background image

 2

02

0-

07

14

Functional Safety HiC284*

Planning

3.5

Useful Lifetime

Although a constant failure rate is assumed by the probabilistic estimation this only applies 

provided that the useful lifetime of components is not exceeded. Beyond this useful lifetime, 

the result of the probabilistic estimation is meaningless as the probability of failure significantly 

increases with time. The useful lifetime is highly dependent on the component itself and 

its operating conditions 

 temperature in particular. For example, electrolytic capacitors 

can be very sensitive to the operating temperature.
This assumption of a constant failure rate is based on the bathtub curve, which shows 

the typical behavior for electronic components.
Therefore it is obvious that failure calculation is only valid for components that have 

this constant domain and that the validity of the calculation is limited to the useful lifetime 

of each component.
It is assumed that early failures are detected to a huge percentage during the installation 

and therefore the assumption of a constant failure rate during the useful lifetime is valid.
However, according to IEC/EN 61508-2, a useful lifetime, based on general experience, 

should be assumed. Experience has shown that the useful lifetime often lies within a range 

period of about 8 to 12 years.
As noted in DIN EN 61508-2:2011 note N3, appropriate measures taken by the manufacturer 

and plant operator can extend the useful lifetime.
Our experience has shown that the useful lifetime of a Fuchs product can be higher 

if the ambient conditions support a long life time, for example if the ambient temperature 

is significantly below 60

°

C.

Please note that the useful lifetime refers to the (constant) failure rate of the device. 

The effective life time can be higher.
The estimated useful lifetime is greater than the warranty period prescribed by law or 

the manufacturer's guarantee period. However, this does not result in an extension 

of the warranty or guarantee services. Failure to reach the estimated useful lifetime is not a 

material defect.

Содержание HiC284 Series

Страница 1: ...ISO9001 2 Functional Safety Switch Amplifier HiC284 Manual ...

Страница 2: ...sion as well as the supplementary clause Expanded reservation of proprietorship Worldwide Pepperl Fuchs Group Lilienthalstr 200 68307 Mannheim Germany Phone 49 621 776 0 E mail info de pepperl fuchs com North American Headquarters Pepperl Fuchs Inc 1600 Enterprise Parkway Twinsburg Ohio 44087 USA Phone 1 330 425 3555 E mail sales us pepperl fuchs com Asia Headquarters Pepperl Fuchs Pte Ltd P F Bui...

Страница 3: ...s 8 2 3 Marking 8 2 4 Standards and Directives for Functional Safety 8 3 Planning 9 3 1 System Structure 9 3 2 Assumptions 10 3 3 Safety Function and Safe State 11 3 4 Characteristic Safety Values 13 3 5 Useful Lifetime 14 4 Mounting and Installation 15 4 1 Configuration 15 5 Operation 16 5 1 Proof Test 16 5 2 Proof Test Procedure 17 6 Maintenance and Repair 19 7 List of Abbreviations 20 ...

Страница 4: ...Functional Safety HiC284 Contents 4 2020 07 ...

Страница 5: ... Dismounting Disposal The documentation consists of the following parts Present document Instruction manual Manual Datasheet Additionally the following parts may belong to the documentation if applicable EU type examination certificate EU declaration of conformity Attestation of conformity Certificates Control drawings FMEDA report Assessment report Additional documents For more information about ...

Страница 6: ...nderstood the instruction manual and the further documentation Intended Use The device is only approved for appropriate and intended use Ignoring these instructions will void any warranty and absolve the manufacturer from any liability The device is developed manufactured and tested according to the relevant safety standards Use the device only for the application described with specified environm...

Страница 7: ...isplayed in descending order as follows Informative Symbols Action This symbol indicates a paragraph with instructions You are prompted to perform an action or a sequence of actions Danger This symbol indicates an imminent danger Non observance will result in personal injury or death Warning This symbol indicates a possible fault or danger Non observance may cause personal injury or serious proper...

Страница 8: ...nation board 2 2 Interfaces The device has the following interfaces Safety relevant interfaces HiC2841 input I output I output II optional HiC2842 input I input II output I output II Non safety relevant interfaces fault indication output 2 3 Marking 2 4 Standards and Directives for Functional Safety Device specific standards and directives System specific standards and directives Note For correspo...

Страница 9: ...ly the demand rate for this safety loop is assumed to be higher than once per year The relevant safety parameters to be verified are the PFH value Probability of dangerous Failure per Hour Fault reaction time of the safety system the SFF value Safe Failure Fraction the HFT architecture Hardware Fault Tolerance 3 1 3 Safe Failure Fraction The safe failure fraction describes the ratio of all safe fa...

