Advanced Redundant Control
System (ARCS)
Direct Acting Platform
-141 Series
Safety Manual for Safety Integrated system
ASCO Valves
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com Page 1 of 24
®
E290115 - 12/2018
All Rights Reserved.
IM-IND-536661-Rev AA
TABLE OF CONTENTS
1 INTRODUCTION ......................................................................................................................... 3
1.1 TERMS AND ABBREVIATIONS ................................................................................................ 3
1.2 ACRONYMS ........................................................................................................................ 3
1.3 PRODUCT SUPPORT............................................................................................................ 4
1.4 RELATED LITERATURE ......................................................................................................... 4
1.5 REFERENCE STANDARDS .................................................................................................... 4
2 ARCS DIRECT ACTING DESCRIPTION ........................................................................................ 4
2.1 REDUNDANT CONFIGURATIONS ............................................................................................ 4
2.2 REDUNDANT FUNCTIONS ..................................................................................................... 4
3 DESIGNING A SAFETY INSTRUMENTED FUNCTION USING AN ASCO ARCS ................................. 5
3.1 SAFETY FUNCTION .............................................................................................................. 5
3.2 ENVIRONMENTAL LIMITS ...................................................................................................... 5
3.3 APPLICATION LIMITS ............................................................................................................ 5
3.4 DESIGN VERIFICATION ........................................................................................................ 5
3.5 SIL CAPABILITY .................................................................................................................. 5
3.5.1 SYSTEMATIC INTEGRITY ................................................................................................ 5
3.5.2 RANDOM INTEGRITY ...................................................................................................... 6
3.5.3 SAFETY PARAMETERS ................................................................................................... 6
3.6 CONNECTION OF THE ARCS TO THE SIS LOGIC-SOLVER ....................................................... 6
3.7 GENERAL REQUIREMENTS ................................................................................................... 6
4 INSTALLATION AND COMMISSIONING .......................................................................................... 7
4.1 INSTALLATION ..................................................................................................................... 7
4.2 PHYSICAL LOCATION AND PLACEMENT ................................................................................. 7
4.3 ELECTRICAL CONNECTIONS ................................................................................................. 7
4.4 PNEUMATIC CONNECTIONS .................................................................................................. 7
5 OPERATION AND MAINTENANCE ................................................................................................ 8
5.1 MODES OF OPERATION ....................................................................................................... 8
5.1.1 1OO2 WITHOUT ONLINE MAINTENANCE & WITHOUT DIAGNOSTIC ....................................... 8
5.1.2 1OO2 WITH COMMON BYPASS & WITHOUT DIAGNOSTIC .................................................... 8
5.1.3 2OO2 WITHOUT ONLINE MAINTENANCE & WITHOUT DIAGNOSTIC ..................................... 10
5.1.4 2OO2 WITHOUT ONLINE MAINTENANCE & WITH DIAGNOSTIC ........................................... 11
5.1.5 2OO2 WITH COMMON BYPASS AND WITH DIAGNOSTIC ..................................................... 12
5.1.6 2OO2 WITH INDIVIDUAL ISOLATION AND WITH DIAGNOSTIC .............................................. 13
5.1.7 2OO3 WITHOUT ONLINE MAINTENANCE & WITHOUT DIAGNOSTIC ..................................... 14
5.1.8 2OO3 WITHOUT ONLINE MAINTENANCE & WITH DIAGNOSTIC ........................................... 16
5.1.9 2OO3 WITH INDIVIDUAL ISOLATION AND WITH DIAGNOSTIC .............................................. 18
5.1.10 2OO3 WITH COMMON BYPASS AND WITH DIAGNOSTIC ..................................................... 20
5.2 OPERATOR INTERFACE OPTIONS ....................................................................................... 22
5.3 ADT - OPTIONAL .............................................................................................................. 23
5.3.1 STATE VERIFICATION TEST .......................................................................................... 23
5.4 REPAIR AND REPLACEMENT ............................................................................................... 23
5.5 ASCO NOTIFICATION ........................................................................................................ 23
6 STATUS OF THE DOCUMENT ..................................................................................................... 23
6.1 RELEASES ....................................................................................................................... 23
APPENDIX A – SIS CHECKLIST ...................................................................................................... 24
Page 2 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
1 Introduction
This Safety Manual provides information necessary to design, install, verify and maintain a Safety Instrumented
Function (SIF) utilizing an ASCO Advanced Redundant Control System, ARCS (141 series). This manual provides
necessary requirements for meeting the IEC 61508 or IEC 61511 functional safety standards.
