The black channel: Using fieldbus in safety systems

It has been a couple of years since we last talked about safety systems in fieldbus. And given that this issue calls for a special focus on safety, I thought it was time for an update.

The FOUNDATION Fieldbus Safety Development continues to go well and should have the necessary approvals in early 2006. The theory of how to make fieldbus protocols has been fully defined in the new standards, and the project team is now proving that theory. The protocols will use a “black channel” approach in which the new safety functionality is built on top of the existing protocol without the safety protocol knowing it, and therefore the safety protocol is being kept “in the dark” or “black”. The team has also had to define additional error checking functionality in the devices as well as several new function blocks.

The figure below shows how the black channel and device safety communication functions are grafted on top of the existing protocol.

This is the way most safety bus protocols are proceeding in part to manage the development effort while minimizing the changes to the infrastructure as well as the existing practices of end users and designers. If these design and installation practices had needed to change as well, this could have added additional risk to the safety process – the exact opposite of the desired result.

Some additional benefits of using a black channel approach are improvements in the reliability and availability of the overall communications structure, and these improvements will impact all fieldbus systems.

The new Function Blocks being added to the Foundation specifications are:
• SIS Analogue Input – Analogue input block with additional safety features.
• SIS Analogue Comparator – Comparison of two or more analogue values for use in logic functions.
• SIS Discrete Input – Discrete input block with additional safety features.
• SIS Discrete Output – Discrete output block with additional safety features.
• SIS Lock – new Function Block to restrict access to the SIS blocks.
• SIS Logic – new Function Block to perform safety system logic.

The new voting blocks continue the Foundation’s philosophy of “control in the field”, though the first devices are expected to rely on a logic solver for this functionality.

Fieldbus safety certified devices will be available in approximately one year, but the benefits will be seen before then. Part of the reason for the delay in device availability is that fieldbus safety devices will require two certificates – one from the Fieldbus Foundation to certify the communications protocols and the second from a device certification agency to verify the device’s SIL level.

If you have any suggestions for this column or topics you would like to see covered please send me a note either directly or care of the editor, and we will try to include it in the future as it fits with the editorial calendar.

Ian Verhappen is an ISA fellow and director of ICE-Pros, Inc., an independent instrument and control engineering consulting firm specializing in fieldbus, process analyzer sample systems and oil sands instrumentation and control. E-mail him at ian.verhappen@ice-pros.com, or visit his website www.ice-pros.com.