<Appendix A. Safety Instrumented Systems Installation>
A-3
IM 01C50T01-02EN
A.2.6 Repair and Replacement
If repair is to be performed with the process online,
the YTA will need to be bypassed during the
repair. The user should setup appropriate bypass
procedures.
In the unlikely event that the YTA has a failure, the
failures that are detected should be reported to
Yokogawa.
When replacing the YTA, the procedure in the
installation manual should be followed.
The personnel performing the repair or replacement
of the YTA should have a sufficient skill level.
A.2.7 Startup Time
The YTA generates a valid signal within 7 seconds
of power-on startup.
A.2.8 Firmware Update
In case firmware updates are required, they
will be performed at factory. The replacement
responsibilities are then in place. The user will not
be required to perform any firmware updates.
A.2.9 Reliability Data
A detailed Failure Mode, Effects, and Diagnostics
Analysis (FMEDA) report is available from
Yokogawa with all failure rates and failure modes.
The YTA is certified up to SIL2 for use in a simplex
(1oo1) configuration, depending on the PFDavg
respectively PFH calculation of the entire Safety
Instrumented Function.
The development process of the YTA is certified up
to SIL3, allowing redundant use of the transmitter
up to this Safety Integrity Level, depending the
PFDavg respectively PFH calculation of the entire
Safety Instrumented Function.
When using the transmitter in a redundant
configuration, the use of a common cause factor
(β-factor) of 5% is suggested. If the owner-operator
of the plant would institute common cause failure
training and more detailed maintenance procedures
for avoiding common cause failure, a beta factor of
2% would be applicable.
*: For details of the PFDavg , please refer to the FMEDA No.
YEC 15-10-041 R001 V3R7 or No. YEC 15-10-041 R002
V1R6.
Website address: http://www.yokogawa.com/fld/
A.2.10 Lifetime Limits
The expected lifetime of the YTA is 50 years. The
reliability data listed in the FMEDA report is only
valid for this period. The failure rates of the YTA
may increase sometime after this period. Reliability
calculations based on the data listed in the FMEDA
report for YTA lifetimes beyond 50 years may yield
results that are too optimistic, i.e. the calculated
Safety Integrity Level will not be achieved.
A.2.11 Environmental Limits
The environmental limits of the YTA are specified in
the user’s manual IM 01C50G01-01EN.
A.2.12 Application Limits
The application limits of the YTA are specified
in the user’s manual IM 01C50G01-01EN. If the
transmitter is used outside of the application limits,
the reliability data listed in A.2.9 becomes invalid.
A.3 Terms and Definitions
FMEDA
Failure Mode Effect and Diagnostic
Analysis
SIF
Safety Instrumented Function
SIL
Safety Integrity Level
SIS
Safety Instrumented System -
Implementation of one or more Safety
Instrumented Functions.
A SIS is composed of any combination
of sensor(s), logic solver(s), and final
element(s).
SLC
Safety Lifecycle
Safety
Freedom from unacceptable risk of
harm
Functional Safety
The ability of a system to carry out
the actions necessary to achieve or
to maintain a defined safe state for
the equipment / machinery / plant /
apparatus under control of the system
Basic Safety
The equipment must be designed and
manufactured such that it protects
against risk of damage to persons by
electrical shock and other hazards and
against resulting fire and explosion.
The protection must be effective under
all conditions of the nominal operation
and under single fault condition
