FSC Hardware and

basic navigation

​Utkarsh Kulkarni
Comparison Normal vs Safety PLC
 Safety and conventional both PLCs can control Process IO.
 the conventional PLC will offer more features in less cost, easily available
 Standard PLC has unknown failure modes
 A safety PLC is designed such that a failure will (probably) not cause an unsafe
condition.
 Safety PLC is certified by a 3rd party according to international standards IEC
61508, IEC 61511 – TÜV
 Safety PLC has Less scan time and better internal diagnostic capability
LAYERS OF PROTECTION

Reactive
Opportunity Zone

Pro-active
 Independent BPCS and SIS
• Safety Instrumented Systems are required in the process industry
because BPCSs are not perfect.
• Many industrial standards and guidelines recommend that the SISs
be separate from the BPCS.
• People cannot be trusted to make safe decisions during
emergencies, no matter how well trained.
• Basic Process Control Systems (BPCS) are active and dynamic,
controlling the process. These systems have a variety of digital and
analog inputs and outputs that react to logic functions.
• Safety instrumented Systems are passive and dormant, monitoring
and maintaining the safety of the process. These systems operate
for long periods of time in which they simply wait to respond to a
• BPCS – Basic Process Control System
system demand.
• SIS - Safety Instrumented System
• Changes to BPCSs are very common and required to maintain
accurate process control. Changes after installation are subject to
strict adherence to management of change (MOC).
1. Safety Integrity: The primary function of the SIS is to ensure the safety of the
process by taking the system to a safe state in case of hazardous conditions. If the BPCS
and SIS are not independent, a failure in the BPCS could compromise the SIS, potentially
leading to unsafe conditions.

2. Reliability: Independence ensures that common cause failures, such as power surges
or software bugs, do not simultaneously affect both systems. This separation enhances
the overall reliability of the safety functions

3. Compliance with Standards: Compliance with Standards: Industry standards like

IEC 61511 and ANSI/ISA 84.00.01 recommend that the BPCS and SIS be separate to
ensure that the safety functions are not compromised by control functions

4. Maintenance and Modifications: Changes in the BPCS are more frequent due to
process optimization and control improvements. Keeping the SIS independent ensures
that these changes do not inadvertently affect the safety functions.

5. Diagnostics and Monitoring: SIS devices often have specific diagnostics to ensure
they are functioning correctly, which is critical for safety. These diagnostics might not be
Industry Standards for Safety Instrumented Systems (SIS)
 Instrumentation, Systems, and Automation Society (ISA), ANSI/ISA 84.01,
Application of Safety Instrumented Systems for the Process Industry

 International Electrotechnical Commission (IEC),

IEC 61511, Functional Safety: Safety Instrumented Systems for the Process, as
defined by IEC 61508 and ANSI/ISA 84.01.

SIS Approving Agency

SIS – “Instrumented system used to implement one or more safety
instrumented functions (SIF). A SIS is composed of any combination
of sensor(s), logic solver(s), and final element(s)” (IEC 61511)

Process Process

Input Output IAS

SIS Program SV
(One SIF for this Loop)
Transmitter Safety
valve

Sensor(s) Logic solver(s) Final Element(s)

SIF – “function to be implement by a SIS which is intended to
automatically achieve or maintain a safe state for the process with
respect to a specific hazardous event.” (IEC61511 ISA SP 84.01)

SIS
SIF

Logic
Solver

Sensors
Final elements
FSC Architecture
FSC Conceptual Diagram & Dataflow
FSC Architecture
There are 4 types of architecture in FSC :
1. Single Central Part and Single I/O configuration
2. Redundant Central Part and Single I/O Configuration
3. Redundant Central Part and Redundant I/O Configuration
4. Redundant Central Parts with Redundant and Single I/O Configuration
FSC Central Part Layout
FSC Central Part Layout
FSC Power Supply
The PSU-UNI2450U power supply is a UL approved switched-
mode DC power supply with a high efficiency (>87% at 230 Vac)
It provide 25 Vdc and 48 A output

Main features include:

• Power switch
• An output adjustment selector switch (25 Vdc or 28 Vdc).
• An alarm contact.

