Eng-Tips is the largest engineering community on the Internet
Intelligent Work Forums for Engineering Professionals
-
Congratulations waross on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Transmitter's fail position 2
- Thread starter yasmine01
- Start date
-
1
- #2
If I have understood the question properly, there is no simple answer, especially without some knowledge of the application, the sensor types and the key concerns.
What can be done could depend on the transmitter type, manufacturer's defaults, available outputs, sensor and control circuit sophistication, the application, capability, potential for user configuration and the actions required.
Sensor capability depends on output type and whether it is a smart sensor or not.
If it is a 0-5volt or 0-20mA output then if it fails, there will be no indication as to whether it is a power supply failure, a process excursion or transmitter error.
With 4-20mA and it is not a power failure, it is often the case that it will be configured to default to 2mA as a fault alarm.
Faults can be intermittent, transient or continuous and due to a variety of causes.
But what fault?
It could simply be a general alarm for any one of a number of fault conditions that require investigation.
These can include out of range process variables, rate of change alarms, system or checksum errors, input failures, calculation failures and so on.
It is necessary to consider what faults could occur, what could happen as a result and what action should be taken when there is a fault and if this action is different dependent on the type of fault.
In some smart sensors there may be transient error configuration that allows the option of defaulting to the last good value or defaulting to a pre-set value for a brief period to allow for the sensor to recover from a transient process variable error.
In feedback control applications faults can create unfortunate control responses.
If it is a level transmitter that fails, what do you want to do?
If it is a boiler filling then you might want to maintain water flow until someone can investigate and decide what extra action is required. If it is a tank filling operation you may want to shut down filling to prevent overflow. Which is the appropriate response? It depends on the activity and perhaps on where you are in a particular operation cycle.
The real answer is to assess the application.
Deicide what fault conditions could occur.
Decide what action should take place in each of the fault conditions and then see if you can find a transmitter with the necessary configuration or if you need some kind of ancillary controller to manage the fault condition.
JMW
What can be done could depend on the transmitter type, manufacturer's defaults, available outputs, sensor and control circuit sophistication, the application, capability, potential for user configuration and the actions required.
Sensor capability depends on output type and whether it is a smart sensor or not.
If it is a 0-5volt or 0-20mA output then if it fails, there will be no indication as to whether it is a power supply failure, a process excursion or transmitter error.
With 4-20mA and it is not a power failure, it is often the case that it will be configured to default to 2mA as a fault alarm.
Faults can be intermittent, transient or continuous and due to a variety of causes.
But what fault?
It could simply be a general alarm for any one of a number of fault conditions that require investigation.
These can include out of range process variables, rate of change alarms, system or checksum errors, input failures, calculation failures and so on.
It is necessary to consider what faults could occur, what could happen as a result and what action should be taken when there is a fault and if this action is different dependent on the type of fault.
In some smart sensors there may be transient error configuration that allows the option of defaulting to the last good value or defaulting to a pre-set value for a brief period to allow for the sensor to recover from a transient process variable error.
In feedback control applications faults can create unfortunate control responses.
If it is a level transmitter that fails, what do you want to do?
If it is a boiler filling then you might want to maintain water flow until someone can investigate and decide what extra action is required. If it is a tank filling operation you may want to shut down filling to prevent overflow. Which is the appropriate response? It depends on the activity and perhaps on where you are in a particular operation cycle.
The real answer is to assess the application.
Deicide what fault conditions could occur.
Decide what action should take place in each of the fault conditions and then see if you can find a transmitter with the necessary configuration or if you need some kind of ancillary controller to manage the fault condition.
JMW
- Thread starter
- #4
Thank you to both JMW and JLSeagull. No I am not concerned of DCS configuration. But of the transmitter itself. JMW mentionned that transmitter ofter defaults to its 2 mA. Why fail low and not high?
In a split range loop when the control valves are FC & FO what would be the fail position of the transmitter let's say it's a pressure Tx.
In a split range loop when the control valves are FC & FO what would be the fail position of the transmitter let's say it's a pressure Tx.
-
1
- #5
I think that you need to step back and consider that not all failures will be manifested the same way, so not all failures will have the same failure mode. Whatever is downstream of the transmitter must be capable of discerning different failure modes and act accordingly.
You really should be doing a full failure modes and effects analysis (FMEA) to determine what your transmitter is capable of producing in a failed state, and what your processor should be doing to verify functionality of the transmitter, and what it should do, given the multitude of potential failure modes.
TTFN
FAQ731-376
You really should be doing a full failure modes and effects analysis (FMEA) to determine what your transmitter is capable of producing in a failed state, and what your processor should be doing to verify functionality of the transmitter, and what it should do, given the multitude of potential failure modes.
TTFN
FAQ731-376
To get the drift of the issue, try to determine the affect if zero output from the transmitter is interpreted as zero percent measurement. This applies to I/O module failures too. If a failed transmitter is regarded as zero measured value is this a good or bad thing. Would the controller add cooling water or steam to a jacketed reactor, etc.? This sort of thing requires an understanding of the system. Is it better or worse if the system recognizes the failed transmitter and uses the last good value or perhaps a configured value? Generalizations are not very good here. Is there a separate safety shutdown system with a different transmitter? Is the SIS transmitter subject to a common mode failure with the DCS transmitter? Can the SIS transmitter be linked to the DCS as a backup in the event of a failure? Would that be a good or bad thing? ...
JMW got a star, the response to such a general question is a general answer. JMW's response outlines the correct process to follow to determine the required or best fail detection strategy, and appropriate response. Other tools that would be used are a HAZOP, SIS analysis or other risk and consequence assesment tools including FEMECA/FMEA.
Mark Hutton
Mark Hutton
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question