Safety problems and safety characteristics of the

Safety problems and safety characteristics of automation products

with the social progress, the government and enterprises have increased their investment in safety. In order to improve efficiency, more and more instrument and automation enterprises are starting to switch production to the safety field, such as the traditional DCS production enterprises marching into the SIS field, the traditional PLC enterprises turning to the production of safety PLC, the reception of the traditional instrument Chemtura company has brought the signal enterprises whose business has taken off again, and so on. However, if we cannot correctly understand and master the "safety" problem, and do not understand what safety characteristics the product should have, such a change of production is very risky

this paper introduces the safety problems of instruments and automation products, and introduces the safety characteristics of their products

first, the basis of safety problems

safety represents the safety quality of products. It is designed and manufactured, but it cannot be maintained by products alone. Safety has its own characteristics. Without understanding its basic concepts and methods, it is impossible to deal with safety problems reasonably only by relying on the original automation technology knowledge

people engaged in safety work must deeply understand the following points:

(1) the object of safety is people

we say that automatic control systems can be used to protect people, the environment and equipment, but the ultimate focus of safety is people, that is, the object of safety is people. People will have human weakness. If there is an accident, we should consider taking the law. We should fully consider all human related safety modes and implement safety standards to avoid risks and legal disputes

· understand the weakness of human nature and increase physiological knowledge

due to the weakness of human nature, there will be bad emotions such as ignorance, curiosity, panic and so on. Misjudgment will lead to wrong operation and eventually lead to accidents. Corresponding measures should be taken for all the above abnormal behaviors as far as possible. If not, it is also necessary to specify general quality requirements for users, consider different restrictions for different types, and specify corresponding boundaries

give some examples. When an aircraft entered the landing position, the switch had been turned to the automatic control mode, but the pilot mistakenly thought it was in the manual position, and continued to pull the control lever. As a result, the automatic device acted in the opposite direction, which eventually led to the crash. The two signals of a certain section of railway indicate the status of different lines, and the driver has a crash due to reading the adjacent signals incorrectly. There are many reasons for safety accidents that violate the common sense of technicians and cannot be understood by technicians. If there are two buttons for opening and closing the door in the elevator, the response that the elevator should make when pressing any button will be fully considered in the circuit design, but passengers may press two buttons at the same time, or press two buttons with a very small time difference. Underestimation of this "game" action will lead to abnormal parking of the elevator, resulting in passengers being locked in the elevator and having to rely on external rescue

there are many such mistakes. In the development of safety products, we should conduct in-depth research from the perspective of physiology and find out measures to avoid mistakes; Fully consider the "predictable and unforeseen" events such as abnormal actions and wrong judgment of conditions. Even if there is an error, there should be remedial methods, so as not to eventually lead to an accident

· understand the safety mode related to people

to study the safety mode is to find out all the mechanisms and possibilities that may cause personal injury during the use of the product

the security modes of automation products and systems are mainly divided into two categories. The first is the safety mode related to functional failure, which is called functional safety in the field. For example, the failure of the emergency shutdown system will lead to the failure of emergency shutdown when it is dangerous; The second category is the direct injury of products to human body during use, such as electric shock, electric shock, scald, fire, explosion, machinery and so on. In the field, people call this kind of safety electrical safety, mechanical safety and explosion-proof safety

(2) safety requires high cost

the structure of automation products designed for "safety" will be more complex than when only functional structure was considered, and the cost will also increase. If you don't work hard to increase costs, you will produce dangerous products, which will cause huge losses in case of accidents

(3) hazard characteristics to understand

instrumentation and automation products used in the safety field bear the important task of "monitoring safety related state parameters in the production process, finding faults and abnormalities, and taking timely measures to avoid accidents". However, different application fields have different hazard characteristics. Without understanding these characteristics, they are easy to switch to the "safety field", and it is easy to ignore new problems that should be paid attention to, Leading to significant losses

for example, a factory uses a lot of alcohol in the processing process. Due to the failure of the exhaust fan set on the top of the plant, the alcohol concentration rises and causes an explosion. When analyzing the cause of the accident, it was found that the original design of the safety control scheme had expected that the fan failure would lead to explosion hazards, so the safety interlock was designed and installed to monitor the motor speed to ensure that the production line would stop when the motor stopped. But what I didn't expect was that the transmission pulley fell off, resulting in the failure of exhaust. This failure was found in general factories through the regular inspection of belt tension by users, but the roof of this factory is very high, and the maintenance personnel can't reach it. The designer of the safety control scheme didn't fully consider the actual situation of the factory. In the case of serious defects in the safety control scheme, no matter how well designed and reliable the product is, the safety is not guaranteed

