installation technology for safety-related fieldbus · 2018-05-04 · the fieldbus experience...

Fieldbus TM

F o u n d a t i o n

INSTALLATION TECHNOLOGY FORINSTALLATION TECHNOLOGY FOR

SAFETY-RELATED FIELDBUS

Namur recommendation NE 97

PROCESS AUTOMATION

INSTALLATION TECHNOLOGY FOR SAFETY-RELATED FIELDBUS

Table of Contents:

I Process Fieldbus Today

II Theoretical background of safety-related fieldbus:

NE 97

III Organizational aspects

IV Time considerations

V State of safety-related fieldbus in process

automation

VI Structures of fieldbus networks

VII Safety requirements on fieldbus installation

technology

VIII Plant documentation

IX Conclusions

X References

XI Authors

Abstract

The control of automated production plants by means of

integrated digital communication from control system all

through to field device is gaining acceptance in the

process industry. PROFIBUS PA and FOUNDATION

Fieldbus H1 have proven their qualification for practical

use and get applied more frequently. Only with safety-

related applications plants still depend on conventional

instrumentation. The NAMUR recommendation NE 97

defines the requirements on safety-related fieldbus sys-

tems and gives guidelines for their implementation.

Applications such as PROFIsafe are already in use world-

wide, the respective protocols and devices for other field-

busses are in development. State-of-the-art fieldbus

installation systems incorporate all protection mecha-

nisms to ensure a disturbance-free communication. In

conjunction with the safety-related fieldbus protocols

these installation systems allow plant-wide digital com-

munication even for safety-related applications. Thus the

conventional wiring parallel to the fieldbus network can

be omitted. In consequence savings in installation costs

and, more significantly, in operation costs during the live

cycle of a plant can be realized.

The first edition of this paper was published in the

Conference Proceedings of the PCIC Petroleum and

Chemical Industry Conference Europe in Basle,

Switzerland, 26.-28.10.2005.

I. PROCESS FIELDBUS TODAY

In factory automation plant control by fieldbus has

already been in use for a long time and is perceived as

standard. However, in process automation the discussion

has been ongoing for more than 10 years, nevertheless

most applications still run on the conventional 4 … 20 mA

technology. Perceived as an intermediate step is the

Remote I/O Technology which took the fieldbus halfway

to the instrumentation but required quite some addition-

al investments and expertise. Even after the fieldbus

standard IEC 61158 was released, defining the basic con-

cepts of process fieldbus such as physical layer condi-

tions, power supply and digital communication via the

same two-wire cable as well as communication encoding

scheme, acceptance in chemical, pharmaceutical, oil and

gas processing and similar industries still remained low.

Two major reasons count for that: On the one hand the

stringent requirements in regard to explosion protection

posed severe limitations on the use of fieldbus. The pre-

ferred explosion protection method ‘Intrinsic Safety’,

which conveniently allows live work at the devices during

operation, made fieldbus installations in explosion haz-

ardous areas inefficient and rather expensive.

Improvements of the initial Entity concept, such as the

‘Fieldbus Intrinsically Safe Concept’ (FISCO) [1], eased

the situation a bit but still provided no satisfactory solu-

tion. But in 2002 the ‘Fieldbus and Remote I/O System

Comparison’ (FuRIOS) [2] laid the foundation to overcome

these limitations. This enduser-driven study recommen-

ded, among others, the use of Fieldbus Process Interfaces

to integrate conventional signals into the fieldbus com-

munication and High Power Trunk Concepts for the field-

bus network. These installation concepts allow to lead a

high supply current into Zone 1 resp. Class I, Div. 2 by

means of the explosion protection method ‘Increased

Safety’ or Div. 2 installation methods. The devices, how-

ever, are connected intrinsically safe to the appropriate

fieldbus distributor, thus offering all the benefits of

explosion protection by energy limitation. Due to these

concepts fieldbus is rapidly gaining acceptance in the

process industry, several major plants are in operation

already. The key element of these topology concepts are

specific fieldbus distributors, so-called fieldbus barriers,

which has been clearly stated at the 2004 general

assembly of the ‘User Association of Process Control

Technology in Chemical and Pharmaceutical Industries’

Fig. 1: High Power Trunk Topology approved by NAMUR


(NAMUR). Fig. 1 shows a High Power Trunk Topology in

the fieldbus experience presentation given by Novartis,

Sanofi Aventis and DSM to the NAMUR general assembly [3].

