D5034
- SIL 3 Switch/Proximity Interface
G.M. International ISM0113-7
Functional Safety Manual and Application
Application for D5034S or D5034D
Failure category
Failure rates (FIT)
λ
dd
= Total Dangerous Detected failures
125.63
λ
du
= Total Dangerous Undetected failures
12.64
λ
sd
= Total Safe Detected failures
0.00
λ
su
= Total Safe Undetected failures
0.00
λ
tot safe
= Total Failure Rate (Safety Function) =
λ
dd
+
λ
du
+
λ
sd
+
λ
su
138.27
MTBF (safety function, single channel) = (1 /
λ
tot safe
) + MTTR (8 hours)
825 years
λ
no effect
= “No Effect” failures
182.53
λ
not part
= “Not Part” failures
4.80
λ
tot device
= Total Failure Rate (Device) =
λ
tot safe
+
λ
no effect
+
λ
not part
325.60
MTBF (device, single channel) = (1 /
λ
tot device
) + MTTR (8 hours)
350 years
λ
sd
λ
su
λ
dd
λ
du
SFF
0.00 FIT
0.00 FIT
125.63 FIT
12.64 FIT
90.86%
DC
D
90.86%
DC
S
0%
T[Proof] = 1 year
T[Proof] = 17 years
PFDavg = 5.65 E-05
Valid for
SIL 3
PFDavg = 9.61 E-04
Valid for
SIL 2
PFDavg vs T[Proof] table
(assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes >10% of total SIF dangerous failures:
PFDavg vs T[Proof] table
(assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes
≤
10% of total SIF dangerous failures:
Failure rates table according to IEC 61508:2010 Ed.2 :
Failure rate table:
Safety Function and Failure behavior:
D5034 is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour is described from the following definitions :
□
fail-Safe State: state is defined as the output going Low or High, considering that the safety logic solver can convert the Low or High fail (dangerous detected) to the fail-safe state;
□
fail Safe: failure mode that causes the module to go to the defined fail-safe state without a demand from the process;
□
fail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined fail-safe state) or deviates the output current by
more than 5% (0.4 mA) of 8 mA full scale;
□
fail High: failure mode that causes the output signal to go above 7 mA (as short circuit of input). Assuming that the application program in the safety logic solver is
configured to detect High failure and does not automatically trip on this failure, this failure has been classified as a dangerous detected (DD) failure.
□
fail Low: failure mode that causes the output signal to go below 0.35 mA (as input line breakage). Assuming that the application program in the safety logic solver is
configured to detect Low failure and does not automatically trip on this failure, this failure has been classified as a dangerous detected (DD) failure.
□
fail “No Effect”: failure mode of a component that plays a part in implementing the safety function but that is neither a safe failure nor a dangerous failure. When calculating the
SFF, this failure mode is not taken into account;
□
fail “Not part”: failure mode of a component which is not part of the safety function but part of the circuit diagram and is listed for completeness.
When calculating the SFF this failure mode is not taken into account.
The 2 channels of D5034D module could be used to increase the hardware fault tolerance, needed for a higher SIL of a certain Safety Function, as they are completely independent
each other, not containing common components. In fact, the analysis results got for D5034S (single channel) are also valid for each channel of D5034D (double channel).
Failure rate date: taken from Siemens Standard SN29500.
Description:
The module is powered by connecting 24 Vdc power supply to Pins 5 (+ positive) - 6 (- negative). The green LED is lit in presence of supply power.
Voltage free contact or proximity detector are applied to Pins 7-8 (In 1 - Ch.1) and Pins 9-10 (In 2 - Ch.2).
Sink output currents are applied to Pins 1-2 (for Channel 1) and Pins 3-4 (for Channel 2).
T[Proof] = 10 years
PFDavg = 5.65 E-04
Valid for
SIL 3
T[Proof] = 20 years
PFDavg = 1.13 E-03
Valid for
SIL 2
Systematic capability SIL 3.
D5034S
or
D5034D
Sink I
Channel 1
Channel 2
(only for D5034D)
Out 2
3 +
4 -
Safety
PLC
Input
1 +
2 -
Out 1
Safety
PLC
Input
Supply
24 Vdc
5 +
6 -
+ 7
- 8
In 1
+ 9
In 2
Proximity
- 10
Sink I
R1
R2
Voltage free
Contact
Voltage free
Contact
Proximity
R1
R2
Voltage free
Contact
Voltage free
Contact
