The failure and reliability analysis examined the system on a component level basis and identified any hardware or software elements that could fail and/or prevent the system from performing its intended safety function.Unitronics set the bar for IIoT in automation with the addition of UniCloud, its end-to-end Cloud platform. The purpose of this failure and reliability analysis is to address the following design issues of the Project Development Specification (PDS) for the MPSS/SYS (HNF 2000a): (1) Single Component Failure Criterion, (2) System Status Upon Loss of Electrical Power, (3) Physical Separation of Safety Class cables, (4) Physical Isolation of Safety Class Wiring from General Service Wiring, and (5) Meeting the MPSS/PLC Option 1b (RPP 1999) Reliability estimate. The components addressed in this analysis are associated with the MPSS/SYS. The combination of the MPSS/PLC, leak detection system, and transfer pump controller system will be referred to as MPSS/SYS. Input signals to the MPSS/PLC are provided by leak detection systems from each of the tank farm leak detector locations along the waste transfer route. These components more » are defined as providing a Safety Class Function and will be designated in this report as MPSS/PLC. The MPSS, which provides this Safety Class Function, is composed of Programmable Logic Controllers (PLCs), interconnecting wires, relays, Human to Machine Interfaces (HMI), and software. The Safety Function provided by the MPSS is to shutdown any waste transfer process within or between tank farms if a waste leak should occur along the selected transfer route. The Master Pump Shutdown System (MPSS) will be installed in the 200 Areas of the Hanford Site to monitor and control the transfer of liquid waste between tank farms and between the 200 West and 200 East areas through the Cross-Site Transfer Line.
In spite of these problems, with extra resources it is possible to increase the safety of an ordinary PLC. Several of these potential failures have been specifically identified in insurance industry documents. Specific problems with conventional PLCs include input circuits that get stuck, output circuits that jam on, I/O addressing errors caused by shorts or opens in the parallel backplane, covert watchdog timer failures, memory corruption or loss, CPU instruction failures and many others. The possibility of a dangerous failure is the reason many insurance companies and corporate standards to not allow conventional PLCs to be used in safety applications.
With all these advantages, why not? The big problem is that solid-state components can fail in several ways, many of which may create dangerous undetectable failures. In newer generation PLCs, other benefits include IEC1131 standard language capability and self-documenting graphical configuration. Advantages include ease of installation, lower false trip more » rate, math capability and more sophisticated logic capability. Many control engineers are selecting programmable electronic systems for safety protection applications. Or alternatively, a safety PLC can be used. The chances of a dangerous failure can be reduced by using special circuits and application level programming in a conventional PLC. If the failure modes of these solid-state devices can be controlled, future safety systems will likely use programmable controllers.
When documentation and configuration management issues are considered, the advantages of programmable technology over relay/solid-state technology become very significant. Programmable logic controller (PLC) technology is being used more frequently in safety applications.