SlideShare a Scribd company logo

Integrated Control and Safety - Assessing the Benefits; Weighing the Risks

Schneider Electric
Schneider Electric

While best practice has leaned toward keeping control and safety isolated from each other, recent enterprise data integration and cost control initiatives are providing incentive to achieve some level of integration. This paper describes three basic integration models, including an “interfaced” approach, in which separate control and safety communicate via a custom built software bridge; an “integrated but separate” approach, in which the disparate systems sit on the same network, but share information only across isolated network channels; and a “common” approach, in which both control and safety systems share a common operating system. The authors then compare the three approaches according to compliance with safety standards and cost efficiencies.

Technology
1 of 6
Download to read offline
Integrated Control and Safety — Assessing the Benefits; Weighing the Risks by Grant Le Sueur, Director, Product Management, Schneider Electric and Phil Knobel, Director, Product Management, Schneider Electric Executive summary While best practice has leaned toward keeping control and safety isolated from each other, recent enterprise data inte-gration and cost control initiatives are providing incentive to achieve some level of integration. This paper describes three basic integration models, including an “interfaced” approach, in which separate control and safety communicate via a custom built software bridge; an “integrated but separate” approach, in which the disparate systems sit on the same network, but share information only across isolated network channels; and a “common” approach, in which both control and safety systems share a common operating system. The authors then compare the three approaches according to compliance with safety standards and cost efficiencies.
Integrated Control and Safety — Assessing the Benefits; Weighing the Risks Safety instrumented systems are industrial safety nets. They must be available 24/7 to provide backup when something renders a process automation system unable to perform its job of controlling a hazardous process. To protect the safety instrumented systems (SIS) from faults caused by the same issue that caused the process automation system to malfunction, good practice has traditionally dictated strict physical and functional isolation between the two systems. But as increasing business complexity and global competitiveness drive often conflicting needs for greater enterprise integration, improved safety and reduced costs, officials at some companies are looking at integration and consol-idation of safety and control function as a way out of the dilemma. Safety and risk managers might see the safety system as a goldmine of valuable data, which, if made more accessible, could help identify leading indicators of future problems. Engineering managers see redundant effort which can be streamlined. Operations managers see islands of activity which can be better communicated with each other and with rest of the enterprise. Maintenance managers see vol-umes of data on machine and system health that can contribute to improved maintenance and lower maintenance costs and financial managers see redundant capital expenditures and training costs ripe for consolidation into a single system. In efforts to address these needs, automation vendors have offered various models for integrated control and safety systems (ICSSs). This paper compares the benefits and risks at four levels of integration: complete physical separation, integration via a custom programmed software interface, integration via isolated subsystems on a client-server control network and integration across a common control platform. Although both the process automation and safety instrumented are control systems, they are designed for fundamentally different purposes. The PAS, which is also often called a distributed control system (DCS) or basic process control system (BPCS), regulates production based on values of production variables received from field devices such as pressure and temperature transmitters, via I/O cards terminating in a control room. A PAS also incorporates an engineering environment and tools used to configure and maintain it. Users interact via a human machine interface (HMI). Safety instrumented systems (SISs) also provide control based on signals received from field devices; but unlike PASs, which are optimized to handle high volumes of complex process logic, SISs are applied to provide safe and orderly shutdown of operations that might otherwise fall under the control of the PAS. When applied for this purpose, SISs are also called emergency shutdown systems (ESDs.) For the highly critical ESD function, SISs are optimized for speed and reliability. The control elements are usually redundant, high speed, programmable logic controllers (PLCs) that have been heavily tested and certified for reliability. Virtually all medium to large companies processing hazardous materials or running otherwise potentially dangerous operations will implement an SIS to back up their PAS. These systems provide indepen-dent control of a process operation, typically using dedicated field devices, I/O, networks, engineering workstations, configuration tools and HMIs. This is by far the dominant approach taken throughout the world. And more often than not, the PAS and the SIS have been from different vendors. Efforts to make more strategic use of safety operation information or to save money through consol-idation of safety and control functions have led to the emergence of a number of integrated control and safety system models. In its 2013 “Process Safety Systems Global Market Research Study,” ARC identifies 4 levels of control/safety integration: separate, interfaced, integrated but separate, and common. We will look at each option in more detail and evaluate it according to its impact on safety, productivity and cost control. Introduction The difference between a PAS and an SIS 2
Integrated Control and Safety — Assessing the Benefits; Weighing the Risks Ask most safety engineers for their preferred level of integration and most would opt for no integration at all. That is what Schneider Electric found in a 2010 survey of more than 200 Schneider Electric (then Invensys) customers, including 23 of the top 25 petroleum companies and 45 of the top 50 chemical companies in the world. 78 percent adhered to strict separation of safety and control for safety protection and 74 percent indicated that independent protection layers (IPL) were critical. Although the leading standards influencing process safety, IEC 61508 and IEC 61511, have been somewhat ambiguous regarding integrated control and safety, there is no doubt that implementing systems separately satisfies requirements for the independent layers of protection necessary to ensure that a potential hazard could not occur unless both the DCS and SIS fail. Separate systems also comply most completely with IEC 61511-1 11.2.4 sections that dictate that the process automation system shall be designed to be separate and independent to the extent that “the functional integrity of the SIS is not compromised” and IEC 61511-1 clause 9.5, which addresses the requirements for preventing common cause, common mode, and dependency failures, suggesting consideration of the following criteria: • Independency between protection layers • Diversity between protection layers • Physical separation between protection layers • Common cause failures between protection layers and the DCS But, because separation does require implementing, operating and maintaining two different systems, it can also be the most costly route. Also, because operating data is so strictly isolated, there may be lost opportunities for improvements in maintenance, troubleshooting and trend analysis. Interfaced systems still maintain a high degree of separation, but the DCS and SIS exchange informa-tion through custom designed interfaces using standard integration protocols such as OPC, Mod-bus, PROFIBUS, Profinet, TCP and HART. These are used most commonly when control and safety systems are from a different vendor and the end-user needs the systems to share specified data for a specified purpose. Assuming that the systems integrators who build the interface have adequate expertise in working with safety systems, this could be a very safe approach. However, the information that it yields, will be limited to the specification. Additional ongoing maintenance and subsequent change could be costly. And the integrity of the gateway will not likely have been subjected to third party validation. In the third model, which ARC has labeled “integrated but separate,” the safety and control logic solvers are deployed on independent buses of the control network. Clients can share process data across isolated sub networks but do not share control functionality. In Schneider Electric’s Foxboro Evo™ process automation system, for example, the safety controllers are deployed as peers on a Foxboro Evo MESH control network (Figure 1). This model formats all data to flow natively between network channels that are physically isolated with one-way communications maintained by a communications module (Figure 2). This example is “integrated” in that companies who want to integrate control and safety data or who want to take advantage of other productivity and cost efficiencies can do so safely. But it is “separate” in that all functionality is implemented on separate devices and the system can be configured as an entirely separate system. Maintaining separate control and safety architectures Interfaced ICSS architectures 3 Integrated but separate ICSS architecture
