Technical Description

AC 800M HI Offline Proof Test Description Technical Description

Products Concerned
AC 800M HI from SV 4.1

Description
CONTENTS
1 INTRODUCTION ....................................................................................................... 2
2 REFERENCES .......................................................................................................... 2
2.1 Related Documents...................................................................................... 2
3 THE SCOPE OF THE OFFLINE PROOF TEST......................................................... 2
4 Verification of certified SW and HW items ............................................................. 3
4.1 Software configuration.................................................................................. 3
4.2 Hardware configuration ................................................................................ 9
5 OFFLINE PROOF TEST PROCEDURES ................................................................ 11
5.1 Test preparation. ........................................................................................ 12
5.2 Test of Processing Unit (PM865, SM810/SM811 and BC810) .................... 12
5.2.1 Non Redundant Processing Unit................................................... 12
5.2.2 Redundant Processing Unit .......................................................... 13
5.2.3 Test of SM810/SM811 I/O interface.............................................. 19
5.3 Test of I/O system ...................................................................................... 19
5.3.1 Test of Non Redundant Cluster Modem TB840/TB840A
including base plate TU807 .......................................................... 19
5.3.2 Test of Redundant Cluster Modem TB840/TB840A including
base plate TU840, TU841, TU848 or TU849 ................................ 20
5.3.3 Test of AI880 and AI880A including TU834, TU844 or TU845 ...... 22
5.3.4 Test of DI880 including TU8xx...................................................... 24
5.3.5 Test of DO880 including TU8xx .................................................... 25
5.4 Test of Power supply system...................................................................... 26
6 PFD Calculation Impact ......................................................................................... 29

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 1 (30)

1 INTRODUCTION
This document defines the procedures for the Offline Proof Test of the AC 800M HI.
Warning: by the nature of this test, there is a requirement to bypass safety inputs
and outputs which will prevent a genuine demand’s executive actions being
performed. It is the Asset Owner’s responsibility to consider this in the planning of
the offline proof test.
The tests described in chapter 5 shall be chosen based on the actual configuration used.

2 REFERENCES

2.1 Related Documents

Ref. Identity Title

[Re1] 3BSE034876* Reliability and Availability AC 800M High Integrity
[Re2] 3BNP004865* Safety Manual
[Re3] 3BSE054957 System 800xA Safety AO63111C-A1 Annex 1
[Re4] 3BSE054960 System 800xA Safety AO63111C-A1 Annex 2
[Re5] 3BSE036351* AC 800M Controller Hardware
[Re6] 3BSE020923* S800 I/O Getting Started,
[Re7] 3BSE020924* S800 I/O - Modules and Termination Units
[Re8] 3BSE035980* System 800xA Control 5.1 AC 800M Configuration
[Re9] 3BSE043732* System 800xA Control 5.1 AC 800M Planning
[Re10] 3BSE035981* System 800xA Control 5.1 AC 800M Binary and Analog
Handling

“*” In the table indicates document revision.

3 THE SCOPE OF THE OFFLINE PROOF TEST

The purpose of the offline proof test is to reveal undetected faults in a safety instrumented
system so that, if necessary, the system can be restored to its designed functionality. This
Offline Proof Test Instruction is valid for all systems according to Annex 1 [Re3] and
Annex 2 [Re4].

The scope of the offline proof test:

 Verify the equipment revisions with the valid Annex to certificate, [Re3] or [Re4]
 Test of functionality for the HW
 Test of auxiliary equipment such as
 Access enable switch
 Reset all forces push button
 Hot insert push button

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 2 (30)

  Status signaling from Power System
After a successful completion of the Offline Proof Test the impact on the PFD values are
given in Chapter 6.

4 Verification of certified SW and HW items

The instructions in chapter 4.1 and 4.2 are preconditions for the Offline Proof Test.

4.1 Software configuration

Verify that the SW configurations used are in accordance with the valid Annex to the
Certificate [Re3] or [Re4] Chapter 2. The example below is from Annex 2 [Re4].

Figure 1 Example from Annex2 Chapter 2.1 [Re4]

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 3 (30)

The valid Library versions can be found in [Re3] and [Re4] chapter 2.2. The example below is from
Annex 2 [Re4].

Figure 2 Examples of FW Libraries from Annex2 Chapter 2.2 [Re4]

Figure 3 Examples of SIL3 Libraries from Annex2 Chapter 2.2 [Re4]

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 4 (30)

The valid Library versions can be found in [Re3] and [Re4] chapter 2.2. The example below is from
Annex 2 [Re4].

Figure 4 Examples of SIL2 Libraries from Annex2 Chapter 2.2 [Re4]

The screen shoots below are example of where the versions can be found in the system.

