Fault-related shutdown

The disturbance output [Dstb] for an I/O function block is activated when the block recognizes a FAULT alarm (e.g., broken wire) or an OFFNORMAL alarm (e.g., exceeding a limit value).

The following figure shows how a valve and a pump are forcibly shut down or ramped up depending on the fault state.

Example forced set-up

A limit value [HiLm] is defined for the temperature in block AI Temp. As soon as this threshold is reached, the output [Dstb] switches the valve via Enable [EnSfty] for the analog output value to 100%. At the same time, the pump is switched to off by Enable [EnSfty] for the Binary Output BO.

Example of fault-related shutdown

The block BI ThOvrld monitors the state of the pump’s thermal switch. If the contact is triggered, the function block is activated based on the parameterized reference value [RefVal] for [Dstb] output. The pump is shutdown through Enable [EnSfty] of the Binary Output BO. The Binary Output BO further monitors the contact’s feedback. In the event of a fault, where the feedback is interrupted, e.g., the block reports the fault and shuts down itself via the back wired output [Dstb]. The pump can only be switched on again only after the fault is eliminated and the alarm message is reset as required.

The following figure shows a local fault-related shutdown related to superposed plant control. The compound mapped here as an example was reduced to make is easier to recognize the structure of the local control.

Local fault-related shutdown of the aggregate depicted here as an example is triggered as follows:

  1. A fault is displayed at output [Dstb] when a component valve [Vlv] or pump [Pu1St] reports a fault (FAULT or OFFNORMAL). The signals revert to enable safety priority [EnSfty] for block BVAL (1). Fault-related shutdown of all components is triggered via the state output [SftyActv] (2).
  2. You can also impact the safety shutdown of the components via the compound interface [I1 EnSfty].

The superposed plant control (not displayed here) can access the object directly via referencing since the block BVAL is mapped on BACnet and has a priority array [PrioArr]. As a result, plant control can also trigger a shutdown of the components by commanding the safety priority.

Interlocks

The following figure shows a solution where a fan is only enabled after the damper is completely open.

Local interlocks

A command to ramp-up the plant [OpMod] =On, the damper output changes to [TraSta] = Yes, indicating that a transient state is now active, in other words, the damper is moving. This information is formed on the one hand from the parameterized damper run time [TbTiDly] and, on the other hand, from the feedback contact for the damper's mechanical stop.

The valve is blocked via input [EnSfty] as long as the damper is either blocked or moving, in other words, an intervention via the operator unit directly on the fan is prevented. When the transient state ends and the damper is open, the Enable [EnSfty] is cancelled and the fan switched on via the program value [ValPgm]. Enable of the program value [EnPgm] is a constant in this example.

Interlock among aggregates

The targeted interlocking is employed in a modified form from the superposed plant control. To allow, , plant control to access the fan during smoke extraction control, the interlock is not implemented by enabling the safety value [EnSfty], but rather by enabling the critical value [EnCrit].

The fan is set to Off by the damper via Enable [EnCrit] until the damper is fully open. The fan can only then start. The damper is held open via [EnCrit] as long as the fan is running to prevent a mistaken operation that could destroy the plant.

The operating state [OpSta] for both aggregates are formed within the compounds as illustrated in the previous example from the AND link for [PrVal] and [TraSta].