By Heike Schmeding
Approximately 500 AUMA actuators communicate via Profibus DP at the ERZ Zürich combined heat and power plant.
There are two key issues currently affecting the actuation industry: host system integration and functional safety.
Host system integration
In any plant installation, a key requirement is being able to smoothly integrate the actuators used for opening or closing valves with the plant’s automation system. While the mechanical interface between actuator and valve is standardized, interfaces to the control system undergo permanent development. There are a number of challenging decisions: should companies adopt parallel control, fieldbus, or both for redundancy? And, when opting for fieldbus, which protocol should be used? System integration of communication protocols has become a central topic for the supply of actuators for modern plant installations. Today, it is considerably more than mechanical design that is important—system integration is required, centered on effective communication between the actuator and the host system.
Automated opening and closing of valves is the primary functionality, and is usually the straightforward aspect of system integration. In simple applications, operation commands open and close, position feedback signals, and a fault signal often suffice.
However, if fieldbus protocols are used, the bandwidth for information transmission is considerably increased. Further transmission of commands and feedback signals required for operation, access to all device parameters, and operating data via fieldbus from the distributed control system (DCS) are made available. This “secondary” information for diagnostic and maintenance purposes is not a prerequisite for operation, but it aids commissioning, maintenance, and asset management, because it helps give a better overall picture of an actuator.
Cost reduction is one of the main benefits of fieldbus technology. In addition, the introduction of serial communication in process automation has become an innovation driver for field devices and, consequently, for actuators. Concepts for efficiency gains, such as remote parameterization or central-plant asset management, would not be feasible without fieldbus technology. Many different fieldbus systems are available on the market. Established communication systems frequently used with actuators include Profibus DP, Modbus RTU, Modbus TCP/IP, FOUNDATION Fieldbus, and HART.
A large variety of different data and information packages need to be exchanged between the host system and actuators. Communication protocols and data interfaces therefore need to function accurately to facilitate smooth system integration.
As a result, an important requirement for an actuator supplier is to provide evidence of an established track record in the field of system integration and to demonstrate relevant certification for the different fieldbus protocols. Conformity of protocol implementation with fieldbus specifications has to be certified by the international fieldbus organizations: these authorities, or test laboratories accredited by them, carry out extensive tests to verify that products function according to the specifications.
In addition to device registrations, DCS manufacturers carry out dedicated integration tests with field devices. Generally, actuator manufacturers cooperate closely with DCS manufacturers, providing sample actuators for their test laboratories and support regarding actuator interfaces. Typically, product references are then made available on their websites.
Redundancy is another key issue regarding system integration. There are a multitude of different approaches to achieve it. It is critical that, at a very early design stage, the different variants of redundancy supported by the DCS components are effectively assessed, coordinated, and extensively tested using the selected network equipment and field devices.
It is suggested that system integration should always be tailored to the specific requirements of an installation. For example, it may be necessary to configure the data interface in such a way that communication cycle times or bandwidth slots are optimized, and only the data needed for an application is transmitted, thus speeding up communication efficiency. It is strongly recommended that the actuator manufacturer is consulted at the earliest possible stage of design considerations.
The second important topic is functional safety. This issue is critical for the process industry in general and particularly for chemical or oil and gas applications, where protection of people and the environment is essential and, in the event of accidents, financial losses can be extremely high.
Compliance with IEC 61508 and 61511 standards is increasingly demanded by authorities and insurance companies. According to IEC 61508, functional safety relates to systems that automatically intervene in the event of plant emergency alerts, and ensure that the plant is maintained at, or brought into, a safe state.
A hazard or risk assessment should be conducted whenever designing a production plant that is potentially dangerous to people or that may cause severe environmental damage. Frequently, one measure is implementing a functional safety system safety instrumented system (SIS); this is viewed as a state-of-the-art method for risk reduction.
Hazard and risk analyses also determine the safety integrity level (SIL) that the SIS must fulfill. Put simply, SILs are “measuring units” for risk reduction with functional safety systems; the level depends on the severity of the potential dangers.
Components of a typical safety instrumented system include the sensor (1),
safety PLC (2), and actor (3), consisting of actuator and valve.
The required SIS typically consists of a sensor, a safety programmable logic controller (PLC), and an “actor.” In the valve sector, the actor consists of an actuator and a valve. To achieve the required risk reduction, these components need to be capable of the SIL required for the SIS as a whole.
Taking one example to illustrate the complexities of functional safety, it is essential to recognize that, even if exclusively SIL 2–capable components are used, it is not guaranteed that the safety instrumented function (SIF) as a whole will also meet SIL 2 requirements. This level is only achieved if the integral failure probability for all the components of the SIF combined is within the SIL 2 limits and certain additional requirements are met.
As a result, during a plant’s design phase, when deciding on the components for a SIS, it is advisable to closely examine declared safety figures. As an illustration, it is a best practice that the probability of failure on demand (PFD) value for an actuator should not account for more than approximately 25 percent of the allowed PFD value for the required SIL. If, for example, the actuator alone would take 80–90 percent of the permitted PFD value for the SIF, it is very unlikely to meet the requirements for the SIF as a whole. The other components also have a certain failure probability. Use a considered and conservative approach to calculations to ensure that estimations are on the safe side.
One of the most complex tasks within a SIS is to make sure that the interfaces between sensor, safety PLC, and actuator harmonize and function together. This is more complicated than in a standard process control system, because, for safety reasons, there are often restrictions regarding permissible configurations of components. Modular actuator design helps to achieve this, because individual components can be exchanged, as long as all safety requirements are observed.
It is also extremely important that plant designers have access to all the component-specific documentation required to correctly configure and document their SIS in full to achieve certification from a notifying body. To offer maximum support, an actuator manufacturer needs to supply safety figures, test reports, certificates, and comprehensive safety manuals. Support can also include checklists for commissioning and proof testing. Again, close cooperation with the actuator manufacturer is recommended to ensure that the functional safety system achieves the intended risk reduction.
Host system integration and functional safety are two highly significant topics that are currently affecting a wide range of valve control applications. This article has given insight into the importance, challenges, and impact of these issues. However, every installation is different, and adopters of actuation technology should work in partnership with their suppliers to obtain expert advice to achieve the most practical solution.
Example of AUMA actuator to support functional safety system up to SIL 3