6
D1020
- SIL 2 Powered Isolating Driver Smart-Hart compatible
G.M. International ISM0012-14
Functional Safety Manual and Application
Application for D1020S or D1020D
Failure category
Failure rates (FIT)
λ
dd
= Total Dangerous Detected failures
0.00
λ
du
= Total Dangerous Undetected failures
59.27
λ
sd
= Total Safe Detected failures
0.00
λ
su
= Total Safe Undetected failures
96.85
λ
tot safe
=
Total Failure Rate (Safety Function)
=
λ
dd
+
λ
du
+
λ
sd
+
λ
su
156.12
MTBF (Safety Function, one channel) = (1 /
λ
tot safe
) + MTTR
731 years
λ
no effect
= “No Effect” failures
238.29
λ
not part
= “Not Part” failures
10.80
λ
tot device
= Total Failure Rate (Device) =
λ
tot safe
+
λ
no effect
+
λ
not part
405.21
MTBF (Device, one channel) = (1 /
λ
tot device
) + MTTR
281 years
λ
sd
λ
su
λ
dd
λ
du
SFF
0.00 FIT
96.85 FIT
0.00 FIT
59.27 FIT
62.04%
T[Proof] = 1 year
T[Proof] = 3 years
PFDavg = 2.60 E-04
Valid for
SIL 2
PFDavg = 7.80 E-04
Valid for
SIL 2
PFDavg vs T[Proof] table
(assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes >10% of total SIF dangerous failures:
PFDavg vs T[Proof] table
(assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes
≤
10% of total SIF dangerous failures:
Failure rates table according to IEC 61508:2010 Ed.2 :
Failure rate table:
Safety Function and Failure behavior:
D1020 is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour of the D1020 S and D1020D modules (when the output current range is 4 to 20 mA) is described by the following definitions:
□
Fail-Safe State: it is defined as the output going to Fail Low.
□
Fail Safe: failure mode that causes the module / (sub)system to go to the defined Fail-Safe state without a demand from the process.
□
Fail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined Fail-Safe state) or deviates the output current by more
than 5% full span (+/- 0.8 mA).
□
Fail High: failure mode that causes the output signal to go above the maximum output current (> 20 mA). This failure mode is considered as a Dangerous Undetected failure.
□
Fail Low: failure mode that causes the output signal to go below the minimum output current (< 4 mA). This failure mode is considered as a Safe Undetected failure.
□
Fail “No Effect”: failure mode of a component that plays a part in implementing the Safety Function but that is neither a safe failure nor a dangerous failure. When calculating
theSFF, this failure mode is not taken into account.
□
Fail “Not part”: failure mode of a component that is not part of the Safety Function but is part of the circuit diagram and is listed for completeness. When calculating the SFF, this
failure mode is not taken into account.
The 2 channels of D1020D module could be used to increase the hardware fault tolerance, needed for a higher SIL of a certain Safety Function, as they are they are completely inde-
pendent each other, not containing common components. In fact, the analysis results got for D1020S (single channel) are also valid for each channel of D1020D (double channel).
Failure rate date: taken from Siemens Standard SN29500.
Description:
The module is powered by connecting 24 Vdc power supply to Pins 3 (+ positive) - 4 (- negative) for Channel 1 and Pins 7 (+ positive) - 8 (- negative) for Channel 2.
The greens LED are lit in presence of each power supply line.
The current input signals from the Safety PLC outputs are applied to Pins 1-2 (In 1 - Ch.1) and Pins 5-6 (In 2 - Ch.2).
The source output currents for I/P converters are applied to Pins 14-15 (for Channel 1) and Pins 10-11 (for Channel 2).
Channel 1
Channel 2
(only for D5020D)
In 2
5 +
6 -
1 +
2 -
In 1
Source current from
Safety PLC Output
T[Proof] = 10 years
PFDavg = 2.60 E-03 - Valid for
SIL 2
Ch.1 Supply
24 Vdc
3 +
4 -
+ 14
- 15
Out 1
+ 10
I/P
Converter
- 11
Source current from
Safety PLC Output
I/P
Converter
P
I
P
I
D1020S
or
D1020D
7 +
8 -
Ch.2 Supply
24 Vdc
Out 2
Systematic capability SIL 3.
