beautypg.com

Actuator configurations – Rockwell Automation AADvance Controller Safety Manual User Manual

Page 79

background image


Document: 553630
ICSTT-RM446K-EN-P Issue: 10

_C

4-23

Actuator Configurations

In safety-critical applications using a single actuator, it is important that

the actuator failure modes be predictable and well understood, so that there is

little probability of a failed actuator not responding to a critical process

condition.
In such a configuration, it is important that the actuator be tested regularly,
either by dynamic process conditions that are verified in the AADvance

system, or by manual intervention testing.
The function of a signal shall be considered when allocating the module and
channel within the system. In many cases, redundant actuator configurations

may be used, or differing actuator types can provide alternate control and

mitigation possibilities. Plant facilities frequently have related signals; in these
cases it is important to ensure that failures beyond the system's fault-tolerant

capability do not result in either an inability to respond to safety demands or in

inadvertent operation.
In some cases, this will require that channels be allocated on the same module,
to ensure that a module failure results in the associated signals failing-safe.

However, in most cases, it will be necessary to separate the signals across

modules. Where non-redundant configurations are employed, it is especially
important to ensure that the fail-safe action is generated in case of failures

within the system.
Field loop power should be considered in the allocation of signals to output
channels and modules. For normally energized configurations, field loop power

failure will lead to the fail-safe reaction. As with the allocation of signals to

modules, there may be related functions where loss of field power should be

considered in the same manner as the signal allocation. Where signals are
powered from separate power groups, it is important that this separation be

maintained when allocating the signals to modules, i.e. that inadvertent

coupling between power groups, and particularly return paths, are not
generated.

Calculations of Probability of Failure upon Demand,

For information regarding the calculation and for PFD/PFH numbers allocated

for the AADvance system refer to the TÜV approved PFD calculation

document (Doc No: 553847 AADvance PFH and PFD Data) listed in the
approved version list.

See also other documents in the category Rockwell Automation Equipment: