FLAMMABLE GAS SENSOR/TRANSMITTER
A T E X
M1
GROUP I & II
INTRINSICALLY
SAFE
27/28
INSTALLATION & OPERATING DATA
11.5
Conditions or Restrictions for use in SIL Applications
The sections of this Installation and Operating Data manual shall be strictly complied
with to ensure validity of the failure data and systematic safety integrity. The
following additional restrictions and conditions apply when the unit is used in SIL
applications:
1. The host controller must monitor the TX6383 Flammable Gas Sensor/Transmitter
output at an appropriate frequency for the application (safety time) and initiate
a safe action (eg. process shutdown, evacuation, etc) or be repaired within the
MTTR assumed in the PFD calculations shown in the table above if an
out-of-range (low) output signal is indicated.
2. If the MTTR or the proof test interval (T
1
) is different from those assumed in this
manual, then the PFD
AVG
should be re-calculated and the SIL capability re-
verified accordingly (refer to the Safety Manual in Section 11.5 below.
3. The display is for indication only and is not part of the safety function.
4. The environmental limits are restricted to:
·
+20 to +40°C
·
relative humidity <90%
5. IEC 61508-2, 7.4.4.3.1c limits use to SIL 1 in high or continuous mode of
operation when used in a non-redundant configuration.
6. The unit must be calibrated at commissioning and at 3 month intervals during
operation and the sensor head replaced as indicated by the calibration check.
Proof Testing
Periodic proof tests of the element safety function must be performed to identify any
dormant dangerous failures, particularly when used in 'low demand' safety functions
- refer to Section 9.2 of this manual, for the proof test procedure. (Note that
calibration alone does not operate the 4 to 20 mA signal). Faults identified by this test
must be repaired within the MTTR and the unit returned to full working order.
A suitable proof test interval (T
1
) should be used in order to achieve the required
average probability of failure on demand (PFD
AVG
). A nominal interval of 8,760 hrs
(1 year) and Mean Time to Repair (MTTR) of 24 hours has been used in the derivation
of PFD
AVG
for illustration purposes. If different values are used, the PFD
AVG
for a
non-redundant arrangement (ie. where the safety function relies on a single element)
can be re-calculated as follows:
PFD
AVG
= (
λ
DU
+
λ
DD
) t
CE
Where t
CE
(the channel equivalent down time) = (
λ
DU
/
λ
D
) (T
1
/2 + MTTR) + (
λ
DD
/
λ
D
) MTTR
For redundant arrangements refer to IEC 61508-6 for the equations.
11.4
11 FUNCTIONAL SAFETY
continued
Those responsible for specifying proof testing of safety functions should refer to IEC
61508-6:2010 clause B.3.2.5 for considerations of the effect of non-perfect proof tests.
TT X
X 66 33 88 33
ISSUE S 01/15