The LEDs on the front panel indicate the following status:

Green LED On PSU in operation; output OK

Off PSU switched off
Flashing Fan does not reach required speed

Red LED On PSU/MAINS failure, or in stand-by mode

Off No failure
Flashing Temperature too high
FSC Power Supply Technical Details
FSC Modules – 10020/1/2 Quad processor module (QPM)

• The quad processor module (QPM) is the heart of the FSC system.
It controls all system operations.

• The module has a key switch in the front, which provides a software-
controlled 'idle' state as well as a hardware reset of the processor.
The key switch has three positions
 Vertical up: (ready to) run
 Horizontal: idle (software-controlled)
 Vertical down: stop (CPU reset)

• The QPM module has an LED indicator on the module front, which
can be in either of three states:
 Off: The processor is in stop mode.
 Green: The module has no faults.
 Red: The module has one or more hardware faults.
FSC Modules – 10018/2/U FSC-SMM communication module
Used for communication with the Honeywell TotalPlant Solution (TPS) System,
via the Universal Control Network (UCN).
The module has a (red/green) 'STATUS' LED and four additional (red) LEDs.

The 'STATUS' LED is:

− Off when the 5 Vdc power on the FSC Central Part system bus is down,
− Red when the module is offnet or alive.
− Green when the UCN program is running (idle or OK)
− Red/Green flashing when the UCN program has failed.

If the 'STATUS' LED is green,

The four small LEDs provide additional information about the UCN communication:

− The 'Tx' LED is on when data is being transmitted.

− The 'P' LED is on when the node is primary and off when the node is secondary.
− The 'A' LED is on when the A channel is the active channel.
− The 'B' LED is on when the B channel is the active channel.
FSC Modules – 10024/./. Enhanced communication module

Enhanced communication modules (ECM) are used for:

 Communication between redundant Central Parts in an FSC

configuration

 Communication between a master FSC system and slave FSC

systems

 External communication with distributed control systems (DCSs)

and peripherals such as printers

 External communication with the FSC user station.

FSC Modules – 10005/1/1 Watchdog module (WD)
The watchdog module monitors system parameters as below

• The application loop maximum execution time in order to detect if the

process is executing its program correctly and is not looping (hang-
up).

• The application loop minimum execution time in order to detect if the

processor is executing its program correctly and is not skipping
program parts.

• 5 Vdc voltage monitoring for overvoltage and undervoltage (5 Vdc ± 5

%).

• In case of a memory error, the watchdog output is de-energized.

• ESD input to de-energize the watchdog output independently from the

processor. This ESD input is 24 Vdc and galvanically isolated from the
internal 5 Vdc.
FSC Modules – 10311/2/1 Dual key switch module

• The 10311/2/1 module provides a Watchdog Reset key switch and a

Force Enable key switch. Both key switches require different keys.

• The Watchdog Reset key switch has three make contacts. It can only
be removed in the open (i.e. horizontal) position. The switch is used
for watchdog reset and fault reset.

• The Force Enable key switch has one potential-free make contact. The
key can be removed in both the open (i.e. horizontal) position and the
closed (i.e. vertical) position. The enabled state of the Force Enable
key switch is indicated by a red LED on the module front (underneath
the switch). The switch is used to enable or disable forcing of the
input and output signals.
FSC Modules – 10001/R/1 Vertical bus driver (VBD)

• The Central Part (CP) of the FSC system is connected to the I/O level via the
vertical bus driver (VBD) modules, which are located in the Central Part
rack.

• A maximum of 6 vertical bus drivers can be installed per Central Part.

• Each vertical bus driver can support up to 10 horizontal bus driver (HBD)
modules.

• The maximum distance between a vertical bus driver and any I/O rack on
the vertical bus is 5 m (16.4 ft).
FSC Modules – 10300/1/1 24 VDC to 5 VDC converter

• The supply voltage of the FSC system is 24 Vdc, its powered

from the 24 Vdc supply system.