1.1 Terms and Abbreviations
• Safety - Freedom from unacceptable risk of harm
• Functional Safety - The ability of a system to carry out the actions necessary to achieve or to maintain
defined safe state for the equipment / machinery / plant / apparatus under control of the system
• Basic Safety - The equipment must be designed and manufactured such that it protects against risk of
damage to persons by electrical shock and other hazards and against resulting fire and explosion. The
protection must be effective under all conditions of the nominal operation and under single fault
condition
• Safety Assessment - The investigation to arrive at a judgment - based on evidence - of the safety
achieved by safety-related systems
• Fail-Safe State - State where the solenoid valve is de-energized and spring is extended.
• Fail Safe Failure - Failure which causes the valve to go to the defined fail-safe state without a demand
from the process.
• Fail Dangerous Failure - Failure that does not respond to a demand from the process (i.e. being
unable to go to the defined fail-safe state).
• Fail Dangerous Undetected - Failure that is dangerous and that is not being diagnosed by automatic
stroke testing.
• Fail Dangerous Detected - Failure that is dangerous but is detected by automatic stroke testing.
• Fail Annunciation Undetected - Failure that does not cause a false trip or prevent the safety function
but does cause loss of an automatic diagnostic and is not detected by another diagnostic.
• Fail Annunciation Detected - Failure that does not cause a false trip or prevent the safety function but
does cause loss of an automatic diagnostic or false diagnostic indication.
• Fail No Effect - Failure of a component that is part of the safety function but has no effect on the safety
function.
• Low demand Mode - Mode where the frequency of demands for operation made on a safety related
system is no greater than twice the proof test frequency.
1.2 Acronyms
• FMEDA - Failure Modes, Effects and Diagnostic Analysis
• HFT - Hardware Fault Tolerance
• MOC - Management of Change. These are specific procedures often done when performing any work
activities in compliance with government regulatory authorities.
• MTTFS - Mean Time To Fail Spurious
• PFDavg - Average Probability of Failure on Demand
• SFF - Safe Failure Fraction, the fraction of the overall failure rate of a device that results in either a safe
fault or a diagnosed unsafe fault.
• SIF - Safety Instrumented Function, a set of equipment intended to reduce the risk due to a specific
hazard (a safety loop).
• SIL - Safety Integrity Level, discrete level (one out of a possible four) for specifying the safety integrity
requirements of the safety functions to be allocated to the E/E/PE safety-related systems where Safety
Integrity Level 4 has the highest level of safety integrity and Safety Integrity Level 1 has the lowest.
• SIS - Safety Instrumented System – Implementation of one or more Safety Instrumented Functions. An
SIS is composed of any combination of sensor(s), logic solver(s), and final element(s).
Page 3 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
1.3 Product Support
Product support can be obtained from:
ASCO Numatics (India) Pvt. Ltd.,
No.57, Kundrathur Main Road, Gerugambakkam,
Chennai-600128, India
1.4 Related Literature
• Hardware Documents: ASCO ARCS Operation Guide I&M Number 536985
1.5 Reference Standards
• Functional Safety
• IEC 61508: 2000 Functional safety of electrical/electronic/ programmable electronic safety-related
systems
• IEC 61511 Mod. Functional Safety – Safety Instrumented Systems for the Process Industry Sector
2 ARCS Direct Acting Description
The ASCO ARCS (141 series) is designed for emergency shut down valves (ON/OFF vales) with various redundant
configurations (1oo2, 2oo2 & 2oo3) to meet both safety & availability.
