In a process control system, such as a distributed control system (DCS), fault tolerance enables continued operation in the event components within the system fail, or in the event the system experiences transient faults from various sources. One aspect common to fault tolerant systems involves the concept of redundancy, which can be simply defined as back up components that become operational when a failure occurs, allowing the system to continue to operate as intended. A safety instrumented system (SIS) is known in the art for continuing operation in a “safe state” to avoid adverse safety and health consequences through the use of a fault tolerant controller. Such fault tolerant controllers are often used in hazard protection systems (i.e., systems that regulate nuclear plant operation, turbomachinery, fire and gas sensing systems, and the like).
The control components of known fault tolerant controllers employ parallel control and extensive diagnostics to ensure uninterrupted process operation. One example of a fault tolerant controller is the TRICON controller available from Invensys Systems, Inc. The TRICON controller has a triple modular redundant (TMR) architecture that employs three isolated, parallel control systems and extensive diagnostics integrated into one system. The system uses two-out-of-three voting to provide high integrity, error-free, uninterrupted process operation with no single point of failure. Fault tolerant controllers of this type interface with, among various other components, modules of the process control system that have control functionality as well as communication functionality.
Any improvements that increase the efficient interoperation (in terms of protocol support, applications, or graphical user interface navigation of the system) of the SIS with the process control system, while simultaneously preserving safety functionality, are highly desirable. Various improvements related to minimizing the number of hardware components required to implement a fault tolerant controller, as well as allowing the controller to interface efficiently with the process control system, have been attempted without complete success.