Integrated Control and Safety — Assessing the Benefits; Weighing the Risks Generally, integrated but separate control and safety systems are viewed as compliant with IEC standards for independent layers of protection, because the network channels are independent and threats to one system will not affect the other. Safe access to data enhances safety, productivity and cost savings by providing a fully integrated user experience, including sequence of events recording, system management, engineering and maintenance. • Integrated sequence of events repository. Seamless integration of PAS and the SIS enable shared sequence of event (SOE) logging. In the Foxboro Evo integrated but separate implementa-tion, for example, sequence of events logs and system diagnostic logs are recorded into the same data repository managed by the Foxboro Evo enterprise integration control software platform. Logging all SOE events into the same repository provides end users with a more convenient way to perform a post trip analysis. They can use common tools to review them and identify the true root cause of a trip event more effectively. 4 Figure 1 Foxboro Evo integrated but separate control and safety system Figure 2 In the Schneider Electric Foxboro Evo implementation of integrated but separate control and safety, network channels are physically isolated with one-way communications maintained by a communications module. Users can choose the level of integration that meets their needs, from fully integrated to complete and total separation.
Integrated Control and Safety — Assessing the Benefits; Weighing the Risks • Integrated system management. In integrated but separate architectures (Figure 3), all of the capabilities of field diagnostics and asset management, including partial stroke testing, can be implemented more effectively, simplifying actuator testing and avoiding false trips. Such extensive system diagnostics and system management capabilities provide end users a single application point of view from which they can view the state of the entire system and, if required, acknowl-edge system alarms. It also minimizes the number of steps it takes to get information from the safety system to the operator; and the fewer the number of steps, the less likely that mistakes will occur. This also simplifies operator training. Management of safety instrumented functions would be easier because diagnostics can be sent from sensors to control elements. HART device alerts, for example, can be sent to operators and maintenance personnel as early warning of problems with the device or surrounding process. Predictive testing can help avoid spurious trips on demand. • Integrated engineering workflow. Integrated workflow would ensure that changes in any new tags that might be created in SIS user logic become immediately available to the PAS for use with linking to graphics or historization functions, or to drive interlocking permissions that the PAS might use in a broader control scheme. Project engineers would also enjoy a single point of entry and the use of common tools to configure both safety and process control systems, reducing time to start up new installations. Common programming procedures, languages, and installation requirements boost productivity further. Systems engineers would also enjoy improved alarm handling, time synch, user access and authorization management; and mapping of data would no longer be necessary. • Integrated compliance. The repository, system management and workflow function of integrated-but- separate architectures can also assist with compliance with regulations and standards. Integrated systems provide better device audit trails, including calibration history, process and safety configurations, and process and event histories. Both document and change management will be easier. Because the integrated but separate approach still requires installing, maintaining and configuring what are essentially separate systems, there would be minimal cost reduction on the technology end, although there might be some economies in communications technology. The greatest financial bene-fits, however, are in attainment of information, configuration, asset management and HMI efficiencies, without jeopardizing safety. 5 Figure 3 The Foxboro Evo integrated but separate architecture provides end users a single application point of view from which they can view the state of the entire system.
Integrated Control and Safety — Assessing the Benefits; Weighing the Risks It has been widely accepted that the integrated but separate ICSS architectures can meet the independent layer of protection requirements of IEC 61508 and IEC 61511. These standards, and particularly their guidance on requirements for maintaining independent layers of protection, are now in revision. In a common ICSS integration architecture the SIS logic solvers are embedded into a control platform. Many of the information integration benefits possible with the integrated but separate architectures can be achieved in a common model. And, because there is only one control system platform to install and one user environment to manage, this would likely have the lowest system and lifecycle costs. But because the number of protection layers is reduced, this is also the highest risk option. Because the logic solvers are embedded into the same platform as the PAS and the same backplane, an event which causes a problem to the PAS platform would also bring down the SIS, defeating the purpose of an independent layer of protection. And it is indeed questionable as to whether a common platform approach could meet the above mentioned IEC criteria for avoiding common cause, common mode, and dependency failures. Some common ICSS architectures have received third party SIL 3 certification, which proves that the logic solvers would perform reliably on demand. SIL testing does not, however, address the eventu-ality of a common cause failure. It is done independently of the application. Furthermore, it does not address issues related to systematic errors inherent in use with the same hardware platform. In its 2013 study, ARC notes that continued pressures to reduce project risk and total cost are driving more users to seek closer integration between the control and safety systems and are thus choos-ing the same supplier for both in new projects. Those who choose suppliers that offer the greatest flexibility integrate systems to multiple risk levels will have maximum ability to protect their plant and their people as their risk level changes with their business needs and external events. So whether a company chooses interfaced, integrated but separate or common integration, the choice will depend largely on each company’s business strategy and tolerance of risk. Companies optimizing on safe-ty at any cost will likely continue to maintain separate systems. On the other extreme, adventurous companies willing to gamble in exchange for maximum cost savings, might opt to run the PAS and safety systems on the same platform. Those looking for a balance between cost savings and risk will likely take the integrated but separate approach, which is what ARC believes is gaining traction as the preferred architecture. Architecture, of course, is only part of the story. The success of any control and safety architecture rests also with the design and quality of the control hardware itself as well as with the expertise of those who implement, operate, maintain and manage it. For more information visit www.foxboro.com/foxboroevo © 2014 Invensys Systems, Inc. All rights reserved. Foxboro is a registered trademark of Invensys Systems, Inc., its subsidiaries or affiliates. All other brands and product names may be trademarks of their respective owners. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, broadcasting, or by any information storage and retrieval system, without permission in writing from Invensys Systems, Inc. Common platform ICSS architecture Summary and conclusions