Today these companies, and some more, operate fieldbus-

controlled production plants with several thousand fieldbus

devices. However, they do not have the fieldbus fully

integrated since they had to connect the safety-related

instrumentation with a parallel, conventional wiring net-

work. This exactly is the second major reason hampering

the full acceptance of fieldbus in the process industry.

II. THEORETICAL BACKGROUND OF SAFETY-

RELATED FIELDBUS: NE 97

In order to allow safety-related instrumentation by field-

bus the NAMUR working group 4.5 “Plant safety” com-

piled the NAMUR recommendation NE 97 ‘Fieldbus for

Safety-Related Uses’ [4]. This document describes how

PCT damage limitation systems are to be structured.

Based on the implementation of communication in analog

signal processing and the zero current principle in binary

signal processing, implementation possibilities of safety-

related fieldbus networks are derived to connect sensors

and actuators with fieldbus capabilities. Basis for the con-

siderations of damage limitation instrumentation is a

safety-related DCS (S-PLC). Fig. 2 shows such a conven-

tional configuration. Mandatory for such a system are

proven field devices, typically by the experience of several

years of operation.

Since fieldbus technology is a rather new development it

would be hard to find fieldbus devices which meet these

experience requirements. The consequence is to subject

the individual devices to rigorous certification testing. Fig.

3 depicts such a structure using both certified S-PLC and

devices. Unfortunately these certification requirements

would raise the cost of safety-related fieldbus dramatical-

ly. However, based on the assumption that reliable gene-

ration of measurement or safety-related signals is assured

by proven sensors, the fieldbus interface is the only

remaining factor not yet safety-related. In IT technology

Fig. 2: Conventional safety system in analog technology

self-controlling software protocol stacks are widely used.

So the task lies in developing a fieldbus stack that gua-

rantees safety and implementing it into the field device

instead or additionally to the standard fieldbus communica-

tion stack as shown in fig. 4. Consequently, a safety-related

bus system must have a protocol structure according to

the data safety requirements. The appropriate methods

have to be implemented in the proven transceiver units.

Without guaranteed detection, the safety-related data

must not get lost, changed or doubled; they have to be in

the correct time frame and the communication elements

must not fail due to network or bus access problems.

Table 1 shows exemplary data errors and measures for

prevention. Such safety-related protocol stacks have to

be compliant with IEC 61508. This is ensured by specific

safety extensions additional to the transmission and

application layer according to the ISO/OSI 7-layer model.

The safety stack monitors the communication between

field device and S-PLC and ensures that no signal distor-

tion can cause critical process situations. Since such a

secure communication is self-monitoring and fail-safe the

S-PLC will be notified by the safety-related stack in case

the process values or failures in the physical transmission

layer are causing problems. Consequently no safety-rela-

ted requirements are imposed on the communication

Fig. 3: Fieldbus System with safety certified devices

Fig. 4: Proven device with safety-related protocol stack

Sequ

entia

l num

ber

Tim

e st

amp

Tim

e ex

pect

ion

Echo

Star

t/End

de

limite

r

Data

pro

tect

ion

Redu

ndan

cy w

ithcr

oss

refe

renc

ing

Dataerror

Repetition X X X

Loss X X X

Insertion X X X X

Wrong sequence X X X

Alteration X X

Delay X X

Measures

Tab. 1: Measures for increasing data reliability

Fig. 5 Safety System fully based on fieldbus communication

medium itself, such as fieldbus cabling, junction boxes or

segment couplers. Fig. 5 shows such a protection system

with S-PLC and proven fieldbus devices with integrated

certified protocol stacks. In order to increase the efficiency

of fieldbus instrumentation it is possible to have standard

and safety-related functions in one and the same field

device and have the latter activated by simple switching.