Figure 5 Example of CB version

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 5 (30)

 Figure 6 Navigate to FW info

Figure 7 Example of PM865 FW version

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 6 (30)

 Figure 8 Example of installed FW versions

Figure 9 Example of PPA version

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 7 (30)

 Figure 10 Example of System Extension version

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 8 (30)

4.2 Hardware configuration
Verify that the HW versions used are in accordance with the valid Annex to the Certificate [Re3] or
[Re4] chapter 1.1. The example below is from Annex 2 [Re4].

Figure 11 Example of HW versions from Annex2 [Re4]

This information can be found in the controller log in the appropriate CB dialog.

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 9 (30)

 Press the Show Downloaded Items button in the Remote Systems dialog to upload the
Controller logs.

Figure 12 Controller firmware and HW revision in Controller log (remember to also check
backup log if redundant Controller is used)

Figure 13 SM firmware and HW revision in Controller log

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 10 (30)

 Press the Show Controller Analysis button in the Remote Systems dialog and select
Module Bus I/O Revisions from the Result drop down menu. Press the Get button and
the file below will be displayed.

Figure 14 HW revision of IO and Module bus cluster (this information is also written in
Controller log when an IO unit or cluster modem is configured

Product revision can also be found on the individual modules labels.

5 OFFLINE PROOF TEST PROCEDURES

If any of the test steps described below fails the unit is faulty and shall be replaced. How
to replace units and interpretations warnings can be found in the manuals. The manuals
listed below can also be used for interpretation of different LED: s indication.
 AC 800M Controller Hardware, [Re5]
 S800 I/O Getting Started, [Re6]
 S800 I/O - Modules and Termination Units, [Re7]
 System 800xA Control 5.1 AC 800M Configuration, [Re8]
 System 800xA Control 5.1 AC 800M Planning, [Re9]
 System 800xA Control 5.1 AC 800M Binary and Analog Handling, [Re10]

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 11 (30)

5.1 Test preparation.
Verify the HW and SW versions according to chapter 4 above.
Power down AC800M HI
Warning: by the nature of this test, there is a requirement to bypass safety inputs
and outputs which will prevent a genuine demand’s executive actions being
performed. It is the Asset Owner’s responsibility to consider this in the planning of
the offline proof test.

5.2 Test of Processing Unit (PM865, SM810/SM811 and BC810)

5.2.1 Non Redundant Processing Unit

 Power up the AC 800M HI
 Connect the CB.
 Download the application used in the system and go online.
In the appropriate CB dialog verify that there are no warnings or errors in the connected
system see an example below.

Figure 15 Example of online CB with no errors

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 12 (30)

 Figure 16 Example of Controller Status with no errors

Errors and warnings have to be corrected as described in the related Manuals, see
chapter 2.
 Perform a hot removal of the SM810/SM811
 Expected result
o The PM865 shall stop as a result of the hot removal of SM810/SM811.

5.2.2 Redundant Processing Unit

 Power up the AC 800M HI
 Connect the CB.
 Download the application used in the system and go online.
In the appropriate CB dialog verify that there are no warnings or errors in the connected
system see an example bellow.

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 13 (30)

 Figure 17 Example of online CB with no warnings

Figure 18 Example of Controller Status

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 14 (30)

 Errors and warnings have to be corrected as described in the related Manuals, see
chapter 2.

Step 1) Test of PM865

 Reset the Primary PM865
o The primary PM865 is indicated by the PRIM LED

PRIM and
DUAL LED

Figure 19 LED locations of PRIM and DUAL LED: s on PM865

 The Backup PM865 will be a new primary

 In the appropriate CB dialog verify that there are no warnings except a PM865
fault
 Reset the stopped PM865 and wait until the AC 800M HI is redundant, this is
indicated by the PRIM and DUAL LED on the PM865
 In the appropriate CB dialog verify that there are no warnings

 The SM810/SM811 shall not be affected by this procedure

 Reset the new primary PM865
o The primary PM865 is indicated by the PRIM LED
 The Backup PM865 will be a new primary
 In the appropriate CB dialog verify that there are no warnings except a PM865
fault

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 15 (30)

 Figure 20 Example of online Controller Status

Init button pressed on primary PM865

Figure 21 Example of Controller Status after Init button pressed

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 16 (30)

 PM865 Switch over, Unit is starting up,

Figure 22 Example of Controller Status during startup

Figure 23 Example of Controller Status after redundancy is restored

Figure 24 Example of Controller Status after “Clear Latched Unit Status” is used

 Reset the stopped PM865 and wait until the AC 800M HI is redundant
o Indicated by the PRIM and DUAL LED on both PM865
 In the appropriate CB dialog verify that there are no warnings
 The SM810/SM811 shall not be affected by this procedure

