system and of course minimizing the impact of any failure that should occur.
Careful design is crucial for a combined system — with these being new, finding people who know how to do a design correctly can be a challenge. Otherwise the resulting system could lead to lower overall reliability not only of the safety system but the control system as well. This often is part of the price of compromise.
Today, four approaches are available:
The first is the traditional route of providing two separate and unconnected systems from the same or different vendors. This is the highest cost option, both in terms of upfront expenditures and ongoing outlays for operations and maintenance.
The second option is top-level integration of the human/machine interface (HMI) function. This relies on a single supplier providing separate controllers that are both connected to one HMI via a network. Because the controllers are separate and different, controller programming requires two engineering workstations. Costs are lower than with two distinct systems because common hardware is used at the HMI level.
The third uses two HMIs, two controllers and two networks, like the first option, but features two controllers from the same vendor. This allows programming of both controllers from the same engineering workstation. Because the equipment is all configured and operated from the same operating system and development environment, this approach cuts training and maintenance time.
The fourth option, which is the most integrated one, uses common HMIs and two controllers from the same family of a single vendor's products. Both controllers are connected to the HMIs via a single network and, in some cases, can reside on the same backplane. This is the lowest-cost choice because common HMIs and common engineering workstations are employed.
However, the economics of safety systems involve more than just "dollars and cents." So, let's look a little further at the economic side of the equation.
As noted before, the trend — at least from the perspective of distributed control system (DCS) suppliers — is to incorporate the logic solver into the DCS hardware so all components are part of a single environment. One of the biggest benefits of this is that the end user now only has a single configuration and maintenance environment and HMI interface for all data points.