Machine and Process Management

Why the number ‘3’ is safety’s magic number

Humans have always had a fascination with the number 3. Its long-symbolized perfection is often noted in scientific, mathematical, and even religious contexts. More specifically, it’s the lowest odd number with which a majority vote can be assured.

Three is a critical number when it comes to safety. A backup to a backup is seen as a minimum level of protection in settings like hospitals, where building codes and standards often require two redundant power sources to support critical systems.

The number 3 is also key to our EcoStruxure Triconex Safety Systems design.

For over 30 years, the foundation for these products has been a triple modular redundant architecture (TMR).

The TMR architecture can be found in many safety-critical applications, from nuclear power plants to NASA rockets. While we continue to innovate with these offerings, new features are like branches growing from a massive tree that is TMR.

Real-world field experience has demonstrated the value of this TMR foundation. One of our customers recently discussed with us that they have more than 70 Triconex systems installed in their plant, many for as long as 30 years, and they’ve never had a nuisance trip attributed to it. For a company that measures its revenue in millions of dollars per hour, our safety systems have delivered value that directly impacts its line-one performance. This is just an example of more than 25,000 installations in over 80 countries.

What is TMR – and why does it matter?

Before I talk about what TMR is, I’d like to discuss what it is not.

TMR is not a technology; it’s an architecture.

Technology is ever evolving. Electronics, for example, continue to get smaller, faster, and more powerful. On the other hand, architecture is how a system is fundamentally designed and behaves.

TMR is a two-out-of-three (2oo3) architecture providing the ideal balance for industrial safety systems between being fail-safe and fault-tolerant. With a TMR approach, redundancy is inherently provided, and the two-out-of-three voting algorithm and diagnostics mean that there are no single points of failure. This provides for error-free, uninterrupted operation – even in fault conditions.

Our 2oo3 architecture sets Schneider Electric’s safety system apart from the approach taken by many other safety system vendors. They’ve adopted a one-out-of-two (1oo2) design to lower costs, but a majority can’t be assured with only two channels. Therefore, when a fault occurs, the system must go to the fail-safe state and halt operations. While this may fail safe, it can have a significant economic impact and create a safety burden associated with the high risk of restarting a complex hazardous process.

Mathematically speaking, an average safety system using a 1oo2 architecture is highly likely to incur spurious trips resulting in downtime costs to the owner-operator. To avoid this business disruption, fault tolerance is often a stated requirement. To comply, 1oo2 vendors deploy an additional IO module in a “pair and a spare” scheme, also referred to as 2oo4. However, this creates four channels instead of three, which increases the overall lifecycle costs, creates more potential points of failure, and still provides no assurance of a majority vote. With a Triconex TMR system, multiple simultaneous faults can be tolerated, and the system will continue to operate safely.

Bringing value-added safety

The TMR architecture is just the foundation of our safety system solutions. Users also benefit from:

  1. Lower engineering effort and reduced training, maintenance, and support costs by having the same high-availability, fault-tolerant system for both safety- and critical control applications, including:
    • Emergency shutdown
    • Fire and gas
    • Burner management
    • High-integrity pressure protection
    • Turbomachinery control and protection
  1. A single TÜV certificate for both safety and cybersecurity for the highest levels of integrity and resilience against hazardous events and threats.
  2. Access to versatile system deployment allows you to design the system how you want, saving engineering time, construction, and installation costs.
  3. A flexible choice of form factors can translate into valuable space savings.

It’s all in the numbers

The 1997 film Contact explored the concept that if we ever reached intelligent life away from Earth, then the math would be the one thing we’d have in common. Why? Because the laws of math are universal and constant.

The number 3 will always be the optimal number for voting. TMR is still the optimal architecture for safety and reliability, and Triconex is still the trusted brand for safety and critical control.


No Responses

Leave a Reply

  • (will not be published)