IEC 61784-3-1:2010 pdf - lndustrial communication networks - Profiles - Part 3-1: Functional safety fieldbuses - Additional specifications for CPF 1

IEC 61784-3-1:2010 pdf – lndustrial communication networks – Profiles – Part 3-1: Functional safety fieldbuses – Additional specifications for CPF 1.
4.2.3 Cross-check
This Is a comparison of the application data, sequence number. and CRC that have been redundantly transmitted (twice within the same message) to ascertain that the two copies are identical.
4.2.4 FSCP ill
FSCP Ill provides a closed transmission system suitable for use in a safety-related system It achieves trusted communication between safety-related applications.
(Adapted from IEC 62280-1).
4.2.5 Programmable electronic system
This is a system for control, protection or monitoring based on one or more programmable electronic devices. It includes all elements of the system such as power supplies, sensors and other input devices, data highways and other communication paths, and actuators and other output devices. The structure of a PES may have the programmable electronics as a unit distinct from sensors and actuators on the EUC and their interfaces, but the programmable electronics could exist at several places in the PES.
(Adapted from lC 61508-4:2010, 33,1),
4.2.6 Queuing delays
One possible fault is that messages are held up in the black channel due to queuing in the device communication stack or in intelligent network hardware including repeaters, hubs, bridges, switches, and linking devices. Unconfirmed published messages may be coming through the black channel successfully, even at an acceptable rate, but may, due to long or multiple queuing at various stages along the black channel path, be older than the process safety time allows This fault is a type of delay fault, where the delay is introduced by devices in the black channel queuing messages.
4.2.7 Redundancy
Redundancy Is the use of additional hardware, software or data above that needed in an error
free environment.
EXAMPLE Duplicated functional components and the addition of panly bits are both Instances of redundancy.
NOTE Redundancy is used primarily to improve reliability or availebilily (IEC 61508-4:2010, 3.4.6).
4.2.8 SIL environment
FSCP ill compliant hardware and software components may be built Into a system that is a suitable environment for implementation of safety-related applications.
4.3 key components of FSCP Ill
4.3.1 OvervIew
The fieldbus communication nardware and stack are not trusted. A safety communication layer above the communication stack ensures trustworthy communication over the fieldbus, and a safety link object in the FBAP contains the additional information required by the FSCP ill protocol. These are shown In Figure 6. In a safety device the application process and safety communication layer will execute in a SIL environment. A set of simplified function blocks suitable for safety-related applications have been created.
To increase availability, hot-standby bus redundancy may be used. A single channel is expected to be used between instruments and a logic-solver. Redundant channels are expected to be used for communication between logic-solvers.
4.4 RelationshIp to the ISO 051 basic reference model
The safety communication layer is implemented above the communication stack in the
application layer.
5 General
5.1 External documents providing specifications for the profile
The following documents provide additional specifications which may be relevant for the
design of FSCP 1/1:
• FOUNDATION’ Fieldbus AG-iSO [45J
• FOUNoATIoN’ Fleldbus FF-807 [46]
• FOUNDATION Fleldbus FF-884 [47]
• F0UNDATION Fieldbus FF-895 [48].
5.2 Safety functional requirements
5.2.1 R.qulr.m.nts for functional safety
The following list are the functional safety requirements used in the development of the FSCP 1/1 protocol.
• FSCP 1/1 shall be designed to permit vendors to develop products suitable for use in SIL 2 (IEC 61508) applications. SIL 3 is recommended
• The protocol shall support the publisher/subscriber and client/server connection.
• The safety related protocol shall prevent interference from non-safety related devices. For example a non-safety related handheld shall not be permitted to change parameters in a safety related device
• The protocol shall protect against unintended or non-authorized configuration changes to a safety device.
• The contribution of the FSCP ill protocol to PFD/PFH shall be less than 1 % of the value required by the SIL level.
• PFDIPFH calculations shall be based on demand mode and high demand mode (as defined in IEC 61508).