Honeywell HC900 Safety Manual
  1. Manuals
  2. Brands
  3. Honeywell Manuals
  4. Controller
  5. HC900
  6. Safety manual
Honeywell HC900 Safety Manual

Honeywell HC900 Safety Manual

Process & safety controller
Hide thumbs Also See for HC900:
Table of Contents

Advertisement

Quick Links

See also: Reference Manual , User Manual
HC900 Process & Safety Controller
Safety Manual
Doc. No.:
51-52-25-153
Revision:
1.9
Date:
January 2014

Advertisement

Table of Contents
loading

Related Manuals for Honeywell HC900

Summary of Contents for Honeywell HC900

  • Page 1 HC900 Process & Safety Controller Safety Manual Doc. No.: 51-52-25-153 Revision: Date: January 2014...
  • Page 2 However, we assume no responsibility for its use. While we provide application assistance personally, through our literature and the Honeywell web site, it is up to the customer to determine the suitability of the product in the application.
  • Page 3 About This Document Abstract The Safety Manual provides information about HC900 that is relevant for integration into a Safety Instrumented System (SIS). References The following list identifies all documents that may be sources of reference for material discussed in this publication.
  • Page 4 Support and Contact Information For Europe, Asia Pacific, North and South America contact details, refer to the back page of this manual or the appropriate Honeywell Solution Support web site: Honeywell Organization WWW Address (URL) Corporate http://www.honeywell.com Honeywell Process Solutions www.honeywellprocess.com...
  • Page 5 Chassis Ground. Identifies a connection to the chassis or frame of the equipment shall be bonded to Protective Earth at the source of supply in accordance with national and local electrical code requirements. Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...
  • Page 6 Safety Integrity Level 1 has the lowest. Safety Instrumented System – Implementation of one or more Safety Instrumented Functions. A SIS is composed of any combination of sensor(s), logic solver(s), and final element(s). HC900 Process & Safety Controller Safety Manual Revision 1.9 01/14...

  • Page 7: Table Of Contents

    Redundant Controllers and Non-Redundant IO ................. 13 HC900 controller Features ........................ 15 Scope of SIL Certification for HC900 Control System Architectures ........... 16 Design and Implementation of HC900 Control System ..........17 Allowable Function Blocks for Process and Safety Functions ............17 HC900 Control System Operational Modes ..................
  • Page 8 Table 6 – SIL Levels ............................55 Table 7 – Diagnostic Test Intervals ........................57 Figures Figure 1 – Small HC900 Controller Configuration ....................5 Figure 2 – Expanded HC900 Controller Configuration ..................6 Figure 3 – Single process with redundancies ......................7 Figure 4 –...

  • Page 9: The Safety Manual

    The Safety Manual is a reference guide providing detailed information regarding safety aspects in HC900. A reference guide is a HC900 related guide and does not describe tasks in terms of how to perform the task in terms of steps to follow. A reference guide can provide input to support decisions required to achieve a certain objective.

  • Page 10: The Iec 61508 And Iec 61511 Standards

    4 (SIL4) the highest level. If the level is below SIL1, the IEC 61508 and IEC 61511 do not apply. HC900 can be used for processing multiple SIFs simultaneously demanding a SIL1 and SIL2. The IEC 61508 and IEC 61511 Standards SISs have been used for many years to perform safety instrumented functions e.g.
  • Page 11 Our Safety Consultants can help you to: perform a hazard risk analysis • determine the SIL requirements • design the Safety Instrumented System • validate and verify the design • train your local safety staff • Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...
  • Page 12 The Safety Manual - The IEC 61508 and IEC 61511 Standards This page is intentionally left blank. HC900 Process & Safety Controller Safety Manual Revision 1.9 01/14...

  • Page 13: Introduction

    It comprises a set of hardware and software modules that can be assembled to satisfy any of a broad range of control applications. The HC900 Controller System can consist of a single rack, as indicated in Figure 1, or can be can be networked with other controllers via Ethernet links to expand the dimensions of process control over a wider range of unit processes, as indicated in Figure 2 .

  • Page 14: Figure 2 - Expanded Hc900 Controller Configuration

    Figure 2 – Expanded HC900 Controller Configuration The HC900 Controller design enables users and OEMs who are adept in system integration to assemble a system that fits a broad range of requirements. Any configuration can be readily modified or expanded as requirements dictate.

  • Page 15: Figure 3 - Single Process With Redundancies

    Introduction - System Overview Figure 3 – Single process with redundancies Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...
  • Page 16 Introduction - System Overview This page is intentionally left blank. HC900 Process & Safety Controller Safety Manual Revision 1.9 01/14...

  • Page 17: Hc900 Control System Architectures

    Refer to the following manuals for more details on the various HC900 control system architectures. Introduction to the Hardware The Honeywell HC900 Process Controller includes a set of hardware modules that can be combined and configured as required for a wide range of small to medium process control applications. Some of the modules are required in all configurations.