Recommended

Planning And Development Of The Iss Ise Webinar Final
Planning And Development Of The Iss Ise Webinar FinalPlanning And Development Of The Iss Ise Webinar Final
Planning And Development Of The Iss Ise Webinar Final
Jay1818mar
 
CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...
CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...
CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...
Angelo Tinazzi
 
Medical Writing Essential: Reviewing Statisitical Analysis Plans
Medical Writing Essential: Reviewing Statisitical Analysis PlansMedical Writing Essential: Reviewing Statisitical Analysis Plans
Medical Writing Essential: Reviewing Statisitical Analysis Plans
jbarag
 
Literature screening for pharmacovigilance 190818
Literature screening for pharmacovigilance 190818Literature screening for pharmacovigilance 190818
Literature screening for pharmacovigilance 190818
Marnix Wieffer
 
Clinical trial protocol, ammendments, Protocol deviations and violations
Clinical trial protocol, ammendments, Protocol deviations and violationsClinical trial protocol, ammendments, Protocol deviations and violations
Clinical trial protocol, ammendments, Protocol deviations and violations
Amol Patil
 
Study Setup_Katalyst HLS
Study Setup_Katalyst HLSStudy Setup_Katalyst HLS
Study Setup_Katalyst HLS
Katalyst HLS
 
Handling Third Party Vendor Data_Katalyst HLS
Handling Third Party Vendor Data_Katalyst HLSHandling Third Party Vendor Data_Katalyst HLS
Handling Third Party Vendor Data_Katalyst HLS
Katalyst HLS
 
CDISC-CDASH
CDISC-CDASHCDISC-CDASH
CDISC-CDASH
Gowthami6789
 

Recommended

Planning And Development Of The Iss Ise Webinar Final
Planning And Development Of The Iss Ise Webinar FinalPlanning And Development Of The Iss Ise Webinar Final
Planning And Development Of The Iss Ise Webinar Final
Jay1818mar
 
CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...
CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...
CLINICAL STUDY REPORT - IN-TEXT TABLES, TABLES FIGURES AND GRAPHS, PATIENT AN...
Angelo Tinazzi
 
Medical Writing Essential: Reviewing Statisitical Analysis Plans
Medical Writing Essential: Reviewing Statisitical Analysis PlansMedical Writing Essential: Reviewing Statisitical Analysis Plans
Medical Writing Essential: Reviewing Statisitical Analysis Plans
jbarag
 
