Professional Documents
Culture Documents
System Comparison
Safety Related
Programmable Logic Controller (PLC)
Fault tolerance
Main marketing
Main marketing area:
area: possible system
No. Manufacturer Product title area of business/ AK with/without
Geographical/ structures
processes time limit
Customer
(specialities)
1. ABB Industri AS Advant world-wide Chemical, 1oo1D 4,SIL2
Safeguard 400 Petro-chemical, 1oo2D 6,SIL3
Off-Shore, BMS
2. ABB Industri CS386 world-wide Chemical, 2oo3 6 AK5 without
(former August Triguard SC300E Petro-chemical, 2oo3 6
Systems) Off-Shore, BMS
3. ICS Triplex Regent Middle East, Petro-chemical, 2oo3 5 without
Trusted ICS Russia, USA, Latin in Off-Shore Nr.1 2oo3 6 AK5 without
(TMR, RISC-µP) America
4. SIEMENS Moore Quadlog world-wide Chemical, 1oo1D 4 without
Process Off-Shore, 1oo2D 5 with 72h
Automation FPSO 1oo2D 6 with 1h
5. SIEMENS AG S5-95F world-wide all 1oo2 6, SIL3? 0h
S5-115F 1oo2 6 0h
S7-400F all all 1oo1, 1oo2 CPU, I/O SIL3 0h
2oo2, 2oo2 CPU, I/O SIL3 without
S7-400FH
6. SMS FSC100,101 world-wide Chemical, 1oo2D 4 without
(Honeywell) FSC102 (>1200 systems) Petro-chemical, 1oo2D 5 72 h
FSC202 Off-Shore, BMS 2oo2D 6 1h
FSC new CPU 2oo4D 6,SIL3 without (no
with QMRÔ cert.)
7. TRICONEX TRICON V.6,7 world-wide Chemical, 2oo3 5
FoxGuard TRICON V.>7-10 (>2000 systems) Petro-chemical, 2oo3 6 AK5 without
(Foxboro/Eckardt) TRIDENT Exxon, Shell,Elf Off-Shore, BMS 2oo3 6,SIL3
8. YISS (Yokogawa ProSafe-DSP world-wide Petro-chemical, 1oo2 6
Industrial Safety PLS (former GTI) NAM, Shell Off-Shore 2oo3 6
System bv) ProSafe-PLC 1oo1D 4 without
(former GTI) (same system as 1oo2D 6 with
SIEMENS
Moore!)
9. HIMA H41q/H51q-MS world-wide Chemical, 2oo2 6 without
H41q/H51q-HS (>4000 systems) Petro-chemical, 2oo4 6 without
H41q/H51q-HRS Off-Shore, BMS 2oo4 6 without
ABB Triguard 1. Large applications with max fifteen 1. No module for hazardous areas
Industri SC300E chassis up to 9500 I/O. (Ex)i available.
2. Availability: Failures 3 times
more with the same complexity.
3. MTTF of Triconex modules
approximately 8 times higher as of
a comparable HIMA module.
4. External secondary shut down
way for safety related outputs
required, additional wiring.
5. Every fault activates the time
limitation (3-2-0, in redundant
operation).
6. Heating problems of the
http://www.spazint.ru/eng/faq04.htm 5/28/2009
System Comparison Page 2 of 7
system.
7. Quality problems of the system.
8. The triplicated channels are
susceptible to common cause
faults, because they are linked
together for voting, or all 3 input and
output channels reside on the same
module.
9. Bigger extent on space with
small and medium projects (high
basic work, I/O subrack 9 units
high).
http://www.spazint.ru/eng/faq04.htm 5/28/2009
System Comparison Page 3 of 7
http://www.spazint.ru/eng/faq04.htm 5/28/2009
System Comparison Page 4 of 7
2oo2 I/O level is possible. 3. The redundant I/O modules are in systems)! aspired.
