background image

Safety Manual SIL KCD2-STC-(Ex)1.HC(.SP), HiC2025HC

Planning

 2

012-

07

7

2.2

Assumptions

The following assumptions have been made during the FMEDA analysis:

The device shall claim less than 10 % of the total failure budget for a 

SIL2 safety loop.

For a SIL2 application operating in Low Demand Mode the total PFD

avg

 value 

of the SIF (

S

afety 

I

nstrumented 

F

unction) should be smaller than 10

-2

, hence 

the maximum allowable PFD

avg

 value would then be 10

-3

.

For a SIL2 application operating in High Demand Mode of operation the total 

PFH value of the SIF should be smaller than 10

-6

 per hour, hence the 

maximum allowable PFH value would then be 10

-7

 per hour.

Failure rate based on the Siemens SN29500 data base.

Failure rates are constant, wear out mechanisms are not included.

External power supply failure rates are not included.

The safety-related device is considered to be of type 

A

 components with a 

Hardware Fault Tolerance of 

0

.

Since the circuit has a Hardware Fault Tolerance of 

0

 and it is a type 

A

 

component, the SFF must be > 60 % according to table 2 of IEC 61508-2 for 

SIL2 (sub)system.

The stress levels are average for an industrial environment and can be 

compared to the Ground Fixed Classification of MIL-HNBK-217F. 

Alternatively, the assumed environment is similar to:

• IEC 60654-1 Class C (sheltered location) with temperature limits within 

the manufacturer's rating and an average temperature over a long period 

of time of 40

º

C. Humidity levels are assumed within manufacturer's 

rating. For a higher average temperature of 60

º

C, the failure rates should 

be multiplied with an experience based factor of 2.5. A similar multiplier 

should be used if frequent temperature fluctuation must be assumed.

During normal operation any change of the operating function (DIP switch 

modification) must be prevented.

It was assumed that the appearance of a safe error (e. g. output in safe state) 

would be repaired within 8 hours (e. g. remove sensor burnout).

During the absence of the device for repairing, measures have to be taken to 

ensure the safety function (for example: substitution by an equivalent device).

The HART protocol is only used for setup, calibration, and diagnostic 

purposes, not during normal operation.

The application program in the logic solver must be configured to detect 

underrange and overrange failures.

Содержание SIL KCD2-STC-1.SP

Страница 1: ...ISO9001 2 SMART Transmitter Power Supply KCD2 STC Ex 1 HC SP HiC2025HC PROCESS AUTOMATION SAFETY MANUAL SIL ...

Страница 2: ... for Products and Services of the Electrical Industry published by the Central Association of the Electrical Industry Zentralverband Elektrotechnik und Elektroindustrie ZVEI e V in its most recent version as well as the supplementary clause Expanded reservation of proprietorship Safety Manual SIL KCD2 STC Ex 1 HC SP HiC2025HC ...

Страница 3: ... 5 2 Planning 6 2 1 System Structure 6 2 1 1 Low Demand Mode 6 2 1 2 High Demand Mode 6 2 1 3 Safe Failure Fraction 6 2 2 Assumptions 7 2 3 Safety Function and Safe State 8 2 4 Characteristic Safety Values 9 3 Safety Recommendation 10 3 1 Interfaces 10 3 2 Configuration 10 3 3 Useful Life Time 10 3 4 Installation and Commissioning 11 4 Proof Test 12 4 1 Proof Test Procedure 12 5 Abbreviations 14 ...

Страница 4: ...ances or impairment of safety functions may cause damage to property environment or persons for which Pepperl Fuchs GmbH will not be liable The devices are developed manufactured and tested according to the relevant safety standards They must only be used for the applications described in the instructions and with specified environmental conditions and only in connection with approved external dev...

Страница 5: ...on Pepperl Fuchs GmbH Lilienthalstrasse 200 68307 Mannheim Germany Up to SIL2 1 4 Relevant Standards and Directives Device specific standards and directives Functional safety IEC 61508 part 2 edition 2000 Standard of functional safety of electrical electronic programmable electronic safety related systems product manufacturer Electromagnetic compatibility EN 61326 1 2006 NE 21 2006 System specific...

