EP0055264A1 - Monitoring systems - Google Patents
Monitoring systemsInfo
- Publication number
- EP0055264A1 EP0055264A1 EP19810901697 EP81901697A EP0055264A1 EP 0055264 A1 EP0055264 A1 EP 0055264A1 EP 19810901697 EP19810901697 EP 19810901697 EP 81901697 A EP81901697 A EP 81901697A EP 0055264 A1 EP0055264 A1 EP 0055264A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- outputs
- scanners
- plant
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/183—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components
- G06F11/184—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components where the redundant components implement processing functionality
Abstract
Un systeme de controle de detection des conditions dans une installation en fonctionnement comprend un groupe de detecteurs d'entrees pour detecter des conditions respectives, dont les sorties sont explorees en sequence par chacun des differents scanners. Les scanners stoppent des donnees representant temporairement les sorties des detecteurs. Chacun des processeurs de donnees fonctionne pour analyser les sorties de tous les scanners en sequence, et un reseau de "circuits de vote" connecte aux processeurs de donnees sort les donnees representant les conditions detectees en reponse a la concordance entre les articles de donnees produits par un nombre predetermines de processeurs de donnees. Le reseau de "circuits de vote" peut s'adapter pour repondre a la concordance entre les articles de donnees produits par un nombre different de processeurs de donnees dans le cas d'une defaillance de l'un ou plusieurs des processeurs de donnees. Un reseau de circuit de sorties connecte aux processeurs centraux commande des dispositifs d'alarme et/ou pour faire fonctionner des dispositifs de commande de traitement dans l'installation.A condition detection control system in an operating installation includes a group of input detectors for detecting respective conditions, the outputs of which are scanned in sequence by each of the different scanners. The scanners stop data temporarily representing the outputs of the detectors. Each of the data processors operates to analyze the outputs of all scanners in sequence, and a network of "voting circuits" connected to the data processors outputs the data representing the conditions detected in response to the match between the data items produced by a predetermined number of data processors. The network of "voting circuits" can be adapted to respond to the match between the data items produced by a different number of data processors in the event of a failure of one or more of the data processors. An output circuit network connected to the central processors controls alarm devices and / or for operating treatment control devices in the installation.
Description
MONITORING SYSTEMS
This invention relates to monitoring systems and particularly, but not exclusively, to systems for use in the continuous monitoring of gas concentration and/ or the monitoring of the operation of equipment in potentially hazardous situations, such as on oil rigs, on gas production platforms and in petro-chemical process plant.
It is well-known to provide detectors at various locations around plant in which hazardous conditions can arise and to feed signals from the detectors to a central monitoring position. The signals are used to operate a display comprising a matrix of suitably- labelled indicator lamps or comprising lamps on a mimic diagram, so that, if a hazardous condition is sensed, a corresponding lamp is illuminated and appropriate action can be taken. Such detectors may comprise, for example, smoke detectors, pellistor gas detectors, ultraviolet detectors, or detectors of temperature, flow rate, pressure, etc. Similarly, systems for monitoring the operation of manufacturing processes in factories where hazardous conditions are not likely to arise are also well-known. Such systems will also comprise appropriate sensors and a central display. it is clearly absolutely essential that such monitoring systems shall be reliable and shall not give rise to false alarms and, more especially, shall not fail to give an alarm in a potentially hazardous condition or in the event of incorrect operation of part of a manufacturing process.
Furthermore, the sensing of a hazardous condition by the system can be used to cause automatic shut-down of the plant, and the spurious shutting-down of a plant or of a process can result in a tremendous loss in production. Again, therefore, system reliability is essential.
It is an object of the present invention to provide a monitoring system having improved reliability and greater speed and convenience of operation.
According to the invention, a monitoring system for sensing conditions occurring in the operation of a plant comprises a group of input sensors, each for sensing a respective one of said conditions; a plurality of scanners each operable to scan the outputs of all of the sensors of the group continuously in sequence and to store temporarily data representing said outputs; and a data processor operative to scan the outputs of all of the scanners in sequence to produce data representing the monitored conditions.
Preferably, the system will comprise a plurality of the data processors each operative to scan the outputs of all of the scanners in sequence; and voting circuitry operative to feed out the data representing the monitored conditions in response to agreement between the data items produced by a predetermined number of the data processors. An embodiment of the present invention will now be described, by way of example, with reference to the accompanying drawings, in which:
Fig. 1 is a schematic block diagram of a gas and fire monitoring system according to the invention, Fig. 2 is a mimic diagram showing a typical area of plant in which the system may be used, and
Fig. 3 is a histogram of gas concentration which could occur in the plant.