Literature screening for pharmacovigilance 190818
Literature screening for pharmacovigilance 190818Literature screening for pharmacovigilance 190818
Literature screening for pharmacovigilance 190818
Marnix Wieffer
 
Clinical trial protocol, ammendments, Protocol deviations and violations
Clinical trial protocol, ammendments, Protocol deviations and violationsClinical trial protocol, ammendments, Protocol deviations and violations
Clinical trial protocol, ammendments, Protocol deviations and violations
Amol Patil
 
Study Setup_Katalyst HLS
Study Setup_Katalyst HLSStudy Setup_Katalyst HLS
Study Setup_Katalyst HLS
Katalyst HLS
 
Handling Third Party Vendor Data_Katalyst HLS
Handling Third Party Vendor Data_Katalyst HLSHandling Third Party Vendor Data_Katalyst HLS
Handling Third Party Vendor Data_Katalyst HLS
Katalyst HLS
 
CDISC-CDASH
CDISC-CDASHCDISC-CDASH
CDISC-CDASH
Gowthami6789
 
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Ann-Marie Roche
 
Clireo eTMF Solution by arivis
Clireo eTMF Solution by arivisClireo eTMF Solution by arivis
Clireo eTMF Solution by arivis
Tricia Campbell - McQuarrie
 
Case Report Form (CRF) Design Tips
Case Report Form (CRF) Design TipsCase Report Form (CRF) Design Tips
Case Report Form (CRF) Design Tips
Perficient
 
Academic Clinical Trial
Academic Clinical Trial Academic Clinical Trial
Academic Clinical Trial
Airra Pagdato
 
Database Lock _ Unlock Procedure_Katalyst HLS
Database Lock _ Unlock Procedure_Katalyst HLSDatabase Lock _ Unlock Procedure_Katalyst HLS
Database Lock _ Unlock Procedure_Katalyst HLS
Katalyst HLS
 
An introduction to Statistical Analysis Plans
An introduction to Statistical Analysis PlansAn introduction to Statistical Analysis Plans
An introduction to Statistical Analysis Plans
University of Liverpool Library
 
Clean File_Form_Lock_Katalyst HLS
Clean File_Form_Lock_Katalyst HLSClean File_Form_Lock_Katalyst HLS
Clean File_Form_Lock_Katalyst HLS
Katalyst HLS
 
Discrepany Management_Katalyst HLS
Discrepany Management_Katalyst HLSDiscrepany Management_Katalyst HLS
Discrepany Management_Katalyst HLS
Katalyst HLS
 
Case Report Form (CRF)
Case Report Form (CRF)Case Report Form (CRF)
Case Report Form (CRF)
Neelam Shinde
 
Research Data Management for Clinical Trials and Quality Improvement
Research Data Management for Clinical Trials and Quality ImprovementResearch Data Management for Clinical Trials and Quality Improvement
Research Data Management for Clinical Trials and Quality Improvement
Margaret Henderson
 
21 CFR Part11_CSV Training_Katalyst HLS
21 CFR Part11_CSV Training_Katalyst HLS21 CFR Part11_CSV Training_Katalyst HLS
21 CFR Part11_CSV Training_Katalyst HLS
Katalyst HLS
 
Reconciliation and Literature Review and Signal Detection_Katalyst HLS
Reconciliation and Literature Review and Signal Detection_Katalyst HLSReconciliation and Literature Review and Signal Detection_Katalyst HLS
Reconciliation and Literature Review and Signal Detection_Katalyst HLS
Katalyst HLS
 
PV Audit
PV AuditPV Audit
PV Audit
Steve Jolley
 
Literature monitoring for pharmacovigilance – outsourcing or in house solution
Literature monitoring for pharmacovigilance – outsourcing or in house solutionLiterature monitoring for pharmacovigilance – outsourcing or in house solution
Literature monitoring for pharmacovigilance – outsourcing or in house solution
Julio dos Anjos
 
Cdisc sdtm implementation_process _v1
Cdisc sdtm implementation_process _v1Cdisc sdtm implementation_process _v1
Cdisc sdtm implementation_process _v1
ray4hz
 
Protocol Understanding_ Clinical Data Management_KatalystHLS
Protocol Understanding_ Clinical Data Management_KatalystHLSProtocol Understanding_ Clinical Data Management_KatalystHLS
Protocol Understanding_ Clinical Data Management_KatalystHLS
Katalyst HLS
 
CDISC's CDASH and SDTM: Why You Need Both!
CDISC's CDASH and SDTM: Why You Need Both!CDISC's CDASH and SDTM: Why You Need Both!
CDISC's CDASH and SDTM: Why You Need Both!
Kit Howard
 
CDM_Process_Overview_Katalyst HLS
CDM_Process_Overview_Katalyst HLSCDM_Process_Overview_Katalyst HLS
CDM_Process_Overview_Katalyst HLS
Katalyst HLS
 
Study setup_Clinical Data Management_Katalyst HLS
Study setup_Clinical Data Management_Katalyst HLSStudy setup_Clinical Data Management_Katalyst HLS
Study setup_Clinical Data Management_Katalyst HLS
Katalyst HLS
 
Why ADaM for a statistician?
Why ADaM for a statistician?Why ADaM for a statistician?
Why ADaM for a statistician?
Kevin Lee
 
In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
jaggernaoma
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
iosrjce
 

More Related Content

What's hot

Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Ann-Marie Roche
 
Clireo eTMF Solution by arivis
Clireo eTMF Solution by arivisClireo eTMF Solution by arivis
Clireo eTMF Solution by arivis
Tricia Campbell - McQuarrie
 
Case Report Form (CRF) Design Tips
Case Report Form (CRF) Design TipsCase Report Form (CRF) Design Tips
Case Report Form (CRF) Design Tips
Perficient
 
Cdisc sdtm implementation_process _v1
Cdisc sdtm implementation_process _v1Cdisc sdtm implementation_process _v1
Cdisc sdtm implementation_process _v1
ray4hz
 
Why ADaM for a statistician?
Why ADaM for a statistician?Why ADaM for a statistician?
Why ADaM for a statistician?
Kevin Lee
 

What's hot (20)

Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
Literature Management for Pharmacovigilance: Outsource or in-house solution? ...
 
Clireo eTMF Solution by arivis
Clireo eTMF Solution by arivisClireo eTMF Solution by arivis
Clireo eTMF Solution by arivis
 
Case Report Form (CRF) Design Tips
Case Report Form (CRF) Design TipsCase Report Form (CRF) Design Tips
Case Report Form (CRF) Design Tips
 
Academic Clinical Trial
Academic Clinical Trial Academic Clinical Trial
Academic Clinical Trial
 
Database Lock _ Unlock Procedure_Katalyst HLS
Database Lock _ Unlock Procedure_Katalyst HLSDatabase Lock _ Unlock Procedure_Katalyst HLS
Database Lock _ Unlock Procedure_Katalyst HLS
 
An introduction to Statistical Analysis Plans
An introduction to Statistical Analysis PlansAn introduction to Statistical Analysis Plans
An introduction to Statistical Analysis Plans
 
Clean File_Form_Lock_Katalyst HLS
Clean File_Form_Lock_Katalyst HLSClean File_Form_Lock_Katalyst HLS
Clean File_Form_Lock_Katalyst HLS
 
Discrepany Management_Katalyst HLS
Discrepany Management_Katalyst HLSDiscrepany Management_Katalyst HLS
Discrepany Management_Katalyst HLS
 
Case Report Form (CRF)
Case Report Form (CRF)Case Report Form (CRF)
Case Report Form (CRF)
 
Research Data Management for Clinical Trials and Quality Improvement
Research Data Management for Clinical Trials and Quality ImprovementResearch Data Management for Clinical Trials and Quality Improvement
Research Data Management for Clinical Trials and Quality Improvement
 
21 CFR Part11_CSV Training_Katalyst HLS
21 CFR Part11_CSV Training_Katalyst HLS21 CFR Part11_CSV Training_Katalyst HLS
21 CFR Part11_CSV Training_Katalyst HLS
 
Reconciliation and Literature Review and Signal Detection_Katalyst HLS
Reconciliation and Literature Review and Signal Detection_Katalyst HLSReconciliation and Literature Review and Signal Detection_Katalyst HLS
Reconciliation and Literature Review and Signal Detection_Katalyst HLS
 
PV Audit
PV AuditPV Audit
PV Audit
 
Literature monitoring for pharmacovigilance – outsourcing or in house solution
Literature monitoring for pharmacovigilance – outsourcing or in house solutionLiterature monitoring for pharmacovigilance – outsourcing or in house solution
Literature monitoring for pharmacovigilance – outsourcing or in house solution
 
Cdisc sdtm implementation_process _v1
Cdisc sdtm implementation_process _v1Cdisc sdtm implementation_process _v1
Cdisc sdtm implementation_process _v1
 
Protocol Understanding_ Clinical Data Management_KatalystHLS
Protocol Understanding_ Clinical Data Management_KatalystHLSProtocol Understanding_ Clinical Data Management_KatalystHLS
Protocol Understanding_ Clinical Data Management_KatalystHLS
 
CDISC's CDASH and SDTM: Why You Need Both!
CDISC's CDASH and SDTM: Why You Need Both!CDISC's CDASH and SDTM: Why You Need Both!
CDISC's CDASH and SDTM: Why You Need Both!
 
CDM_Process_Overview_Katalyst HLS
CDM_Process_Overview_Katalyst HLSCDM_Process_Overview_Katalyst HLS
CDM_Process_Overview_Katalyst HLS
 
Study setup_Clinical Data Management_Katalyst HLS
Study setup_Clinical Data Management_Katalyst HLSStudy setup_Clinical Data Management_Katalyst HLS
Study setup_Clinical Data Management_Katalyst HLS
 
Why ADaM for a statistician?
Why ADaM for a statistician?Why ADaM for a statistician?
Why ADaM for a statistician?
 

