Process Solutions

Product Information Note

Safety Manager

Honeywell’s Safety Manager, part of the Experion® Process Knowledge System

(PKS), enhances the safety, reliability and efficiency of critical processes.
Experion® PKS – The Knowledge to Make it Possible.
Safety Manager combines Honeywell’s proven Quadruple  High Availability Architecture – Honeywell’s field-proven
Modular Redundancy (QMR®) 2oo4D technology with extensive QMR 2oo4D architecture provides the highest availability with
process safety management expertise in integrating process a safe architecture. Applying QMR technology allows
safety data, applications, system diagnostics and critical control uninterrupted process operation in the event of any system
strategies. degradation or on-process modification without jeopardizing
the SIL 3 level. The optional Safety Manager A.R.T. (Advanced
Honeywell’s IEC 61511 and IEC 61508 SIL 3 TÜV certified
solution provides the optimal level of safety and process Redundancy Technique) provides additional benefits for
integration while still maintaining functional safety separation as locations where timely maintenance is not available.
mandated by those standards. Through Experion operational
 Easy and Intuitive Engineering and Modifications – Safety
integration, all systems are unified into one operationally
Builder, an intuitive and comprehensive configuration tool,
integrated architecture, providing a unique opportunity to improve
safety, process availability and efficiency. provides plant-wide management of safety-critical databases
and application programming for easy network design. TÜV-
Experion provides unprecedented connectivity through all levels approved, menu-driven online modifications prevent errors
of process and business operations to optimize work processes, while maintaining and optimizing the safety application.
improve routine maintenance efficiencies, enhance safety
management and release personnel from manual processes.  Defense-in-Depth – SafeNet and remote distributed Safety
Manager provide the ability to design defense-in-depth safety
Benefits
strategies that maximize safety and security while minimizing
 Safe and Secure – Safety Manager is designed to be securely
risk and scope-of-loss concerns.
integrated into customer systems and has passed very
rigorous security testing as defined by ISA Security  Safety Networking - The networking capabilities of Safety
Compliance Institute (ISCI). Manager are unsurpassed. Up to 1024 redundant nodes can
be included in one safety network, acting as one integrated
Safety Manager was the first safety system to achieve
safety solution. The SIL 4 certified SafeNet communication
Embedded Device Security Assurance (EDSA) certification.
protocol guarantees fast and safe communication over any
ISCI developed this certification within the framework of the
media and distance. The remote management capabilities
ISA Industrial Automation and Control Systems security
support centralized management of all connected safety
standards (ISA 99). Because of the built in protection
systems.
mechanisms, the Experion Safety Manager is protected from
cyber attacks and disruption of service.
Safety Manager 2

 SafeNet Flexibility - SafeNet can run over any network, such  Localized Safeguarding - With Universal Safety Logic Solver,
as a dedicated separated safety network as well as the the safety application can be distributed into the field close to
Honeywell Fault Tolerant Ethernet (FTE) network the process unit while maintaining a transparent overview of
infrastructure. SafeNet is the only SIL 4 certified the overall safety application. The unique feature of this
communication protocol available in process networks today. Universal Safety IO module is the fact that besides being an IO
module to Safety Manager, it can execute the safety
 Self-Learning – Replacing any module, including the safety
application locally. Safeguarding the process even in the event
processor, is possible when the plant is in operation, and data
communications to the Safety Manager are interrupted.
and programs are automatically copied from the running
processor. There is no manual loading required, which  Standardized Solutions - Universal Channel Technology
simplifies handling and avoids problems. The total system will enables Universal Cabinet designs to be standardized,
continue to meet the stringent SIL 3 requirements. significantly reducing engineering cost and schedule when
applied broadly across a project.
 High Performance – Safety Manager has been optimized to
manage large applications with over 1,000 I/O as well as high-  Advanced Experion Integration – Supports Safety Manager
speed applications with fast processing requirements of cycle integration in Experion, providing an integrated safety and
times well below 100 milliseconds. control solution. It enables, for example, transmitter data
sharing between the CEE (Control Execution Environment)
 Universal Safety I/O – Safety Manager Universal Safety I/O
controllers and Safety Manager, via direct peer to peer
enables maximum architectural flexibility and lowest cost of
communication, to save installed and operational costs. Peer
to peer communication further allows for alarm suppression,
automatic bypassing and interlocks between shutdown and
control functions as well as “soft landing” in case of process
upset. It also provides easy operator access and full Console
Station support. As part of the “enter data only once”
philosophy, the Experion-related properties are configured
from the Safety Builder tool simplifying maintenance and
reducing total cost of ownership.