Страница 6: ... loop is assumed to be higher than once per year The relevant safety parameters to be verified are PFH Probability of dangerous Failure per Hour Fault reaction time of the safety system the SFF value Safe Failure Fraction the HFT architecture Hardware Fault Tolerance architecture 2 1 3 Safe Failure Fraction The safe failure fraction describes the ratio of all safe failures and dangerous detected f...

Страница 7: ...IEC 61508 2 for SIL2 sub system The stress levels are average for an industrial environment and can be compared to the Ground Fixed Classification of MIL HNBK 217F Alternatively the assumed environment is similar to IEC 60654 1 Class C sheltered location with temperature limits within the manufacturer s rating and an average temperature over a long period of time of 40 ºC Humidity levels are assum...

Страница 8: ...e DIP Switch Settings KCD2 STC Ex 1 HC SP DIP Switch Settings HiC2025HC Safe State The safe state is defined as the output reaching values 3 6 mA 0 9 V or 20 5 mA 5 125 V Reaction Time The reaction time for all safety functions is 20 ms Function S1 S2 S3 S4 Current source 4 mA 20 mA II II I II Voltage source 1 V 5 V II II I I Current sink 4 mA 20 mA II I II II Table 2 1 Function S1 S2 S3 S4 Curren...

Страница 9: ...t type and documentation FMEDA report Device type A Mode of operation Low Demand Mode or High Demand Mode HFT 0 SIL 2 Safety function Signal transfer λs 126 3 FIT λdd 0 FIT λdu 50 3 FIT λno effect 228 3 FIT λtotal safety function 405 FIT λnot part 32 2 FIT SFF 87 58 MTBF 1 261 years PFH 5 03 x 10 8 1 h PFDavg for Tproof 1 year 2 20 x 10 4 PFDavg for Tproof 2 years 4 41 x 10 4 PFDavg for Tproof 5 y...

Страница 10: ...only applies provided that the useful life time of components is not exceeded Beyond this useful life time the result of the probabilistic calculation is meaningless as the probability of failure significantly increases with time The useful life time is highly dependent on the component itself and its operating conditions temperature in particular for example the electrolytic capacitors can be ver...

Страница 11: ...y opto coupler which can produce dangerous undetected failures and if the ambient temperature is significantly below 60 C Please note that the useful life time refers to the constant failure rate of the device The effective life time can be higher 3 4 Installation and Commissioning Installation has to consider all aspects regarding the SIL level of the loop During installation or replacement of th...

Страница 12: ...ircuits that were operated with circuits of other types of protection may not be used as intrinsically safe circuits afterwards Power supply set at nominal voltage of 24 V DC Process calibrator with mA current source sink feature accuracy better than 20 µA The entire measuring loop must be put out of service and the process held in safe condition by means of other measures Prepare a test set up fo...

Страница 13: ...og input Current output or Voltage output or Current sink Supply HiC2025HC 11 14 5 1 4 1b SL2 5a 5b SL1 8a 7a Termination Board Zone 0 1 2 Div 1 2 Zone 2 Div 2 Multimeter V Multimeter V 4 mA 20 mA 4 mA 20 mA I supply Passive input Input sensor 4 wire Tx externally powered Active input Input sensor 2 wire Tx loop powered Supply Supply 24 V DC Power supply Logic solver analog input Current output or...

Страница 14: ...ility of failures of components in the safety path that have no effect on the safety function λnot part Probability of failure of components that are not in the safety path λtotal safety function Safety function HFT Hardware Fault Tolerance MTBF Mean Time Between Failures MTTR Mean Time To Repair PFDavg Average Probability of Failure on Demand PFH Probability of dangerous Failure per Hour PTC Proo...

Страница 15: ...Safety Manual SIL KCD2 STC Ex 1 HC SP HiC2025HC Notes 2012 07 15 ...

Страница 16: ...l fuchs com PROCESS AUTOMATION PROTECTING YOUR PROCESS Worldwide Headquarters Pepperl Fuchs GmbH 68307 Mannheim Germany Tel 49 621 776 0 E mail info de pepperl fuchs com For the Pepperl Fuchs representative closest to you check www pepperl fuchs com contact TDOCT 2750_ENG 07 2012 ...

Отзывы: