8000 SERIES TMR SYSTEM OPERATOR AND MAINTENANCE MANUAL DOCUMENT NUMBER 552864 ISSUE 02 JUNE 2004
OPERATOR AND MAINTENANCE MANUAL Copyright © ICS Triplex Technology 1998-2004 Printed in England Doc No 552864 Issue 02 June 2004 Page i
OPERATOR AND MAINTENANCE MANUAL This page intentionally blank Doc No 552864 Issue 02 June 2004 Page ii
OPERATOR AND MAINTENANCE MANUAL Issue Record Issue Number Revised by Checked by Authorised by Date Issue 1 May J Bourn Issue 2 June N Owens Doc No 552864 Issue 02 June 2004 Page iii
OPERATOR AND MAINTENANCE MANUAL NOTICE The content of this document is confidential to ICS Triplex Technology Ltd. companies and their partners. It may not be given away, lent, resold, hired out or made available to a third party for any purpose without the written consent of ICS Triplex Technology Ltd. This document contains proprietary information that is protected by copyright. All rights are reserved.
OPERATOR AND MAINTENANCE MANUAL REVISION AND UPDATING POLICY All new and revised information pertinent to this document shall be issued by ICS Triplex Technology Ltd. and shall be incorporated into this document in accordance with the enclosed instructions. The change is to be recorded on the Amendment Record of this document.
OPERATOR AND MAINTENANCE MANUAL WARNING RADIO FREQUENCY INTERFERENCE MOST ELECTRONIC EQUIPMENT IS INFLUENCED BY RADIO FREQUENCY INTERFERENCE (RFI). CAUTION SHOULD BE EXERCISED WITH REGARD TO THE USE OF PORTABLE COMMUNICATIONS EQUIPMENT AROUND SUCH EQUIPMENT. SIGNS SHOULD BE POSTED NEAR THE EQUIPMENT CAUTIONING AGAINST THE USE OF PORTABLE COMMUNICATIONS EQUIPMENT. MAINTENANCE MAINTENANCE MUST BE PERFORMED ONLY BY QUALIFIED PERSONNEL.
OPERATOR AND MAINTENANCE MANUAL RECORD OF AMENDMENTS Issue Number Issue 1 Doc No 552864 Issue 02 June 2004 Changes Initial Issue P a g e vi i
OPERATOR AND MAINTENANCE MANUAL TABLE OF CONTENTS 1. INTRODUCTION ............................................................................................ 1 1.1 MAINTAINING SAFETY ............................................................................ 1 1.2 OPERATION AND MAINTENANCE PLAN................................................ 1 1.3 PLANNED MAINTENANCE....................................................................... 1 1.4 FIELD DEVICE MAINTENANCE .....................................
OPERATOR AND MAINTENANCE MANUAL OPERATOR AND MAINTENANCE MANUAL 1. INTRODUCTION 1.1 MAINTAINING SAFETY This manual should be read in conjunction with the safety manual (product number 8094) 1.2 OPERATION AND MAINTENANCE PLAN This Operation and Maintenance requirement ensures that functional safety continues beyond the design, production, installation and commissioning of the system. The in-service operation and maintenance is normally beyond the system integrator responsibility.
OPERATOR AND MAINTENANCE MANUAL 1.4 FIELD DEVICE MAINTENANCE During the lifetime of the system, it will be necessary to undertake a number of field maintenance activities that will include re-calibration, testing and replacement of devices. Facilities should be included within the system design to allow these maintenance activities to be undertaken. Similarly, the operating and maintenance plan needs to include these maintenance activities, and their effect on the system operation and design.
OPERATOR AND MAINTENANCE MANUAL 1.6 MONITORING In order to establish that the safety objectives have been met through the lifetime of the system it is important to maintain records of the faults, failures and anomalies. This requires the maintenance of records by both the end-user and the system integrator.
OPERATOR AND MAINTENANCE MANUAL 1.8 MODULE REPLACEMENT CONFIGURATION The system supports 3 forms of High Density I/O module replacement: a. Companion slot (Hot-swap pair) b. SmartSlot pair c. Live insertion and removal In the companion slot configuration, two adjacent module positions are coupled to provide and active and standby module pair.
OPERATOR AND MAINTENANCE MANUAL 1.9 INPUT AND OUTPUT FORCING Locking and forcing of individual inputs and outputs from the IEC1131 Workbench are supported for engineering, installation and commissioning purposes. Inservice, maintenance overrides for safety-related inputs and outputs should be implemented using the application program.
OPERATOR AND MAINTENANCE MANUAL 1.10 MAINTENANCE OVERRIDES Maintenance Overrides set inputs or outputs to a defined state that can be different from the real state during safety operation. They are used during maintenance, usually to override input or output conditions in order to perform a periodic test, calibration, or repair of a module, sensor or actuator.
OPERATOR AND MAINTENANCE MANUAL 2. OPERATION A safety Instrumented system (SIS) is dormant by nature, therefore in normal plant operating situations the SIS is not required and is only called upon to operate in an emergency situation. A SIS should be designed to operate automatically and so requires no operator interaction. It is essential however that the SIS and associated field devices are maintained, to ensure they operate when required.
OPERATOR AND MAINTENANCE MANUAL 3. MAINTENANCE The operator maintenance schedule for testing the SIS, sensors and actuators should reflect the test interval used in the reliability/availability calculations. The system should be configured to allow testing from the I/O module to the field device. Inputs The purpose of the override is to allow testing of the sensor without executing a trip.
OPERATOR AND MAINTENANCE MANUAL 3.1 MODULE MAINTENANCE REQUIREMENTS There are no user-maintainable parts in any of the 8000 Series System modules.
