A turn-off device for a sensor, an actuator or a control unit for a vehicle or for an industrial facility, the sensor, the actuator or the control unit being connectable via a PHY interface to a communication network, via which the sensor, the actuator or the control unit is able to exchange messages with other units of the vehicle or of the industrial facility, the turn-off device including a blocker, which physically prevents the PHY interface from sending messages to the communication network. A sensor, an actuator or a control unit that includes the turn-off device, a method for functional checking, and an associated computer program are also described.

An industrial safety zone configuration system leverages a digital twin of an industrial automation system to assist in configuring safety sensors for accurate monitoring of a desired detection zone. The system renders a graphical representation of the automation system based on the digital twin and allows a user to define a desired detection zone to be monitored as a three-dimensional volume within the virtual industrial environment. Users can define the locations and orientations of respective safety sensors as sensor objects that can be added to the graphical representation. Each sensor object has a set of object attributes representing configuration settings available on the corresponding physical sensor. The system can identify sensor configuration settings that will yield an estimated detection zone that closely conforms to the defined detection zone, and generate sensor configuration data based on these settings that can be used to configure the physical safety sensors.

A control system is for controlling safety-critical processes, non-safety-critical processes, and/or installation components. The control system includes: at least one control unit configured to control non-safety-critical processes and/or non-safety-critical installation components, at least one safety control unit for controlling safety-critical processes and/or safety-critical installation components, and at least one input/output unit connected to the first control unit via an internal input/output bus. The control system is configured to act as communication master or as communication minion or as both in a pool having other devices that is connected via field bus, and to that end, the control system includes a master communication coupler and a minion communication coupler. The control system is modularly configurable. At least the safety control unit includes respective subunits with master functionality and subunits with minion functionalities.

A safety switch with differentiated CPUs comprises a switching device (2) associated with a fixed part of an access to be controlled and having switching means connected to one or more circuits of the system for the opening/closing thereof, a driving device (3) associated to a movable part of the access to interact with the switching means for opening/closing of one or more circuits, control means (6) associated with the switching device (2) and adapted to receive input signals from the circuits through respective communication buses for sending an error signal and/or for stopping the system in case of no signal or detection of non-compliance, wherein the control means (6) comprise a main CPU (7) connected with the communication buses (9) associated with safety functions and at least one auxiliary CPU (8) connected solely to the communication buses (12) associated with circuits and/or devices not related to safety conditions.

A detection device for safety apparatuses for the control of industrial machines or plants comprises a reading head adapted to be associated with the receiving device of the safety apparatus to receive a presence signal provided with the identification code following the positioning of one of the movable actuators at a predetermined minimum distance from said reading head, a processing circuit integrated in said head and adapted to generate a plurality of output signals corresponding to respective command or signalling functions for one or more parts of the machine or plant, wherein the processing circuit is adapted to associate to each of said identification signals a personalized combination of said output signals for the execution of respective combinations of said functions differentiated for one or more of said movable actuators.

A control system configured to control safety-critical and non-safety-critical processes and/or plant components includes: a non-safety controller module, at least one safety controller module, and at least one condition monitoring module. The non-safety controller module is configured to control the non-safety-critical processes and/or the non-safety-critical plant components. The at least one safety controller module is configured to control the safety-critical processes and/or the safety-critical plant components. The at least one condition monitoring module is configured to perform fail-safe condition monitoring and to collect monitoring data. The non-safety controller module is configured to receive the collected monitoring data from the condition monitoring module and to pass the collected monitoring data to the safety controller module. The safety-controller module is configured to evaluate the monitoring data based on safety conditions.

Some implementations provides a system to implement a safety control at an oil and gas facility, the system comprising: one or more motor control centers, each comprising a network interface, and a programmable logic controller (PLC), wherein each motor control center is configured to monitor and control one or more field devices coupled thereto, and wherein a plurality of field devices are dispersed at the oil and gas facility; and a safety instrumented system (SIS) in communication with the one or more motor control centers through the network interface thereof, wherein each motor control center is configured to communicate with the SIS without an interposing relay, and wherein the SIS comprises control elements configured to implement the safety control at the oil and gas facility based on communication with each motor control center through the network interface thereof.

An industrial safety zone configuration system leverages a digital twin of an industrial automation system to assist in configuring safety sensors for accurate monitoring of a desired detection zone. The system renders a graphical representation of the automation system based on the digital twin and allows a user to define a desired detection zone to be monitored as a three-dimensional volume within the virtual industrial environment. Users can define the locations and orientations of respective safety sensors as sensor objects that can be added to the graphical representation. Each sensor object has a set of object attributes representing configuration settings available on the corresponding physical sensor. The system can identify sensor configuration settings that will yield an estimated detection zone that closely conforms to the defined detection zone, and generate sensor configuration data based on these settings that can be used to configure the physical safety sensors.

An electronic safety switching device comprising at least a first and a second signal processing channel to which input signals may be supplied for signal processing. The first and second signal processing channels provide processed output signals, wherein the first and the second signal processing channels process the supplied input signals redundantly with respect to one other. The first and the second signal processing channels are each formed as integrated circuits, wherein the first signal processing channel is arranged monolithically on a first semiconductor substrate, and the second signal processing channel is arranged monolithically on a second semiconductor substrate. Furthermore, the first and the second semiconductor substrates are combined into a stack to form a one-piece electronic component.

The present disclosure belongs to the field of offshore oil, and in particular relates to a method for assessing the safety integrity level of offshore oil well control equipment. The method for assessing the safety integrity level of the offshore oil well control equipment comprises three major steps: creating a safety instrumented function evaluation module and dividing the related devices for performing the safety instrumented functions into a sensor subsystem; a controller subsystem and an actuator subsystem, establishing a dynamic Bayesian network model for respective subsystems for calculation; and integrating, analyzing and optimizing the safety integrity data of the subsystems.