FGS and ESD integration

I have a question regarding the integration between FGS and ESD. Can they reside in the same Delta V SIS or is it required to have two separate Delta V SIS systems?

  • Deltav SIS offer the option of tight integration between the FGS and ESD . permit the system to operate when safe . So they reside in the same deltav SIS system
  • In reply to PRASHANT-MUTTEPAWAR:

    Hi
    FGS & ESD are actually 2 different protection layers and mixing of layers is not recommended and Standards also suggests not to mix the 2 protection layers.
    Integration is a different meaning so while integration can be done for various systems but different protection layers shall not be mixed.
    In my experience FGS & ESD cannot reside in the same systems. Both can be implemented in Delta V SIS but as different systems.
  • In reply to PRASHANT-MUTTEPAWAR:

    The answer is: No. Both ESD and FGS are connected with safety, but as Sanjay wrote they are independent. So the instrumentation including Delta should be independent. Another problem is considering FGS as a protection layer.
  • In reply to Andrzej Czechowski:

    Could you be more specific as to what "independent" means?
    Is it enough to have the IOs and logic on dedicated SLS/CSLS, is it necessary to have the SLS/CSLS assigned to a separate controller, or must there be a completly separate system with it's own ProPlus ?
  • In reply to Sanjay_Dehran:

    Hi,
    This makes sense and sounds correct but could you please refer to the section of the safety standard(s) where this is stated. Just to support what you are saying.
  • There is nothing that prevent you from haveing both ESD and FGS system on one DeltaV SIS. It is mostly personal preference how you want your system to operate. Most people like to have them totally separate system to prevent modification on one system and it don't affect the other. If you do use one DeltaV SIS system for both FGS and EDS, make sure to have separate modules controlling each application and/or assign them to two seperate controllers. I would recommend that you contact your Emerson Local Business Parter(LBP) and they can help you to develop the proper strategy to deploy FGS and ESD system. If you don't know which LBP, let me know you city and state and I will give you the right contact.
  • Thomas et All,

    I saw many comments in here, so I would like to try to bring some more information and potentially clarify a little bit.

    A DeltaV SIS System is composed by multiple logic solvers, and a single logic solver can handle one or more Safety Instrumented Function (SIF), depending on the number of IO required. Emergency Shutdown (ESD) and Fire and Gas (FGS) are basically names give to a particular SIF or group of SIFs performing an particular application.

    The fact that the logic solvers reside on the same DeltaV SIS System, or even in the same SISNet or LSN (depending on the platform) does NOT mean a failure in one will automatically generate a failure in the other, therefore, they can be considered independent from each other, a SIF residing in one logic solver that has no interaction with another SIF is completely independent as well, what happens in real life though is many SIFs are interconnected, meaning a trip or failure in one SIF will affect another one, and here is where the System approach taken by DeltaV SIS makes it easier and reliable to deploy the application.

    It's also true that ESD and FGS are very often considered Independent Protection Layers (IPL), defined in a LOPA (Layers of Protection Analysis), therefore requiring to be completely independent. While they may reside in separate logic solvers, nothing prevent them on being on the same System, it's very common in the same DeltaV SIS System you have SIFs performing ESD application assigned to one logic solver and SIFs performing FGS assigned to another logic solver.

    Going further, one may ask if I can have ESD and FGS SIFs running in the same logic solver, and this is a not very common request, because as we discussed before, the LOPA requires independency from the layers. Lets take two Events, A and B, having the LOPA defined ESD_A and FGS_A as IPLs for the Event A, and ESD_B and FGSBB as IPLs for the Event B, it's not possible to have either (ESD_A / FGS_A) or (ESD_B / FGS_B) running in the same logic solver, in this case, the system will have to have at least two logic solvers to handle Events A and B separately, most likely running (ESD_A / ESD_B) in one logic solver and (FGS_A / FGS_B) in another. Although not very common, running (ESD_A / FGS_B) in one logic solver, and (ESD_B / FGS_A) in another logic solver would be an option, further assessment would be required to ensure separation, making it not really practical.

    I hope this helps answering the question.
    Rgs,
  • In reply to Tadeu Batista:

    I completely agree with Tadeu. Thanks for taking time & elaborating.
    Since DeltaV SIS has the advantage of independent modules(each module is a logic solver in itself) processing the logic, may be we can use. Of Course we still have both modules working on the same SISNet so there can still be concern BUT if these SIFs & logics are actually not using SISNet for any protection we can logically move forward. We need to make sure that any interaction for implementing protection is done through hardwiring & not through SISNet.
  • In reply to Sanjay_Dehran:

    Thanks to everybody who contributed and especially to Tadeu who elaborated on the subject and explained the details of it.

    Regards
  • In reply to Sanjay_Dehran:

    Sanjay,

    The benefit of SISNet/LSN is when it's required the interaction between multiple SIFs residing in multiple logic solvers, to do that over a SIL Rated network, therefore avoiding hardwiring, which is different than keeping independency from multiple layers of protection.

    Let us know if you need further help defining the proper architecture.

    Rgs,