GMI D5093S, Instruction Manual

Page: 5 / 7

5
D5093 - SIL 3 Loop Powered 24 to 220 Vac /Vdc Switch Repeater Transistor Out G.M. International ISM0175-7
Functional Safety Manual and Application
Application for D5093S or D5093D
Failure category Failure rates (FIT)
λ
dd
= Total Dangerous Detected failures 0.00
λ
du
= Total Dangerous Undetected failures 3.52
λ
sd
= Total Safe Detected failures 0.00
λ
su
= Total Safe Undetected failures 98.05
λ
tot safe
= Total Failure Rate (Safety Function) = λ
dd
+ λ
du
+ λ
sd
+ λ
su
101.57
MTBF (safety function, single channel) = (1 / λ
tot safe
) + MTTR (8 hours) 1123 years
λ
no effect
= “No Effect” failures 98.33
λ
not part
= “Not Part” failures 2.90
λ
tot device
= Total Failure Rate (Device) = λ
tot safe
+ λ
no effect
+ λ
not part
202.80
MTBF (device, single channel) = (1 / λ
tot device
) + MTTR (8 hours) 562 years
λ
sd
λ
su
λ
dd
λ
du
SFF
0.00 FIT 98.05 FIT 0.00 FIT 3.52 FIT 96.53%
T[Proof] = 1 year T[Proof] = 6 years
PFDavg = 1.54 E-05 - Valid for SIL 3 PFDavg = 9.27 E-05 - Valid for SIL 3
T[Proof] = 20 years
PFDavg = 3.09 E-04 - Valid for SIL 3
PFDavg vs T[Proof] table (assuming Proof Test coverage of 95%), with determination of SIL supposing module contributes >10% of total SIF dangerous failures:
PFDavg vs T[Proof] table (assuming Proof Test coverage of 95%), with determination of SIL supposing module contributes ≤ 10% of total SIF dangerous failures:
Failure rates table according to IEC 61508:2010 Ed.2 :
Failure rate table:
Safety Function and Failure behavior:
D5093 is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour is described from the following definitions :
□ fail-Safe State: it is defined as the transistor output being de-energized or open;
□ fail Safe: failure mode that causes the module to go to the defined fail-safe state without a demand from the process;
□ fail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined fail-safe state), so that the transistor output remains
energized or closed;
□ fail “No Effect”: failure mode of a component that plays a part in implementing the safety function but that is neither a safe failure nor a dangerous failure.
When calculating the SFF this failure mode is not taken into account;
□ fail “Not part”: failure mode of a component which is not part of the safety function but part of the circuit diagram and is listed for completeness.
When calculating the SFF this failure mode is not taken into account.
The 2 channels of the D5093D module could be used to increase the hardware fault tolerance, needed for a higher SIL of a certain Safety Function, as they are completely
independent from each other, not containing common components. In fact, the analysis results got for D5093S (single channel) are also valid for each channel of D5093D (double ch.).
Operation Input Signal state
Pins 7-8 (In 1 - Ch.1) or 9-10 (In 2 - Ch.2)
Output state
Pins 1-2 (Out 1 - Ch.1) or 3-4 (Out 2 - Ch.2)
OFF Low ( ≤ lower threshold) Open (De-energized as safe state condition)
ON High ( ≥ upper threshold) Closed (Energized)
Description:
Input AC or DC signals from field are applied to Pins 7-8 (In 1 - Ch.1) and Pins 9-10 (In 2 - Ch.2, only for D5093D). See table below for the lower and upper threshold levels.
Open-drain transistor outputs Pins 1-2 (for Channel 1) and Pins 3-4 (for Channel 2, only for D5093D) are both normally open (or de-energized as safe state condition) for OFF
operation, or they are both closed (or energized) for ON operation. See page 6 for DIP-switch configuration.
OFF operation ON operation
Field Input AC or DC signal ≤ lower threshold
Field Input AC or DC signal ≤ lower threshold
D5093S
(only Ch.1)
or
D5093D
(Ch.1 and Ch.2)
Out 1 is open or de-energized
Channel 1
Channel 2
In 1
7
8
In 2
9
10
Field Input AC or DC signal ≥ upper threshold
Field Input AC or DC signal ≥ upper threshold
Out 1 is closed or energized
3 +
4 -
Safety
PLC
Input
1 +
2 -
Out 1
Out 2 is open or
de-energized
Safety
PLC
Input
The following table describes the state (open or closed) of each output when its input AC or DC signal is in the High ( ≥ upper threshold) or Low ( ≤ lower threshold) state.
Typical input signal Dip-switch position to be enabled (ON) Lower threshold Upper threshold
24 Vac / Vdc 1 17 Vac / Vdc 22 Vac / Vdc
48 Vac / Vdc 2 30 Vac / Vdc 40 Vac / Vdc
60 Vac / Vdc 3 40 Vac / Vdc 50 Vac / Vdc
110 Vac / Vdc 4 80 Vac / Vdc 100 Vac / Vdc
220 Vac / Vdc 5 165 Vac / Vdc 200 Vac / Vdc
NOTE: These values are always valid for each of 5 possible thresholds.
Out 2
+
+
D5093S
(only Ch.1)
or
D5093D
(Ch.1 and Ch.2)
Channel 1
Channel 2
In 1
7
8
In 2
9
10
3 +
4 -
Safety
PLC
1 +
2 -
Out 1
Out 2 is closed
or energized
Safety
PLC
Input
Out 2
+
+
Systematic capability SIL 3.