Safety
Ex p Control unit
APEX
mv
Page 16 of 80
01-37A2-7D0005_MV_Manual_Exp-Control-Unit_2021005_0_en.docx
Rev. 0
SIL qualification / Safety according to IEC 61508
Important notes and information on the safe handling
of the product.
SIL qualification
During the development of the Ex p control unit, special attention is paid to the
avoidance of systematic errors and the detection and control of random errors.
The most important characteristics and requirements from the point of view of
functional safety according to IEC 61508 are as follows:
Internal monitoring of safety-relevant circuitry parts
In the event of an error, transition of the safety-relevant outputs to a
defined safe state
Determination of the failure probability of the defined safety function
Safe parameter assignment with non-safe operating environment
Re-test
The SIL qualification of components is documented in this manual. All safety-
relevant characteristic data required by the user and the planner for project
planning and operation of the safety-instrumented system are summarised in
this chapter. Further SIL-relevant information is integrated in this manual.
Safety function
The safety function of the Ex p control unit is the purging with a defined quantity
of purging gas, the safe monitoring of the internal overpressure of the protected
equipment and the release for operation. The safe state means that in the event
of a drop in pressure or malfunction, the Ex p control unit switches to the safe
state = deactivation of the protected equipment.
The “safe state” is triggered by:
Falling below the minimum pressures within the Ex p equipment
Illogical pressure values within the Ex p equipment
Failure of the supply voltage
If the Ex p control unit does not deactivate or does not change to the safe state
on request or in the case of an error, a hazardous failure exists.
