Ask Control Engineering

Ask Control EngineeringThe Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control and embedded systems. Control Engineering answers questions from readers of Control Engineering's print and online magazines, newsletters and other publications. To comment on any blog posting, click on the post's highlighted question and scroll to the "Post a Comment" box at the bottom. Submit questions as comments to any existing post.

See all Ask Control Engineering blogs and comments


Safety system on a fieldbus?

What is fieldbus safety instrumented function technology?

January 03, 2011


Dear Control Engineering: I was reading the article about safety functions on fieldbus. Is this some sort of specialized fieldbus architecture for safety systems?

The Fieldbus Foundation has been working on its Safety Instrumented Functions (FF-SIF) technology for several years. The project was launched at the request of Foundation fieldbus users who wanted the same networking architecture and ability to access smart diagnostic capabilities on safety devices that they were using for regular process devices.

There are other safety systems that run on fieldbus networks, but FF-SIF has a lot of current development going on and is aimed at heavy process industries such as oil, gas, and petrochemical. In 2009, we published an article Safety via Fieldbus—Hanging by a Wire, that discusses the special requirements of putting safety devices on such a network. Here’s an excerpt from that article:

“At the heart of a safety protocol is the way in which it sends and receives safety messages, rather than the medium that transmits them. Here are the critical functional elements:

“First, the transmission medium is considered a black channel. The safety system doesn’t care how the safety messages are carried—it can be fieldbus, Ethernet, wireless, or whatever, it doesn’t matter. This is the reason protocols often operate on multiple networks.

“Second, the safety system has to detect errors in messages that can normally go undetected. Each safety message uses a cyclical redundancy check (CRC) that can indicate if a message has been corrupted. Fieldbus protocols normally use a frame check sequence (FCS) to verify normal messages; safety applications require more extensive examination added to the basic FCS.

“Third, safety messages have to move through the network in a specific sequence and period of time.

“Erich Janoschek of TÜV Rhineland describes a safety fieldbus network as a specialized mail messaging process. His example of a black channel is the normal way the post office delivers a letter. To make safety messages stand out as special in the normal mail, you could put them in yellow envelopes. ‘If you send the yellow envelopes with normal mail, you cannot say how they’re carried, by airplane or ship or whatever,’ he says. ‘But when the recipient gets a yellow envelope, he can see if it is torn or damaged before accepting it and reading the message. The recipient also knows that a message has to arrive every day, and if the yellow envelope doesn’t arrive, he shuts down the system.’”

Implementing a new networking architecture like FF-SIF depends on having enough equipment available from enough vendors to satisfy the needs of end users. Part of this recent announcement is that new tools are now available for instrumentation and actuator developers who want to make SIF devices. This should help the process along.

--Peter Welander, pwelander(at)cfemedia.com