T
he methods and procedures used during the tests must be
stated and their suitability must be speci
fi
ed
.
T
he tests must be
documented
.
I
f the function test proves negative
,
the entire measuring
system must be switched out of service and the process held
in a safe condition by means of other measures
.
I
n the double channel architecture
1
oo
2
D
this applies
separately to both channels
.
9
.
6
S
afety
-
related characteristics
T
he failure rates of the electronics are determined by an
FMEDA
acc
.
to
IEC
61508
.
T
hese calculations are based on
component failure rates acc
.
to
SN
29500
.
A
ll numerical values
refer to an average ambient temperature during the operating
time of
+
40
°
C
(
104
°
F
).
T
he calculations are also based on the
speci
fi
cations stated in chapter
"
P
lanning
"
.
T
he data are also valid for over
fi
ll protection
(
A
-
mode
)
as well
as dry run protection
(
B
-
mode
).
λ
sd
0
FIT
safe detected failure
(
1
FIT
=
failure
/
10
9
h
)
λ
su
516
FIT
safe undetected failure
λ
dd
0
FIT
dangerous detected failure
λ
du
100
FIT
dangerous undetected failure
SFF
>
84
%
S
afe
F
ailure
F
raction
T
R
eaction
F
ailure reaction time
0
.
5
sec
MTBF
=
MTTF
+
MTTR
1
.
52
x
10
6
h
max
.
useful life of the measuring system for the safety
function
approx
.
10
years
S
ingle channel architecture
T
he following characteristics are derived from the above
mentioned data
:
SIL
2
(
S
afety
I
ntegrity
L
evel
)
HFT
=
0
(
H
ardware
F
ault
T
olerance
)
G
eneral data
SU
501
E
x
-
S
ignal conditioning instrument
29
F
unctional safety
27953
-
EN
-
050616