Vega VEGACAL 60 Series, Руководство по безопасности

Страница: 5 / 16

5
1 Functional safety
VEGACAL series 60 • Two-wire 4 … 20 mA/HART
35593-EN-181129
The safe state depends on the mode:
Monitoring upper level Monitoring lower level
Safe state Exceeding the switch-
ing point
Falling below the switch-
ing point
Output current in safe
state
> Switching point (-2 %) < Switching point (+2 %)
Failure current "fail low" < 3.6 mA < 3.6 mA
Failure current "fail high" > 21.5 mA > 21.5 mA
The current tolerance ±2 % refers to the adjustment of 0 … 120 pF
(see operating instructions manuals).
A safe failure exists when the measuring system switches to the de-
fined safe state or the fault mode without the process demanding it.
If the internal diagnostic system detects a failure, the measuring
system goes into fault mode.
A dangerous undetected failure exists if the measuring system
switches neither to the defined safe state nor to the failure mode
when the process requires it.
If the measuring system delivers output currents of " fail low " or " fail
high ", it can be assumed that there is a malfunction.
The processing unit must therefore interpret such currents as a mal-
function and output a suitable fault signal.
If this is not the case, the corresponding portions of the failure rates
must be assigned to the dangerous failures. The stated values in
chapter " Safety-relevant characteristics " can thus worsen.
The processing unit must correspond to the SIL level of the measure-
ment chain.
If the demand rate is only once a year, then the measuring system
can be used as safety-relevant subsystem in " low demand mode "
(IEC 61508-4, 3.5.12).
If the ratio of the internal diagnostics test rate of the measuring sys-
tem to the demand rate exceeds the value 100, the measuring system
can be treated as if it is executing a safety function in the mode with
low demand rate (IEC 61508-2, 7.4.3.2.5).
An associated characteristic is the value PFD
avg
(average Probability
of dangerous Failure on Demand). It is dependent on the test interval
T
Proof
between the function tests of the protective function.
Number values see chapter " Safety-related characteristics ".
If the " low demand rate " does not apply, the measuring system should
be used as a safety-relevant subsystem in the mode " high demand
mode " (IEC 61508-4, 3.5.12).
The fault tolerance time of the complete system must be higher than
the sum of the reaction times or the diagnostics test periods of all
components in the safety-related measurement chain.
Safe state
Fault description
Configuration of the pro-
cessing unit
Low demand mode
High demand mode