GMI D1044D, Инструкция и руководство по безопасности

Страница: 11 / 14

D1044 - SIL 2 - SIL 3 Digital Relay Output G.M. International ISM0080-10
11
Description:
The module is powered by a 24 Vdc power supply at pins 3 (positive pole) and 4 (negative pole). The Input Signal from PLC/DCS is normally High (24 Vdc) and is applied to pins 5-6
and 7-8 in order to Normally Energize (NE) or Normally De-energize (ND) load.
For NE load, the Input Signal from PLC/DCS is Low (0 Vdc) during “de-energized to trip” operation, in order to de-energize the load.
For ND load, the Input Signal from PLC/DCS is Low (0 Vdc) during “de-energized to trip” operation, in order to energize the load.
The following tables describe the status (open or closed) of each output contact when the input signal is High or Low for both NE and ND loads.
Safety Function and Failure behavior:
D1044D is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour of D1044D is described by the following definitions:
□ fail-Safe State: it is defined as the relay being de-energized (so that the NO-COM contact is open and the NC-COM contact is closed);
□ f
ail Safe: failure mode that causes the module / (sub)system to go to the defined Fail-Safe state without a demand from the process;
□ f
ail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined fail-safe state), so that the relay remains
energized (that is, the NO-COM contact remains closed and the NC-COM contact remains open);
□ f ail “No Effect”: failure mode of a component that plays a part in implementing the safety function but that is neither a safe failure nor a dangerous failure.
When calculating the SFF, this failure mode is not taken into account;
□
fail “Not part”: failure mode of a component that is not part of the safety function but part of the circuit diagram and is listed for completeness.
When calculating the SFF, this failure mode is not taken into account.
Failure rate date: taken from Siemens Standard SN29500.
Failure rate table:
Failure rates table according to IEC 61508:2010 Ed.2 :
PFDavg vs T[Proof] table (assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes ≤ 10% of total SIF dangerous failures:
Systematic capability SIL 3.
Operation Input Signal
Pins 5-6 and 7-8
Pins
13/14 – 15 and 9/10 – 11
Pins
15 – 16 and 11 – 12
NE Load (SIL3)
Pins 11 - -Vload
ND Load (SIL3)
Pins 11/15 - -Vload
Normal High (24 Vdc) Closed Open Energized De-Energized
Trip Low (0 Vdc) Open Closed De-Energized Energized
Failure category Failure rates (FIT)
λ
dd
= Total Dangerous Detected failures 0.00
λ
du
= Total Dangerous Undetected failures 1.86
λ
sd
= Total Safe Detected failures 0.00
λ
su
= Total Safe Undetected failures 218.80
λ
tot safe
= Total Failure Rate (Safety Function) = λ
dd
+ λ
du
+ λ
sd
+ λ
su
220.66
MTBF (safety function, single channel) = (1 / λ
tot safe
) + MTTR (8 hours) 517 years
λ
no effect
= “No effect” failures 248.74
λ
not part
= “Not Part” failures 4.00
λ
tot device
= Total Failure Rate (Device) = λ
tot safe
+ λ
no effect
+ λ
not part
473.40
MTBF (device, single channel) = (1 / λ
tot device
) + MTTR (8 hours) 241 years
λ
sd
λ
su
λ
dd
λ
du
SFF
0.00 FIT 218.80 FIT 0.00 FIT 1.86 FIT 99.16%
T[Proof] = 1 year
PFDavg = 8.16 E-06 - Valid for SIL 3
T[Proof] = 10 years
PFDavg = 8.16 E-05 - Valid for SIL 3
Functional Safety Manual and Applications
Application D1044D
with Bus Powered Mode and 1oo2 channel architecture
Normal state operation
De-energized to trip operation
9/10
11
SIL 3
NE Load
+ V load
- V load
4)
12
SIL 3 Normally Energized Relay Condition for ND Load
SIL 3 Normally Energized Relay Condition for NE Load
16
15
13/14
PLC Output signal
ON - 24 Vdc
9/10
11
SIL 3
NE Load
+ V load
- V load
12
16
15
13/14
PLC Output signal
OFF - 0 Vdc
Normal state operation
De-energized to trip operation
12
PLC Output signal
ON - 24 Vdc
11
+ V load
- V load
9/10
SIL 3
ND Load
15
13/14
16 12
PLC Output signal
OFF - 0 Vdc
11
+ V load
- V load
9/10
SIL 3
ND Load
15
13/14
16
Two relay contacts
in series connection
Two relay contacts
in series connection
Two relay contacts
in parallel connection
Two relay contacts
in parallel connection