13
Pressure Transmitter Series 2000T and 265Ax, 265Gx, 265Vx, 265Dx, 265Jx, 267Cx, 269Cx
SM 265/7/9 SIL-EN
Instructions for Functional Safety
©
exida.com
GmbH
abb 03-09-13 r001 v1 r1.2, March 1, 2004
Stephan Aschenbrenner
Page 3 of 11
For safety applications only the 4..20 mA output was considered. All other possible output
variants or electronics are not covered by this report. The different devices can be equipped
with or without display.
The failure rates used in this analysis are the basic failure rates from the Siemens standard
SN 29500.
According to table 2 of IEC 61508-1 the average PFD for systems operating in low demand
mode has to be
t
10
-3
to < 10
-2
for SIL 2 safety functions. A generally accepted distribution of
PFD
AVG
values of a SIF over the sensor part, logic solver part, and final element part assumes
that 35% of the total SIF PFD
AVG
value is caused by the sensor part. For a SIL 2 application the
total PFD
AVG
value of the SIF should be smaller than 1,00E-02, hence the maximum allowable
PFD
AVG
value for the sensor part would then be 3,50E-03.
The pressure transmitter 2600T / 2000T Series with 4..20 mA output is considered to be a Type
B
1
component with a hardware fault tolerance of 0.
Type B components with a SFF of 60% to < 90% must have a hardware fault tolerance of 1
according to table 3 of IEC 61508-2 for SIL 2 (sub-) systems.
As the pressure transmitter 2600T / 2000T Series with 4..20 mA output is supposed to be a
proven-in-use device, an assessment of the hardware with additional prior-use demonstration
for the device and its software was carried out. The prior-use investigation was based on field
return data collected and analyzed by ABB Automation Products GmbH. This data cannot cover
the process connection. The prior-use justification for the process connection still needs to be
done by the end-user.
According to the requirements of IEC 61511-1 First Edition 2003-01 section 11.4.4 and the
assessment described in section 5.1 the Type B pressure transmitter 2600T / 2000T Series with
a hardware fault tolerance of 0 and a SFF of 60% to < 90% is considered to be suitable for use
in SIL 2 safety functions The decision on the usage of prior-use devices, however, is always
with the end-user.
Failure rates that are assigned to the various failure modes of the sensor part of the pressure
transmitter 2600T / 2000T Series were obtained from field failure data using only operational
hours from the warranty period of operation. Confidence Interval calculations were done using a
chi-square distribution and an upper limit failure rate based on a 70% confidence factor per
IEC 61508. The failure rate results were compared with industry databases [N6] and found to be
within a reasonable range considering the much higher amount of operational hours.
Assuming that a connected logic solver can detect both over-range (fail high) and under-range
(fail low), high and low failures can be classified as safe detected failures or dangerous detected
failures depending on whether the pressure transmitter 2600T / 2000T Series with 4..20 mA
output is used in an application for “low level monitoring”, “high level monitoring” or “range
monitoring”. For these applications the following tables show how the above stated
requirements are fulfilled.
Type B component:
“Complex” component (using micro controllers or programmable logic); for details
see 7.4.3.1.3 of IEC 61508-2.
