Pepperl+Fuchs KFD2-CD-1.32 Series, Руководство пользователя

Страница: 10 / 20

2
018-
11
10
Functional Safety KFD2-CD-(Ex)1.32-**
Planning
3.2 Assumptions
The following assumptions have been made during the FMEDA:
•
Failure rate based on the Siemens standard SN29500.
• Failure rates are constant, wear is not considered.
• External power supply failure rates are not included.
• The safety-related device is considered to be of type A device with a hardware
fault tolerance of 0 .
• The device will be used under average industrial ambient conditions comparable
to the classification "stationary mounted" according to MIL-HDBK-217F.
Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time of
40
º
C may be assumed. For a higher average temperature of 60
º
C, the failure rates must
be multiplied by a factor of 2.5 based on experience. A similar factor must be used
if frequent temperature fluctuations are expected.
• For cases in which the connected field device detects a too high output signal, the failure
rate

fail high
may be subtracted from the dangerous undetected failure rate

du
and regarded
in a different way. If a reaction is introduced that brings the application to the safe state,
then the failure rate

fail high
can be added to the dangerous detected failure rate

dd
or to the safe failure rate

s
.
• The connected field device must be set to its safe state if the output of the field device
reached a value below the specified valid range for the safety application.
For field devices with current output, this value is 3.6 mA. For field devices with
voltage output, this value is 0.9 V or 1.8 V.
SIL 2 application
• The device shall claim less than 10 % of the total failure budget for a SIL 2 safety loop.
• For a SIL 2 application operating in low demand mode the total PFD
avg
value
of the SIF ( S afety I nstrumented F unction) should be smaller than 10
-2
, hence the
maximum allowable PFD
avg
value would then be 10
-3
.
• For a SIL 2 application operating in high demand mode the total PFH value
of the SIF should be smaller than 10
-6
per hour, hence the maximum allowable PFH value
would then be 10
-7
per hour.
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device,
the SFF must be > 60 % according to table 2 of IEC/EN 61508-2 for a SIL 2 (sub) system.