Safety and Availability Rev1

Copyright © Yokogawa Electric CorporationE-2008-0501 Safety and Availability2008/05 Safety and Availability

Revised on June 17, 2008

　　　 Maximizing 　　　 Safety and Availability 　　　

Global Marketing GroupIndustrial Safety Systems Dept.

Page 2Copyright © Yokogawa Electric CorporationE-2008-0501 Safety and Availability2008/05

Safety and Availability

What customers require for SIS

Safety of course, it is SIS (Safety Instrumented System).

- SIS needs to make a safe action if demand comes from the process.

High Availability (or less false trip) at the same time, to keep running the process.

- Internal failure in SIS should not cause a false trip of the process.

If above wishes are all possible in a smart, simple architecture , it would be PERFECT!!

Let’s see how Yokogawa can satisfy these requirements!!



VMR* (Versatile Modular

Redundancy)

Safety: Single SIL3 SIL3 is achieved in single Input-CPU-Output module

configuration.　　

High Availability: Redundant Module OptionLow false Trip is realized by VMR based on proven “Pair & Spare” technology, even when an internal failure is diagnosed, safety functionality is kept.

Safety and Availability in a Smart Architecture

*VMR: certified in the US Patent and Trademark Office on March 20, 2007.



Single CPU module

Single Input module Single Output module

InputCircuit, MPU

Circuit, MPU

CPUMPU, memory

MPU, memory

OutputCircuit, MPU

Circuit, MPU

Super Reliable Safety in Single SIL3

is certified as applicable up to SIL3 application in a single modular configuration.

CPU & IOM have internal duplex channel architecture with comparator and diagnostic functions.



provides high availability reached by redundant module options of CPU module & I/O module.

Proven redundant technology from CS3000

Redundant CPU module

Redundant Input module

Redundant Output module

InputCircuit, MPU

Circuit, MPU

CPUMPU, memory

MPU, memory

OutputCircuit, MPU

Circuit, MPU

InputCircuit, MPU

Circuit, MPU

CPUMPU, memory

MPU, memory

OutputCircuit, MPU

Circuit, MPU

VMR Redundant Option



Behaviors of VMR

Pair & Spare

FES

CP

U

I O

I O

CP

U

With One Failure-No Shut Down-SIL 3

　　　　 With Two Failures

　　　　 Still;　　　　 -No Shut Down　　　　 -SIL 3

　　　　　　 With Three Failures

　　　　　　 Still;　　　　　　 -No Shut

Down　　　　　　 -SIL 3　　　　　　 -Unlimited Time to

Repair

S: Sensor

FE: Final Element

Internal failure in SIS does not affect the process.

Moreover, on-line change of failure module is possible without affecting the process.


Safety and AvailabilityC

PU

CP

UC

PU

CP

U

Flexible Redundancy 　

Dual redundant inputsDual redundant outputs

Single inputsDual redundant outputs

Single inputsSingle outputs

Dual redundant inputsSingle outputs

With single or dual redundant CPU’s

CP

UOI

CP

UOOI

CP

UOII

CP

UOOII

- Redundant options are selectable part by part.

- Flexible selection also saves extra cost.

All Solutions are SIL3!



Summary

　　　　　　　　　　　 satisfies customers’ requirements for SIS

Maximizing both Safety and High Availability in a smart, simple architecture

Safety: Single SIL3 - SIL3 is achieved in a single Input-CPU-Output module

configuration. - CPU & IOM have internal duplex channel architecture with comparator and diagnostic functions.

High Availability: Redundant Module Option - Low false Trip is realized by Yokogawa’s only VMR, based on

field-proven CENTUM CS3000 “Pair & Spare” technology. - High availability is reached by redundant module options of CPU

module & I/O module. - Even when an internal failure is diagnosed, safety functionality is

kept and it reduces a false trip of the process.



Thank you very much for your attention

Date post:	05-Jan-2016
Category:	Documents
Upload:	numan
View:	8 times
Download:	5 times

Safety and Availability Rev1

Documents