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 17 (30)

 Step 2) Test of SM810/SM811
 Make sure that both SM810/SM811 are up and running
Make a hot removal of the backup SM810/SM811
o Backup is indicated by the PRIM LED off on the SM810/SM811, described
in the AC 800M Controller Hardware Manual [Re5],

PRIM and
SYNC LED

Figure 25 Location of PRIM and SYNC LED on SM810/SM811

 In the appropriate CB dialog verify that there are no warnings except a

SM810/SM811 missing
o Perform a Hot Insert of the SM810/SM811
o Described in the AC 800M Controller Hardware Manual [Re5]
o Success is indicated by the SYNC LED on the SM810/SM811
 In the appropriate CB dialog verify that there are no warnings
 Make sure that both SM810/SM811 are up and running
 Make a hot removal of the primary SM810/SM811
o Described in the AC 800M Controller Hardware Manual [Re5]
o Indicated by the PRIM LED on
 In the appropriate CB dialog verify that there are no warnings except a
SM810/SM811 missing
 Perform a Hot Insert of the SM810/SM811
o Described in the AC 800M Controller Hardware Manual [Re5]
o Success is indicated by the SYNC LED on the SM810/SM811
 In the appropriate CB dialog verify that there are no warnings
The PM865 shall not be affected by this test sequence.

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 18 (30)

5.2.3 Test of SM810/SM811 I/O interface
Step 1) Test of Access Enable key switch (AE) connected to I2 input on SM810/SM811
Turn the Access Enable key switch on, the ACCESS EN LED shall be on on both
SM810/SM811.
Turn the Access Enable key switch off, the ACCESS EN LED shall be off on both
SM810/SM811.

ACCESS EN
LED

Figure 26 Location of ACCESS EN LED on SM810/SM811

Step 2) Test of Reset All Forces switch connected to I1 input on SM810/SM811

Press the push-button connected to the Reset All Forces input. In the controller log a text
with the timestamp of the test time shall be found.

"W 2011-10-18 16:41:53.191 Unit= _SWFirmware Controller_1 1033 Reset of controller forces performed "

Step 3) Test of Hot Insert button connected to I3 on SM810/SM811.

This test is performed as a part of chapter 5.2.2. For a non-redundant SM810/SM811 and
for SIL2 only systems the test is not needed.

5.3 Test of I/O system

5.3.1 Test of Non Redundant Cluster Modem TB840/TB840A including base plate TU807
These units are tested as part of the I/O test described in chapter 5.3.3, 5.3.4 and 5.3.5.
The status input is tested as part of the Power system test described in chapter 5.4

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 19 (30)

5.3.2 Test of Redundant Cluster Modem TB840/TB840A including base plate TU840, TU841,
TU848 or TU849
These units are tested as part of the I/O test described in chapter 5.3.3, 5.3.4 and 5.3.5.
for the communication part.
The status input is tested as part of the Power system test described in chapter 5.4.
Additional tests to be performed on the redundancy.
Step 1)
 Power up the AC 800M HI
 Connect the CB.
 Download the application and go online.
 Check that Modulebus communication have started
o Indicated on the Rx1, Rx2, ERx1 and ERx2 LED:s on TB840/TB840A

Rx1
Rx2
ERx1
ERx2
LED: s

Figure 27 Location of LED: s on TB840/TB840A

A changeover of redundant PM865 will take place when the TB840/TB840A

connected to the primary PM865 is removed.

1. Perform a hot removal of one of the TB840/TB840A:s

2. In the appropriate CB dialog verify that there is a warning of a missing
TB840/TB840A

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 20 (30)

 Figure 28 Example of status with TB840/TB840A removed

Figure 29 Example of status with TB840/TB840A removed

3. Perform a hot insert of the removed TB840/TB840A unit

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 21 (30)

 4. In the appropriate CB dialog verify that there is no warnings of a missing
TB840/TB840A

Figure 30 Example of TB840/TB840A status

5. A changeover of redundant PM865 will take place when the TB840/TB840A

connected to the primary PM865 is removed.
6. Perform step 1 to 5 for each TB840/TB840A

5.3.3 Test of AI880 and AI880A including TU834, TU844 or TU845

Preparation
 Power up the AC 800M HI
 Connect the CB.
 Download the application and go online.

5.3.3.1 Test of TY801 Shunt stick

Remove one AI880/AI880A in the redundant pair.
 Remove all TY801 in sequence, but only one at the time from the
TU834/TU844/TU845
 In the appropriate CB dialog a channel error shall be indicated

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 22 (30)

 Figure 31 Example of status for AI880 when backup is removed

Figure 32 Example of status for AI880 when ShuntStick (TY801) is removed

TY801

Figure 33 Location of TY801

Install the removed unit and remove the other unit and redo the test.