6. Fieldbus master functionality the same ET200 module board (today).
available. 4. The ET200 must be linked via FO Additional
cable (galvanical isolation). development
5. Between the central unit and the for digital
I/O modules must be a fieldbus with an special
additional safety layer in the protocol version with
(Profibus-DP with ProfiSafe). reaction time
6. Central unit and extension device min. 100ms.
must be used (ET200 with I/O mod.), this
results in higher extent in work for wiring
and set up.
7. No availability in 1oo1 CPU and
1oo2 I/O level (SIL3 application).
Availability only in 2oo2 CPU and 2oo2
I/O configuration (SIL3).
8. Very complexly programming and
configuration of the system. With many
safety rules to check.
9. No easy integration.
10. Very high reaction time.
Single channel min. 220ms,
redundant min. 400ms up to 700ms.
11. Very long compilation time of
safety related Step7 programs (bigger
projects up to 2h).
12. The control of the safety-related
logic requires additional and separate
functional logic blocks (limited) in Step7
(prog. Languish). That means extra price.
13. Every hardware units needs
separate software license (runtime
license).
14. No diagnostic display exist, error
diagnostic via ext. HMI or via LED’s.
15. No Off-line test in Step7.
16. Bad support or hotline from
SIEMENS. System integrator gets no
information’s about the delivery schedule
for components.
http://www.spazint.ru/eng/faq04.htm 5/28/2009
System Comparison Page 5 of 7
applications complete reaction time from with small and medium projects (high price.
up to 450 Triconex! basic work, I/O subrack 9 units high).
points) 3. Remote I/O coupling via optical 3. No input modules with line
conductors with Triconex module supervision available.
(RXM). 4. No safety related relay outputs
4. Floating point processor available.
available. 5. No special modules for proximity
5. Direct communication with switches available (possible only with a
Foxboro DCS I/A series. Connection very expensive analogue input module)
via redundant Ethernet module 6. No module for hazardous areas (Ex)
(ACM) within the Triconex system to i available.
the Foxboro I/A series nodebus. 7. To get the possibility to interchange
Coupling may also be in redundant. I/O modules always a redundant slot has
6. Communication to the to remain free directly near by the active
Honeywell PLS TDC3000 directly module (hot spare) weather it is used or
with Triconex module (SMM) to the not.
UCN bus Honeywell. Coupling may 8. Complete redundancy can only be
also be in redundant. made if the backup slots are populated.
7. Intelligent communication Normally the hot spare is not installed.
module with 4 serial ports 9. Availability: Failures 3 times more
(MODBUS) and 1 parallel port with the same complexity.
(Centronics, EICM). 10. MTTF of Triconex modules
8. Event recording (SOE) approximately 8 times higher as of a
integrated. comparable HIMA module.
9. Programming interface 11. External relay required for the
according to IEC 61131-3 on secondary means of de-energization in
Windows NT. Currently 4 AK6. In addition periodical test of the
programming languages are relay (every 6 months).
realised: Structured text, function 12. No mixing approved and not
block diagram, cause and effect approved modules. If you decide to mix
matrix (CAE) and ladder diagram. them, you must check that it will not
10. The TRICON fulfils the NRC affect the safe functions.
guidelines in compliance with EPRI 13. Test of the memory by processing 2
TR-107330 (requirements ... safety kB data per processor and cycle. It takes
related app. In nuclear power up to 25 s to test the existing 1 MB
plants). memory.
11. TRIDENT certified up to SIL3
according IEC 61508 (new standard
for safety related PLC).
12. 3oo3 (3-2-1-0) is possible only
done via software, but not allowed
for safety functions.
http://www.spazint.ru/eng/faq04.htm 5/28/2009
System Comparison Page 6 of 7
* The YISS ProSafe-PLC system is the same as the SIEMENS Moore System Quadlog.
http://www.spazint.ru/eng/faq04.htm 5/28/2009
System Comparison Page 7 of 7
http://www.spazint.ru/eng/faq04.htm 5/28/2009