This solution would allow to use the same device type in

safety-related and non-safety-related systems, thus

reducing the cost of having different device types on

stock and, due to economy of scale, even the cost of the

device itself. NE 97 considers protection systems using

S-PLC and Remote I/O Systems, too. Since the latter is

perceived as an intermediate step to full fieldbus com-

munication this approach is not followed here.

III. ORGANIZATIONAL ASPECTS

Parallel to the technical measures organizational rules for

handling safety-related fieldbus systems have to be

clearly defined and documented [5].

In order to prevent accidental or unauthorized modification

of parameterization data or bus configuration the access

to those data has to be strictly organized and protected by

means of a well-defined access administration. However,

the rules must allow for all users to access diagnostic data

which are necessary for fault localisation in case of opera-

tion disruptions. The access administration should be

incorporated in the configuration and parameterization tool.

A. Configuration

For the plant control unit the safety-oriented devices

connected to the fieldbus have to be distinct in terms of

location and function. Configuration is allowed only for

authorized personnel. If process control as well as safety

equipment are connected to the same bus an accidental

configuration modification of the safety-related devices

has to be prevented. The respective configuration compo-

nents must be overwrite protected. Device exchange has

to be possible during operation without causing the

system to switch to the safe state. This could be achieved

by a time-limited bypass of the PCT point’s automatic trip

function. A written permission by the authorized person

is required.

The configuration of this bypass must be clearly assigned

to the specific PCT point in order prevent any danger of

confusion. The guideline VDI/VDE 2180 [6] must be

adhered to when setting up this bypass. Changes to the

configuration must be clearly documented, stating the

date, time and name of the responsible person.

B. Parameterization

Input and modification of field device parameters should

follow NAMUR recommendation NE 79 [7]. Prior to

overwriting any parameter, it has to be checked if the new

parameter will influence the measurement signal or any

limit value generated by the device. When reading or prin-

ting a parameter record of a device, a reference has to be

made to the PCT tag number, place and function of the

fieldbus device. The same applies when downloading a

parameter record. Similar to the configuration process

date, time and name of the person executing the work

must be documented in order to be traceable.

IV. TIME CONSIDERATIONS

Safety-related systems must guarantee to bring the

process application to a safe state before any danger for

persons or environment could develop [5]. In order to

determine the appropriate time frame for the safety

mechanism, two time requirements have to be considered.

A. Process Related Time Requirements

The process related time requirements result from two

aspects. The dynamics of the process itself leads to the

thereof deduced failure tolerance time. The second aspect

is the frequency of occurrence of process states which

result in activation of the safety-related system. The time

assessment in fig. 6 assumes a disturbance in the process


or a failure in the C&I equipment. In case the safety system

does not respond in an appropriate time frame a dangerous

situation would occur after the failure tolerance time has

passed.

B. Data Transmission Related Time Requirements

In order to achieve a correct time estimate for data

exchange of safety-related systems a time assessment of

the information flow from activation of the sensor A to the

resulting action of the actuator B is required. The following

items have to be considered:

1) Typical Reaction Time:

In factory automation less than 1 second (10 … 100ms),

in process automation from 100ms to several seconds.

2) Additional Telegram Requests:

With hitchless switching to another fieldbus device

(switching to redundant unit or shut-down and replace-

ment of a device) this additional telegram request influ-

ences the reaction time and thus has to be considered in

the time calculation.

3) Sequential Shut-down:

With some applications repair works during operation

are possible which require sequential shut-downs of bus

devices. These time periods have to be considered.

4) Topology:

The structure of the fieldbus network could have an

impact on the time calculation and needs to be

considered.