  • Page 18: Table 2 - Descriptions Of Major Components

    (configuration software). Configuration software is from Honeywell. (Optional) PC link to Ethernet network, which may HMI (Human- PC is from third-party include other HMIs, other HC900 Controllers, and Machine supplier. HMI software other networks (including Internet). Interface) is available from Honeywell (PlantScape Typically includes HMI operating software.

  • Page 19: Figure 5 - Redundant Configuration With Multiple I/O Racks

    HC900 Control System Architectures - Redundancy Figure 5 – Redundant Configuration with multiple I/O racks Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...

  • Page 20: Table 3 - Descriptions Of Major Redundancy Components

    Configuration software is from Honeywell. HMI (Human- (Optional) PC link to Ethernet network, which may PC is from third-party Machine include other HMIs, other HC900 Controllers, and supplier. Interface) other networks (including Internet). HMI software is Typically includes HMI operating software.

  • Page 21: Non-Redundant Controller And Non-Redundant Io

    The HC900 control system can consist of a single rack, as indicated in Figure 1, it can be networked with other HC900 control systems via Ethernet links to expand the dimensions of control over a wider range of unit processes, as indicated in Figure 2, support a single process with redundancies, as indicated in Figure 3 or provide stand alone safety or mixed safety –...

  • Page 22: Figure 6 - Two Safety Applications Process With Redundancies (C75 Cpu Only)

    HC900 Control System Architectures - Redundant Controllers and Non-Redundant IO Figure 6 – Two safety applications process with redundancies (C75 CPU only) HC900 Process & Safety Controller Safety Manual Revision 1.9 01/14...

  • Page 23: Hc900 Controller Features

    • Device Network –Isolated RS-485 Serial Interface; Modbus RTU. Two serial ports available. Each port • can be set as Modbus Master or Slave. Host Serial Interface for Honeywell or third party operator interface Revision 1.9 HC900 Process & Safety Controller Safety Manual...

  • Page 24: Scope Of Sil Certification For Hc900 Control System Architectures

    HC900 Control System Architectures - Scope of SIL Certification for HC900 Control System Architectures Scope of SIL Certification for HC900 Control System Architectures The HC900 control systems shown in all of the topologies above are included in this SIL certification with the exception of: 900 Control Station and other supervisory control systems –...