The ASCO ARCS (141 series) 2oo3 redundant solenoid valve piloting system combines the advantages of both
1oo2 & 2oo2 systems to achieve a high level of process safety and reliability.
ARCS (141 series) are an electro-mechanical and pneumatic system consisting of solenoid operated valves and
push pull type manually operated spool valves. The valves are interconnected to allow different architectures for the
control of pneumatically actuated block valves. It provides diagnostic components to verify the state of the devices
as well as enabling online testing of the devices. These components are visual indicator or pressure gauges and
pressure switches monitoring the pneumatic pressures at critical points of the ARCS assembly.
2.1 Redundant Configurations
• 1oo2 - Redundancy built to achieve a high level of process safety.
Hardware fault tolerant = 1
SIL3
• 2oo2 - Redundancy built to achieve high availability and prevent nuisance trips.
Hardware fault tolerant = 0
SIL2
• 2oo3 - Redundancy built to achieve a high level of process safety and availability.
Hardware fault tolerant = 1
SIL3
2.2 Redundant Functions
• 1oo2 Manifold Assembly, without Online Maintenance & without Diagnostic
• 1oo2 Manifold Assembly, with Common By-pass & without Diagnostic
• 2oo2 Manifold Assembly, without Online Maintenance & Diagnostic
• 2oo2 Manifold Assembly, without Online Maintenance, with Diagnostic
• 2oo2 Manifold Assembly, with Common By-pass with Diagnostic
• 2oo2 Manifold Assembly, with Individual Isolation with Diagnostic
• 2oo3 Manifold Assembly, without Online Maintenance & Diagnostic
• 2oo3 Manifold Assembly, without Online Maintenance, with Diagnostic
• 2oo3 Manifold Assembly, with Common By-pass with Diagnostic
• 2oo3 Manifold Assembly, with Individual Isolation & with Diagnostic
Page 4 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
3 Designing a Safety Instrumented Function using an ASCO
ARCS
3.1 Safety Function
When de-energized, the ASCO ARCS (141 series) moves to its fail-safe position. Depending on the version
specified, 1oo2, 2oo2, 2oo3 the ARCS will supply air and vent air depending on the piping of the installation.
As defined in IEC 61508, the ARCS is intended to be a part of the final element subsystem and the designer must
verify the achieved SIL level of the designed function.
3.2 Environmental limits
The designer of a SIF must check that the product is rated for use within the expected environmental
limits.
Temperature: The ARCS shall be mounted either plate or inside enclosure. The temperature does not exceed the
specified temperature limits for standard or low temperature mentioned in catalogues.
3.3 Application limits
The application limits of an ASCO ARCS (141 series) are specified in the user manual. I&M Number 536985 It is
especially important that the designer checks for material compatibility considering on-site chemical contaminants
and air supply conditions. If the ARCS is used outside of the application limits or with incompatible materials, the
reliability data provided becomes invalid.
3.4 Design Verification
A detailed Failure Mode, Effects, and Diagnostics Analysis (FMEDA) report is available from ASCO. This report
details all failure rates and failure modes as well as the expected lifetime.
The achieved Safety Integrity Level (SIL) of an entire Safety Instrumented Function (SIF) design must be verified
by the designer via a calculation of PFDavg considering redundant architectures, proof test interval, proof test
effectiveness, any automatic diagnostics, average repair time and the specific failure rates of all products included
in the SIF. Each subsystem must be checked to assure compliance with minimum hardware fault tolerance (HFT)
requirements. The Exida exSILentia® tool is recommended for this purpose as it contains accurate models for the
ARCS and its failure rates.
When using an ASCO ARCS (141 series) in a redundant configuration, a common cause factor of 5% should be
included in safety integrity calculations.
