FSC Navigator: Your Guide in Safety

Management System Implementation,

Maintenance, and Compliance

SAFETY MANAGEMENT SYSTEMS

FSC Navigator is a powerful Windowsbased software package that guides you

in the implementation, maintenance,
and compliance of your safety applications.
It allows you to configure the FSC system,
design the application program, generate
application documentation, and monitor the
FSC system. The design of this package
incorporates requirements that are laid
down in recognized standards including
DIN 19250 and VDE 0801, as well as new
emerging international standards such
as IEC 61508 and ISAS84.01. FSC
Navigator is used in conjunction with the
FSC controllers to create safety solutions
that are used in processes which require
programmable electronic systems suitable
for use in AK4-6 or SIL2-3 environments.

assistance to the user. FSC Navigator

constantly checks for configuration errors or
application changes that affect the functional
safety. If it detects such deviations, it will
log them and warn the user. To be able to do
this, the software has been centered around
a number of databases which contain
the configuration data, the tag numbers,
and the application program (as defined
in Functional Logic Diagrams, or FLDs).
The tag number and configuration databases
have an interface which allows the information that already exists in other
dBASE-compatible databases to be imported
into the FSC databases. Figure 2 shows
the basic architecture of the FSC Navigator software. Depending on the country
and customer preferences, it is possible to

FSC Navigator Reduces Errors

During Application Development
FSC Navigator offers users different ways
to access the safety application development.
The experienced user can use pull-down
menus and shortcut keys for frequently
used functions. The occasional user can
follow the functional flow diagrams
(see Figure 1).
The navigation area has three main components which are symbolized by yellow
circles: Project Configuration, Safety
Compliance, and On-Line Environment.
Each of these represents a stage in the
design and maintenance cycle, with a
number of distinct tasks. Clicking any of
the three circles in the navigation area
will take you to the corresponding screen.
The FSC Navigator software is designed
for configuration of functional safety
applications. Its aim is to provide a userfriendly environment that offers optimum

Figure 1: FSC Navigator main screens

select up to four different symbol libraries

for the Functional Logic Diagrams.
A number of features are available that
enable the user to create hardcopy of the
information contained in the FSC databases.

FSC Navigator Ensures Up-ToDate Program Documentation

The FSC system's control functions are
defined through Functional Logic Diagrams
(FLDs) that use IEC 61131-3 compliant
symbols. Once the FLDs have been
defined, they are turned into code that can
be executed by the FSC control processor.
System documentation is also updated
during this process, and can be easily printed.

Figure 2: Basic architecture of FSC Navigator software

As defined in IEC 61508 and S84.01,

maintenance of a safety system during its
complete lifecycle is a constant area of
attention. FSC Navigator has superior
documentation features, which ensure
up-to-date documentation at any stage of
the safety lifecycle. Figure 3 shows a
hardcopy example of a Functional Logic
Diagram (FLD), which demonstrates the
flexibility of the programming technique
used in FSC Navigator. FLD programming includes the facility of encapsulation
or modularization using function blocks,
which are comparable to subroutines in
high-level programming languages.
This allows function blocks to be used to
create complex functions. Function blocks
only need to be tested once and can then
be reused without the need for testing
them again. The information in the revision
indicator found in the bottom left corner of
the FLD printout is maintained automatically,
with confirmation by the user. The FLD documentation set can be completed to include:
a legend of symbols,
an index of all FLDs in the documentation set,
an index of all tag numbers used, and
comment sheets.

FSC System Configuration

Figure 3: Functional Logic Diagram (FLD)

FSC Navigator assists the user in the

allocation of points and I/O modules.
The most important parameter in the
configuration of a point is the decision
whether or not it will be used for a safety
function. If that is the case, it automatically
implies that the point can only be allocated
to a fail-safe I/O module and only to certain
types of I/O modules. FSC Navigator
carries out extensive checks and will only
present valid options, which helps the user
to prevent making configuration errors.
To make hardware allocation easier, the
rack layouts highlight all module and I/O
point positions that are available in the rack.
Asimilar feature is provided for the allocation
of a point to a specific channel of a module.
Information regarding I/O configuration
can be retrieved in various ways:
per specific point (see Figure 4),
per point type, or
in sequential order.
This allows easy and flexible analysis of
the system configuration.

