General

Specifications

HI-100-00

GS48C00Z00-00E-N

HIPS Logic Solver (2oo3)

INTRODUCTION

HIPS is the abbreviation for High Integrity Protection System. A HIPS is a specific application of a Safety
Instrumented System (SIS) designed in accordance with the worldwide agreed and accepted IEC 61508
and IEC 61511 safety standards and consisting at least of the following three (3) main parts:
1. Sensors (Pressure Transmitters)
2. Logic solver
3. Final elements
HIPS functionality is to protect fully autonomously any downstream installation(s) against excess pressure
by closing the source of the overpressure. Normally this is done by timely closing one or more dedicated
safety shutdown valves preventing further pressurization of the downstream installation. A HIPS is defined
by the IEC as a complete loop consisting of sensors (pressure transmitters) logic solver and final elements
(shutdown valves), as per the picture below, which should be classified at a certain Safety Integrity Level
(SIL).
Communication to PAS

HIPS LOGIC SOLVER

PTs
2oo3

Manifold
Pipeline
Flow direction
HIPS valve 1 HIPS valve 2

Figure 1 HIPS sketch

Yokogawa Europe Solutions B.V.

PO Box 163, 3800 AD, Amersfoort, The Netherlands
Tel: (31) 88-464 1000 Fax: (31) 88-464 1111

GS48C00Z00-00E-N
Copyright 2011
3rd Edition February 2013

HI-100-00

2 of 10

Logic Solver

This document describes the design for a HIPS logic solver using Yokogawas ProSafe-SLS system which
is a standalone, hardwired, solid state safety system from a simple design and built with robust, oversized
components. The ProSafe-SLS system has proven itself in the field for more than 40 years. The main
design criteria that are embedded in this HIPS logic solver are:
1.
2.
3.
4.
5.

High integrity.
High availability, low demand for maintenance
Totally independent of any other system.
Robust design.
As simple as possible.

HIPS Design Considerations

The following design criteria are taken into consideration designing the Yokogawa HIPS logic solver:
1.
2.
3.
4.
5.
6.
7.
8.
9.

All safety I/O loops are powered by the HIPS logic solver.
All safety I/O loops are configured for use with Eexd certified field equipment.
The 3 pressure transmitter input loops are configured in a 2oo3 configuration.
All safety functions are based on the DTS (de-energise to safe) principle.
The logic solver is implemented with the inherently failsafe Yokogawa ProSafe-SLS system
(using the CTL (Core Transistor Logic) technique) certified by TV for applications up to and
including SIL 4 according IEC 61508.
All digital functions are inherent fail-safe (SIL 4).
Supply feeders and AC/DC-converters are installed in a redundant configuration to reduce
spurious trips.
The solenoid valves per HIPS shutdown valve are configured in a 1oo2 configuration.
The HIPS shutdown valves are configured in a 1oo2 configuration.

HIPS Philosophy

The principle aims and objectives of the HIPS are:

1. The protection of personnel.
2. The protection of plant and equipment.
3. The minimisation of pollution to the environment.
The main objective of the HIPS system is to provide reliable means for safely isolating and shutting down
the installation downstream of the HIPS valves and to initiate the appropriate alarms when process
pressure exceeds the high pressure setpoint.
Therefore the HIPS will:
1. Sense automatically an abnormal operation or equipment/process condition.
2. React automatically to this condition by shutting down and/or isolating the downstream
installation, preventing any consequential effects of the abnormal condition.
3. Provide system status information for the operator and/or other personnel as appropriate.

