Pepperl+Fuchs HiC282 Series, Руководство пользователя

Страница: 12 / 24

2
018-
12
12
Functional Safety KCD2-SR-(Ex)*(.LB)(.SP), HiC282*
Planning
3.2 Assumptions
The following assumptions have been made during the FMEDA:
•
Failure rate based on the Siemens standard SN 29500.
• Failure rates are constant, wear is not considered.
• External power supply failure rates are not included.
• Only one input and one output are part of the safety function (only for 2-channel version).
• The safety-related device is considered to be of type A device with a hardware fault
tolerance of 0 .
• The device will be used under average industrial ambient conditions comparable
to the classification "stationary mounted" according to MIL-HDBK-217F.
Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time of
40
º
C may be assumed. For a higher average temperature of 60
º
C, the failure rates must
be multiplied by a factor of 2.5 based on experience. A similar factor must be used
if frequent temperature fluctuations are expected.
• The indication of a dangerous failure (via fault bus) is detected within 1 hour
by the programmable logic controller (PLC).
SIL 2 Application
• The device shall claim less than 10 % of the total failure budget for a SIL 2 safety loop.
• For a SIL 2 application operating in low demand mode the total PFD
avg
value
of the SIF ( S afety I nstrumented F unction) should be smaller than 10
-2
,
hence the maximum allowable PFD
avg
value would then be 10
-3
.
• For a SIL 2 application operating in high demand mode the total PFH value
of the SIF should be smaller than 10
-6
per hour, hence the maximum allowable PFH value
would then be 10
-7
per hour.
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device,
the SFF must be > 60 % according to table 2 of IEC/EN 61508-2 for a SIL 2 (sub) system.
3.3 Safety Function and Safe State
Safe State
The safe state is the de-energized state of the outputs, independent of the mode of operation.
Safety Function
The safety function has 2 modes of operation:
•
normal operation (output follows input)
• inverted operation (output inverts input)
The 1-channel devices have 2 outputs where output II may be used in safety-relevant
applications if output II is configured to follow output I.
Use the following DIP switch settings for safety-related applications: