System integration and functional safety: key issues impacting the actuation industry

  • October 05, 2015
  • Feature

By Heike Schmeding of AUMA Riester GmbH & Co

This article provides an update on two key issues currently impacting the actuation industry: host system integration and functional safety.  It is a key requirement in any plant installation that the actuators used for opening or closing valves can be smoothly integrated with the plant’s automation system.

System Integration

While the mechanical interface between actuator and valve is standardised, interfaces to the control system undergo permanent development. There are a number of challenging decisions … should parallel control, fieldbus, or both be adopted for reasons of redundancy? And, when opting for fieldbus, which protocol should be used? System integration of communication protocols has become a central topic regarding the supply of actuators for modern plant installations. Today, it is considerably more than mechanical design that is important - system integration is required, which is centred on effective communication between the actuator and the host system.

Automated opening and closing of valves is the primary functionality, and usually the straight forward aspect of system integration. In simple applications, operation commands OPEN and CLOSE, position feedback signals and a fault signal often suffice.

However, if fieldbus protocols are used, the bandwidth for information transmission is considerably increased. Further the transmission of commands and feedback signals required for operation, access to all device parameters and operating data via fieldbus from the distributed control system (DCS) is made available. This ‘secondary’ information for diagnostic and maintenance purposes is not a pre-requisite for operation, but it aids commissioning, maintenance and asset management as it helps to provide a better overall picture of an actuator. 

Cost reduction is one of the main statements in favour of fieldbus technology. In addition, introduction of serial communication in process automation has become an innovation driver for field devices and consequently for actuators. Concepts for efficiency gains, such as remote parameterisation or central plant asset management, would not be feasible without fieldbus technology. Many different fieldbus systems are available on the market. Established communication systems frequently used with AUMA and other actuators include Profibus DP, Modbus RTU, Modbus TCP/IP, Foundation Fieldbus and HART.

A large variety of different data and information packages need to be exchanged between host system and actuators: communication protocols and data interfaces therefore need to function accurately as this facilitates smooth system integration.

As a result, an important requirement for an actuator supplier is to provide evidence of an established track record in the field of system integration and demonstration that relevant ccertification(s) have been achieved for the different fieldbus protocols. Conformity of protocol implementation with fieldbus specifications has to be certified by the international fieldbus organizations: these authorities, or test laboratories accredited by them, carry out extensive tests to verify that products function according to the specifications.

In addition to device registrations, DCS manufacturers carry out dedicated integration tests with field devices. AUMA, for example, cooperates closely with DCS manufacturers all over the world including Siemens, Emerson, Yokogawa, ABB and Honeywell: sample actuators are sent to their test laboratories and support is provided regarding interfacing with actuators. Typically, product references are then made available on their websites.

Redundancy is another key issue regarding system integration and there are a multitude of different approaches to achieve this. It is critical that, at a very early design stage, the different variants of redundancy supported by the DCS components are effectively assessed, coordinated and extensively tested using the selected network equipment and field devices.

It is advisable that system integration should always be tailored to the specific requirements of an installation.  For example, it may be necessary to configure the data interface in such a way that communication cycle times or bandwidth slots are optimised and only the data needed for an application is transmitted, thus speeding up communication efficiency. It is strongly recommended that the actuator manufacturer is consulted at the earliest possible stage of design considerations.

Functional Safety

The second important topic is functional safety, an issue that AUMA observes iscritical for the process industry in general and particularly for chemical or oil and gas applications, where protection of people and the environment is essential and, in the event of accidents, financial losses can be extremely high.

Compliance with standards IEC 61508 and 61511 is increasingly demanded by authorities and insurance companies. According to IEC 61508, functional safety relates to systems which automatically intervene in the event of plant emergency alerts, and ensure that the plant is maintained at, or brought into a safe state.

A hazard or risk assessment should be conducted whenever a production plant is designed that is potentially dangerous to people, or may cause severe environmental damage. Frequently, one measure is implementing a functional safety system (Safety Instrumented System, SIS): this is viewed as a state-of-the-art method for risk reduction.

Hazard and risk analyses also determine the SIL level (Safety Integrity Level) that the SIS must fulfil. Put simply, SIL levels are 'measuring units' for risk reduction with functional safety systems: the level depends on the severity of the potential dangers.

The required SIS typically consists of a sensor, a safety PLC and an ‘actor’. In the valve sector, the actor consists of an actuator and a valve. To achieve the required risk reduction, these components need to be capable of the SIL level required for the SIS as a whole.

Caption: Components of a typical Safety Instrumented System (SIS) including sensor (1), safety PLC (2) and actor (3), consisting of actuator and valve.

Taking one example to illustrate the complexities of functional safety, AUMA advises that it is essential to recognise that, even if exclusively SIL 2 capable components are used, it is not guaranteed that the safety function (SIF) as a whole will also meet SIL 2 requirements. This level is only achieved if the integral failure probability for all the components of the SIF combined is within the SIL 2 limits, and certain additional requirements are met.

Caption: AUMA provides electric actuators to support functional safety systems up to SIL 3.

As a result, during a plant’s design phase, when deciding on the components for a SIS, it is advisable to closely examine declared safety figures. As an illustration, it is best practice that the PFD value (Probability of Failure on Demand) for an actuator should not account for more than approximately 25 percent of the allowed PFD value for the required SIL level. If, for example, the actuator alone would take 80 to 90 percent of the permitted PFD value for the SIF, it is very unlikely to meet the requirements for the SIF as a whole, as the other components also have a certain failure probability. A considered and conservative approach is therefore advised regarding calculations to ensure that estimations are on the safe side.

One of the most complex tasks within a SIS is to make sure that the interfaces between sensor, safety PLC and actuator harmonise and function together. This is more complicated than in a standard process control system, because, for safety reasons, there are often restrictions regarding permissible configurations of components. Modular actuator design helps to achieve this because individual components can be exchanged, as long as all safety requirements are observed.

It is also extremely important that plant designers have access to all the component specific documentation required to correctly configure and document their SIS in full to achieve certification from a notifying body. To offer maximum support, an actuator manufacturer needs to supply safety figures, test reports, certificates and comprehensive safety manuals. Support can also include check lists for commissioning and proof testing. Again, close cooperation with the actuator manufacturer is recommended to ensure that the functional safety system achieves the intended risk reduction.

Caption: Approx. 500 AUMA actuators communicate via Profibus DP with a Siemens DCS at ERZ Zurich combined heat and power plant.

In conclusion, drawing on over five decades supplying modular actuation technology for automation applications worldwide, AUMA advises that host system integration and functional safety are two highly significant topics that are currently impacting a wide range of valve control applications. This article has given an insight into the importance, challenges and impact of these issues. However, every installation is different and AUMA encourages adopters of actuation technology to work in partnership with their suppliers to obtain expert advice to input the most practical and pragmatic solution.

About the Author

Heike Schmeding of AUMA Riester GmbH & Co. holds a university degree in technical translation and has a keen interest in technical matters. In the position of Technical Writer, she is responsible for AUMA group marketing and press activities.  Heike works closely with AUMA’s product management, R&D and international sales.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..