Overview
In today’s competitive production environment, process industries demand control and safety systems that increase productivity, reliability and quality while lowering cost. The NexusOnCore† Safety System is a next-generation Safety Instrumented System (SIS) that is an advanced, easy to learn, easy to use, fully configurable solution that creates failsafe conditions to protect people and equipment.
The NexusOnCoreSafety System is a programmable electronic safety-related system that complies with IEC 61508 (2010), having a system capability of SC 3 (Systematic Capability) and Safety Integrity Level (SIL) 3 by 2oo3 (2 out of 3) architectural design standards. It can be applied to those applications where customers are wanting to achieve a system rating up to SIL 3. SIL is an indication of the reliability of safety instrumented functions (SIF) or its Probability of Failure on Demand (PFD).
With the dual modular redundancy configuration, the Nexus OnCore Safety System is capable for SIL 2 applications with an overall decreased system cost.
SIL certification is provided by third party experts such asexida, or TüV for electronic hardware which has been shown to meet the reliability requirements of IEC61508. To meet the safety lifecycle requirements of IEC61511, certified hardware must be applied properly, and fully documented by the end user.
There are many safety lifecycle activities (e.g.,PHA, HAZOP, SIL targeting and verification, etc.) required to meet the IEC61511 requirements. Each customer site will have unique equipment arrangements, with differing field instruments, and software requirements that cannot be pre-packaged without a high level of customer interaction.
Most products today are being marketed as “SIL capable”. SIL capable is defined as being able to be used in a Safety Instrumented System (SIS) and can be validated and documented after the proper functional safety lifecycle activities have been performed by individuals qualified in Functional Safety.
A SIS is an instrumented system used to implement one or more SIFs. The purpose of a SIS is to prevent an unsafe event from happening or to mitigate the severity of an event by taking proactive action to move the process to a safe condition.
A SIF is a function to be implemented by a SIS, which is intended to achieve or maintain a safe state for the process with respect to a specific hazardous event. Hazardous events are those that could result in loss of life or personnel injury, not just equipment damage.
The NexusOnCoreSafety System has been certified to be used in SIL 1, SIL 2 and SIL 3 applications. The SIL rating of your individual SIFs will be based on aggregated SIL rating of all instrumentation, logic solvers, and final control elements (e.g., valves) in your SIS – with the least capable having the greatest impact on the overall system level capability. The NexusOnCoreSafety System has the highest reliability rating of the SIF components. The tables below are provided to help you assess the SIL requirements for your project.
NexusOnCoreControl System and NexusOnCoreSafetyhave been developed by a team of domain experts who have over a century of experience successfully delivering over 11,000 projects using a wide range of control platforms. The NexusOnCoreplatform benefited from the collective knowledge of this team, resulting in robust control and safety platforms that take full advantage of best in class features.
Combined with the NexusOnCoreControl System, complete plant control and protection through a common configuration software provide simplified expansion capabilities and reduce overall installation and training costs.
Nexus OnCore Safety Systems are designed to serve a wide variety of industrial protection applications from Emergency Shutdown Device (ESD), Burner Management Systems (BMS), Emergency Trip Systems (ETS), and Compressor Protection Systems. This programmable safety system has been certified to be used in SIL 1, SIL 2 and SIL 3 applications with an overall decrease in cost. In today's competitive production environment, process industries demand control systems that increase productivity, reliability and quality while lowering cost and increasing safety integrity levels. This next generation Safety Instrumented System (SIS) has one purpose and that is to shut down a process to a safe state when called upon, and this increases reliability.
The Nexus OnCore Safety System has been designed with safety as a main function. It has been engineered with special attention to diagnostic and redundancy features. Its distributed architecture reduces impact from loss of system components and provides production continuity. Each node in the system is autonomous yet works closely with its counterparts. This architecture distributes risk so the loss of one component does not affect the rest of the system.
SIL 3 (triple redundant) architecture balances high safety with high availability by adopting a 2oo3 (or Mean/2oo2 for dual redundant or SIL 2) architecture with diagnostics throughout the safety loop, including all input modules, controllers and output modules.
