Adhering to International Safety Standards with DeltaV SIS and the SZ Controller
The DeltaV SIS with Electronic Marshalling architecture provides many benefits whether deploying an integrated control and safety system (ICSS) or a separate, stand-alone SIS. The international standards for functional safety in the process industry, IEC61511 (or ANSI/ISA 84) require that the safety system be independent of the distributed control system (DCS), with separate power supplies, communication channels and control execution. When designing your safety instrumented system (SIS), it’s important to understand the purpose of each hardware component to ensure your system adheres to these standards.
One of the more common questions we hear from users considering DeltaV SIS is: What is the role of the SZ controller? The SZ connects to both the DCS and SIS in DeltaV…so does it provide control execution for the SIS, or simply act as a data gateway between the two networks?
Controller? Gateway? Both?
For users deploying an integrated control and safety system (ICSS) with DeltaV, the SZ controller is the centerpiece for integrating the safety system with DeltaV natively. It provides the necessary physical and logical separation needed to adhere to industry standards and codes.
Figure 1 below shows the four available network ports on the SZ controller carrier. Keeping with the philosophy of built-in redundancy, the top two ports (primary and secondary) are meant for the DeltaV DCS area control network, and the bottom two ports are dedicated to the local safety network. The SZ acts as a network isolator and data buffer for the physically separate control networks. The SZ does not execute any safety logic. Only CHARMs Smart Logic Solvers (CSLS – the logic solver executes all safety logic for the SIS) and other safety network components can be added to the safety network to maintain the integrity of the SIL3-capable safety system.
Now, you may be wondering – if the SZ Controller is a device used to separate networks and pass parameters between them, why is it called a “controller”?
The additional function of the SZ is that it can execute basic process control (non-safety logic). Through its connection to the area control network, the SZ can execute control modules for standard CHARMs I/O Cards with up to 384 I/O points. This proves to be particularly valuable in applications such as a Burner Management System where prescriptive codes could require a dedicated logic solver (CSLS) for the burner control and a separate controller for combustion control (SZ Controller).
How does the SZ Controller work in a stand-alone SIS?
For those end users who are implementing DeltaV SIS, but do not have a DeltaV system for their DCS, the SZ controller has a similar function. It still separates the area control network from the safety network by using the top ports for a Modbus TCP/IP connection to your 3rd party DCS.
The SZ Controller plays a crucial role in adhering to international safety standards for implementing a safety system that is independent from the DCS. Does your SIS need improvement or modernization to meet new industry standards?