8
PSD1206
- PSD1210
- SIL 3 - SIL 2 Switching Power Supply 24 Vdc
G.M. International ISM0076-7
•
DC
: Diagnostic coverage (safe or dangerous) of the safety logic solver for the considered module.
•
DCs
: Diagnostic coverage for safe failures =
λ
sd / (
λ
sd +
λ
su).
•
DCd
: Diagnostic coverage for dangerous failures =
λ
dd / (
λ
dd +
λ
du).
•
FIT
: Failure In Time (1x10 E-9 failures per hour).
•
Failure Rates
: The failure rate data used in the FMEDA analysis are the basic failure rates from the Siemens SN 29500 failure rate database. The rates where chosen in a way
that is appropriate for safety integrity level verification calculations, and to mach operating stress conditions typical of an industrial field environment similar to IEC 60654-1,
class C. It is expected that the actual number of field failures will be less than the number predicted by these failure rates.
•
FMEA
: Failure Modes and Effects Analysis is a systematic way to identify and evaluate the effects of different component failure modes, to determine what could eliminate or
reduce the chance of failure, and to document the system in consideration.
•
FMEDA
: Failure Modes Effects and Diagnostic Analysis is an FMEA extension. It combines standard FMEA techniques with extension to identify online diagnostics techniques
and the failure mode relevant to safety instrumented system design. It is a technique recommended to generate failure rates for each important category (safe detected, safe
undetected, dangerous detected, dangerous undetected, fail high, fail low) in the safety modules. The format for the FMEDA is an extension of the FMEA format MIL STD 1629A.
•
Low demand mode
: Mode where the frequency of demands for operation made on Safety-related system is no greater than one per year and no greater than twice the proof test
frequency.
•
MTBF
: Mean Time Between Failure.
•
MTTF
: Mean Time To Failure.
•
MTTF
S
: Mean Time To safe Failure.
•
MTTF
D
: Mean Time To dangerous Failure.
•
MTTR
: Mean Time To Repair.
•
PFDavg
: Average Probability of Failure on Demand.
•
SFF
: Safe Failure Fraction, according IEC 61508 summarizes the fraction of failures, which lead to a safe state and the fraction of failures which will be detected by diagnostic
measures and lead to a defined safety action.
General Terms
SU
SD
DU
DD
DU
SU
SD
DU
DD
SU
SD
DD
SFF
λ
λ
λ
λ
λ
λ
λ
λ
λ
λ
λ
λ
+
+
+
−
=
+
+
+
+
+
=
1
with:
λ
DD: Dangerous Detected failure rate;
λ
DU: Dangerous Undetected failure rate
λ
SD: Safe Detected failure rate;
λ
SU: Safe Undetected failure rate
•
SIF
: Safety Instrumented Function.
•
SIS
: Safety Instrumented System.
•
SIL
: Safety Integrity Level.
•
T Proof Test & Maintenance (TI)
: Proof Test Interval (for example 1 - 5 - 10 years, with 1 year = 8760 hours). Maintenance time is considered 8 hours.
The following assumptions have been made during the Failure Modes, Effects, and Diagnostic Analysis of the Switching Power Supply Types PSD1206 and PSD1210.
•
Failure rates are constant, wear out mechanisms are not included.
•
Propagation of failures is not relevant.
•
Failures during parameterization are not considered.
•
Sufficient test are performed prior to shipment to verify the absence of component supplier and/or manufacturing defects that prevent proper operation of specified functionality to
product specifications or cause operation different from design analyzed.
•
The device is operated in the low demand mode of operation.
•
The time to restoration or repair time after a safe failure is 8 hours, as MTTR.
•
Only the described versions are used for safety applications.
•
Practical fault insertion tests can demonstrate the correctness of the failure effects assumed during the FMEDAs.
•
The fault output is not part of the safety function.
•
The common cause factor
β
between the two crowbars is estimated at be 5 %.
•
The stress levels are average for an industrial environment and the assumed environment is similar to IEC 60654-1, Class C (Sheltered location) with temperature limits within the
manufacturer’s rating and an average temperature over a long period of time of 40 °C. Humidity levels are assumed within manufacturer’s rating.
•
The listed failure rates are valid for operating stress conditions typical of an industrial field environment similar to IEC 60654-1 class C with an average temperature over a long
period of time of 40 °C. For a higher average temperature of 60 °C, the failure rates should be multiplied with an experience based factor of 2.5. A similar multiplier should be
used if frequent temperature fluctuation must be assumed.
•
Over voltage protection has a diagnostic coverage of 99 %.
•
Safety Integrity Levels as defined in IEC 61508 and IEC 61511:
Assumptions
SIL
Safety Integrity Level
SIL 4
SIL 3
SIL 2
SIL 1
PFDavg
Average probability of failure
on demand per year
(low demand)
≥
10-5 to < 10-4
≥
10-4 to < 10-3
≥
10-3 to < 10-2
≥
10-2 to < 10-1
RRF
Risk Reduction Factor
From 100000 to 10000
From 10000 to 1000
From 1000 to 100
From 100 to 10
PFDavg
Average probability of dangerous
failure on demand per hour
(high demand)
≥
10-9 to < 10-8
≥
10-8 to < 10-7
≥
10-7 to < 10-6
≥
10-6 to < 10-5
