D1044
- SIL 2 - SIL 3 Digital Relay Output
G.M. International ISM0080-10
8
Functional Safety Manual and Applications
Application D1044S
with Bus Powered Mode
Normal state operation
De-energized to trip operation
13/14
PLC
Output signal
ON - 24 Vdc
15
SIL 2
NE Load
+ V load
- V load
1)
Description:
The module is powered by a 24 Vdc power supply at pins 3 (positive pole) and 4 (negative pole). Input Signal from PLC/DCS is normally High (24 Vdc) and is applied to pins 5-6 in
order to Normally Energize (NE) or Normally De-energize (ND) load.
For NE load, the Input Signal from PLC/DCS is Low (0 Vdc) during “de-energized to trip” operation, in order to de-energize the load.
For ND load, the Input Signal from PLC/DCS is Low (0 Vdc) during “de-energized to trip” operation, in order to energize the load.
The following table describes the status (open or closed) of each output contact when the input signal is High or Low for both NE and ND loads:
Safety Function and Failure behavior:
D1044S is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0.
The failure behaviour of D1044S is described by the following definitions:
□
fail-Safe State: it is defined as the relay being de-energized (so that the NO-COM contact is open and the NC-COM contact is closed);
□
f
ail Safe: failure mode that causes the module / (sub)system to go to the defined Fail-Safe state without a demand from the process;
□
f
ail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined fail-safe state), so that the relay remains
energized (that is, the NO-COM contact remains closed and the NC-COM contact remains open);
□
f
ail “No Effect”: failure mode of a component that plays a part in implementing the safety function but that is neither a safe failure nor a dangerous failure.
When calculating the SFF, this failure mode is not taken into account;
□
fail “Not part”: failure mode of a component that is not part of the safety function but part of the circuit diagram and is listed for completeness.
When calculating the SFF, this failure mode is not taken into account.
Failure rate date: taken from Siemens Standard SN29500.
Failure rate table:
Failure rates table according to IEC 61508:2010 Ed.2 :
PFDavg vs T[Proof] table
(assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes
≤
10% of total SIF dangerous failures:
PFDavg vs T[Proof] table
(assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes >10% of total SIF dangerous failures:
Systematic capability SIL 3.
Operation
Input Signal
Pins 5-6
Pins
13/14 - 15
Pins
15 – 16
NE Load (SIL2)
Pins 15 - -Vload
ND Load (SIL2)
Pins 15 - -Vload
Normal
High (24 Vdc)
Closed Open Energized
De-Energized
Trip
Low (0 Vdc)
Open
Closed De-Energized
Energized
Failure category
Failure rates (FIT)
λ
dd
= Total Dangerous Detected failures
0.00
λ
du
= Total Dangerous Undetected failures
37.24
λ
sd
= Total Safe Detected failures
0.00
λ
su
= Total Safe Undetected failures
126.39
λ
tot safe
= Total Failure Rate (Safety Function) =
λ
dd
+
λ
du
+
λ
sd
+
λ
su
163.63
MTBF (safety function, single channel) = (1 /
λ
tot safe
) + MTTR (8 hours)
697 years
λ
no effect
= “No effect” failures
106.17
λ
not part
= “Not Part” failures
2.00
λ
tot device
= Total Failure Rate (Device) =
λ
tot safe
+
λ
no effect
+
λ
not part
271.80
MTBF (device, single channel) = (1 /
λ
tot device
) + MTTR (8 hours)
420 years
λ
sd
λ
su
λ
dd
λ
du
SFF
0.00 FIT
126.39 FIT
0.00 FIT
37.24 FIT
77.24%
T[Proof] = 1 year
T[Proof] = 6 years
PFDavg = 1.63 E-04 - Valid for
SIL 2
PFDavg = 9.80 E-04 - Valid for
SIL 2
T[Proof] = 10 years
PFDavg = 1.63 E-03 - Valid for
SIL 2
16
13/14
PLC
Output signal
OFF - 0 Vdc
15
+ V load
- V load
16
SIL 2 Normally Energized Relay Condition for ND Load
Normal state operation
De-energized to trip operation
16
PLC
Output signal
ON - 24 Vdc
15
+ V load
- V load
13/14
16
PLC
Output signal
OFF - 0 Vdc
15
+ V load
- V load
13/14
SIL 2 Normally Energized Relay Condition for NE Load
SIL 2
NE Load
SIL 2
ND Load
SIL 2
ND Load