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

3 of 10

Basic Principle

The Yokogawa 2oo3 HIPS logic solver (HIPS using 2 out of 3 voting), which is available with different
options, is based on one (1) single system design allowing optimal production and test results as well as
using the most efficient way of logic design, control panel lay out, power supply and mechanical
construction. Redundant power supply converters are implemented to reduce spurious trips. This
configuration is a worldwide standard and will benefit the engineering effort for customers and
subcontractors.
The design principle is based on a system with fixed I/O and functionality to meet all basic needs for HIPS
logic solvers. The logic and the HIPS control panel are built into one (1) fixed rack which is mounted on
the backplane of the cabinet. All field I/O is connected to terminals. The cable entry (power supply,
communication and field cables) is at the bottom. The I/O signals will be made available to the ProSafeCOM which is the communication module that deals with the communication between the ProSafe-SLS
and the external world. It has two serial, 2-wire RS-485 communication links which can be connected in
dual configuration to one external device or as two (2) separate links to separate external devices.
This HIPS functionality is fixed and dedicated to be used in predefined process setup with a Manifold,
three Pressure transmitters, HIPS Logic solver, HIPS valves, PAS (see Figure 3) and a HIPS control panel
(see Figure 4). The HIPS offers the following functionality:
1. The Manifold is equipped with three transmitters and an interlocking system providing functionality
that allows only one transmitter to be tested (isolated from the process) at any one time. If the
interlocking system is operated and one transmitter is in test mode (isolated from the process),
this will be automatically detected by the logic solver. The trip signal from the transmitter in test
mode will be disabled from the trip logic, hence the logic solver will change the trip logic from 2oo3
voting to 1oo2 voting on the two transmitters remaining.
2. The Yokogawa HIPS logic solver is equipped with a Proof Test Configuration (PTC). This PTC
allows for proof testing the logic solver including the valves when testing only one transmitter. This
facility can only be selected by operating a dedicated key-operated switch located on the local
control panel in combination with the manifold test mode. When PTC is selected the Yokogawa
HIPS automatically changes the trip logic from 2oo3 voting to 1oo3 voting. The transmitter
selected for test via the interlocking manifold can now be used to trip the HIPS. The Transmitter
High level trip will trip the logic and close the ESDV 1 / 2 HIPS valves. This test will be used to
prove:
a.
b.

Individual transmitter trip settings tripping the HIPS logic solver.

Adequate closing time of each of the ESDV 1/2 HIPS valves.

3. The Yokogawa HIPS is provided with a dedicated SOV Test facility. This facility allows for proof
testing that individual solenoid valves will trip the relevant HIPS valve. This facility can only be
operated by using two dedicated key-operated switches located on the HIPS control panel. By
operating the first switch (SOV x-1 where x is 1 or 2) the solenoids for each HIPS valve will be
tripped. By operating the second (SOV x-2) switch the solenoids for each HIPS valve will be
tripped. The consequence of each operation should be of course the closing of the appropriate
HIPS valve.
4. The HIPS can be reset by means of:
a. Operating the logic reset on the HIPS control panel (reset logic and the HIPS valves).
b. Operating individual local HIPS valve reset facilities when option is enabled.
c. Operating the PAS HIPS reset and individual HIPS valve reset when this option is
enabled.
5. The Process Automation System (PAS) can read dedicated HIPS information like HIPS I/O and
alarms via the serial link(s) to the ProSafe-COM and, if the option is enabled, send HIPS reset,
individual HIPS valve reset and close commands for the HIPS valves.

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

4 of 10

Figure 2 HIPS functionality overview

Figure 3 HIPS Logic solver (2oo3)

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

5 of 10

Figure 4 HIPS logic solver control panel

The HIPS control panel is included in the logic solver rack which is located inside the cabinet. The
indications on this panel are based on the all dark principle, meaning that under normal operational
conditions all indications are off. The panel provides the following functionality:
-Input indications: PT tripped (3 off, red), PT in test mode (3 off, yellow) PT deviation (1 off, red).
-Control indication: Proof Test Configuration (PTC) active (1 off, yellow).
-Output indications: Trip to ESD (1off, red), SOV tripped (4 off, red), HIPS valve closed (2 off, red).
-Control equipment: Proof Test Switch (1 off, key-operated), Solenoid Test (2 off, key-operated).
-Control equipment: HIPS reset (1 off, pushbutton), Lamptest (1 off, pushbutton).
The HIPS drawings are a uniform set of ACAD drawings that use internal tagnames like PT1, PT2, SOV 1,
SOV 2, etc. Client tagnames will be shown at the relevant places like the control panel. The coupling
between client tagnames and Yokogawa internal tagnames can be contained in the I/O-list.
A HIPS system fault is indicated on the HIPS front door and is available as volt-free contact for a
hardwired alarm to an external device. The alarms initiating this system alarm are individually available to
the ProSafe-COM for serial alarming to external devices.