 Built on QMR Technology – Safety Manager is based on the

unique and field-proven QMR diagnostic-based technology

ownership when safety is required at distributed locations. It with 2oo4D architecture. QMR enhances system flexibility,

has the unique feature that each channel can be configured increases diagnostic messaging capabilities and improves

individually to a different I/O type. Every Universal Safety I/O system fault tolerance for critical applications. It enables the

module has a capacity of 32 freely configurable channels, handling of multiple system faults within Experion Safety

enabling savings on both installation and operational costs. By Manager, matching the needs of critical control applications.

using soft-marshalling, the Universal Safety I/O module can be In addition, Safety Manager provides the basis for integrating
mounted close to the process unit, eliminating the need for SIL-rated field sensors and valve actuators, ensuring that
marshalling panels, homerun cables and reducing or safety functions are well established to protect complex and
eliminating field auxiliary rooms. This approach is ideally suited hazardous processes. It integrates SIL 1-3 safety transmitters
to highly distributed applications such as oil and gas upstream (such as Honeywell ST3000 and STT250) or safety valve
applications, and reduces cost while increasing availability and positioners for improved safety and field asset management.
efficiency. This reduces overall capital expenditure, as well as
maintenance costs.
Safety Manager 3

 Optimized field maintenance - Without the need for extra Through the Safety Manager simulation mode any application
infrastructure or engineering, HART devices are integrated can be loaded and tested on a minimum size system, a tool that
within Honeywell’s Field Device Manager. This provides all facilitates easy application design and testing. The simulation
required data for field asset management. To prevent mode also allows execution of online modifications and testing of

inadvertent device changes, the safety manager prevents FDM all communication interfaces.

from writing parameter changes unless the device safety lock

In absence of a Safety Manager system the Honeywell’s
has been disabled from Safety Builder. UniSim® simulation environment for Safety Manager supports
offline simulation as well. It can help in the early implementation
Compliance to Safety Standards
phase of a project or as part of a plant-wide system simulation. It
A major requirement for compliance with IEC 61511 and IEC
supports step by step simulation, freezing the application and
61508 is the availability of a change history of applications. With
building snapshots.
Safety Builder, change history is efficiently tracked with the
Safety Audit Tracker through an automatically enabled audit trail. Optimal Process Availability
Difficult procedures or extensive loggings are not required. The
Applying QMR technology to Safety Manager delivers unlimited
Safety Audit Tracker, together with the automated embedded
runtime for single channel operation. This increases process
Application Verification mechanism, is all that is required.
availability, allowing uninterrupted process operation in the event
of any system degradation. Without incurring any process
Safety Manager complies with the following international
downtime, the system can be kept up to date with the latest
standards:
system software as well as application changes or additions
 For burner management: NFPA 85, 86, EN50156 through a four-step online system modification procedure The on-
 For emergency shutdown and other critical applications: process modification to the application can be carried out
IEC 61508, IEC61511, ISA S84.01, DIN V 19250, UL, remotely without physical presence to the system.
FM, ATEX
 For fire and gas: EN54-2, NFPA 72, Lloyd’s Register I/O faults are detected and isolated on a per-channel basis and
and offshore installations ABS immediately reported to the appropriate level. This minimizes the
With all SIL 3 safety hardware and software compliance tools, time to repair and further increases system robustness.
Safety Manager provides excellent protection for safety Integrated Operation and Maintenance
applications across multiple industries throughout the entire life of
Safety Manager unifies critical safety process data with process
an installation. Safety Manager provides the basis for critical
control information, providing single-window access for operation
control and safety unification, reducing risks and installed costs,
and maintenance. When connected to the Honeywell FTE
and improving safety while increasing uptime.
network through TÜV SIL 3 approved Universal Safety
Optimized Engineering Environment Interfaces, multiple Safety Managers can be unified into one
safety system architecture.
Safety Builder software improves engineering and design
efficiency. With simple drag and drop functionality, a complete Safety Manager integration delivers fast, safe and reliable data
and complex network can be designed within minutes without exchange with Experion, enhancing operator and maintenance
programming, saving valuable engineering and testing time. The performance. In addition, Safety Manager extends the system
complete network design is available on a one-page view without proof test interval with inherent extensive system self-testing and
requiring additional documentation. diagnostic capability, reducing operational and maintenance
costs. Integrated sequence of events (SOE) functionality for all
An integrated editor facilitates fast and effective application
process and safety-related activities supports analysis at a
design, allowing clear and distinct views of all logic with full
glance.
compliance to IEC 61131 standards. Logic inputs, outputs and
symbols are placed with drag and drop functionality from the
toolbar and are easily configurable.
Safety Manager 4

Safeguards are built into Safety Manager to eliminate the Conversely, using the same hardware or software for both
possibility of systematic failures caused by errors made during safety and control increases the possibility of systematic
the design, planning, construction, operation and controller failures, including those that result from design
decommissioning of the system. A systematic failure in the errors. A clear separation reduces the effort for testing and
design of a common tool can result in an unsafe reaction of both designing safety systems.
the safety and control systems.