(4) standards and specifications are very important

major accidents are low probability events. An enterprise cannot have experienced them all, and individuals in the enterprise have not learned relevant experience, which is completely different from the quality management that makes progress by accumulating experience. Therefore, it is very important to learn from the experience of external others and implement the industry recognized standards

for example, the functional safety standard is the summary of many years of experience of experts in the field of safety control in Europe and the United States. It not only puts forward a complete set of plans to achieve safety, but also stipulates the work objectives and responsibilities of all relevant personnel in the whole life cycle from the proposal of the control plan to its realization to its deactivation, and establishes a legal system related to safety control. The implementation of standards is not only an important measure to ensure safety, but also an important means to avoid risks and exempt from the law

second, the safety quality of automation products

the safety quality of products is reflected in two aspects: one is the safety of a single product, and the other is the system safety that needs to be considered when a single product is used as a unit of the system

the safety of a single product is the safety quality that every product must meet. The safety quality of automatic products is first manifested in explosion-proof safety, electrical safety and mechanical safety, that is to say, the product cannot cause direct harm to human body and environment, such as electric shock, electric shock, scald, fire, explosion, machinery and so on

the system safety of automation products is mainly reflected in the functional safety. Independent instruments and automation products do not have functional safety problems, but when it is used to combine into a safety control system or safety protection system, it needs to consider its ability to perform a specific safety function, expressed in SIL, that is, the safety integrity capability (silcapable) of the product, or the maximum declarable SIL level of the product

this is very like a bucket composed of multiple boards. Take out any board and ask if it can keep the water in the bucket at a level of 1 meter. No one can answer. Each piece of wood that makes up this barrel must be long enough to form a barrel that can hold at least 1 meter of deep water

the higher the SIL of the product, it means that the product can be used in higher-level safety related systems and is capable of undertaking higher-level risk control tasks

the main feature of products with SIL capability, or functional safety products, is that they can effectively avoid faults and failures. For products composed of pure hardware, the core of technology focuses on how to avoid random hardware failure. For automation products composed of software and hardware, the core of technology not only considers avoiding random hardware failure, but also avoiding system failure. System failure is a failure that can be eliminated only after the design or manufacturing process, operating procedures, documents or other relevant factors are modified

in summary, if an instrument and automation product claims to have the ability of safety integrity, it must have the following characteristics:

(1) there is definite and high product reliability

improving product reliability is to reduce the random failure rate that may be produced by one or more functional degradation in hardware. This failure rate is the only part of SIL that can be quantitatively determined by reliability engineering method. According to the failure rate of each component, system structure, system state, constraints and other parameters, PFD (failure rate when required) can be optimized through analysis and calculation, so as to control the random failure of hardware

(2) have high fault tolerance (fault) capability

currently, the popular name in the industry is "fault tolerance", also known as "fault tolerance". In IEC61508 standard, the formal term is "hardware fault margin". Redundancy technology is generally used to improve the hardware fault margin. The hardware fault margin is 0, just like a single channel system. A fault will lead to the loss of the function of the channel. The fault margin is 1, just like the 1oo2 system, which can still work normally in case of a fault. The rapid development of new materials in China is driven by market demand. Only the simultaneous occurrence of two faults will lead to the loss of system function. The fault margin is 2, just like 1oo3 system. It can still work normally when two faults occur at the same time. Only when three faults occur at the same time will the function of the system be lost

there is one point to emphasize: when adopting redundant methods to improve the SIL level of automation products, we must consider the problem of common cause failure, that is, we must try our best to prevent a set of problems with a width of 1200mm indenter) in which several redundant channels fail at the same time due to a fault. This is why "hardware fault margin" is used to evaluate the SIL level of products, rather than directly using redundancy to evaluate the SIL level. In their safety products, Siemens, pirci and other companies use three microprocessors produced by different companies to form three redundant channels in order to avoid common cause failure and improve the fault tolerance and safety performance of products

(3) with high self diagnosis coverage

for automatic products, the safety failure score is defined as the ratio of the average safety failure rate of the product plus the average dangerous failure rate detected to the total average failure rate of the subsystem. To improve the safety failure score is to improve the fault safety ability of the product, that is, when the product fails, it has the ability to make the system fail in a safe way. There are many ways to improve the safety failure score. The most important is to improve the diagnostic coverage, that is, to detect the possible dangerous failures by various internal diagnostic methods, and to improve the proportion of the dangerous failure probability detected by the diagnostic test in the total probability of dangerous failure

(4) there is a strictly managed development process

due to the technical defects existing in the design of hardware and software, it will directly lead to system failure. Therefore, measures must be taken in the development process of products to effectively control hardware and software