Referring now to Fig.1 of the drawings, a monitoring system comprises a group of fire detectors 1 which are
connected to respective fire input modules 2 , and a group of gas detectors 3 which are connected to respective gas modules 4. Halon line monitoring modules 5 monitor the integrity of a halon fire-extinguishant system 6 via a link 7. Similarly, the integrity of a firewater system 8 is monitored via switch input modules 9.
Three scanners 10 are each operable to scan all of the fire input modules 2 to read out data temporarily stored therein representing the state of the fire detectors 1. Similarly, scanners 11, 12 and 13 respectively scan the gas modules 4, the halon line monitor modules 5 and the switch input modules 9.
A central processor unit 14 then sequentially scans all of the outputs of all of the scanners 10, 11, 12 and 13 and operates on the sensed data to provide annunication alarm and/or control signals. Two further central processor units 15 and 16, identical to the unit 14, carry out exactly the same operation as the unit 14, but entirel independently of each other and of the unit 14. Hence, the status of each input detector is interrogated by each of three scanners independently, and each resultant scanner signal is scanned by each of three central processor units independently. There are, therefore, nine alternative routes for interrogation of the status of each detector, so that highly reliable operation is achieved.
The outputs of the three units 14, 15 and 16 are fed via staticisers 17, 18 and 19, respectively, to a set of relay drive modules (four channels) 20, and via staticisers 21, 22 and 23, respectively, to a set of LED drive modules (eight channels) 24. The modules 20 and 24 each perform a voting operation on the outputs of the central processor units 14, 15 and 16. Thus, the data from two out of the three CPUs must agree before any control or alarm action is taken. In the event of failure of one or two of the CPUs, the
voting action automatically adapts to two-out-of-two or one-out-of-one voting, respectively.
In response to the staticised CPU data, the modules 20 cause operation of output relays 25, which control field devices 26, such as gas valves, to deal with any problem which has arisen in the operation of the plant.
Also in response to the staticised data, the modules 24 control the operation of light emitting diodes which are provided on an operator's control console 27 to act as "healthy" or "alarm" indicators.
The modules 20 also feed signals to the console 27 to initiate the release of halon fire-extinguishant and/or to sound alarm bells.
Signals from the modules 24 are fed to transmitter modules 28, which control any number of indicator panels 29 which are located around the plant.
Each central processor unit 14, 15 and 16 feeds signals to each of three selectors 30, 31 and 32 which control the operation of visual display units 33, 34 and 35 on the console 27. Whereas previous display units have used LED matrices, or mimic diagrams with alarm lights, to provide an indication of the operation of plant, in the present apparatus each display is produced on a colour cathode ray tube. This results in the ability to produce on the display any relevant data in any desired colour and to update the data and to change the colour as the circumstances require. Such a VDU clearly has far more impact on the operator than the conventional types. This use of cathode ray tubes requires the provision of graphics generators 36, 37 and 38 to provide drive signals for the VDUs 33, 34 and 35, respectively, such that the units display pictures of areas of the plant, indications of gas concentration, or other information, as required. Signals from the central processor units 14, 15 and 16 also control a printer 39 via a printer selector 40.
The printer 39 is located on the console 27.
A central operator's control and calibration panel (COCCP) 41 permits the operator to monitor and control the status of individual zones of the input modules and scanners and to calibrate the gas detectors. Information is entered into the panel 41 by means of a numeric keyboard and a number of special-purpose keys on a control panel 42 on the console 27.
The COCCP 41 communicates with the three CPUs 14, 15 and 16 via three dedicated serial links 43. It also communicates with the groups of scanners 10 - 13 via three serial links 44. This permits the COCCP to access the scanners independently from the CPUs, and to provide a fallback mode of operation in the event of all three CPUs failing. Under normal circumstances, any action taken at the COCCP 41 will cause all three scanners in any of the groups in question to be interrogated. Any discrepancy between scanners will result in a message being sent to the CPUs. A key switch on the COCCP permits the operator to interrogate a selected scanner, instead of all three, for test purposes.
The system maintains a high level of integrity by the use of automatic self- checking. Thus all of the input scanners 10 - 13, and the central processor units 14, 15 and 16 continuously monitor their own function, and produce a print-out to warn the operator of any faults found. In addition, the central processor units monitor and record the status of the system as a whole, and warn the operator of any potential faults. If any part of an input module fails, annunication will occur by extinguishing a respective "healthy" light omitting diode on the console 27. The output modules 10 and 24 work on a similar self-testing principle.
