7
6
SM Surge Rev 2
3 Selection of product and implications
The choice of surge protection component is made according to the location, signal type, signal level and
operational or maintenance considerations for the safety instrumented function rather than any safety
aspect of the surge components themselves.
See the previous comments regarding the nature of surge protection in relation to functional safety applications.
The information given in section 4 provides the hardware failure rates for the surge protection devices according to
the expected consequence of the failures upon the signal passing through the device. The user can thus assess the
effect of such failures upon the safety instrumented function.
4 Assessment for use in functional
safety applications
On their own, surge protection devices do not perform a safety function and are considered as wiring
components within the contexts of IEC 61508 and its associated standards. As such, the evaluation for use
within a safety function, to a specific SIL level of such products, is not possible. However, when used as part of
a complete safety system, the product can be assessed with regard to failure modes and effects on the overall
system.
The hardware assessment shows that the surge protection devices:
•
have a hardware fault tolerance of 0
•
are classified as Type A devices (“Non-complex” component with well-defined failure modes)
•
have no internal diagnostic elements
The results of a Failure Mode and Effect Analysis to determine the hardware failure rate of the modules were
determined as follows:-
TP Parallel surge suppression devices
Failure mode
Failure rate (FIT)
TP24/7
TP32
TP48 2W+G
TP48 3/4W+G
Detectable fault on signal*
11.4
12.1
7.6
15.1
Signal affected
6.4
5.4
3.5
7.0
Correct operation (failures have no effect)
42.9
22.9
20.1
40.2
* signal is driven outside normal operating range of 4/20mA and is detectable by the logic solver.
