A safety control apparatus is known which performs a stop operation of a plant in response to a trip request from the plant at the time of occurrence of abnormality, for safe operation of the plant.
FIG. 3 is a functional block diagram showing one example of a plant control system in which a safety control apparatus is combined with a distributed control apparatus. Reference numeral 1 is a plant as a controlled object, and reference numeral 2 is a control apparatus of the distributed control apparatus and controls a field device of the plant 1.
The control apparatus 2 communicates with a host operation monitoring apparatus 4 through a control bus 3. This operation monitoring apparatus 4 is connected to a global communication bus 5 and can communicate with an external PC 6 through the global communication bus 5.
In the plant 1, reference numeral 7 is a field device, which is a safety-controlled object. Reference numeral 8 is a subsystem field device. In the subsystem field device, a large amount of data is managed particularly among the field devices 7 and field devices (PLC: Programmable Logic Controller, etc.) with relatively low-speed processing are grouped.
Reference numeral 10 is an engineering apparatus for changing definition information about a system, and is connected to the control bus 3. This engineering apparatus 10 is also connected to the global communication bus 5 and can communicate with the operation monitoring apparatus 4 and the external PC 6.
In the engineering apparatus 10, reference numeral 11 is a display part having a man-machine interface function, and includes an input-output module definition window 12 and a subsystem data definition window 13.
Reference numeral 20 is a safety control apparatus connected to the control bus 3. This safety control apparatus 20 communicates with the engineering apparatus 10 through the control bus 3 and also communicates with the subsystem field device 8 and the field device 7 of the plant 1 and performs trip processing for performing a stop operation of the plant in response to a trip request from the plant 1.
In the safety control apparatus 20, reference numeral 21 is a function block, and sets output values to an input-output module 22 and a subsystem communication input-output module 23. The input-output module 22 and the subsystem communication input-output module 23 set the output values received from the function block 21 to the field device 7 and the subsystem field device 8.
Reference numeral 24 is an input-output module information holding part, and change information inputted from the input-output module definition window 12 of the engineering apparatus 10 is downloaded and is held in the input-output module information holding part 24. Here, input-output module information means information in which a relation among the function block 21, the input-output module 22 and the field device 7 is defined.
Reference numeral 25 is a subsystem data information holding part, which is handled by the subsystem communication input-output module 23, and change information inputted from the subsystem data definition window 13 of the engineering apparatus 10 is downloaded and is held in the subsystem data information holding part 25.
The function block 21 refers to the change information held in the input-output module information holding part 24 and the subsystem data information holding part 25, and then determines and sets output values to the input-output module 22 and the subsystem communication input-output module 23.
A control system for setting a parameter value to a field device is described in Patent Reference 1.    See Patent Reference 1: JP-A-11-110006