Each CPU 14, 15 and 16 performs a watchdog function by executing arithmetic check routines, dynamic memory tests, and internal register checks, all of which have
predetermined results. If these known results are reached, an output is produced which is fed back into the CPU to indicate that a healthy condition exists.
Due to the modular construction, it is a very simple matter to replace a defective module, and since the module is identified in the fault indication, the down time whilst the module is being extracted and a new module inserted can be less than five minutes.
By using the triplicated central processor units with two-out-of-three voting and automatic self-checking, a very reliable system with high integrity has been achieved. The detection of fault conditions occurring can, for most practical purposes, be considered to be instantaneous. The use of the double scanning operation, i.e. scanning of the detectors by the scanners 10, 11 and 13, and scanning of the scanners by the central processor units 14, 15 and 16, enables the system to update the sensed data extremely quickly.
Flexibility of the microprocessor is another great advantage. If control action logic is to be changed after the equipment has been installed, it is a simple matter to change the relevant data which is stored in a magnetic bubble memory in each CPU. Furthermore, it is easy to make minor changes to the equipment by altering particular program modules within the CPU software.
Some sections of the system will now be described in greater detail.
The input gas modules 4 act as an interface between field-mounted pellistor-type detectors and the three input scanner modules 11. The input modules have a respective switch mode power supply for each detector to provide a constant current output to the detector. Each detector and associated wiring are monitored for fault conditions, which can be signalled to the input scanners. Due to the wide zero range of detector inputs encountered, an input amplifier in each input module contains an 8-bit
digital to analogue converter to enable a coarse zero adjustment to be made on receipt of an initialise command. The analogue value of the input signal which results is used to generate a variable frequency signal which is measured by the input scanners, which apply previously derived corrections to generate the precise gas concentration. This concentration can then be displayed as an analogue value on any of the visual display units 33-35. If this gas concentration exceeds either a preset low alarm level or a high alarm level, the scanners can turn on a relevant alarm LED on the console 27.
Each input module can generate a simulated input on receipt of a command from the relevant input scanner, and thus the normal functioning of each input module is checked in turn.
Each input scanner 10-13 functions as an interface between the input modules and the three central processors 14, 15 and 16. Each scanner is connected to the input modules with a dedicated connection that allows it to function independently of other scanners in the rack. Analogue information is encoded into frequency values and then converted to serial data by the scanners before transmission to the CPUs. Each scanner maintains a record of the status of each input zone including Alarm, Fault and Inhibit. This information is updated by a periodic scan of all the modules. The scanner also stores High and Low alarm levels and calibration factors for each gas zone as well as data defining the module type and its location within the rack. Communication with the three central processor units and the central operator's control and calibration panel 41 is by four independent serial links. Each link can interrogate the information held in the scanner and can initiate the testing of specific input modules. The operator's panel 41 can also request recalibration of the
gas detectors. Any changes in the calibration data stored in the module are transmitted to each central processor unit so that the correct status can be restored automatically if there has been an interruption in the module power supply. Each scanner performs continuous checks on its own operation and on the integrity of the entire input equipment. In the event of a fault being detected, the scanner transmits a detailed fault description to each central processor unit 13, 14 and 15.
Outputs for the remote annunication of fault and alarm conditions allow stand-alone operation of the input equipment in the event of catastrophic system failure. The alarm annunciation can be accepted independently from the operation of the central processor units 13, 14 and 15 or of the operator's panel 41.
Each central processor unit 14, 15 and 16 is housed in an electrically screened, fan-cooled rack. The CPUs are identical with each other in hardware and software design, and function absolutely independently of each other, so that none has any direct knowledge of the functioning of the others. The CPUs process the data from the input scanners 10-13 and from the operator's control panel 41. In the event of an alarm condition being detected by a scanner, the CPUs initiate the appropriate control actions in the output modules, and causes annunciations on the VDUs 33-35, the LED displays and/or the printer 39.
Each CPU comprises seven circuit boards (not shown), which perform the following functions.
A master processor board performs the major decision and control logic for the CPU. The major hardware features of the board are a 16-bit microprocessor (5MHz), a read/write memory (RAM) with on-bbard refresh, a read only memory (EPROM), a serial interface, two programmable 16-bit counters and nine levels of vectored interrupt . control.
A RAM memory board provides the main read/write memory used by the CPU. The CPU's operating program is loaded into this memory from the bubble memory at system power-up, and is subsequently executed in this memory. The memory is also used for temporary data storage during execution of the program.
