INOR IPAQ C520, Дополнительное руководство по инструкции

Страница: 8 / 28

4
SAFETY FUNCTION
8
IPAQ C520/R520
www.inor.com 02/2019 - 86B520S001 - AD 520 SIL R1.4 en
4.1 Description of the failure categories
The following definitions of the failure are used during diagnostic calculations:
4.2 Specification of the safety function
The safety function of the C520/R520 transmitter is the quality and reliability of the transmitter
signal output, i.e. measurement performance, error detection and error indication in the signal-
processing path of the transmitter.
The valid range of the output signal is between 3.8 mA and 20.5 acc. to NE 43.
The failure information is defined by two selectable alarm levels: Fail Low (Downscale
≤
3.6 mA)
and Fail High (Upscale
≥
21 mA).
The configuration of the transmitter is protected by a password set via the software ConSoft. The
password is stored in the transmitter.
The C520S/C520XS/R520S/R520XS checks sensor errors (sensor break or sensor short) for both
channels if it is configured in this manner.
State definition Description
Fail-Safe State The fail-safe state is defined as the output reaching the user defined
threshold value.
Fail - Safe A safe failure (S) is defined as a failure that causes the
module/(sub)system to go to the defined fail-safe state without a demand
from the process. Safe failures are divided into safe detected (SD) and safe
undetected (SU) failures.
Fail Dangerous A dangerous failure is defined as a failure of the temperature transmitter
C520/R520 not responding to a demand from the process, i.e. being unable
to go to the defined fail-safe state, and the output current deviates by
more than 2% of measuring span of the actual temperature measurement
value.
Fail Dangerous Undetected Failure that is dangerous and that is not being diagnosed by internal
diagnostics.
Fail Dangerous Detected Failure that is dangerous but is detected by internal diagnostics and
causes the output signal to go to the predefined alarm state (These
failures may be converted to the selected fail-safe state).
Fail High Failure that causes the output signal to go to the maximum output current
(
≥
21 mA) acc. to NAMUR NE 43.
Fail Low Failure that causes the output signal to go to the minimum output current
(
≤
3.6 mA) acc. to NAMUR NE 43.
Fail No Effect Failure of a component that is part of the safety function but is neither a
safe failure nor a dangerous failure and has no effect on the safety
function. For the calculation of the SFF it is treated like a safe undetected
failure.
Not part Failures of a component which is not part of the safety function but part of
the circuit diagram.
Table 4-1: Definitions of the failure rate during the diagnostic calculations for C520/R520.