  • Page 25: Design And Implementation Of Hc900 Control System

    Allowable Function Blocks for Process and Safety Functions The following table lists the function blocks which are allowed in the safety portion and the function blocks which are allowed in the process control portion of an HC900 controller configuration. Table 4 – Function Blocks...
  • Page 26 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Provides a digital status from the algorithms and functions to a physical logic output. Outputs 17 through 32 of the 32 Channel DO Module, may not be...
  • Page 27 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions This function block generates a pulse train of a specified number of pulses following a start instruction. The pulse frequency is selectable. The Pulse Output output controls an output transistor on a Pulse/Frequency/Quadrature module.
  • Page 28 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions This block combines a PID controller with 3 Position Step Control output functions to provide motor position control without position sensing. Allows the control of a valve or other actuator having an electric motor driven by two digital output channels;...
  • Page 29 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Sets up to sixteen digital event outputs that may be ON or OFF on a per segment basis. If Program Number (PGM) = 0, Segment Number (SEG) = 0, or Event Decoder Program State (STA) is RESET;...
  • Page 30 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Monitors two digital input signals (X, Y) to set state of digital output signal (OUT). If X = OFF and Y = OFF, 2 Input OR then OUT = OFF.
  • Page 31 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Provides an ON state output when a digital input goes from OFF to ON and the previous state of the output was OFF, and an OFF state output when the digital...
  • Page 32 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Provides 16 digital outputs in groups of four. A Four Selector dedicated display allows activating of only one output Switch per group while other outputs in the associated group are turned off.
  • Page 33 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions The Resettable Timer block has the following attributes: Provides increasing or decreasing timing base on an enable input. Increasing time from 0 or preload value. Decreasing time from preset or preload value.
  • Page 34 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Provides an ON state logic output delayed by a user specified delay time after an OFF to ON transition of the RUN input. An ON to OFF transition of the RUN input before the delay time has elapsed causes the timer to reset.
  • Page 35 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Divides one input (X) by another (Y). If Y = 0, then OUT = 0 and block status is set to error; otherwise, OUT = X ÷ Y.
  • Page 36 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Accepts inputs from up to six analog input values (X1 - X6) and calculates these values for output: Minimum input value, Maximum input value, Average of input...
  • Page 37 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions The Gross method is used to approximate natural gas by treating it as a mixture of three components, equivalent hydrocarbon component, Nitrogen and Carbon Dioxide. It is typically used for dry, sweet (no H2S) natural gas.
  • Page 38 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions The Analog System Status Block is a function block and is part of the Alarm/Monitor category. It provides read access to controller status values including those related to the Analog execution cycle.
  • Page 39 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Output indicates the presence of any forced blocks in Force Present the controller. Input can clear all forces and prevent new forces. Used with redundant CPUs only, such as C75S. The output pins indicate the lead/reserve status of CPU A and CPU B.
  • Page 40 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Auxiliary Blocks Generate output characteristic curve based on up to 11 configurable "Breakpoints" for both input (X) and Output (OUT) values. OUT = interpolation of OUT (Yb) values for segment in which X falls.
  • Page 41 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Reads the numerical value of a selected configuration parameter in a given function block. Select the index number of the required parameter from the specific function block reference data, and enter it in the appropriate field in the "Read Constant Properties"...
  • Page 42 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions The Digital Decoder function converts an analog value from the Value Input to the binary equivalent value on the 16 digital outputs 1 through 16. The Value Input accepts whole numbers between 0 and 65535.
  • Page 43 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions The Stage function block provides differential On/Off control and is typically used to monitor pressure and flow for controlling pumps and operating valves. There are four individual stages grouped together in the function block.
  • Page 44 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions The trend block is used to configure up to three storage rates for the HC900 trend backfill (historical Trend Rate data collection) feature. Only one trend block is allowed in a configuration.
  • Page 45 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Communications Blocks A communications function block that allows interconnecting controllers with Ethernet media and networking devices to communicate with each other. It requires one block per controller; up to 32 controllers maximum.
  • Page 46 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions A communication function block that expands the write capability of the Modbus Slave function block to 8 additional data points. Multiple blocks may be connected to the same Modbus Slave block.
  • Page 47 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions This block allows the HC900 controller to act as a Modbus master device and communicate with XYR5000 base radios via the serial port of the controller.
  • Page 48 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions This block allows the HC900 controller to act as a master device and communicate with an XYR6000 wireless gateway via the Ethernet port of the controller.
  • Page 49 Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions This block calculates the Humidity Ratio, Enthalpy, Dew point temperature, Wet bulb temperature and Absolute Moisture based on the input Dry bulb temperature (DRY), Relative Humidity (RH) and Psychrometric Atmospheric Pressure (ATMP).

  • Page 50: Figure 7 - Analog Input Voting Block

    Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Combines with the signal tag or page connector to route a signal between points anywhere in the Function Block diagram without having to draw a Connector softwire between them.

  • Page 51: Figure 8 - Analog Output Validation Block

    Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Figure 8 – Analog Output Validation Block Digital Input Voting Function Block (DI-V) • The common digital input function block is connected to any combination of three input channels. Up to three input channels may be connected to the digital source;...

  • Page 52: Figure 11 - Fault Monitor Block

    Design and Implementation of HC900 Control System - Allowable Function Blocks for Process and Safety Functions Fault monitor function block • Figure 11 – Fault Monitor Block In this function block, the type of diagnostic for monitoring is user configurable providing an output fault pin for logical action of the fault.
  • Page 53 Design and Implementation of HC900 Control System - HC900 Control System Operational Modes Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...

  • Page 54: Hc900 Control System Operational Modes

    Design and Implementation of HC900 Control System - HC900 Control System Operational Modes HC900 Control System Operational Modes Refer installation guide information on operating modes. Hardware and wiring requirements for safety configuration The IO channels used in a safety configuration require approved listed IO modules and interconnected to ensure proper fault detection and action is achieved.

  • Page 55: Figure 13 - Individual Series Do Connections

    Design and Implementation of HC900 Control System - Hardware and wiring requirements for safety configuration Figure 13 – Individual Series DO connections Figure 14 – Common Series DO connections Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...

  • Page 56: Hc900 Safety Configurations

    RUN mode. Safety functions must be protected from outside influence to assure proper operation. The HC900 controller ONLY operates as a safety application when it is running in the RUN MODE (also known as RUN-LOCK MODE). Dataflow into the safety worksheet is only permitted from IO modules operating in the RUN (SAFETY) MODE.

  • Page 57: Figure 16 - Safety Dataflow

    Design and Implementation of HC900 Control System - HC900 Safety configurations Figure 16 – Safety Dataflow Guidelines for developing safety configuration Remember that the safety configurations are for controller revisions 6.xx and above only. Earlier • revisions don’t support safety configuration.

  • Page 58: Figure 17 - Sample Controlled Start-Up Configuration

    Design and Implementation of HC900 Control System - HC900 Safety configurations Figure 17 – Sample controlled start-up configuration Module Replacement DO-V and AO-V use an input module to verify the output’s value. Failure of the input module will cause the FBFAIL pin the “ON”...
  • Page 59 Safety system startup Below are points to be noted for system startup. HC900 defines the safety failsafe state of outputs to be LOW or OFF. Process blocks may be set per the • users requirements. Any other value or state must be accomplished outside the HC900 safety control system.

