Functional Safety K*D0-RSH-1.1E.1, HiC5863(Y1)
Planning
20
21
-1
0
11
3.2
Assumptions
The following assumptions have been made during the FMEDA:
•
Failure rates are constant, wear is not considered.
•
Failure rate based on the Siemens standard SN 29500.
•
The safety-related device is considered to be of type
A
device with a hardware
fault tolerance of
0
.
•
The device will be used under average industrial ambient conditions comparable
to the classification "stationary mounted" according to MIL-HDBK-217F.
Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time
of 40
º
C may be assumed. For a higher average temperature of 60
º
C, the failure rates
must be multiplied by a factor of 2.5 based on experience. A similar factor must be used
if frequent temperature fluctuations are expected.
•
The nominal voltage at the digital input is 24 V. Ensure that the nominal voltage
do not exceed 30 V under all operating conditions.
•
The DO card must be able to supply a signal current of at least 100 mA.
SIL 3 application
•
To build a SIL safety loop for the defined SIL, it is assumed as an example that this device
uses 10 % of the available budget for PFD
avg
/PFH.
•
For a SIL 3 application operating in low demand mode the total PFD
avg
value
of the SIF (
S
afety
I
nstrumented
F
unction) should be smaller than 10
-3
,
hence the maximum allowable PFD
avg
value would then be 10
-4
.
•
For a SIL 3 application operating in high demand mode the total PFH value
of the SIF should be smaller than 10
-7
per hour, hence the maximum allowable PFH value
would then be 10
-8
per hour.
•
If the device is used in applications for high demand mode, perform a risk analysis
regarding systematic faults and implement suitable measures to control these systematic
faults. For example, this can be the following measures:
•
usage of redundant power supplies,
•
monitoring of input signal, wiring and connections for short circuits and open circuits,
•
monitoring the output for open circuits.
•
Since the safety loop has a hardware fault tolerance of
0
and it is a type
A
device,
the SFF must be > 90 % according to table 2 of IEC/EN 61508-2 for a SIL 3 (sub) system.