Fig. 6: Process failure tolerance time and danger prevention by an

operative safety system.

5) High availability:

In process automation most plants are working continu-

ously with max. 10 shut-down days per year. In order to

achieve this the systems have either to be installed

redundant or must allow change of components during

operation. Online-modifications of programs and para-

meterization during operation have to be supported.

The effect of these requirements on the time calcula-

tion has to be analyzed.

6) Usable Data Transmission Rate:

The portion of the telegram containing process data,

excluding protocol data such as headers and delimi-

ters, is an essential characteristic of the time considera-

tion. Depending on the bus system the usable data

transmission rate could be 10 … 80% of the total trans-

mission rate.

7) Telegram Failure Reactions:

Some bus systems allow to repeat telegrams which

have been detected as faulty. The number of repeti-

tions can be adjustable. In an environment with lots of

disturbances this leads to significantly increased reac-

tion times. Faulty fieldbus devices could require a re-

initialization of the complete bus system.

The maximum allowed reaction time has to be calculated

according to the algorithm explained below. The cycle

time (tcycle) has to be included twice. Some manufacturers

offer specific calculation programs.

tr: Total reaction time of bus system

ti1: Input delay time 1 = chatter time + reaction time.

The input signal is written into the memory of input

unit

ti2: Input delay time 2 = internal delay time of input

unit

tv1: Bus transmission time 1 = Target Rotation Time

From input unit memory to memory of signal

processing unit (e.g. PID)

tcycle: Signal processing time

Read from input memory, processing according to

software, write to output memory

tv2: Bus transmission time 2 = Target Rotation Time

From signal processing unit memory to output unit

memory

To1: Output delay time 1 = internal delay time of

output unit

to2: Output delay time 2 = reaction time + actuator time

Transmission from output unit memory to actuator

(e.g. relay, transistor)


Fig. 7: Diagram for reaction time calculation

V. STATE OF SAFETY-RELATED FIELDBUS IN PROCESS

AUTOMATION

The prominent safety-related fieldbus is PROFIsafe with

over 3,000 applications already running in 2004. However,

the PROFIsafe profile is based on PROFIBUS DP with

RS485 transmission physics. Since this does not allow

device supply via the bus communication line it is not the

ideal choice for the processing industry. From the several

fieldbusses mentioned in IEC 61158 FOUNDATION Fieldbus

H1 and PROFIBUS PA have emerged as the most accepted

ones for device supply and fieldbus communication over

just two wires.

The Fieldbus Foundation initiated the ‘Safety Instrumented

Systems’ project (FF-SIS) in 2002. The concept has been

approved by the German TÜV in 2004 and R&M Industrie-

service, former Infraserv Höchst Technik, Europe’s one and

only Foundation Fieldbus Centre of Excellence, has been

tasked with FF-SIS laboratory specification validation testing.

The FF-SIS specifications are based on the IEC 61508 stan-

dard and support SIL 2 and SIL 3 applications. The protocol

extension for safety-related communication follows the

recommendation of NE 97 while the standard FOUNDATION

Fieldbus H1 communication system remains unchanged.

Fig. 8 and 9 show this concept as presented at the Fieldbus

Foundation general assembly in February 2005 [8]. By the

end of 2005 the first device evaluations started within a

working group of major endusers and manufacturers.

PROFIBUS PA is using the same protocol as the widely

used PROFIBUS DP and PROFIsafe. Thus it is possible to

adapt the safety-related profile which follows the NE 97

recommendations. Consequently the profile ‘PROFIsafe for

PA’ V1.0 had been released in December 2004, Fig. 10

shows the basic concept [9]. The certification procedure for

field devices was announced at the end of 2005.