• The FSC system uses an internal 5 Vdc to power the FSC

modules.

• The 10300/1/1 DC/DC converter provides the internal 5 Vdc

with
galvanic isolation between the two supply voltages.
FSC Modules – 10006/2/1 Diagnostic and battery module
• The diagnostic and battery module (DBM) 10006/2/1 provides a
interface for diagnosing the FSC system.

• The displays on the front of the module displays messages about the faults
found by the diagnostic routines.

• DBM module is provided with a real-time clock function that gives the current
date and time. The DBM module is able to display the temperature values as
well as the 5 Vdc level and the battery voltage.
The diagnostic information is displayed as follows:
Top display: Signal type:
AI Analog input
di Digital input
Ao Analog output
do Digital output
CP Central part
tL Temperature Low
tH Temperature High
hb HBD

Middle display: Rack number

Bottom display: Position number

The display will normally show the time (hours, minutes, seconds) and will automatically return to this mode when the switch is not
used for approx. 30 seconds.
 FSC Modules – 10303/1/1 Power supply distribution module

• The power supply distribution module (PSD) 10303/1/1 is only used in

configurations with redundant Central Parts and non-redundant I/O.

• It is used to combine the output of the power supply units (PSUs) in

the redundant Central Parts into one 5 Vdc supply for the non-
redundant I/O part of the system.

• The power supply to the Central Part must also be routed through this
module to create an equal voltage drop to the Central Part and I/O
section.
FSC Modules – 10100/2/1 Horizontal bus driver (HBD)

• The horizontal bus driver (HBD) module is a basic module which is

installed in the I/O racks.

• The vertical bus flatcable between the Central Part and the I/O rack is
connected to the HBD module via the back connector

• The flatcable which extends from the front of the module connects the
HBD module to the horizontal bus above the I/O rack

• The HBDs with flatcable A1 used for non-redundant I/O & with
flatcable A21 used for redundant I/O.
IO Bus Adaptor
IO Bus Connections in cabinet
System interconnection cables (SICs)
ESDS Ammonia & Urea ESDS OU & CPP
CPU - FSC CPU - FSC
IO - FSC IO - SM
Fail-safe Digital Input Module (24 Vdc,16 channels)

The fail-safe digital input module has sixteen 24 Vdc digital input
channels. The input stage of the module is of a 'fail-to-safe' nature.
This means that a component failure results in a de-energized input
signal to the processor, which is the safe condition in a normally
energized system.

The logic circuitry on the module is completely covered by the self-

test functions of the system. the modules are tested for:
• ability to receive logic level '0' signals,
• ability to receive logic level '1' signals
• crosstalk between inputs.

10101/2/1 - For Ammonia and Urea

SDI-1624 - For OU
DI FTA
Safe digital output module (24 Vdc, 0.55A, 8 channels)
The Safe digital output module SDO-0824 has eight 24 Vdc, 550 mA
output channels to drive loads up to 13 W.

These loads may be resistive (lamps) or inductive (for solenoids).

For inductive loads, a suppression diode is included on each output.
The outputs, including the suppression diodes, are fully tested and
may therefore be used for Safe applications.

During the configured Diagnostic Test Interval, the outputs tested for:
• Ability to de-energize
• Ability to de-energize the group
• crosstalk between outputs.
• Functioning of the suppression diodes

10101/2/1 - For Ammonia and Urea

SDO-0824 - For OU
DO FTA
 FSC Hardware Summary
Ammonia Urea OU

Hardwired DI 1066 418 865

DI Card 76 35 66

Hardwired DO 519 193 373

DO card 74 36 62

IO Rack 9 5 8

Max IO Module 162 90 144

Installed IO Module 150 71 128

FSC Navigator

42
FSC Navigator- Safety Compliance

43
FSC Navigator

44
FSC Navigator- Project Configuration

45
FSC Navigator- Online Environment

46
FSC Navigator- Project Status Monitoring- Forces

47
FSC Navigator- IO Signal Status

48
FSC Navigator- Diagnostic

49