For catering to the Emergency Shutdown / Safety related application for the plant, especially for the fuel

area, a Safety Integrated System (SIS) is envisaged as existing in the plant at present. The current system used is Triconex system. An Integrated Control and Safety System for the entire plant is required. The SIS shall be integrated tightly with the DCS system. SIS and DCS controllers shall be form the same manufacturer. The SIS controllers shall be directly connected with the DCS data highway without any external gateway station. The engineering station(s) for DCS shall have the capability to do engineering for the SIS control system as well. The system and components shall comply with the applicable sections of the following standards and regulations: IEC61511 IEC61131 IEC61508 IEEE802.3 CSA C22.2 EN61010-1 Functional Safety - Safety Instrumented Systems For The Process Industry Sector Programmable Controllers Functional Safety of Electrical/Electronic Programmable Safety Related Systems Information Processing Systems - Local Area Networks No. 1010.1 (100-120V AC Power supply specification) 220-240V AC, 24V DC power supply specification

Electromagnetic Compatibility (EMC) shall be in accordance with EN61000-6-2/4 and EN61000-3-2/3. The vendor shall prove and guarantee quality assurance procedures for the complete hardware equipment and software programs according to the international standards ISO 9001 and ISO 9000-3. The latest edition of standards and codes, including addenda, supplements and revisions thereto shall always apply. The system shall be reliable enough to have an availability of at least 99.999% in the fault tolerant configuration.
The following components as a minimum of a Control System used as SIS system shall be certified for use in a SIL 3 application by TV according to IEC61508 Parts 1-7:

central processor unit I/O modules internal communication components system software (firmware) type and use of programming equipment

The SIS controller shall be based on a RISC based microprocessor. 1 msec SOE shall be available for all DI modules in the Safety system. SOE report for the Integrated Safety and Control System shall be available as an integrated one covering 1 msec SOE from both DCS and SIS system.
The hardware used for this purpose shall be designed with proven components and internal test circuits and test routines to assure recognition of any malfunction and to set outputs to their predefined safe state. The system in simplex mode i.e. single Input-single CPU- single Output modules shall be sufficient to provide the required SIL 3 safety protection. The system architecture shall be such that upon

any I/O or CPU module failure caused at one of redundant modules, the SIL 3 rating of the system is not affected, and the system continue to run at same safety level. The system shall not be one leg fault condition even when there is a failure at the redundant CPU and IO modules. Redundancy of each pair shall be independent from other pair. The system shall not degrade to crippled mode even when there are multiple system failure in the CPU and IO modules, where these failures occur in different areas of the system and not on one pair of redundant modules. There is no safety restriction on the system in terms of time limit for the system to shutdown when such faults occur. However, the system needs to be repaired as soon as possible in order to restore the systems availability level. The SIS shall be integrated to the DCS communication bus which shall make it possible to have all important data from the SIS system available at the operator interface or HMI of the DCS so that the operation of the SIS system can be observed by the DCS operator without use of any dedicated SIS operator console. The HMI of DCS sitting on the safety bus shall be certified to be interference free by TV. It is not allowed to have the DCS write into the SIS even though SIS data can be read by the DCS. The DCS shall be able to extract SIS data by means of calling common tagnames without the need for logical implementation of tags on both sides.