9
V01.00 | 2021/10
5.2.1
FMEDA results
A SIL2 is specified.
According to table 2 and table 3 from 7.4.4.2.2 EN 61508-1:2010, depending on the operating
mode (Typ A or Typ B) and taking into account the hardware fault tolerance of HFT=0, the fol-
lowing SFF values are applied:
■
For type A devices, the SFF must be greater than 60 %.
■
For type B devices, the SFF must be greater than 90 %.
Table 2 from 7.4.4.2.2 EN 61508-2 (Typ A)
Part of safe failures of an element
HFT=0
HFT=1
HFT=2
< 60 %
SIL 1
SIL 2
SIL 3
60 % … < 90 %
SIL 2
SIL 3
SIL 4
90 % … < 99 %
SIL 3
SIL 4
SIL 4
≥ 99 %
SIL 3
SIL 4
SIL 4
Table 3 from 7.4.4.2.2 EN 61508-2 (Typ B)
Part of safe failures of an element
HFT=0
HFT=1
HFT=2
< 60 %
not allowed
SIL 1
SIL 2
60 % … < 90 %
SIL 1
SIL 2
SIL 3
90 % … < 99 %
SIL 2
SIL 3
SIL 4
≥ 99 %
SIL 3
SIL 4
SIL 4
The following safety characteristic are the results of the FMEDA.
According to the configuration (inversion-mode, line-monitoring) the results of the FMEDA
vary. In this case the worst-case configuration is regarded
λSD
λSU
λDD
λDU
No
effect
SFF
DC
IMX18-DI03-4S-4T1R
0
247.99
6.90
79.20
256.31
76.29
8.01
IM18-DI03-4S-4T1R
0
247.99
6.90
79.20
256.31
76.29
8.01
The stated Safe Failure Fraction (SFF) is for reference only. The complete subsystem will need to
be evaluated to determine the overall SFF.
The failure rates used in this analysis are the basic failure rates from the Siemens standard
SN 29500 based on the average ambient temperature of components of 40 °C.
„No effect” is a failure mode of a component that plays part in implementing the safety func-
tion but is neither a safe nor a dangerous failure. According to IEC 62061, it would be possible
to classify the „No effect” failures as „Safe Undetected” failures. Not doing so represents the
worst-case
