Det-Tronics EQP Fire and Gas Detection/Releasing System SAFETY MANUAL User Manual
Page 8
5.1
95-8599
6
EQP Safety Controller Diagnostic Checks
The EQP Safety Controller automatically carries out a
number of diagnostic checks on a continuous basis. A
number of other diagnostic tests are also conducted
to ensure the integrity of the EQPSL communication
network and proper operation of the user’s logic
program.
All checks conducted by the Controller are completed at
least once an hour. This period is called the diagnostic
test interval.
Note
other devices have different diagnostic test
intervals. See eQP Safety Device Diagnostics. Be
sure to account for this in calculations.
The certifying authority that has granted the Det-Tronics
EQP Safety System approval for use in low demand
SIL 2 safety-related applications has confirmed the
completeness of the diagnostic tests. The user program
requires no additional on-line diagnostic tests. Proof
testing, which is the responsibility of the user, is
discussed in the “Proof Testing” section of this manual.
Redundant EQP Safety Controllers
Using Det-Tronics EQP Safety Controllers in redundant
mode will increase their availability, but will have no
effect on their ability to perform a safety-related function.
The redundant controller system is certified for use as
part of a SIL 2 system.
When a second Controller is added for redundancy, the
firmware versions must match. Controllers configured
for redundant operation operate in either Master or
Standby mode. Refer to the EQP system manual
(number 95-8533) for more details regarding controller
redundancy set-up.
Note
Both the master and standby controllers must be
SIL rated models. If a SIL rated controller is paired
with a standard controller model, a redundancy
fault will be indicated.
EQP SAfETY DEVICES
EQP Safety rated field devices share many of the same
attributes as standard EQP devices. They have the same
physical form factor and are connected to the system in
the same manner as standard devices. However, SIL
versions of field devices are not directly interchangeable
with the standard versions. Each version has a unique
ID. Each field device must be configured for the
proper type of device or a trouble is annunciated. SIL
rated devices differ from the standard modules in that
they perform additional software diagnostic checks
specifically designed for safety-related applications. SIL
rated Controllers and EDIOs have red labels for easy
identification. A mixture of SIL and non-SIL rated field
devices can be used on the system at the same time,
however, non-SIL rated devices shall not block or inhibit
the safety function in user logic.
Self-detected failures of the diagnostics will result in
a fault state where the condition is reported to the
controller and annunciated to the user. Depending on
the type of fault, the field device may restart and attempt
to re-establish communication with the controller.
EQPSL
The EQP controller and associated field devices are
connected via the EQPSL communication loop. Only
EQP system approved devices can be connected to
EQPSL network (closed network). Devices from other
manufacturers shall not be connected to the EQPSL.
Special test pattern messages are periodically sent end
to end on the EQPSL to detect faults in the transceivers
and memory buffers.
Extensive diagnostics are implemented in the EQPSL
to detect degraded conditions and ensure that reliable
communications are available when needed to respond
to a demand. This is especially important as Fire and
Gas systems are traditionally energize to trip and it is,
therefore, unacceptable for them to trip based on loss of
power or network communications.
The EQPSL physical network topology is limited to a
single loop which starts and ends at the Controller. The
system is automatically configured to utilize less than
50% of the available bandwidth in normal operation.
The additional bandwidth may be utilized by the system
in transient situations involving heavy message traffic.
Safety communications were evaluated in terms of
probability of failure on demand consistent with an IEC
61508 low demand application.