FSC Navigator Assists During

Start-Up and Commissioning
With the FSC system on-site, the activities
for start-up and commissioning commence.
During these activities FSC Navigator will
assist in checking the system diagnostics
and application logic. It can also force
signals to certain predefined values.
In addition, each FSC controller can log

and timestamp events, and send these to

a dedicated local printer or to the FSCSOE
(Sequence Of Events) software package
for Windows (see Figure 5).

FSC Supports On-Line

Modification to Improve Process
Availability

Figure 4: Example of point configuration for FSC system

Part of plant control involves upgrades,

maintenance, and process improvements.
Most of these activities affect the process
control system which can normally be
modified on-line. However, in some cases
it is necessary to modify the safety system.
It is then an advantage to be able to modify
the safety system on-line, as this will not
require a process shutdown which would
mean loss of production time. The FSC
system is the first safety system to obtain
TV approval for on-line modification with
a running process. This is accomplished
with extra safety checks within the FSC
Navigator environment as well as the
safety system itself.

FSC Navigator Has Verification

Features to Guarantee
Application Program Integrity

Figure 5: FSCSOE

FSC Navigator has a powerful feature

which allows the user to compare the
control program in the FSC system with
the application databases as stored on the
FSC user station (see Figure 6). This feature can be used in two ways: as a project
verification tool, or as a revision control
tool. If used as a project verification tool,
the verification option will confirm that no
translation or transfer faults have occurred
to the control program. FSC Navigator
will then compare the translated control
program as it is present in the FSC system
with the FSC databases and Functional
Logic Diagrams (FLDs) that are stored on
the FSC user station. This allows the user
to verify that the defined control program
has been loaded correctly. This verification
process is part of the safety lifecycle as
laid down in IEC 61508 and ISAS84.01.
As a revision control tool, the verification
option is used to compare different
versions of the control programs in the
FSC system and the FSC user station.
This option is typically used to list all
the differences (modifications)
between the 'old' version, which is stored
in the FSC system, and the new version,
which is stored on the FSC user station.
This method can be used to check if all
modifications have been implemented
correctly. All differences found between
the control program in the FSC system
and on the FSC user station are recorded
in a verification log file, which can be
viewed on screen, printed, or saved to
disk for further analysis.

or on user-defined screens which can be

used to group, for example, the I/O signals
for a process unit or subunit, and
extended diagnostics and FSC system
status, which provide full support for
diagnosing problems within the FSC system.
The on-line environment as shown in
Figure 7 displays the application logic as
currently executed in the FSC controller(s).
It is identical to the configured and printed
logic, which allows easy cross-reference
between printed and live logic.

Figure 6: Verification of an application

On-Line Environment
The on-line environment of the FSC
Navigator software provides an interface
with the FSC system, and supports the user
in performing a number of maintenance
tasks. The on-line features are used to show

the status of the process and the connected

FSC system(s) in a number of ways:
continuously updated display of the
Functional Logic Diagrams (including
values of boolean and analog signals),
continuous update of I/O tag numbers
organized per Functional Logic Diagram

In Conclusion
FSC Navigator is an intuitive, user-friendly
software package that allows the user to
create and maintain his safety applications
in a structured and cost-effective manner.
It allows fast and easy access to system
and process information, which results
in faster process start-up and shorter
maintenance cycles.
FSC Navigator Your Guide in Safety
Management System Implementation,
Maintenance, and Compliance.

FSC Navigator requires a Pentium

166-MHz processor or higher, 16 MB
RAM (32 MB recommended), and 15 MB
hard disk space for the application
files (plus sufficient free hard disk
space to hold all project files).
Figure 7: Display of "live" Functional Logic Diagram

TotalPlant, FSC are U.S. registered trademarks of Honeywell Inc.

All other brand and product names shown above are trademarks of their respective owners.
For more information on Honeywells FSC Safety Manager, as well as other TPS system products and services,
contact your Honeywell Industrial Automation and Control account representative.

Honeywell Industrial Automation & Control

http://europe.iac.honeywell.com
Honeywell I.A.C. Brussels All specifications subject to change without prior notice.
EN3I-9026/3 01/99 R0-PA Vintage Productions.