GMI D1010D, Instruction & Safety Manual

Page: 10 / 16

10
D1010 - SIL 2 Repeater Power Supply Smart-Hart compatible G.M. International ISM0007-16
Functional Safety Manual and Application
Application for D1010S, with passive input (2 wires Tx)
Failure category Failure rates (FIT)
λ
dd
= Total Dangerous Detected failures 139.73
λ
du
= Total Dangerous Undetected failures 33.18
λ
sd
= Total Safe Detected failures 0.00
λ
su
= Total Safe Undetected failures 0.00
λ
tot safe
= Total Failure Rate (Safety Function) = λ
dd
+ λ
du
+ λ
sd
+ λ
su
172.91
MTBF (safety function, single channel) = (1 / λ
tot safe
) + MTTR (8 hours) 660 years
λ
no effect
= “No effect” failures 219.69
λ
not part
= “Not Part” failures 16.00
λ
tot device
= Total Failure Rate (Device) = λ
tot safe
+ λ
no effect
+ λ
not part
408.60
MTBF (device, single channel) = (1 / λ
tot device
) + MTTR (8 hours) 279 years
λ
sd
λ
su
λ
dd
λ
du
SFF
0.00 FIT 0.00 FIT 139.73 FIT 33.18 FIT 80.81%
DC
S
0%
DC
D
80.81%
T[Proof] = 1 year
PFDavg = 1.47 E-04 - Valid for SIL 2
T[Proof] = 6 years
PFDavg = 8.80 E-04 - Valid for SIL 2
PFDavg vs T[Proof] table (assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes >10% of total SIF dangerous failures:
PFDavg vs T[Proof] table (assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes ≤ 10% of total SIF dangerous failures:
Failure rates table according to IEC 61508:2010 Ed.2 :
Failure rate table:
Safety Function and Failure behavior:
D1010S is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour of the D1010S (when the output current range is 4 to 20 mA) is described by the following definitions:
□ Fail-Safe State: it is defined as the output going to Fail Low or Fail High, considering that the Safety logic solver can convert the Low or High failures (dangerous detected failures)
to the Fail-Safe state.
□ Fail Safe: failure mode that causes the module / (sub)system to go to the defined fail-safe state without a demand from the process.
□ Fail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined Fail-Safe state) or deviates the output current by more
than 5% (0.8 mA) of full span.
□ Fail High: failure mode that causes the output signal to go above the maximum output current (> 20 mA). Assuming that the application program in the Safety logic solver is
configured to detect High failures and does not automatically trip on these failures, this failure mode has been classified as a dangerous detected (DD) failure.
□ Fail Low: failure mode that causes the output signal to go below the minimum output current (< 4 mA). Assuming that the application program in the Safety logic solver is
configured to detect Low failures and does not automatically trip on these failures, this failure mode has been classified as a dangerous detected (DD) failure.
□ Fail “No Effect”: failure mode of a component that plays a part in implementing the Safety Function but that is neither a safe failure nor a dangerous failure.
When calculating the SFF, this failure mode is not taken into account.
□ Fail “Not part”: failure mode of a component which is not part of the safety function but part of the circuit diagram and is listed for completeness.
When calculating the SFF this failure mode is not taken into account.
Failure rate date: taken from Siemens Standard SN29500.
Description:
For this application, enable 4 - 20 mA output current (source or sink) mode, setting the internal dip-switches in the following mode (see page 15 for more information):
The module is powered by connecting 24 Vdc power supply to Pins 3 (+ positive) and 4 (- negative).
The green LED is lit in presence of the supply line.
The passive input signal from 2 wires Tx is applied to Pins 14-15.
The output current is applied to Pins 1-2 (for source current mode) or Pins 2-8 (for sink current mode).
T[Proof] = 10 years
PFDavg = 1.47 E-03 - Valid for SIL 2
Systematic capability SIL 3.
D1010S
Source I
1
2
Out 1
Supply
24 Vdc
3 +
4 -
15
16
2 wire
Tx
8
+
-
mA RL
+
-
mA
RL
Sink I
+
-
14
?
I
In 1
Dip-switch position (D1010S) 1 2 3 4
Output Source/Sink current mode OFF OFF - -