INSTALLATION & OPERATING DATA
Conditions or Restrictions for use in SIL Applications
The sections of this Installation and Operating Data Manual shall be strictly complied
with to ensure validity of the failure data and systematic safety integrity. The following
additional restrictions and conditions apply when the unit is used in SIL applications:
1. The host controller must monitor the TX6373 Toxic Gas Sensor/Transmitter output
at an appropriate frequency for the application (safety time) and initiate a safe
action (eg. process shutdown, evacuation, etc) or be repaired within the MTTR
assumed in the PFD calculations shown in Table 2 in Section 11.3 above, if an
out-of-range (low) output signal is indicated.
2. If the MTTR or the proof test interval (T
1
) is different from those assumed in this
document, then the PFD
AVG
should be re-calculated and the SIL capability
re-verified accordingly (refer to the Safety Manual in Section 11.5 below.
3. The display is for indication only and is not part of the safety function.
4. The environmental limits are restricted to:
·
+20 to +40
°
C
·
relative humidity <90%.
5. IEC 61508-2, 7.4.4.3.1c limits use to SIL 1 in high or continuous mode of operation
when used in a non-redundant configuration.
6. The unit must be calibrated at commissioning and at 3 month intervals during
operation and the sensor head replaced as indicated by the calibration check.
Proof Testing
Periodic proof tests of the element safety function must be performed to identify
any dormant failures, particularly when used in 'low demand' safety functions - refer
to Section 9.2 of this manual, for the proof test procedure. (Note that calibration
alone does not operate the 4 to 20 mA signal). Faults identified by this test must be
repaired within the MTTR and the unit returned to full working order.
A suitable proof test interval (T
1
) should be used in order to achieve the required
average probability of failure on demand (PFD
AVG
). A nominal interval of 8,760 hrs
(1 year) and Mean Time to Repair (MTTR) of 24 hours has been used in the derivation
of PFD
AVG
for illustration purposes. If different values are used, the PFD
AVG
for a
non-redundant arrangement (ie. where the safety function relies on a single
element) can be re-calculated as follows:
PFD
AVG
= (
λ
DU
+
λ
DD
) t
CE
Where t
CE
(the channel equivalent down time) = (
λ
DU
/
λ
D
) (T
1
/2 + MTTR) + (
λ
DD
/
λ
D
) MTTR
For redundant arrangements refer to IEC 61508-6 for the equations.
11.4
24/25
11.5
11 FUNCTIONAL SAFETY
continued
Those responsible for specifying proof testing of safety functions should refer to IEC
61508-6:2010 clause B.3.2.5 for considerations of the effect of non-perfect proof tests.
ISSUE N 06/15