Similar to Integrated Control and Safety - Assessing the Benefits; Weighing the Risks

In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
jaggernaoma
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
johnnywess
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
IJNSA Journal
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial device
IJNSA Journal
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
IJNSA Journal
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
Vincenzo De Florio
 

Similar to Integrated Control and Safety - Assessing the Benefits; Weighing the Risks (20)

In what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docxIn what ways do you think the Elaboration Likelihood Model applies.docx
In what ways do you think the Elaboration Likelihood Model applies.docx
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
 
F017223742
F017223742F017223742
F017223742
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
Employee trust based industrial device
Employee trust based industrial deviceEmployee trust based industrial device
Employee trust based industrial device
 
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTEMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
 
Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327Secure architecture-industrial-control-systems-36327
Secure architecture-industrial-control-systems-36327
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
 
Upsurging Cyber-Kinetic attacks in Mobile Cyber Physical Systems
Upsurging Cyber-Kinetic attacks in Mobile Cyber Physical SystemsUpsurging Cyber-Kinetic attacks in Mobile Cyber Physical Systems
Upsurging Cyber-Kinetic attacks in Mobile Cyber Physical Systems
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 

More from Schneider Electric

Secure Power Design Considerations
Secure Power Design ConsiderationsSecure Power Design Considerations
Secure Power Design Considerations
Schneider Electric
 
Digital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting InvestorsDigital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting Investors
Schneider Electric
 
Key Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation TrendsKey Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation Trends
Schneider Electric
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
Schneider Electric
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
Schneider Electric
 

More from Schneider Electric (20)

Secure Power Design Considerations
Secure Power Design ConsiderationsSecure Power Design Considerations
Secure Power Design Considerations
 
Digital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting InvestorsDigital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting Investors
 
32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing 32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing
 
Key Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation TrendsKey Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation Trends
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
 
Magelis Basic HMI Briefing
Magelis Basic HMI Briefing Magelis Basic HMI Briefing
Magelis Basic HMI Briefing
 
Zelio Time Electronic Relay Briefing
Zelio Time Electronic Relay BriefingZelio Time Electronic Relay Briefing
Zelio Time Electronic Relay Briefing
 
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures BriefingSpacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
 
Relay Control Zelio SSR Briefing
Relay Control Zelio SSR BriefingRelay Control Zelio SSR Briefing
Relay Control Zelio SSR Briefing
 
Magelis HMI, iPC and software Briefing
Magelis HMI, iPC and software BriefingMagelis HMI, iPC and software Briefing
Magelis HMI, iPC and software Briefing
 
Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?
 
EcoStruxure for Intuitive Industries
EcoStruxure for Intuitive IndustriesEcoStruxure for Intuitive Industries
EcoStruxure for Intuitive Industries
 
Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017
 
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
 
It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
 
Connected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoTConnected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoT
 
Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories Briefing
 
Telemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors BriefingTelemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors Briefing
 
Telemecanique Limit Switches Briefing
Telemecanique Limit Switches BriefingTelemecanique Limit Switches Briefing
Telemecanique Limit Switches Briefing
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Integrated Control and Safety - Assessing the Benefits; Weighing the Risks

