9
Competence in Functional Safety
Functional safety of globe valves, rotary plug valves, ball valves and butterfly valves
4.3 Hardware fault tolerance
In the process industry, the achievable SIL classes for sensors, final elements and non-programmable logic modules,
such as isolating amplifiers and relays, are restricted in accordance with IEC 61511 as shown in the following table.
Safety integrity level (SIL)
Minimum required hardware failure tolerance (HFT)
1
0
2
1
3
2
4
Special requirements (refer to IEC 61508)
Minimum required hardware failure tolerance (HFT) according to IEC 61511-1, Table 6, for the process industry
The minimum required hardware failure tolerance can be decreased by one if the following requirements are met:
The device is proven in use.
Take this into account when selecting devices!
The device only allows process-relevant parameters to be set, e.g. measuring range, upscale or downscale function
in case of failure.
Final elements do not have any configurable functions.
The process-relevant parameters of the device are access-protected, e.g. by jumper or password.
Final elements do not have any configurable functions.
The function requires a SIL less than 4.
A final element has a single-channel design, resulting in a hardware failure tolerance (HFT) = 0. This results in a single-
channel application up to SIL 1 or up to SIL 2 for proven-in-use devices.
At least two redundant devices are required for SIL 3 with proven-in-use devices.
At least three redundant devices are required for SIL 3 without proven-in-use devices.
