12
TTH200, TTR200, TTF200
TEMPERATURE TRANSMITTER | SM/TTX200/SIL-EN REV. E
10
Example PFD
AVG
Calculation
This example calculation demonstrates the PFDAVG calculation performed for a temperature transmitter TT*200-*H according
Table 2 of ‘Appendix Exida FMEDA Report’.
Considering the following SIS application data:
• Architecture: 1oo1 (single channel, nonredundant, HFT 0)
• Proof Test Coverage: 95 %
• Mission Time: 10 years
• Mean Time to Restoration: 24 hours
The resulting PFD
AVG
for a variety of proof test intervals is shown below:
PFD
AVG
1 year Proof Test
2 years Proof Test
5 years Proof Test
PFD
AVG
= 1.75E-04
PFD
AVG
= 2.85E-04
PFD
AVG
= 6.15E-04
This means that for a SIL2 application, the PFD
AVG
for a 1-year Proof Test Interval is approximately equal to 1.8 % of the allowed range.
11
Failure modes, failure rates and diagnostics
Failure modes, the outputs and estimated failure rates of the compliant item (in terms of the behavior of its output) due to random
hardware failures have been analyzed by ABB Automation Products GmbH and Exida GmbH in compliance to the IEC 61508 demands.
See ‘Appendix Exida FMEDA Report’ on the related failure data.
Failure Rates
The failure rate data used by Exida in the attached FMEDA are the basic failure rates from the Siemens standard SN 29500. The rates
were chosen in a way that is appropriate for safety integrity level verification calculations. The rates were chosen to match operating
stress conditions typical of an industrial field environment. It is expected that the actual number of field failures due to random
events will be less than the number predicted by these failure rates.
The listed SN 29500 failure rates are valid for operating stress conditions typical of an industrial field environment similar to IEC
60654-1 class C (sheltered location) with an average temperature over a long period of time of 40 °C (25 °C ambient temperature plus
internal self-heating). For a higher average temperature of 60 °C, the failure rates should be multiplied with an experience-based
factor of 2.5. A similar multiplier should be used if frequent temperature fluctuation (daily fluctuation of > 15 °C) must be assumed.
It is assumed that the equipment has been properly selected for the application and is adequately commissioned such that early life
failures (infant mortality) may be excluded from the analysis.
Failures caused by external events, however, should be considered as random failures. Examples of such failures are loss of power or
physical abuse.
The assumption is also made that the equipment is maintained per the requirements of IEC 61508 or IEC 61511 and therefore a
preventative maintenance program is in place to replace equipment before the end of its ‘useful life’.
The user of these numbers is responsible for determining their applicability to any particular environment. Accurate plant specific
data may be used for this purpose. If a user has data collected from the proof test reporting system that indicates higher failure
rates, the higher numbers shall be used. Some industrial plant sites have high levels of stress. Under those conditions the failure rate
data shall be adjusted to a higher value to account for the specific conditions of the plant.