A VDU driver interface board handles communications between the CPU 14, 15 or 16 and the VDU 33-35. This reduces the loading on the CPU master processor by performing many of the "housekeeping" functions associated with communicating with the VDUs.
Two interface boards comprise slave processors which interface the CPU to the various serial communication lines used in the system. The first board inter faces the CPU to three scanner links, and the second interfaces the CPU to the operator's control panel 41 and to the printer 39. The slave processors reduce the loading on the CPU master processor by handling message generation and reception protocol "housekeeping" functions. Each slave processor executes its own dedicated program, and runs independently of the master processor except when communicating with the master processor.
An input/output interface board interfaces the CPU to the outputs, providing communication between the CPU and the output modules and LED displays. The interface can read back status and fault data from the outputs, thus confirming that the required actions have been implemented. Discrepancy feedback from the outputs informs a CPU that the other CPUs in the system disagree with it. Four watchdog timers are included on the board. Each of these must be triggered continually by software in order to maintain the processor's healthy status. One of these timers is triggered on completion of an internal self-test program by the CPU, which verifies correct operation of the microprocessor, memory and other hardware of the
system. The remaining timers are triggered at selected points in the software, in order to verify that certain software tasks are being executed on a regular basis. In order to protect against triggering of the timers by a free running or looping processor, each timer has associated with it an 8-bit code, which must be correctly produced by the processor in order to trigger the timer. This mechanism provides a high integrity check on the status of the CPU. If all four timers are triggered, then the processor's "healthy" indicator is illuminated. A bubble memory board provides non-volatile data storage which provides storage of the operating program for the CPU itself, the input scanners 10-13 and the operator's control panel 41; storage of data for the VDUs 33-35 for the detectors and for alarm logic; continually updated storage of the status of the system; and back-up storage of the printer data in case of failure of the printer.
Turning now to the output modules, the relay drive modules 20 and the LED drive modules 24 carry out the voting on the control actions requested by the three central processor units 14-16, as mentioned previously, and generate appropriate drive outputs. Each module incorporates an adaptive voting circuit which maintains performance in the presence of a central processor unit failure. The normal two-out-of-three voting is converted to two-out-of-two or one-out-of-two when one CPU has failed, and to one-out-of-one when only one CPU is still healthy. If all of the CPUs fail to access the module, the module can be programmed to energise or de-energise the relays concerned, or to flash or extinguish all of the LEDs, as the case may be.
The integrity of each input is continuously monitored. The module selection is checked and the data stored in the module can be read back and verified by the central processor unit, using a reverse data path. With the
module working correctly, a fault circuit provides an output which illuminates the appropriate "healthy" indicator.
In the case of the relay drive modules 20, the voting circuit and relay drive are checked by injecting short pulses into the voting network and monitoring the de-energised relay circuits for corresponding current pulses. A relay fault circuit also checks for relay contact closure when the control action is called for, and a failure on either test results in appropriate annunciation at the console 27 and on the panels 29. The function of the selectors 30, 31, 32 and 40 is to select one of the three central processor units 14, 15 or 16 to drive the respective VDU 33-35 or the printer 39. Each selector module has a key switch with positions Auto, X, Y, Z. In the Auto (normal) position, the selector module selects a CPU on the basis of the healthy lines from the CPUs. The CPUs are selected in order of priority X, Y, then Z (i.e. CPUs 14, 15 and 16, respectively), if they are healthy. In the manual X, Y and Z positions, the respective CPU is selected, irrespective of the healthy lines. This is intended for test purposes.
The selector module caters for both parallel data (for the VDUs) and serial data (for the printer). For the parallel mode, in addition to eight bi-directional data lines, a pair of handshake lines and a read/write line are provided. For the serial mode an input and an output serial line are provided. As shown in Fig.2 of the drawings, any of the VDUs 33-35 may display a mimic diagram of any desired area of the plant, with any required data superimposed thereon. Data concerning normal gas concentration, temperature, etc. may be shown in, say, yellow whilst an abnormal value may be indicated in, say, red and the indication may be made to flash to attract the operator's attention.
The whole mimic diagram may be very easily replaced by an enlarged display on the VDU of any section of the diagram in which a potentially hazardous situation is occurring. If it is necessary to cause the release of fire-extinguishant or to take some other action, the area over which this has been achieved can be shown in another colour.