Страница 10: ... by a factor of 2 5 based on experience A similar factor must be used if frequent temperature fluctuations are expected Since the outputs of the device use common components these outputs must not be used in the same safety function SIL 2 Application To build a SIL safety loop for the defined SIL it is assumed as an example that this device uses 10 of the available budget for PFDavg PFH For a SIL ...

Страница 11: ...function is the same as for output I Switch S3 in position II output II assigned to line fault detection Output II is not part of the safety function HiC2842 For channel I Switch S1 in position II normal operation In this case the safety function is defined as output I is de energized if the input I is in de energized state Switch S1 in position I inverse operation In this case the safety function...

Страница 12: ...te safe state if there is a line fault detected Reaction Time 1 The reaction time for input to output safety functions is 0 2 ms load conditions 24 V 10 k 2 The fault detection and fault reaction time is 100 ms A fault diagnosis at the input leads to output safe state 3 The fault indication output is not safety relevant 100 ms Note The fault indication output is not safety relevant Note See corres...

Страница 13: ...ce type A Mode of operation Low Demand Mode or High Demand Mode HFT 0 SIL 2 SC 3 MTBF 1 HiC2841 1 acc to SN29500 This value includes failures which are not part of the safety function MTTR 8 h 322 years MTBF 1 HiC2842 253 years Safety function inverse operation normal operation s 140 FIT 141 FIT dd 0 FIT 0 FIT du 28 5 FIT 25 3 FIT total safety function 272 FIT 272 FIT SFF 83 84 PFH 2 85 x 10 8 1 h...

Страница 14: ...med that early failures are detected to a huge percentage during the installation and therefore the assumption of a constant failure rate during the useful lifetime is valid However according to IEC EN 61508 2 a useful lifetime based on general experience should be assumed Experience has shown that the useful lifetime often lies within a range period of about 8 to 12 years As noted in DIN EN 61508...

Страница 15: ...eck the safety function to ensure the expected output behavior 4 1 Configuration Configuring the Device The device is configured via DIP switches The DIP switches for setting the safety functions are on the side of the device 1 De energize the device before configuring the device 2 Remove the device 3 Configure the device for the required safety function via the DIP switches see chapter 3 3 4 Secu...

Страница 16: ... the respective effectiveness e g concepts according to NA106 2018 According to IEC EN 61508 2 a recurring proof test shall be undertaken to reveal potential dangerous failures that are not detected otherwise Check the function of the subsystem at periodic intervals depending on the applied PFDavg in accordance with the characteristic safety values See chapter 3 4 It is under the responsibility of...

Страница 17: ...annel individually 4 Connect a potentiometer of 4 7 k threshold for normal operation to the input The threshold must be between 1 4 mA and 1 9 mA the hysteresis must be between 170 µA and 250 µA If the input current is above the threshold the output must be activated for normal mode of operation The yellow LED lights up If the input current is below the threshold the output must be activated for i...

Страница 18: ...a 2b 6b 24 V DC Power supply RLB RSC HiC2842 Zone 0 1 2 Div 1 2 Zone 2 Div 2 Multimeter I Multimeter mA Multimeter I Multimeter I 2 k 24 V DC Multimeter I 2 k 24 V DC Termination Board 10a 9a SL1 8a 7a 12 15 11 14 5a 5b 1 4 SL2 5a 5b 2 5 I supply 1a 1b 2a 2b 6b 24 V DC Power supply RLB RSC RLB RSC Tip The easiest way to test HiC devices is by using a stand alone HiCTB SCT termination board In this...

Страница 19: ...t work Take appropriate measures to protect personnel and equipment while the safety function is not available Secure the application against accidental restart 3 Do not repair a defective device A defective device must only be repaired by the manufacturer 4 If there is a defect always replace the device with an original device Danger Danger to life from missing safety function Changes to the devi...

Страница 20: ...ety function Probability of failure of components that are in the safety loop HFT Hardware Fault Tolerance MTBF Mean Time Between Failures MTTFD Mean Time To dangerous Failure MTTR Mean Time To Restoration PCS Process Control System PFDavg Average Probability of dangerous Failure on Demand PFH Average frequency of dangerous failure per hour PL Performance Level PLC Programmable Logic Controller PT...

Страница 21: ...Functional Safety HiC284 Notes 2020 07 21 ...

Страница 22: ...Pepperl Fuchs Quality Download our latest policy here www pepperl fuchs com quality www pepperl fuchs com Pepperl Fuchs Subject to modifications Printed in Germany DOCT 1877B ...

Отзывы: