EHELP: Using the STA for a high temperature Safety Instrumented Function

Q: Currently we monitor the temperature level in our oven with a thermocouple and let our PLC control the oven. We now need to implement a high temperature Safety Instrumented Function (SIF).  Do we need duplicate temperature sensors and do you have a Functional Safety device that can provide oven shutdown capability on high temperature?

A: A requirement of the SIF is for a safety function to be independent from the control system with the expectation that the safety loop will not fail should the regular process control loop incur a sensor, controller or any other failure. Therefore, it is recommended you not use the same sensing devices (thermocouple in your instance) for the safety function and control system. Other considerations to factor in are maintenance and proof testing of the SIF. If either affects the control system, interruptions to normal operation during this time will be experienced. If a common sensor is used, then a risk analysis must be performed. (Please refer to IEC61508 standard section and ISA84/IEC61511 Part 1 11.2.10 and Part 2 11.2 for more information.)

To maintain a safe, operable system, SIL (Safety Integrity Level) guidelines state that your SIF would have an independent temperature sensor housed in a different thermowell. For improved safety, use of different technologies for these sensors avoids common cause failures in the control and safety functions; either different types of thermocouples or an RTD if temperature limits allow. Best practice is to duplicate transmission of the safety sensor signals to the control system. Such an arrangement can lead to improved diagnostic coverage by allowing signal comparison between control and safety sensors.

For this SIF, we recommended using products from Moore Industries’ Functional Safety Series which are independently assessed and certified by exida. The STA Functional Safety Trip Alarm can be used to monitor the oven’s thermocouple sensor and includes two user configurable failsafe process trip alarms. It also has an isolated 4-20mA analog output signal which can be sent to the primary control system for comparison with the process control temperature signal. 

If additional process relay outputs are required you can use the SRM Functional Safety Relay Module. The SRM accepts an input from one of the STA process relay outputs and offers three additional relays that can be used to drive other output loads.

The STA Functional Safety Trip Alarm and SRM Functional Safety Relay Module are available with IEC 61508 certificates from exida, safety manuals and FMEDA reports for your SIF calculations.

Published: May 24, 2016