Other of the VDUs can display, for example, histograms of gas concentration, or messages regarding the integrity of the plant or of the monitoring system. A typical histogram of gas concentration is shown in Fig.3. This indicates the concentration at various zones around the plant and the values will be constantly updated. Each bar of the histogram represents the actual level of the gas concentration at each zone, with the value numerically indicated above each bar. An arrow can be displayed above each bar showing the direction of movement of the value since the last sensing period. The colour of the bar can be changed to represent a potentially (or actually) dangerous situation, and the bar can also be made to flash.
Such a histogram conveys to the operator a much clearer picture of the overall situation than can be conveyed by a conventional LED matrix display. The interfacing between the input modules 2, 4, 5 and 9 and the central processor units 14-16 can readily take into account differences between different types of input sensors, so that the central equipment can be used for any type of monitoring application besides the gas and fire alarm system described above.
In particular, a system in accordance with the invention may be used to control the safe starting-up, running and/or shutting-down of a plant. For example, various conditions such as temperature rise, vibration, fluid flow rate, etc. which arise in a plant during the
running up and normal running of turbines, motors and/or other machines may be monitored, and the system can be used to ensure that all of the conditions remain within satisfactory limits. If, for example, a sensed temperature rise becomes too great during running up of the plant, the system may operate to reverse the procedure so that the plant is safely shut down again. Furthermore, during the operation of a plant, the system can operate to shut down equipment if a dangerous or otherwise undesirable condition is sensed.
The system might, for example, be used to provide automatic process control in a plant. For example, in a distillation plant the data provided by the data processor or processors could be used to control valves and/or other equipment automatically in response to the sensing of the values of various parameters of the distillation process.
Although each input module in the above-described embodiment is related to a respective detector, it would be possible to make each input module responsible for sensing the outputs of a group of detectors. The module would then scan its group of detectors sequentially and temporarily store the data received therefrom. The input scanners would then scan all of the data addresses in each module, as previously explained.
Claims
1. A monitoring system for sensing conditions occurring in the operation of a plant, comprising a group of input sensors, each for sensing a respective one of said conditions; a plurality of scanners each operable to scan the outputs of all of the sensors of the group continuously in sequence and to store temporarily data representing said outputs; and a data processor operative to scan the outputs of all of the scanners in sequence to produce data representing the monitored conditions.
2. A system as claimed in Claim 1, comprising a plurality of the data processors each operative to scan the outputs of all of the scanners in sequence; and voting circuitry operative to feed out the data representing the monitored conditions in response to agreement between the data items produced by a predetermined number of the data processors.
3. A system as claimed in Claim 2, wherein the voting circuitry is capable of adapting to respond to agreement between the data items produced by a number of the data processors different from said predetermined number in the event of failure of one or more of the data processors.
4. A system as claimed in Claim 1, Claim 2 or Claim 3, including a visual display unit which comprises a colour cathode - ray tube for displaying in a plurality of colours data relating to the monitored conditions.
5. A system as claimed in Claim 4, including means to feed signals to the visual display unit for displaying thereon a mimic diagram of the plant or a part thereof.
6. A system as claimed in any preceding claim, including input circuitry connected between the input sensors and the scanners, the input circuitry being operative to check its own integrity and to signal a fault to the scanners.
7. A system as claimed in any preceding claim, including output circuitry connected to the or each central processor and operative to control alarm devices and/or to operate process controlling devices in the plant.
8. A gas and fire monitoring system for monitoring gas concentration and fire hazards in a plant, comprising a group of input gas detectors; a group of input fire hazard detectors; a plurality of first scanners each operable to scan continuously the outputs of all of the gas detectors and to store data temporarily representing said outputs; a plurality of second scanners each operable to scan continuously the outputs of all of the fire hazard detectors and to store temporarily data representing said outputs; a plurality of data processors each operative to scan the outputs of all of the scanners in sequence to produce data representing the status of the detectors; voting circuitry operable to feed out said data in response to agreement between data items produced by a predetermined number of the data processors; and alarm and plant control equipment responsive to the data fed out by the voting circuitry.
9. A monitoring system for sensing conditions occurring in the operation of a plant, comprising a group of input sensors, each for sensing a respective one of said conditions; a data processor operative in response to signals from the sensors to produce data relating to said conditions; and an operator's control unit for controlling the data processing and operable to cause recalibration of the input sensors under the control of the operator.