- Each type of module is designed with built-in diagnostic functions of high diagnostic coverage (DC) to reduce the undetected failure rate.
- By utilizing low common cause design, the probability of multi-failures can be minimized to effectively reduce spurious trips.
The overall design enhances reliability by using a 2oo3 architecture for SIL 3 and a 2oo2 architecture for SIL 2 with diagnostics to ensure loop safety, multiple levels of voting on the data stream, physical independence among triple redundant modules with high DC.
The Nexus OnCore Safety System Controller can communicate with other systems unidirectionally via Ethernet based Unit Data Highway. This allows the Nexus OnCore Safety and non-safety controllers to communicate with each other but maintain independent operation and insulate the SIS from failure propagation.
Availability is increased using a dual power supply with branch circuit detection to avoid loss of power and through degraded operation of 3-2-0 (for triple redundant architecture) mode and 2-1-0 mode (for dual redundant architecture).
SIL 3 (triple redundant) architecture balances high safety with high availability throughout the safety loop, including all input modules, controllers and output modules. Each type of module is designed with built-in diagnostic functions of high diagnostic coverage (DC) to reduce the undetected dangerous failure rate. By utilizing low common cause design, the probability of multi-failures can be minimized to effectively reduce spurious trips.
Nexus OnCore安全系统提供了增强的diagnostic capability by delivering channel level diagnostics:
- AI:out of range, open and short circuit detection
- DI:open and short circuit detection
- DO:relay coil current protection
Diagnostics can be sent from the NexusOnCoreSafety System to OptimumC HMIs for monitoring, debugging, logging and future analysis. There are redundant network ports on each Nexus OnCore Safety Processing Unit (SPU) module to connect to the redundant networks which provides layers of protection for your system.
During normal operation, online testing and proof testing are available to achieve a high diagnostic coverage and maintain a desired SIL level.
The Nexus OnCore Safety System provides redundant architecture which allows independent replacement of processor and I/O modules without a complete system shutdown.
For the Network interface on the Nexus OnCore Safety System, the SPU module contains two separate CPUs. One CPU manages the network interface and communication with the system HMIs (CPU-N). The second CPU manages the SIL logic solver and SIL I/O module interface (CPU-S). The SPU controller configuration and application logic are developed on the Nexus OnCore Engineering HMI and passed to the CPU-N – which then downloads the configuration to the CPU-S. The CPU-S handles all the SIL functions and logic execution and will provide signal status and values, alarm information and diagnostics to the CPU-N – which communicates that information for display on the HMI.
System redundancy architecture is configurable between TMR and DMR, with the associated voting logic in the safety controller, and in the I/O modules being applied to all the input and output signals automatically - targeting the desired SIL rate (SIL 3 or SIL 2).
The Nexus OnCore Safety System provides an integrated, easy to learn, easy to use and configure comprehensive software package (OptimumC) for plant operations. The HMI software allows for integration of displays, logs, graphics and alarms to give operators a broad view of the plant and its assets – this provides a clear picture for data analytics and troubleshooting. The Nexus OnCore Safety System software is intuitive and contains block-wise logic that users can configure to adjust to specific plant needs.
Each operator or engineering station supports monitoring and configuration of the entire system. Features of the operator and engineering station and HMI include:
- Administrative control of user access levels
- 单点监测显示
- Flexible alarm-monitoring capability (available in alarm list or embedded in operator graphics)
A library of standard display elements is supplied with the option of creating custom-built, dynamic displays based on user standards and requirements.
Benefits:
- Real-time and historical trend reports; both time-based and event-based options.
- Configurable and redundant system historical data collection and storage.
- Fault detection-based historical data and SOE event records allow operators to pinpoint cause and determine response.
软件包括一个简化的、单独的许可证that covers all aspects of your process control and safety system. No additional license fees are required in the future if you choose to add points, cards or expand the capability of the integrated data historian.