Fig. 8: FF-SIS communication concept

Fig. 9: FF-SIS safety-related protocol stack

Fig. 10: PROFIsafe for PROFIBUS PA

VI. STRUCTURES OF FIELDBUS NETWORKS

Typically the complete automated production plant control

system is structured in three levels as shown in fig. 11. The

factory level as the topmost level accumulates all data

relevant for plant management. It comprises the business

management systems and ERP systems. The control, engi-

neering and maintenance stations at the cell level are con-

nected by a specific data backbone. Depending on the DCS

system these could be proprietary protocols, nowadays

often based on Ethernet standards like, for example,

PROFInet or HSE High Speed Ethernet which was developed

by the Fieldbus Foundation. At the field level the individual

devices are connected to the control systems, typically

using fieldbus based on IEC 61185-2 to facilitate device

power supply and explosion protection. For the installation

of the fieldbus cables and the allocation of the field devices

the various fieldbus standards offer a choice of topologies

[10, 11] as shown in fig. 12. It is strongly recommended to


Fig. 11: Hierarchy of plant control systems

follow these guidelines in order to guarantee a secure data

transmission. If one has to deviate from these guidelines

due to specific environments the following influencing

factors have to be considered:

• The maximum length of the cables, under consideration

of data transmission rate and cable type (see tab. 2)

• Number of fieldbus nodes

• Use of special transmission media due to high electro-

magnetic noise, maybe only for small sections of the

network

• Design of fieldbus nodes and acceptable drop line

lengths in accordance with the type of fieldbus, trans-

mission rate and cable type

Fig. 12: Allowed fieldbus topologies according to [10]


Cable type Discription Wire cross- Max. networksection dimension

Typ A Shielded, twisted pair 0.8 mm2 1900 mReference (AWG 18)

Typ B Several twisted 0.32 mm2 1200 mpairs with (AWG 22)overall shield

Typ C* Several twisted 0.16 mm2 400 mpairs, without shield (AWG 26)

Typ D* Several non twisted pairs, 1.25 mm2 200 mwithout shield (AWG 16)

* Not recommend, only for special applications or upgrades

Tab.2: Fieldbus cable types and lengths according to IEC 61158-2

VII. SAFETY REQUIREMENTS ON FIELDBUS

INSTALLATION TECHNOLOGY

In paragraph II. it was stated that no safety-related requi-

rements are imposed on the physical layer installation nor

is any SIL certification needed for passive components.

The safety-related protocol stack detects failures in the

fieldbus wiring or signal distortions due to bad shielding

since it will recognise any incorrect data transmission.

However, the result would be that the application shuts

down not only if real process critical conditions appear but

also in cases of minor lead breakages or uncritical signal

disturbances caused by external noise. Since this would

not be acceptable the fieldbus installation should be de-

signed as safe and fault-tolerant as possible. The initially

mentioned FuRIOS study gives certain guidelines for opti-

mum fieldbus topology design [12]. It recommends a line

structure as shown in fig. 13 with individual connection

drop lines by means of Junction Boxes in order to facilitate

fault localisation and to disconnect individual devices

without impairing the communication of the other devices

connected to the fieldbus segment. Since a short-circuit at

one device would stop the communication of the entire

segment Junction Boxes with short-circuit current limita-

Fig. 13: Recommended line structure with individual device connections

bus cycletime < 1000 ms



tion for each output should be used. These so-called

Segment Protectors are available for safe areas and with

appropriate explosion protection certification for Zone 2

resp. Class I, Div. 2. For High Power Trunk Concepts in Zone

1/Class I, Div. 1 the recommended fieldbus barriers typically

combine the three functions: Fieldbus distribution, short-

circuit protection and intrinsically safe device connection.

Another thread to fieldbus communication is irradiation of

ambient noise into the network cabling which could distort

the digital signals dramatically. Therefore both FuRIOS and

the respective fieldbus installation guidelines recommend

various shielding concepts. Modern fieldbus installation

systems feature capacitive shielding/grounding capabilities

which is perceived as the most cost-efficient method to

integrate shielding and explosion protection requirements.