5.3.3.2 Test of External Power supervision

 Remove one AI880/AI880A in the redundant pair.
 Remove the terminal marked L+ on TU834/TU844/TU845

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 23 (30)

 o See the manual S800 I/O - Modules and Termination Units [Re7]
 In the appropriate CB dialog a channel error shall be indicated

L+
terminal

Figure 34 Location of L+ terminal

Reinstall the removed L+ terminal
Install the removed unit and remove the other unit and redo the test.

5.3.3.3 Test of TU834/TU844/TU845

 Remove one AI880/AI880A in the redundant pair.
 For each of the 8 channels remove all cables on one channel at the time
o See the manual S800 I/O - Modules and Termination Units [Re7]
 In the appropriate CB dialog a channel error shall be indicated
Install the removed unit and remove the other unit and redo the test.

5.3.4 Test of DI880 including TU8xx

A description of the different Termination Units that can be used with DI880 can be found
in the manual S800 I/O - Modules and Termination Units [Re7]. In that manual the specific
terminal can be found. In this description TU842 is used as an example.

5.3.4.1 Test of External Power supervision

 Remove one DI880 in the redundant pair.
 Remove the terminal marked L+ on TU842
o See the manual S800 I/O - Modules and Termination Units [Re7]
 In the appropriate CB dialog a channel error shall be indicated

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 24 (30)

 L+
terminal

Figure 35 Location of L+ terminal

Reinstall the removed L+ terminal

Install the removed unit and remove the other unit and redo the test.

5.3.4.2 Test of TU842 with DI880

 For each of the 16 channels drive each channel high and low and observe the
LED:s on the DI880:s front
 The corresponding channel LED shall be lit if the input is driven high and off if low

Channel LED

Figure 36 Location of Channel LED:s

5.3.5 Test of DO880 including TU8xx

A description of the different Termination Units that can be used with DO880 can be found
in the manual S800 I/O - Modules and Termination Units [Re7]. In that manual the specific
terminal can be found. In this description TU842 is used as an example.

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 25 (30)

5.3.5.1 Test of External Power supervision
 Remove one DO880 in the redundant pair.
 Remove the terminal marked L+ on TU842
o See the manual S800 I/O - Modules and Termination Units [Re7]
 In the appropriate CB dialog a channel error shall be indicated

L+
terminal

Figure 37 Location of L+ terminal

Reinstall the removed L+ terminal

Install the removed unit and remove the other unit and redo the test.

5.3.5.2 Test of TU842 with DO880

 Drive all outputs high, indicated by the channel LED on the front
 Measure with a Voltmeter on the appropriate terminals on TU842
o See the manual S800 I/O - Modules and Termination Units [Re7]
o The measured voltage shall be above 19V (0,8V below L+ voltage)
 Drive all outputs low, indicated by the channel LED on the front
 Measure with a Voltmeter on the appropriate terminals on TU842
o See the manual S800 I/O - Modules and Termination Units [Re7]
o The measured voltage shall be below 2V

5.4 Test of Power supply system

The user can consider replacing the mains power supplies for availability reasons. This is
only an availability decision.
This test is only needed if SA and/or SB status indication is used on PM865, TU807,
TU840, TU841, TU848 or TU849 with redundant power supplies SD8xx and SS823.

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 26 (30)

  Turn off one mains power line at the time on A side and verify indication in the
appropriate CB dialog
 Turn off one mains power at the time on B side and verify indication in the
appropriate CB dialog

Figure 38 Example of online CB Status during test of power status

RPA, RPB warning on CPU

Figure 39 Example of Controller Status during test of power status

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 27 (30)

 RPA, RPB warning on ModuleBus

Figure 40 Example of Modulebus status during test of power status

SA and SB
on PM865

Figure 41 Location of SA and SB on PM865

SA and SB
on TU841

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 28 (30)

 Figure 42 Location of SA and SB on TU841

6 PFD Calculation Impact

The Offline Proof Test coverage’s impact on PFD calculation is, using the following
assumptions, a 15% increase at end of life, compared to replacing the HW every 8 year.
 MTTR less than 72 hour
 Proof test interval 8 years
 Proof test coverage, executing according to this document, is 95%
 System life time 24 years

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 29 (30)

REVISION

Rev. ind.: Page (P) Description Date

Chapt. (C) Dept.
- All New Technical Description, 2011-12-21

A Title Changed document title according to publishing guideline for 2012-05-09

ABB Library. MG
Technical Description Offline Proof Test Description ->
AC 800M HI Offline Proof Test Description Technical
Description

ABB AB

Doc. Id. 3BSE067123 Rev. A Date. 2012-05-14 30 (30)