  • Page 60: Hc900 Control System Diagnostics

    Design and Implementation of HC900 Control System - HC900 Control System Diagnostics restarted when the RESTART pin is connected on the DO-V and AO-V function blocks. Non Redundant control system (C30S, C50S, C70S) When the scanner loses communications for two or more normal cycles, outputs will go and remain in •...

  • Page 61: Hc900 Sil Control System Communications

    Design and Implementation of HC900 Control System - HC900 SIL Control System communications applications requirement. All Rack Status are ‘GOOD’ for those present. All Rack Diagnostic Summaries are ‘GOOD’ for those present. Redundant Controllers: Monitor: Redundancy System: = ‘GOOD’ Redundancy Link: = ‘GOOD’...

  • Page 62: Hc900 System Start-Up Test

    The controller will start and work fine in case the watchdog test passes. • START-UP 1) Review and follow “HC900 Controller Installation and User Guide” 51-52-25-107 prior to applying power to the unit. 2) Verify controller mode switch is in the proper operating position (‘RUN’, ‘RUN/PROGRAM’, ‘PROGRAM’).

  • Page 63: Hc900 Pfd

    Care must be taken to calculate the system elements properly to achieve the correct results Annex B of IEC61508-6 provides detailed information and techniques for determination of the system. The HC900 provides both analog and digital input voting blocks. They can be configured as 1oo1 – One out of one - Single channel (point of failure) 1oo2 –...

  • Page 65: Hc900 Control System Fault Detection And Response

    The Diagnostic Test interval (DTI) is the time in which detection and isolation of faults takes place. The DTI of the HC900 is a diagnostic suite of test running in the background of the controller. The HC900 diagnostic tests are as follows: Table 7 –...

  • Page 66: Fault Reaction And Io States

    • for multi-rack systems. The time to detect a fault in HC900 with internal diagnostic and act on it is approximately one minute. • This is the maximum time to bring the process to the safe state when there is any hidden internal fault that is not detected through other means.

  • Page 67: Hc900 Controller Diagnostics

    IO module is three scan cycles. Controller application will continue to execute based upon the applications configuration. HC900 Controller Diagnostics HC900 Controller diagnostics can be found in “HC900 Process Controller Installation and User Guide” 51-52-25- 107. HC900 SIL Compatibility Model Number...
  • Page 68 HC900 Control System Fault Detection and Response - HC900 SIL Compatibility 900C50S-0360-00 C50 Controller Process & Safety Uses Scanner 1 900C70S-0360-00 C70 Controller Process & Safety Uses Scanner 1 900S50S-0360-00 IO Scanner 1 Process & Safety Used with C50S and C70S...
  • Page 69 Process & Safety Cover 900RTA-L001 Analog Input Remote Process Only Terminal Panel (RTP) 900RTR-H001 Relay Output Remote Process Only Terminal Panel (RTP) 900RTS-0001 DI, DO, AO Remote Process Only Terminal Panel (RTP) Revision 1.9 HC900 Process & Safety Controller Safety Manual 01/14...

  • Page 70: Reliability Data

    683.63 900P01-0201 1,474,906 168.37 3,759,103 429.12 Power 900P02-0201 1,444,993 164.95 3,835,627 437.86 Supplies 900P24-0201 1,716,883 195.99 4,194,453 478.82 900PSM-0101 12,063,128 1377.07 21,506,643 2455.10 Support 900RSM-0101 12,063,128 1377.07 21,506,643 2455.10 900K01-0201 HC900 Process & Safety Controller Safety Manual Revision 1.9 01/14...
  • Page 71 HC900 Control System Diagnostics, 52 topologies, 16 HC900 Safety configurations, 48 Trigger, 22 HC900 system test, 54 HCD Monitor, 52 HMI (Human-Machine Interface), 12 HMI software, 6 Ultrasonic Meters, 29 Honeywell affiliate, 3 Revision 1.9 HC900 Process & Safety Controller Safety Manual 1/14...
  • Page 72 This page is intentionally left blank. HC900 Process & Safety Controller Safety Manual Revision 1.9 1/14...
  • Page 73 This page is intentionally left blank. Revision 1.9 HC900 Process & Safety Controller Safety Manual 1/14...
  • Page 74 Phone: +(822) 799 6114 Fax: +(822) 792 9015 For more information To learn more about HC 900 Process Controller, visit www.honeywellprocess.com Or contact your Honeywell Account Manager Process Solutions Honeywell 1250 W Sam Houston Pkwy S Houston, TX 77042 Honeywell Control Systems Ltd...

Table of Contents