More danger could arise from power surges or lightning

strikes. As precaution the user can add specific surge pro-

tection modules to his fieldbus network. State-of-the-art

Surge Protectors are available as modular units for various

explosion protection concepts and allow the implementa-

tion of a lightning protection zones concept according to

IEC 61312-1. The Fieldbus Power Supplies, which combine

the digital communication signal of the fieldbus host with

the supply current from bulk power supplies, can help to

optimize the fieldbus stability, too. Today’s Power Supply

Systems such as the FieldConnex® Power Hub feature

sophisticated noise suppression technologies and various

isolation and redundancy concepts to enhance safety and

reliability of fieldbus networks. Modern Power Supplies

are designed as modular systems in order to allow an opti-

mal adaptation to the requirements of the plant and the

specific safety-related system. They offer several protec-

tion mechanisms to minimize the possible influence of the

physical layer on the safety considerations:

• Passive impedance matching: For coupling DC supply

current and AC digital signal, passive components are

used. Their high efficiency of up to 91% induces only

minimum thermal strain on the environment and the

modules themselves. The operational safety is proven by

high MTBF numbers.

• Redundancy of the Power Modules: The power supplies’

availability can be further increased by means of an

optional parallel configuration of the electronic compo-

nents with load sharing and automatic switchover in

case of fault.

• Redundancy of the power sources: Two bulk power

supplies can be connected in parallel by means of

appropriate, integrated decoupling diodes.

• Redundancy of the fieldbus communication: Two

redundant host interfaces can be connected to one

fieldbus segment and thus guarantee digital fieldbus

communication without interruption. With FOUNDATION

Fieldbus H1 the option to configure backup LAS (Link

Active Scheduler) in the field devices offers one more

choice to stabilize the data transmission.

• Protection of the host connection lines: While the signal

transmission lines to the field devices should be protec-

ted by fieldbus distributors with short-circuit current

limitation as described above, the cables between host

system and Power Supply can be protected by features

integrated in the latter. In case of short-circuit the redun-

dant host interface will keep the safety-related fieldbus

segment in operation. With backup LAS in the field

devices this protection will work with non-redundant

host systems, too.

• Protection against resonances and crosstalk: For this

purpose, the innovative "Crosstalk and Resonance

Suppression Technology" CREST has been developed,

which ensures a high stability of the fieldbus signal.

Possible resonances in the network are suppressed,

negative influences from data transmission inducing

noise radiation into a fieldbus communication running

in parallel are prevented.

• Monitoring and error messaging: Diagnostic modules

monitor the fieldbus installation and indicate error

states via LED, separate relay outputs as well as a

special diagnostic bus. Advanced online diagnostic

modules allow to continuously monitor the signal

level in the fieldbus segment and thus to program

appropriate warnings in the control system’s software

to indicate if the safety-related system deteriorates to a

less optimal operational state. On top of that, conve-

nient diagnostic features support maintenance and

quick fault rectification.

Especially in safety-related applications all possible care

should be taken not to influence the digital signal by im-

ponderabilities of the passive wiring network. A fully pro-

tected fieldbus topology following the state-of-the-art High

Power Trunk Concept [13] will look like depicted in fig. 14.