The failure rate data listed in the FMEDA report is only valid for the useful lifetime of an ASCO Solenoid.
The failure rates will increase sometime after this time period. Reliability calculations based on the data
listed in the FMEDA report for mission times beyond the lifetime may yield results that are too optimistic,
i.e. the calculated Safety Integrity Level will not be achieved.
3.5 SIL Capability
3.5.1 Systematic Integrity
Page 5 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
This product has met manufacturer design process requirements for Safety Integrity Level (SIL) 3. These are
intended to achieve sufficient integrity against systematic errors of design by the manufacturer. A Safety
Instrumented Function (SIF) designed with this product must not be used at a SIL level higher than the statement
without “prior use” justification by end user or diverse technology redundancy in the design.
3.5.2 Random Integrity
The ARCS (141 series) is a Type A Device. Therefore, depending on redundant architecture, the design can
meet SIL 3 requirements @ HFT=1. the design can meet SIL 2 @ HFT = 0.
When the final element assembly consists of many components (ARCS, quick exhaust valve, actuator, isolation
valve, etc.) the SIL must be verified for the entire assembly using failure rates from all components. This analysis
must account for any hardware fault tolerance and architecture constraints.
3.5.3 Safety Parameters
For detailed failure rate information refer to the Failure Modes, Effects and Diagnostic Analysis Report for the
ARCS.
3.6 Connection of the ARCS to the SIS Logic-solver
The ARCS (141 series) is connected to the safety rated logic solver which is actively performing the safety function
as well as automatic diagnostics designed to diagnose potentially dangerous failures within the ARCS. The
isolating valves solenoid control power shall be supplied by the safety logic solver via the safety function output.
Connections must be made according the instructions supplied by the safety rated logic solver.
The output rating of the I/O module shall meet or exceed the electrical specifications of the valve solenoid. Refer
catalogue for detailed solenoid specifications.
If the safety rated logic solver output module provides line-integrity testing by pulse tests or other means, the
impedance range applicable for this test shall be within the ARCS solenoid impedance.
If connected to a passive input module (a module that provides only the switching but not the switching energy),
the external power supply shall meet all pertinent electrical safety requirements specified by the safety rated logic
solver (i.e. IEC 61010).
The input rating of the Digital Input module shall meet the electrical specifications of the pressure switch:
If the safety rated logic solver input module requires line-end devices for open wire / short circuit wire protection,
these devices shall be mounted at the terminal block of the ARCS according to the logic-solver manufacturer’s
instructions.
If the logic-solver input module provides line-integrity testing by pulse tests or other means the impedance range
applicable for this test shall be within the ARCS pressure switch impedance.
3.7 General Requirements
• The system’s response time shall be less than process safety time. The ARCS will switch between two
states in less than 105 ms.
• All SIS components including the ARCS must be operational before process start-up.
• The user shall verify that the ARCS is suitable for use in safety applications by confirming that the
ARCS nameplate is properly marked.
• Personnel performing maintenance and testing on the ARCS shall be competent to do so.
• The useful life of the ARCS is discussed in the Failure Modes, Effects and Diagnostic Analysis Report
for the ARCS.
Page 6 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
4 Installation and Commissioning
4.1 Installation
• The ASCO Solenoid valve must be installed per standard installation practices outlined in the
Installation Manual.
• The environment must be checked to verify that environmental conditions do not exceed the ratings.
• The ASCO Solenoid must be accessible for physical inspection.
4.2 Physical Location and Placement
• The ARCS shall be accessible with sufficient room for cabling and pneumatic connections and shall
allow manual proof testing of the bypass function.
• Pneumatic piping to the block valve shall be kept as short and straight as possible to minimize the
airflow restrictions and potential clogging of the exhaust line. Long or kinked pneumatic tubes may also
increase the block valve closure time.
• The Breather/Vent valve shall be accessible and should be inspected for obstruction during manual
proof testing.
