Det-Tronics EQP Fire and Gas Detection/Releasing System SAFETY MANUAL User Manual

5.1

95-8599

5

EQP SAfETY CONTROLLERS
The EQP Safety Controllers share a common hardware

and software platform with standard EQP Controllers.

The SIL rated version of the Controller conducts

additional diagnostic checks and annunciates additional

fault conditions.

Safety compliance is assured by additional diagnostics,

which detect failures and take appropriate action should

errors be detected.

If the EQP Safety Controller detects a “dangerous”

fault in itself (i.e. one that would prevent the EQP

Safety System from carrying out its safety function) it

will de-energize the trouble relay. The fault causing

the Controller’s trouble relay to de-energize must be

investigated and corrected within the time period

determined by SIF verification calculations for the

particular application.

Run Mode
Run Mode is the state in which the Det-Tronics EQP

Safety System is acting as a safety-related system and

carrying out its safety function. When the system is in

this state, it is not possible to make modifications to

configuration parameters or control logic.

Program Mode
The system enters Program Mode when configuration

parameters are downloaded to the system. The

Controller trouble relay is de-energized while in this

mode as an indication. When the EQP System is in

Program Mode, the user is responsible for maintaining a

safe state.

Note

When there is a change of configuration, the user is
required to perform a validation test of the change.

Safe and Non-interfering Data
An EQP application program can read data from

safety-related and non-interfering sources. Data from

non-interfering sources must not be used in logic to

block or disable safety-related signals in the safety

loop. For example, data coming into the system from

a non-interfering field device should not be used to

block or disable an alarm output, but It could be used to

activate a common alarm used by safety-related logic.

Communication with Remote Modbus Devices
EQP Safety Controllers can read or write data to Remote

Modbus devices. Any data read from such devices

is not safety-related and shall not be used to block or

disable safety-related logic.

EQP Controller Inhibit Lockout
Device inhibits allow input and output signals to be

blocked to allow the user to perform maintenance and

testing without affecting system outputs. Example: If a

flame detector is inhibited, a flame can be presented to

the detector and the fire alarm will not be registered by

the controller. Subsequently, no action will be performed

by the controller. Therefore inhibits are classified as a

safety related issue. If a device is inhibited, it will no

longer perform its safety function. For this reason, there

is a global inhibit lockout feature.

Input channel four of the safety controller is designated

as the inhibit lockout channel. The channel must be

configured as “Inhibit Enabled” via the EQP controller

configuration screen in the S

3

software. A normally open

switch must be wired to channel four to perform the

inhibit enable function. When the switch is open, inhibits

are not allowed. When the switch is closed, inhibits can

be activated from the controller via user configured logic

or from the individual device point displays on the S

3

software.

When the inhibit lockout switch changes state, it is

logged in the EQP controller. Additionally, individual

devices are logged when they are put into the inhibit

state.

It is the user’s responsibility to create and enforce an

appropriate lockout policy for the site.