  • 1. Integrated Control and Safety — Assessing the Benefits; Weighing the Risks by Grant Le Sueur, Director, Product Management, Schneider Electric and Phil Knobel, Director, Product Management, Schneider Electric Executive summary While best practice has leaned toward keeping control and safety isolated from each other, recent enterprise data inte-gration and cost control initiatives are providing incentive to achieve some level of integration. This paper describes three basic integration models, including an “interfaced” approach, in which separate control and safety communicate via a custom built software bridge; an “integrated but separate” approach, in which the disparate systems sit on the same network, but share information only across isolated network channels; and a “common” approach, in which both control and safety systems share a common operating system. The authors then compare the three approaches according to compliance with safety standards and cost efficiencies.
  • 2. Integrated Control and Safety — Assessing the Benefits; Weighing the Risks Safety instrumented systems are industrial safety nets. They must be available 24/7 to provide backup when something renders a process automation system unable to perform its job of controlling a hazardous process. To protect the safety instrumented systems (SIS) from faults caused by the same issue that caused the process automation system to malfunction, good practice has traditionally dictated strict physical and functional isolation between the two systems. But as increasing business complexity and global competitiveness drive often conflicting needs for greater enterprise integration, improved safety and reduced costs, officials at some companies are looking at integration and consol-idation of safety and control function as a way out of the dilemma. Safety and risk managers might see the safety system as a goldmine of valuable data, which, if made more accessible, could help identify leading indicators of future problems. Engineering managers see redundant effort which can be streamlined. Operations managers see islands of activity which can be better communicated with each other and with rest of the enterprise. Maintenance managers see vol-umes of data on machine and system health that can contribute to improved maintenance and lower maintenance costs and financial managers see redundant capital expenditures and training costs ripe for consolidation into a single system. In efforts to address these needs, automation vendors have offered various models for integrated control and safety systems (ICSSs). This paper compares the benefits and risks at four levels of integration: complete physical separation, integration via a custom programmed software interface, integration via isolated subsystems on a client-server control network and integration across a common control platform. Although both the process automation and safety instrumented are control systems, they are designed for fundamentally different purposes. The PAS, which is also often called a distributed control system (DCS) or basic process control system (BPCS), regulates production based on values of production variables received from field devices such as pressure and temperature transmitters, via I/O cards terminating in a control room. A PAS also incorporates an engineering environment and tools used to configure and maintain it. Users interact via a human machine interface (HMI). Safety instrumented systems (SISs) also provide control based on signals received from field devices; but unlike PASs, which are optimized to handle high volumes of complex process logic, SISs are applied to provide safe and orderly shutdown of operations that might otherwise fall under the control of the PAS. When applied for this purpose, SISs are also called emergency shutdown systems (ESDs.) For the highly critical ESD function, SISs are optimized for speed and reliability. The control elements are usually redundant, high speed, programmable logic controllers (PLCs) that have been heavily tested and certified for reliability. Virtually all medium to large companies processing hazardous materials or running otherwise potentially dangerous operations will implement an SIS to back up their PAS. These systems provide indepen-dent control of a process operation, typically using dedicated field devices, I/O, networks, engineering workstations, configuration tools and HMIs. This is by far the dominant approach taken throughout the world. And more often than not, the PAS and the SIS have been from different vendors. Efforts to make more strategic use of safety operation information or to save money through consol-idation of safety and control functions have led to the emergence of a number of integrated control and safety system models. In its 2013 “Process Safety Systems Global Market Research Study,” ARC identifies 4 levels of control/safety integration: separate, interfaced, integrated but separate, and common. We will look at each option in more detail and evaluate it according to its impact on safety, productivity and cost control. Introduction The difference between a PAS and an SIS 2
  • 3. Integrated Control and Safety — Assessing the Benefits; Weighing the Risks Ask most safety engineers for their preferred level of integration and most would opt for no integration at all. That is what Schneider Electric found in a 2010 survey of more than 200 Schneider Electric (then Invensys) customers, including 23 of the top 25 petroleum companies and 45 of the top 50 chemical companies in the world. 78 percent adhered to strict separation of safety and control for safety protection and 74 percent indicated that independent protection layers (IPL) were critical. Although the leading standards influencing process safety, IEC 61508 and IEC 61511, have been somewhat ambiguous regarding integrated control and safety, there is no doubt that implementing systems separately satisfies requirements for the independent layers of protection necessary to ensure that a potential hazard could not occur unless both the DCS and SIS fail. Separate systems also comply most completely with IEC 61511-1 11.2.4 sections that dictate that the process automation system shall be designed to be separate and independent to the extent that “the functional integrity of the SIS is not compromised” and IEC 61511-1 clause 9.5, which addresses the requirements for preventing common cause, common mode, and dependency failures, suggesting consideration of the following criteria: • Independency between protection layers • Diversity between protection layers • Physical separation between protection layers • Common cause failures between protection layers and the DCS But, because separation does require implementing, operating and maintaining two different systems, it can also be the most costly route. Also, because operating data is so strictly isolated, there may be lost opportunities for improvements in maintenance, troubleshooting and trend analysis. Interfaced systems still maintain a high degree of separation, but the DCS and SIS exchange informa-tion through custom designed interfaces using standard integration protocols such as OPC, Mod-bus, PROFIBUS, Profinet, TCP and HART. These are used most commonly when control and safety systems are from a different vendor and the end-user needs the systems to share specified data for a specified purpose. Assuming that the systems integrators who build the interface have adequate expertise in working with safety systems, this could be a very safe approach. However, the information that it yields, will be limited to the specification. Additional ongoing maintenance and subsequent change could be costly. And the integrity of the gateway will not likely have been subjected to third party validation. In the third model, which ARC has labeled “integrated but separate,” the safety and control logic solvers are deployed on independent buses of the control network. Clients can share process data across isolated sub networks but do not share control functionality. In Schneider Electric’s Foxboro Evo™ process automation system, for example, the safety controllers are deployed as peers on a Foxboro Evo MESH control network (Figure 1). This model formats all data to flow natively between network channels that are physically isolated with one-way communications maintained by a communications module (Figure 2). This example is “integrated” in that companies who want to integrate control and safety data or who want to take advantage of other productivity and cost efficiencies can do so safely. But it is “separate” in that all functionality is implemented on separate devices and the system can be configured as an entirely separate system. Maintaining separate control and safety architectures Interfaced ICSS architectures 3 Integrated but separate ICSS architecture
