11
57-657 SIL Certified Safety Manual for ECLIPSE Model 706
Assumptions for Safety
The user SIF will detect and properly handle annunciation of detected fault conditions signaled by the alarm level
output according to the specific requirements of the SIF.
Proper operation of the Eclipse Model 706 is dependent on having the voltage across the transmitter terminals
meet the Safe Operating Area requirements during normal operation.
A user SIF integrating the Eclipse Model 706 current loop output will detect faulted field wiring and other faults
resulting in a current loop value signal outside of the specified range and take proper actions to maintain safety
integrity according to the specific requirements of the SIF.
Optional Local User Interface will not be relied upon by the end user SIF during normal operation and will be con-
sidered non-interfering to the safety function.
HART communications will not be relied upon by the end user for the SIF normal operation and will be considered
non-interfering to the safety function.
The impact of end user configured damping values is not included in the published safety (function) response
time. (The end user must consider this as part of overall time response of the SIF.)
The end user will independently verify all changes to end user configured parameters and validate the safety func-
tionality prior to reliance on the product for safety protection.
The end user will enable the User Password to lock out any end user modifiable configuration parameters avail-
able via the Local User Interface during normal operation.
The end user will enable the User Password to lock out any end user modifiable configuration parameters avail-
able via the HART interface during normal operation.
The end user will have proper procedures in place to ensure safe operation over the product life cycle.
The end user will ensure the device is properly installed per the product literature. The proper probe will be used
for the application with the transmitter properly connected to the probe.
The end user must not select HOLD for the alarm output.
Loop Current mode must be enabled.
8.0
Safety Requirements
This section specifies those safety characteristics allocated
to the ECLIPSE Model 706 that are conditions for its
acceptance as a SIL certified device.
NOTE: This SIL evaluation has assumed that the customer will be able
to acknowledge an over- or under-current condition via the
Logic Solver.
8.1
System Safety Assumptions
The System Safety Assumptions provide a list of safety rele-
vant assumptions made on the usage of the product over the
safety life cycle of a user Safety Integrity Function, SIF.
Magnetrol cannot directly control the user life cycle of a SIF
using this product but needs to have assumptions on how
the product will be used. It is important that users have full
knowledge of these assumptions to ensure they are met when
using the product as part of a SIF. This is to ensure the
product is used in a manner consistent with the safety design.
This section only lists product specific assumptions and is
not intended to specify measures required of the end user
that are standard requirements for safety applications.
