S
afety integrity of the hardware for safety
-
relating subsystems
of type
A
(
IEC
61508
-
2
,
7
.
4
.
3
)
S
afe failure fraction
H
ardware
fault tole
-
rance
SFF
HFT
=
0
HFT
=
1
HFT
=
2
<
60
%
SIL
1
SIL
1
SIL
2
60
%
up to
<
90
%
SIL
2
SIL
3
(
SIL
4
)
90
%
up to
<
99
%
SIL
3
(
SIL
4
)
(
SIL
4
)
>=
99
%
SIL
3
(
SIL
4
)
(
SIL
4
)
9
.
2
P
lanning
l
T
he measuring system must be used acc
.
to the
application
l
T
he application
-
speci
fi
c limits must be maintained and the
speci
fi
cations must not be exceeded
.
l
A
cc
.
to the speci
fi
cations in the operating instructions
manual
,
the current load of the output circuits must be
within the limits
.
F
or the implementation of
FMEDA
(
F
ailure
M
ode
,
E
ff
ects and
D
iagnostics
A
nalysis
)
the following assumptions form the
basis
:
l
F
ailure rates are constant
,
wear of the mechanical parts is
not taken into account
l
F
ailure rates of external power supplies are not included
l
M
ultiple errors are not taken into account
l
T
he average ambient temperature during the operating
time is
+
40
°
C
(
104
°
F
)
l
T
he environmental conditions correspond to an average
industrial environment
l
T
he lifetime of the components is around
8
to
12
years
(
IEC
61508
-
2
,
7
.
4
.
7
.
4
,
remark
3
)
l
T
he condition of the output circuit is further processed acc
.
to the quiescent current principle
l
T
he repair time
(
exchange of the meas
.
system
)
after a fail
-
safe error is eight hours
(
MTTR
=
8
h
)
I
f the demand rate is only once a year
,
then the measuring
system can be used as safety
-
relevant subsystem in
"
low
demand mode
"
(
IEC
61508
-
4
,
3
.
5
.
12
).
G
eneral instructions and
restrictions
A
ssumptions
L
ow demand mode
26
SU
501
E
x
-
S
ignal conditioning instrument
F
unctional safety
27953
-
EN
-
050616