  • 4. Integrated Control and Safety — Assessing the Benefits; Weighing the Risks Generally, integrated but separate control and safety systems are viewed as compliant with IEC standards for independent layers of protection, because the network channels are independent and threats to one system will not affect the other. Safe access to data enhances safety, productivity and cost savings by providing a fully integrated user experience, including sequence of events recording, system management, engineering and maintenance. • Integrated sequence of events repository. Seamless integration of PAS and the SIS enable shared sequence of event (SOE) logging. In the Foxboro Evo integrated but separate implementa-tion, for example, sequence of events logs and system diagnostic logs are recorded into the same data repository managed by the Foxboro Evo enterprise integration control software platform. Logging all SOE events into the same repository provides end users with a more convenient way to perform a post trip analysis. They can use common tools to review them and identify the true root cause of a trip event more effectively. 4 Figure 1 Foxboro Evo integrated but separate control and safety system Figure 2 In the Schneider Electric Foxboro Evo implementation of integrated but separate control and safety, network channels are physically isolated with one-way communications maintained by a communications module. Users can choose the level of integration that meets their needs, from fully integrated to complete and total separation.
  • 5. Integrated Control and Safety — Assessing the Benefits; Weighing the Risks • Integrated system management. In integrated but separate architectures (Figure 3), all of the capabilities of field diagnostics and asset management, including partial stroke testing, can be implemented more effectively, simplifying actuator testing and avoiding false trips. Such extensive system diagnostics and system management capabilities provide end users a single application point of view from which they can view the state of the entire system and, if required, acknowl-edge system alarms. It also minimizes the number of steps it takes to get information from the safety system to the operator; and the fewer the number of steps, the less likely that mistakes will occur. This also simplifies operator training. Management of safety instrumented functions would be easier because diagnostics can be sent from sensors to control elements. HART device alerts, for example, can be sent to operators and maintenance personnel as early warning of problems with the device or surrounding process. Predictive testing can help avoid spurious trips on demand. • Integrated engineering workflow. Integrated workflow would ensure that changes in any new tags that might be created in SIS user logic become immediately available to the PAS for use with linking to graphics or historization functions, or to drive interlocking permissions that the PAS might use in a broader control scheme. Project engineers would also enjoy a single point of entry and the use of common tools to configure both safety and process control systems, reducing time to start up new installations. Common programming procedures, languages, and installation requirements boost productivity further. Systems engineers would also enjoy improved alarm handling, time synch, user access and authorization management; and mapping of data would no longer be necessary. • Integrated compliance. The repository, system management and workflow function of integrated-but- separate architectures can also assist with compliance with regulations and standards. Integrated systems provide better device audit trails, including calibration history, process and safety configurations, and process and event histories. Both document and change management will be easier. Because the integrated but separate approach still requires installing, maintaining and configuring what are essentially separate systems, there would be minimal cost reduction on the technology end, although there might be some economies in communications technology. The greatest financial bene-fits, however, are in attainment of information, configuration, asset management and HMI efficiencies, without jeopardizing safety. 5 Figure 3 The Foxboro Evo integrated but separate architecture provides end users a single application point of view from which they can view the state of the entire system.
  • 6. Integrated Control and Safety — Assessing the Benefits; Weighing the Risks It has been widely accepted that the integrated but separate ICSS architectures can meet the independent layer of protection requirements of IEC 61508 and IEC 61511. These standards, and particularly their guidance on requirements for maintaining independent layers of protection, are now in revision. In a common ICSS integration architecture the SIS logic solvers are embedded into a control platform. Many of the information integration benefits possible with the integrated but separate architectures can be achieved in a common model. And, because there is only one control system platform to install and one user environment to manage, this would likely have the lowest system and lifecycle costs. But because the number of protection layers is reduced, this is also the highest risk option. Because the logic solvers are embedded into the same platform as the PAS and the same backplane, an event which causes a problem to the PAS platform would also bring down the SIS, defeating the purpose of an independent layer of protection. And it is indeed questionable as to whether a common platform approach could meet the above mentioned IEC criteria for avoiding common cause, common mode, and dependency failures. Some common ICSS architectures have received third party SIL 3 certification, which proves that the logic solvers would perform reliably on demand. SIL testing does not, however, address the eventu-ality of a common cause failure. It is done independently of the application. Furthermore, it does not address issues related to systematic errors inherent in use with the same hardware platform. In its 2013 study, ARC notes that continued pressures to reduce project risk and total cost are driving more users to seek closer integration between the control and safety systems and are thus choos-ing the same supplier for both in new projects. Those who choose suppliers that offer the greatest flexibility integrate systems to multiple risk levels will have maximum ability to protect their plant and their people as their risk level changes with their business needs and external events. So whether a company chooses interfaced, integrated but separate or common integration, the choice will depend largely on each company’s business strategy and tolerance of risk. Companies optimizing on safe-ty at any cost will likely continue to maintain separate systems. On the other extreme, adventurous companies willing to gamble in exchange for maximum cost savings, might opt to run the PAS and safety systems on the same platform. Those looking for a balance between cost savings and risk will likely take the integrated but separate approach, which is what ARC believes is gaining traction as the preferred architecture. Architecture, of course, is only part of the story. The success of any control and safety architecture rests also with the design and quality of the control hardware itself as well as with the expertise of those who implement, operate, maintain and manage it. For more information visit www.foxboro.com/foxboroevo © 2014 Invensys Systems, Inc. All rights reserved. Foxboro is a registered trademark of Invensys Systems, Inc., its subsidiaries or affiliates. All other brands and product names may be trademarks of their respective owners. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, broadcasting, or by any information storage and retrieval system, without permission in writing from Invensys Systems, Inc. Common platform ICSS architecture Summary and conclusions