OPERATOR AND MAINTENANCE MANUAL 4. MODULE STATUS INDICATORS The following sub-paragraphs detail the front panel LEDs of the 8000 Series System range of modules together with their function and status. 4.1 8000 SERIES TMR PROCESSOR Note: LED INDICATION Healthy Overall health of each processor slice: Steady = healthy Red flashing = slice failed. Active Steady green when module is in Active mode. Standby Steady green when module is in Standby mode.
OPERATOR AND MAINTENANCE MANUAL 4.2 8000 SERIES TMR INTERFACE LED INDICATION Healthy Overall health of each processor slice: Steady green = healthy. Flashing green = fault. Active Steady green when module is in Active mode. Standby Steady green when module is in Standby mode. Educated Steady green when module is educated. Flashing green during module education. Off when module is not educated. I/O Healthy I/O sub-system health: Steady green = healthy Flashing Green = fault. 4.
OPERATOR AND MAINTENANCE MANUAL 4.4 8000 SERIES I/O MODULES LED INDICATION Healthy Module health. Off Amber = No power applied to the module. = Slice is in the start-up state (momentary after installation or power-up). Green = healthy. Flashing red = fault present on the associated slice but the slice is still operational. Red (momentary) = On installation – power applied to the associated slice. Red = The associated slice is in the fatal state.
OPERATOR AND MAINTENANCE MANUAL 5. FAULT FINDING The 8000 Series System is capable of detecting and isolating faults to module level, while its two-out-of-three voting architecture prevents faults from propagating to the system outputs. Various means are provided for directing maintenance personnel to the faulty module. Most system modules are hot-replaceable, providing continuous system operation.
OPERATOR AND MAINTENANCE MANUAL 5.1 FAULT DETECTION There are three levels of fault detection used in the 8000 Series System: 1. Discrepancy logic in each I/O module compares the 8000 Series TMR Processor output data on each bus cycle. A fault is recorded whenever the data in one processor disagrees with the other two processors of the 8000 Series TMR Processor. 2. Loopback logic on Interfaces and I/O modules is exercised by the 8000 Series TMR Processors on a background basis to detect output data faults.
OPERATOR AND MAINTENANCE MANUAL 5.2 FAULT ANNUNCIATION The 8000 Series System annunciates faults via the status LEDs fitted to the front panels of the modules. Note: A fault indication does not necessarily mean that a module is not operational. Some faults within a module have no immediate consequence. The failure can be masked or it can be located in the test circuitry. Nevertheless, the module should be replaced and returned for repair.
OPERATOR AND MAINTENANCE MANUAL 5.4 CLEARING FAULTS Faults occurring in the 8000 Series TMR Processor, 8000 Series TMR Interface and 8000 Series Communications Interface modules are non-latching, allowing the system to recover automatically once the fault condition has been rectified. Faults occurring in the I/O sub-system are latched and are cleared only by first rectifying the fault, then pressing the Reset button on the 8000 Series TMR Processor.
OPERATOR AND MAINTENANCE MANUAL 6. SYSTEM DIAGNOSTICS The 8000 Series System diagnostic requirements will depend upon client requirements. The recommended minimum diagnostics are included in the Software manual. Whilst some alarms indicate a fault on the module (which require replacement), others are used for analysis of the 8000 Series System and indicate a fault in a secondary component. 6.1 TEMPERATURE ALARMS Each module has dedicated monitoring points for temperature.
OPERATOR AND MAINTENANCE MANUAL 7. MODULE REPLACEMENT 7.1 MODULE EJECTOR LEVERS AND KEY When inserting a module, the ejector levers should be open and the module should be pushed into the slot using the fascia. When the module connectors have located on the backplane and field cable connectors, the module should be pushed firmly into place before closing the ejector levers. Module ejector levers should only be opened using a 8000 Series ejector key (supplied with the 8000 Series TMR Processor).
OPERATOR AND MAINTENANCE MANUAL 7.3 TMR INTERFACE MODULE REPLACEMENT This procedure is only applicable when the TMR Interface module has failed (faulty slice) and no standby module is configured in the 8000 Series Controller. 1. Insert the replacement module in the adjacent slot. 2. After the replacement module has been educated, remove the faulty module. 3. Restart the system using the ‘START APPLICATION’ procedure from the Workbench.
OPERATOR AND MAINTENANCE MANUAL 7.5 COMPANION SLOT MODULE REPLACEMENT Each I/O module in a 8000 Series System may have a Companion Slot configured via a double-width I/O connector, but not necessarily occupied. This enables a faulty module to be replaced without disrupting the System. Replacement is effected by simply inserting a working module of the same type, with compatible firmware and hardware, in the adjacent slot.
OPERATOR AND MAINTENANCE MANUAL 7.6 SMARTSLOT (VERSION 2) REPLACEMENT I/O modules in a 8000 Series system may be configured as SmartSlot, allowing modules to be replaced with another in an allocated SmartSlot. This reduces the number of slots required in a system, because a group of modules can now have one SmartSlot instead of a companion slot for every module.
OPERATOR AND MAINTENANCE MANUAL 8. RESTART PROCEDURE 8.1 INTRODUCTION The procedure described below is necessary to restore the 8000 Series System to full operation after a total loss of power including the loss of the incoming power supplies. The sequence is based on the assumption that the incoming power supplies have been restored after all the MCBs, contactors and isolators have been opened. It is assumed that all the application software and system INI configuration have been installed.
OPERATOR AND MAINTENANCE MANUAL 8.4 FINAL (1) Ensure that all external interfaces to other systems and devices are connected and functioning correctly. (2) Ensure that all modules are in the healthy condition relative to the state of the plant. The 8000 Series System is now ready to control and monitor trips and alarms.