10. A process control system for monitoring and controlling a process in a plant, comprising a group ofinput sensors, each for sensing a respective condition occurring in the process; a plurality of scanners operable to scan continuously the outputs of the sensors and to store temporarily data representing said outputs; a plurality of data processors each operative to scan the outputs of all of the scanners in sequence to produce data representing the status of the sensors; voting circuitry operable to feed out said data in response to agreement between data items produced by a predetermined number of the data processors; and plant control equipment to control the process in response to the data fed out by the voting circuitry.
11. A plant safety control system for controlling the running-up and/or shutting-down of equipment in a plant, comprising a group of sensors for sensing plant parameters; a plurality of scanners each operable to scan continuously the outputs of all of the sensors and to store temporarily data representing said outputs; a plurality of data processors each operative to scan the outputs of all of the scanners in sequence to produce data representing the sensor outputs; voting circuitry operable to feed out said data in response to agreement between data items produced by a predetermined number of the data processors; and equipment responsive to the data fed out by the voting circuitry to ensure safe running-up and or shutting-down of the equipment.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8021021 | 1980-06-26 | ||
| GB8021021 | 1980-06-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP0055264A1 true EP0055264A1 (en) | 1982-07-07 |
Family
ID=10514356
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP19810901697 Withdrawn EP0055264A1 (en) | 1980-06-26 | 1981-06-26 | Monitoring systems |
Country Status (2)
| Country | Link |
|---|---|
| EP (1) | EP0055264A1 (en) |
| WO (1) | WO1982000065A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH03505794A (en) * | 1989-04-11 | 1991-12-12 | モービル オイル(スウイツツアーランド) | Maintenance monitoring device |
| FR2678411A1 (en) * | 1991-06-25 | 1992-12-31 | Commissariat Energie Atomique | Device for monitoring and returning measurements taken in a hostile atmosphere |
| EP0666542A3 (en) * | 1994-02-04 | 1996-05-15 | Fuji Facom Corp | Multimedia process monitor and control system. |
| CN114664046A (en) * | 2022-03-30 | 2022-06-24 | 中建安装集团有限公司 | FGS interlocking system for LNG low-temperature storage tank to meet SIL3 grade |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE2647367C3 (en) * | 1976-10-20 | 1982-12-09 | Siemens AG, 1000 Berlin und 8000 München | Redundant process control arrangement |
-
1981
- 1981-06-26 EP EP19810901697 patent/EP0055264A1/en not_active Withdrawn
- 1981-06-26 WO PCT/GB1981/000114 patent/WO1982000065A1/en unknown
Non-Patent Citations (1)
| Title |
|---|
| See references of WO8200065A1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO1982000065A1 (en) | 1982-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1279916C (en) | Gas cylinder monitor and control system | |
| US5270917A (en) | Plant monitoring and control system | |
| US7606672B2 (en) | Plant protective instrumentation equipment | |
| US4517673A (en) | Computer-based interlocking system | |
| US4543565A (en) | Method and apparatus for monitoring an alarm system | |
| GB2129180A (en) | Fire alarm systems | |
| US4954809A (en) | Continuity-isolation testing for class A wiring in fire alarm system | |
| DK151989B (en) | PROCEDURE AND CIRCUIT FOR INSPECTION IN A DANGER, NAMELY A FIRE ALARMING PLANT | |
| EP0055264A1 (en) | Monitoring systems | |
| KR102063873B1 (en) | Method and System for Real-Time Common Cause Failure Diagnosis and Monitoring | |
| JP2574726B2 (en) | Equipment machine abnormality detection device | |
| JPH063482A (en) | Method and system for displaying alarm of nuclear power plant | |
| JP2018180995A (en) | Safe instrumentation control device, method therefor and safe instrumentation system | |
| JPH11345003A (en) | Plant control system | |
| KR20110012003A (en) | Self logic testing device and method of digital reactor protection system | |
| JP6554048B2 (en) | Display device | |
| KR20030017769A (en) | Signal Processing Method and Module for Reliable System Considering Safety | |
| JP2002312869A (en) | Detector for material dropping on slope | |
| Harbert | A Microprocessor Based Automatic Fire and Gas System | |
| JPH04245309A (en) | Digital controller for control | |
| KR200159522Y1 (en) | Warning device in furnace | |
| JP2766549B2 (en) | Plant monitoring equipment | |
| JPH01211099A (en) | Gas detecting alarm device | |
| JPH0634276B2 (en) | Alarm display device | |
| Andow | Failure of process plant monitoring systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| AK | Designated contracting states |
Designated state(s): CH DE FR GB NL |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
| 18D | Application deemed to be withdrawn |
Effective date: 19820830 |
|
| RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: ELLIOTT, GORDON PAUL |