Fig. 14: Fieldbus topology with maximum safety precautions


VIII. PLANT DOCUMENTATION

The documentation of a fieldbus system and especially of

a safety-related system has to be organized with greatest

possible care. The system documentation is to be created

coevally with the general project documentation for the

automated plant or device. Parallel to the documents pro-

vided by the manufacturers of fieldbus components and

system integrators the specific information on operation,

maintenance and safety-related aspects have to be easily

accessible and always up-to-date. The legal requirements

for documentation are based on the valid guidelines for

commissioning and operating machines and production

plants. In conjunction with international standards such as

European standards various national and local standards and

guidelines have to be observed. Especially the personal

liability of owner and operator of a plant as well as of the

documentation’s author implies to keep the documentation

at the highest level of quality. Care has to be taken that

the documentation is fully complete and the unambiguous

correlation to process, plant state and other documents is

ensured. The documentation has to be consistent in itself

and regarding correlated documents. A clear version

tracking has to be established. All documents have to be

stored in an easily accessible manner. In order to docu-

ment all aspects of the application it is necessary to docu-

ment the project specifications as well as the realized

technical data. The used standards and commonly accep-

ted technical rules, including company-internal standards,

have to be attached or referenced. The documentation of

the application software is depending on the individual

fieldbus components. This could cause problems in case of

hardware component failures. In order to establish a via-

ble documentation for operation and maintenance the

software interdependencies in case of failures of different

hardware components as well as the behaviour of the

application software have to be documented, too. For the

application software a reliable version tracking concept is

mandatory. The same applies for firmware version tracking

of the individual fieldbus devices.

IX. CONCLUSIONS

The theoretical foundation for safety-related fieldbus has

been laid by the NE 97. The process fieldbus organisations

PNO Profibus International and Fieldbus Foundation have

implemented these recommendations into the respective

communication profiles. With an appropriate, comprehen-

sive fieldbus installation system, such as FieldConnex® by

Pepperl+Fuchs, the physical layer can be installed in a way

that facilitates the future safety-related fieldbus. Once this

technology is accepted by the users and the safety-related

fieldbus devices are available the path to fully integrated

fieldbus plant control will be wide open.

X. REFERENCES

The first edition of this paper was published in the

Conference Proceedings of the PCIC Petroleum and


Chemical Industry Conference Europe in Basle,

Switzerland, 26.-28.10.2005

[1] Johannsmeyer, U.: Investigations into the Intrinsic

Safety of fieldbus systems, PTB-Bericht W-53e,

Pysikalisch-Technische Bundesanstalt, Braunschweig

1994, pages 61-70

[2] Tauchnitz, T., Schmieder, W., Seintsch, S.: FuRIOS:

Fieldbus and Remote I/O – a system comparison, atp

Automatisierungstechnische Praxis 44 (2002),

Edition 12

[3] Schwibach, M., Meier-Künzig, T., Seintsch, S., Zobel,

J.: Fieldbus Experience Reports, Presentation at the

NAMUR general assembly November 4th, 2004,

published in: FuRIOS 2 Compendium, Pepperl+Fuchs

GmbH, March 2005

[4] NAMUR Recommendation NE 97 ‘Fieldbus for Safety-

Related Uses’, User Association of Process Control

Technology in Chemical and Pharmaceutical

Industries, March 2003

[5] Kuboth, J., Kemp, K., Steffens, T., Klaes, G.:

Qualification of bus systems and their components

for plant safety in the chemical industry, atp


Edition 9

[6] Guideline VDI/VDE 2180 ‘Safety of process produc-

tion plants by means of process control technology’,

VDI Association of German Engineers, December

1998

[7] NAMUR Recommendation NE 79 ‘Microprocessor

Equipped Devices for Safety Instrumented Systems’,

User Association of Process Control Technology in

Chemical and Pharmaceutical Industries, June 2004

[8] Mitschke, S.: State of FF-SIS project, Presentation at

Fieldbus Foundation general assembly, February

2005, published at www.fieldbus.org

[9] Wenzel, P.: PROFIsafe status report, PNO Profibus

Nutzerorganisation e.V., September 2005

[10] AG-140 Wiring and Installation 31.25 kbit/s, Voltage

Mode, Wire Medium Application Guide, Fieldbus

Foundation, 1996

[11] PROFIBUS PA User and Installation Guideline,

PROFIBUS Nutzerorganisation e.V., 2003

[12] Kasten, T.: The Applicability of the FuRIOS Study,

Translation of the German article “Die Anwendbarkeit

der FuRIOS Studie”, originally published in atp


Edition 3, pages 51-54

[13] Schuessler, B., Kasten, T.: Breakthrough in Fieldbus

technology – High Power Trunk Concepts; Translation

of the German article “Durchbruch in der

Feldbustechnik”, originally published in atp


Edition 7, pages 48-53

Dipl.-Wirtsch.-Ing. Thomas Kasten

Thomas Kasten is Marketing Communications Manager with

Pepperl+Fuchs GmbH, Division Process Automation. In his former

position he was marketing responsible for the product group

FieldConnex® Fieldbus Installation Technology. Prior to that he

held several positions outside of Germany, covering technical

marketing and service. He is a member of the Steering

Committee of Fieldbus Foundation Europe/Middle East/Africa.

Pepperl+Fuchs GmbH

Koenigsberger Allee 87

D-68307 Mannheim • Germany

[email protected]

www.pepperl-fuchs.com


Dipl.-Ing. (FH) Udo HugUdo Hug leads the team ‘Plant Safety’ in the automation techno-

logy department of Infraserv Wiesbaden Technik GmbH & Co. KG.

Since February 2000 he is authorized expert for plant safety

according to German regulation BImSchG. He shares his expert

knowledge, especially in automation control technology, as a

member of several working groups such as “VDI/VDE 2180 –

Safety of process production plants by means of process control

technology”, “VDI/VDE 2184 – reliable operation and maintenance

of fieldbus systems”, “VdTÜV technical bulletin 372/2: Guideline

for testing safety-related Process C&I equipment in plants”,

“NAMUR recommendation NE 97 – Safety-related fieldbus”.

Infraserv Wiesbaden Technik GmbH & Co. KG

Rheingaustraße 190-196

D-65203 Wiesbaden • Germany

[email protected]

www.isw-technik.de

XI. AUTHORS

Object Planning, Architectural and Civil Engineering

Project Controlling, Building Management

Sewage Rehabilitation and Monitoring, WHF Facilities

Heating, Ventilation, Air Conditioning, Sanitary Facilities

Electric Installation, Communication and Data Networks

Warning and Protection Technology

Lightning Protection

Processing and Machine Technology

Automation and Drive Technology

Project Management

Facility and Machine Safety

Explosion Protection

Analysis Technology

Mechanical Engineering

Metal Cutting

Pipeline Assembly and Sterile Technology

Facility and Tank Manufacture

Steel Plate Processing

Assembly

Machine Repair, Pumps, Electro Motors

Electric and Operating Facilities

Safety and Control Valves, Hoses

Weighting Technology, (DKD Calibrating Laboratory)

Vehicles, Fork-Lift Trucks, Diesel Locomotives

Building Technology, Technical Building

Equipment

Facility and Safety Technology

Metal and Plastics Processing

Maintenance and Service

Technical Solutions From A Single Source. Our Core Competencies.

Infraserv WiesbadenTechnology GmbH & Co. KGKasteler Strasse 4565203 Wiesbaden, Germany

Tel. (+49) 0611 962-8304Fax (+49) 0611 962-9387E-Mail [email protected] www.isw-technik.de

www.pepperl-fuchs.com

Worldwide/German Headquarters

Pepperl+Fuchs GmbH

Mannheim · Germany

Tel. +49 621 776 2222

E-Mail: [email protected]

Asia Pacific Headquarters

Singapore


Western Europe & Africa Headquarters

Schoten/Antwerp · Belgium


Subject to modifications without notice • Copyright PEPPERL+FUCHS • Printed in Germany • Part. No. 198388 02/07 00

Middle East and India Headquarters

Bangalore · India


North/Central America Headquarters

Twinsburg · Ohio · USA


Northern Europe Headquarters

Oldham · England


Southern/Eastern Europe Headquarters

Sulbiate · Italy


Southern America Headquarters

Sao Bernado do Campo · Brazil


16

7

3

4

2

8

5

1

2

3

4

5

6

7

8~

installation technology for safety-related fieldbus · 2018-05-04 · the fieldbus experience...

Documents