• The ARCS shall be mounted in a low vibration environment. If excessive vibration is expected, special
precautions shall be taken to ensure the integrity of electrical and pneumatic connectors or the vibration
should be reduced using appropriate damping mounts.
4.3 Electrical Connections
• The device requires external electrical connections. The ARCS device is available in the following
control signal configurations: 12 VDC, 24 VDC, 48VDC, 120 VDC, 120/60-110/60 VAC or 230/50240/50 VAC.
• All wirings shall provide sufficient electrical isolation between adjacent signal lines and between signal
lines and ground.
• Stranded 16 to 18 AWG (or equivalent gauge and flexibility) shall be used.
• It is recommended that conduit sealant be used to prevent condensation from entering the enclosure
and, as per IEC standard conditions will prevent hazardous gasses and vapours from migrating through
the conduit to the control room or open ignition source.
• The terminal clamps are designed for one wire only; DO NOT attempt to terminate multiple wires into
one terminal.
• Strip the wires to the recommended length appropriate for the termination block.
• Ensure all wire strands are fully inserted into the terminal block and no shorts between adjacent wires
on the terminal block are possible.
• Use care when running signal wiring near to, or crossing conduit or wiring that supplies power to motors,
solenoids, lighting, horns, bells, etc. Sufficient electrical isolation and shielding against electro-magnetic
interference from items in the vicinity of the cable run shall be provided.
• AC power wiring should be run in a separate conduit from DC power. All power wiring to and from the
ARCS should be in a grounded conduit. Outdoor cable runs shall be protected against lightning strike.
• The ARCS shall be connected to a high-quality instrument grade ground with #14 AWG or heavier wire.
A grounding stud is provided on the inside and outside of the enclosure.
4.4 Pneumatic Connections
• Recommended piping for the inlet and outlet pneumatic connections to the ARCS is ¼” or ½” stainless
steel tubing. The length of tubing between the ARCS and the block valve shall be kept as short as
possible and free of kinks.
• Only dry instrument air filtered to 25-micron level or better shall be used.
• The process air pressure shall be 1or 2 – 10 BAR
Page 7 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
5 Operation and Maintenance
State
V1
V2
Outlet
1
(Normal)
Energized
Energized
Air Supply
2
(Safe)
De-Energized
De-Energized
Vented
3
(Safe)
Energized
De-Energized
Vented
4
(Safe)
De-Energized
Energized
Vented
Figure 1
5.1 Modes of Operation
5.1.1 1oo2 without Online Maintenance & without Diagnostic
Figure 1 shows circuit diagram of 1oo2 without online maintenance & without diagnostic (safety state action). In
this condition, the ARCS is blocking the inlet air supply and venting the valve actuator (Normally closed
operation). This configuration is mostly used in safety applications since a loss of electrical or pneumatic energy
will result in the safe state of the actuator. V1 & V2 are solenoid operated valves. Both valves are energized then
only outlet will gets air supply. Online maintenance not applicable in this configuration.
The truth table for all possible device states is shown in Table 1.
Table 1
If the logic solver responds to a safety demand, it de-energizes SOV1 and SOV2 and causes the inlet air supply
to be blocked off and venting the block valve actuator.
5.1.2 1oo2 with common bypass & without Diagnostic
Figure 2 shows circuit diagram of 1oo2 with common bypass and without diagnostic (safety state action). In this
condition, the ARCS is blocking the inlet air supply and venting the valve actuator (Normally closed operation).
This configuration is mostly used in safety applications since a loss of electrical or pneumatic energy will result in
the safe state of the actuator. V1 & V2 are solenoid operated valves. Both valves are energized then only outlet
will gets air supply. B1 is manual operated bypass valve with LOTO protection. A, B and C are visual indicators,
Page 8 of 24
No. 57, Kundrathur Main Rd., Gerugambakkam, Chennai -6000128, India www.asco.com
IM-IND-536661-Rev AA
Loading...