Safety through Separation  Secure Environment - It is crucial that critical control and SIS

Safety and control systems must be integrated to allow for are protected from intentional or accidental cyber threats. In
smooth and safe plant operation, while still maintaining a safe general, functional security in combination with functional
separation where appropriate. safety is critical to assessing the overall integrity of a SIS.

 Secure Separated Databases - Within Honeywell’s unique Safety Manager architecture is secure by design and is
solution, separate databases store the safety and control certified to the Embedded Device Security Assurance program
strategies, and separate software modules are available for as defined by the ISA Security Compliance Institute.
safety and control through dedicated tools such as Safety Adherence to this standard provides assurance of safety,
Builder and Control Builder. Maintaining separate tools with security and robustness, meeting stringent industry best
separate databases prevents unauthorized changes or practices and performance benchmarks.
corruptions, decreases safety risks and prevents common cause
In addition, Safety Manager is protected from outside threats
failures.
by an embedded certified hardware firewall. This firewall
 Managed and Protected Database Environment - A unique, isolates the safety application during runtime execution from
secure login scheme protects Safety Manager from off- and on- external devices so they can never jeopardize the safety or
process changes. This login scheme uses a dedicated availability of the application. With this firewall and the use of a
protection mechanism with several access levels for the SIL 4 certified proprietary protocol between safety managers,
engineering application, loading of the application in the the data integrity between control and safety is protected and
controller and forcing points in Safety Manager. A user guaranteed.
expiration mechanism downgrades the access level after a
 Safety Inside - Using dedicated firmware for safety and control
user-defined period of time elapses to protect the application
ensures that safety is embedded into the system—no
from accidental or unauthorized changes when Safety Builder is
additional programming is needed to establish the required
unmanned over a specified period.
safety level. Strategies with a common platform for safety and
 Dedicated Software and Hardware - Using dedicated and control require that safety be built into the application. This
specifically developed hardware and software in accordance customized safety level is a manual process and requires
with the IEC61508 safety standard reduces the risk of a fundamental knowledge of the safety system to establish
common cause failure. Using dedicated hardware and software safety functions without jeopardizing the integrity of the
for both safety and control protects the safety system from any application.
defects in control-related operations. In addition, the safety and
Honeywell’s integrated control and safety solution is driven by
control strategies are developed by different groups using
the separation principle—hardware and software
dedicated methods.
diversification, integrated operator interface, integrated data
processing and analysis, and integrated alarm management.
 Safety Manager 5

The operational integration provided with Experion and Safety Honeywell Safety Services
Manager allows plant personnel to have a seamless interface Honeywell’s offerings go beyond supplying hardware and
to the process while maintaining safe separation. This allows software, establishing a unique safety knowledge community
for a wide range of applications to be monitored plant-wide located in our expertise centers around the world in North
from any operator console. A complete overview of all America, Europe, South Africa, Asia and Australia.
information needed from the operator’s point of view is
Over 200 certified safety engineers employed in these centers
available through Experion Station or Experion Console
offer a wide range of consulting, project and lifecycle support
Station. This communication architecture, supplied by services, including:
Honeywell, delivers a scalable solution, from small control and
 Safety system audits
safety networks to huge plant architectures with over 100,000
monitored I/O points. Interoperability of Safety Manager with  Process hazard and risk assessment

the SafeNet protocol extends the functionality of one Safety  SIL classification

Manager and allows for plant-wide implementation, binding the  IEC61508 and IEC61511 CFSE training
separate functionalities into one safety application with  Safety requirement specification development
different protection layers.  FEED studies with customers to jointly develop their
requirements
Engineering Excellence
 IEC61508, IEC61511 and ISA S84 compliant solutions
Honeywell’s Global Safety Discipline program enables consistent development
project execution excellence across Honeywell engineering  Safety Instrumented Systems implementation
locations. TÜV certified procedures and resources guarantee a
 Live, hot cutover implementation and execution of
global and transparent safety project execution by using certified revamp projects
standard builds, including templates, guidelines solution libraries,
 Installation and commissioning
checklists, methodologies and tools.
 SIL verification
Safety Manager HMIWeb Solution Pack shapes and faceplates  SIL validation
provide all projects with a highly flexible and functional library,  Periodic proof-testing
enabling maximum advantage of the principles of safe and
 System maintenance
effective operations as described by the Abnormal Situation
 Solution Enhancement Support Program (SESP)
Management (ASM) Consortium.
 Parts management

Experion®, QMR® and UniSim® are registered trademarks of Honeywell

For More Information
International Inc.
To learn more about Honeywell’s Safety
manager, visit our website
www.honeywellprocess.com or contact
your Honeywell account manager.
Honeywell Process Solutions
Honeywell
1250 West Sam Houston Parkway South
Houston, TX 77042
Honeywell House, Arlington Business Park
Bracknell, Berkshire, England RG12 1EB UK
Shanghai City Centre, 100 Junyi Road
Shanghai, China 20051 PN-12-25-ENG
March 2013
www.honeywellprocess.com © 2012 Honeywell International Inc.