National Fire Protection Association Report https://submittals.nfpa.org/TerraViewWeb/ContentFetcher?commentPa...
Public Input No. 12-NFPA 502-2023 [ New Section after 7.4.7.3 ]
7.4.7.x For facili es that u lize a SCADA system to monitor and control facility subsystems that are part of an integ 7.4.7.2, the SCADA system shall include SIL 2 rated safety func ons for the ini a on of re protec on as par accordance with the ANSI ISA 84/IEC 61511, Standard Func onal safety Safety instrumented systems for th
Additional Proposed Changes
File Name Description Approved
Professional NFPA_Professional_Backaground_and_Experience_- background _Thomas_Kuhn.docx information for Thomas Kuhn
Statement of Problem and Substantiation for Public Input
Most tunnels utilize high availability SCADA systems for tunnel ventilation control and now increasingly for fire protection as well. Fire alarm systems, which are listed for fire alarm use, generally do not provide the functionality or controls capability for advanced fire protection functions such as positive alarm sequencing, operator intervention, remote and automated control and interface with other systems (e.g., traffic control systems, ITS). The previous inclusion of SIL-2 certified components was the next logical step for fire protection by SCADA systems. This suggested addition is the next logical step in tunnel safety for SCADA systems because it requires the process of calculating the SIL rating based on availability and design of the SCADA systems fire protection safety function. It limits the safety function requirements to fire protection only, which is a more discrete and attainable standard for current technology.
Submitter Information Verification
Submitter Full Name: Thomas Kuhn
Organization: Mott MacDonald Street Address: City: State: Zip: Submittal Date: Tue May 23 15:32:37 EDT 2023 Committee: ROA-AAA
20 of 60 9/12/2023, 2:10 PM National Fire Protection Association Report https://submittals.nfpa.org/TerraViewWeb/ContentFetcher?commentPa...
Public Input No. 11-NFPA 502-2023 [ Section No. 7.4.7.3 ]
7.4.7.3* For facili es that u lize a nonlisted nonlisted SCADA system to monitor and control facility subsystems that are a part of an integrated emergency response system described in 7.4.7.2 , the components of the SCADA system including and between the programmable logic control pla orm (logic solver) and the its eld level input/output modules , shall a ain be cer ed to a minimum safety integrity level Safety Integrity Level (SIL) of SIL - 2 in accordance with the IEC 61508, Standard for Func onal Safety of Electrical/Electronic/Programmable Electronic Safety Related Systems .
Additional Proposed Changes
File Name Description Approved
Professional NFPA_Professional_Backaground_and_Experience_- background _Thomas_Kuhn.docx information for Thomas Kuhn
Statement of Problem and Substantiation for Public Input
The IEC standard 61508 is for manufacturers of controls equipment. Leading manufacturers of PLCs have their equipment certified to a SIL rating by an independent agency such as TÜV Rheinland according to both 61058 and 61511. It is important to note that the certification is for the equipment components and systems provided by manufacturers and not the final installed system by the end users. Understanding then that the intent of this paragraph is to use SIL rated components for PLC systems used for fire protection such as deluge or high-pressure mist systems in tunnels, then these minor modifications are intended to clarify the requirement to use SIL-2 certified components.
Secondly, the and between language is suggested to be removed and the logic solver language added to be consistent with the terms in the 61508/61511 standards. The logic solver component of a safety instrumented system (SIS) is typically the PLC (Programmable Logic Controller) and its input/output (I/O) modules. Most mainstream, commercially off-the-shelf PLCs and their I/O modules have versions with SIL 2 certification, but it is not clear what and between would refer to as the logic solver definition includes functionality for PLC backplanes, network/communication I/O adapters etc. Including and between may lead to misinterpretations of the 502 standard to include interposing relays, network switches and other devices which are not part of the SIS or its safety function. By using logic solver the necessary components are implied.
Submitter Information Verification
Submitter Full Name: Thomas Kuhn
Organization: Mott MacDonald Street Address: City: State: Zip: Submittal Date: Tue May 23 14:22:53 EDT 2023 Committee: ROA-AAA