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

6 of 10

Yokogawa 2oo3 HIPS Configuration

The Yokogawa HIPS logic solver is one single rack that is mounted on the panel mounting plate.
The logic solver power supply and I/O is connected via a robust connector.

Figure 5 Mounting plate HIPS logic solver

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

7 of 10

HIPS Scope

The 2oo3 voting HIPS application contains all the basic safety functions necessary to protect the
downstream installation against damage as a result of high pressure. On top of this, options have been
developed to meet customers demands on issues not related to the primary safety function. The options
chosen will be described in the quotation and are the basis for the table of compliance. If the customer
insists on the fulfilment of other requirements that are not foreseen in this solution, Yokogawa will quote a
client specific solution. In the quotation phase, options will be chosen that are best fitting the customers
requirements and this will be reflected in the table of compliance.
The basic safety functions are pre-described in a Functional design specification (FDS) and Safety
Validation Plan (SVP).

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

8 of 10

Included in the standard delivery:

Nr
1

Item
Enclosure

Redundant AC/DC
converters.
(85230Vac / 24Vdc /
10A)
Failsafe
equipment
&
design.
Pressure
transmitter
inputs.

3
4

Pressure transmitter test &

maintenance
Inputs.

HIPS Valve Open/Closed

inputs.

2oo3 voting.

1oo2 voting.

Proof Test Configuration

(1oo3 Voting).

10

SOV
Output
Configuration.

11

Individual solenoid outputs

(20W)

12

Control panel.

13

Documentation

Test

Description
Rittal
TS8
type
cabinet,
RAL7035,
dimensions
800mmx800mm*2100mm (w*h*d) including 100mm plinth, front access
door, mounting plate, auxiliary socket and panel lighting.
To reduce spurious trips 2 AC/DC converters are implemented in a
redundant (2oo2) configuration. Each converter is well capable of
supplying power to the complete HIPS under full load conditions.
The logic solver is implemented using ProSafe-SLS, the inherent
failsafe hardwired Yokogawa safety system.
Each of the three (3) PTs is connected to a separate, failsafe analogue
input module (0-20mA) providing a logic signal tripping on an adjustable
high pressure setpoint, input linefault (3.6 mA<Input>21 mA) and
deviation alarming functionality is provided.
Each PT has one (1) digital input reading the (ASTAVA Manifold) PT
block valve status. When the block valve is closed (for maintenance or
test) the PT trip signal will be inhibited to the 2oo3 voting logic and
change this logic automatically into 1oo2 voting logic.
Open/Close signals are available to ProSafe-COM (modbus).
Additionally the closed signals are indicated on the control panel as well
and will illuminate when HIPS valves are closed.
The 2oo3 voting logic will initiate a trip when any two out of three
pressure transmitter inputs are generating a trip.
If one pressure transmitter input is in trip condition the logic
automatically changes to 1oo2 voting logic.
A key-interlocked Proof Test Switch on the control panel is used to
switch the logic solver into a 1oo3 voting configuration. This is required
to test the complete HIPS (pipe-to-pipe) at certain time intervals in order
to keep the HIPS at the required SIL level.
Two (2) key-interlocked SOV Test switches on the control panel are
used to prove that each HIPS shutdown valve closes on only one
solenoid valve trip. There is one (1) switch (SOV x-1) to test the First
solenoid valves on both HIPS valves and one (1) switch (SOV x-2) for
the Second solenoids both HIPS valves.
Each of the four (4) solenoids is connected to an individual fused
failsafe output circuit with a maximum power consumption of 20W at
24Vdc.
Embedded in the logic solver rack and providing functionality as follows:
-Input indications: PT tripped (3), PT in test mode (3) PT deviation (1).
-Controls indication: Proof test active (1).
-Output indications: Trip to ESD (1), SOV tripped (4), HIPS valve closed
(2).
-Control equipment: Proof Test (1), Solenoid Test (2). (key-operated
switches).
-Control equipment: HIPS reset (1), Lamptest (1). (pushbuttons).
Functional Design Specification
Safety Validation Plan
Detailed design documents: Functional logic diagrams, Loop
diagrams
Hardware documents: Mechanical and Electrical drawings
Operating and maintenance instructions
Safety Certification

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

9 of 10

Ordering
Ordering code for the standard 2oo3 HIPS consists of a basic code (HIPS2oo3) and if necessary
followed by some features and if required followed by option codes as indicated in the table
below.
CODE
HIPS2oo3

Item
Standard HIPS

Description
Yokogawa standard 2oo3 HIPS solution

In the standard delivery the following FEATURES are implemented but disabled. When ordering
a HIPS logic solver please specify the appropriate code if the project requires these features to
be enabled.
CODE
-TTV

Item
Trip on Transmitter
Deviation

Additional Features
This feature enables the logic solver to trip on a deviation alarm;
i.e. a deviation above a preset value (in %) between the PTs will
cause the HIPS to trip.
(Note that if this choice is not enabled the deviation indication on
the control panel and deviation alarming to the ProSafe-COM
will still be operational).
-SLC
Serial Link Commands This feature enables serial link commands from an external
device for the operation of: HIPS reset, ESDV1 close, ESDV 2
close.
-IVRC
Individual HIPS Valve
This feature enables individual HIPS valve reset command from
Reset Commands
the field. (i.e. from the HIPS valve control boxes).
NOTE: If the features SLC and IVRC are both ENABLED it will also be possible to reset the HIPS
valves individually from an external device. Additionally the HIPS valves can be individually closed from
this device as well.
Additionally the following OPTIONS are available:
CODE
/MP24

Item
Option Option description
Main Power supply
Main power supply to the HIPS is 24VDC.
24VDC
/CS400
Cabinet Size Depth
Cabinet size: 800*400*1600mm (w*d*h). (front door
400cm
access)
/FP
Control Panel on front
HIPS Control Panel is located in the cabinet front door.
door.
/SP
Field I/O- Surge
Field I/O protected on by surge protectors.
Protection
/IS
Intrinsically Safe field
Field inputs connected via intrinsic safe isolators.
input
/HQ2
HIPS Quantity
2
Two (2) HIPS logic solvers per cabinet.
/SL4
SIL Level 4
4
HIPS logic solver is a SIL 4 classified system.
/CD
Customer
Special customer required documents can be
Documentation
provided.
When option SP is chosen field I/O will be protected by MTL surge protectors:
For inputs type:SD32X .
For outputs type:SD150X .
When option IS is chosen field inputs will be connected via MTL intrinsic safe isolators:
For analogue inputs type: MTL-5541.
For digital inputs type: MTL-5517.
Example of overall ordering code: HIPS2oo3-TTV-SLC/MP24/IS (2 Features specified, 2 options added)

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013

HI-100-00

10 of 10

Special Versions

If required all kind of HIPS (tailor-made) systems can be built using other or the same building blocks as
used for this Yokogawa 2oo3 HIPS. This allows a sophisticated custom-made alignment with customers
wishes but needs more design and test effort. Yokogawa will always strive for the optimal solution.
Example of special version:
-

3 or 4 HIPS in one cabinet

HIPS logic solver rack to be combined within subcontracting cabinet or console
ATEX (Atmosphres Explosives) zone specific cabinet
Earthquake proof cabinet
Cabinet size custom-made
Cabinet Color
Etc.

All Rights Reserved. Copyright Yokogawa Europe Solutions B.V.

GS48C00Z00-00E-N February 2013