SAFETY MANUAL SIL SMART Transmitter Power Supply

Similar documents
SAFETY MANUAL SIL Switch Amplifier

SAFETY MANUAL SIL RELAY MODULE

SAFETY MANUAL SIL SWITCH AMPLIFIER

SYSTEM DESCRIPTION Termination Boards

Failure Modes, Effects and Diagnostic Analysis

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Hardware safety integrity Guideline

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

2002 IS Catalog. Page

PROCESS AUTOMATION MANUAL OVERSPEED/UNDERSPEED MONITOR KF**-DWB-(EX)1.D ISO9001

,g) rrrs {fd fi. f il'ltdä. Failure Modes, Effects and Diagnostic Analysis. ABB Automation Products GmbH Alzenau Germany

Version: 1.0 Latest Edition: Guideline

MXa SIL Guidance and Certification

PROCESS AUTOMATION MANUAL. Universal Temperature Converter. KFD2-UT2-(Ex)*(-1) ISO9001

Safety Manual BT50(T) Safety relay / Expansion relay

SIL manual. Structure. Structure

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

Basic Fundamentals Of Safety Instrumented Systems

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

Effective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

Final Element Architecture Comparison

A methodology For the achievement of Target SIL

Certification Report of the STT25S Temperature Transmitter

Rosemount 333 HART Tri-Loop

PROCESS AUTOMATION REMOTE I/O SYSTEMS RPI REMOTE PROCESS INTERFACE IN THE SAFE AREA OR IN ZONE 2

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

Inductive sensor NI10-M18-Y1X-H1141

FUNCTIONAL SAFETY CERTIFICATE

R4D0-FB-IA* FieldBarrier. Features. Assembly. Function. Connection IN + - S OUT Spur 2. Spur 1. Zone 1. Zone 0

FACTORY AUTOMATION MANUAL ID-NET SETUP PROCEDURE USING PROGRAMMING BARCODES

PROCESS AUTOMATION PLANNING AND INTEGRATION INFORMATION LB8106* Integration in Siemens SIMATIC PCS 7

Technical Data. General specifications Switching element function Rated operating distance s n 15 mm

Magnetic field sensor for pneumatic cylinders BIM-INT-Y1X-H1141

FACTORY AUTOMATION MANUAL USB VIRTUAL COM PORT DRIVER INSTALLATION UNDER WINDOWS XP/WINDOWS 2000

4 non-safe digital I/O channels 2 IO-Link Master V1.1 slots. Figure 1. Figure 2. Type code. TBPN-L1-FDIO1-2IOL Ident no

PROCESS AUTOMATION MANUAL. Temperature Converter with Trip Values. KF**-GUT-(Ex)1.D ISO9001

Segment Protector for Cabinet Installation R2-SP-IC* Features. Assembly. Function. Connection. Trunk, Ex na non-arcing. Spur.

Your Advantages For safety application up to PL e / Cat. 4 e.g. SIL 3 Manual or automatic start * see variants. Applications.

Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator

Safety Requirements Specification Guideline

Machineontwerp volgens IEC 62061

MINI MCR-SL-R-UI(-SP)

FACTORY AUTOMATION INTELLIGENT CLAMP MONITORING FOR MACHINE TOOL SPINDLES WITH INDUCTIVE POSITIONING SYSTEMS

TABLE OF CONTENT

Rosemount 333 HART Tri-Loop

How To Use A Network Card With A Network Box (Ios) On A Microsoft Powerbook 2.5 (I2) (I3) (Io2) And I2 (Io) (Net) (Ipo) (

PROCESS AUTOMATION FLEXIBLE ASSET MANAGEMENT HART INTERFACE SOLUTIONS

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

AS-i 3.0 PROFIBUS Gateways with integrated Safety Monitor

Analog signal converters CC-E I/I Current / current isolators

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September Answers for industry.

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. March Valves

Technical Data. General specifications Switching element function Rated operating distance s n 4 mm

Technical Data. General specifications Switching element function Rated operating distance s n 5 mm

Isolating Barriers for our sensors A5S1 in Ex-areas Series D461

High Availability and Safety solutions for Critical Processes

Automation, Software and Information Technology. Test report of the type approval safety-related automation devices

JUMPFLEX 857 Series ma V ma. Transducers / Relay and Optocoupler Modules

Viewpoint on ISA TR Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

Technical Data. Dimensions

CONFIGURABLE SAFETY RELAYS

Documentation for. KL2602 and KL2622. Two-channel Relay Output Terminals for 230 V AC / 30 V DC. Version: 1.4 Date:

IEC Overview Report

Vetting Smart Instruments for the Nuclear Industry

Inductive slot sensor

Operating Manual UWAPS-TINY Series

Valves and Solenoid Valves testet and certified byrheinhold & Mahla according to IEC 61508/61511

Safe Torque Off Option (Series B) for PowerFlex 40P and PowerFlex 70 Enhanced Control AC Drives

3500/62 Process Variable Monitor

SIMATIC. ET 200S distributed I/O 2AO I ST analog electronic module (6ES7135-4GB01-0AB0) Preface. Properties 1. Parameters 2.

AS-i 3.0 Gateways, PROFIsafe via PROFIBUS or PROFINET

Logic solver application software and operator interface

GREISINGER electronic GmbH

Technical Data. Dimensions

FACTORY AUTOMATION. Manual. Speed Monitor KHU8-DW-1.D

PROCESS AUTOMATION MANUAL R2-SP-N*

Mobrey Magnetic Level Switches

Programmable set for Ethernet Modbus/TCP in IP67 TI-BL67-PG-EN-2

ABB industrial drives. Application guide ACS800-01/U1/04/04LC/04M/U4/11/U11/14/31/U31/104/104LC Safe torque off function (+Q967)

SIMATIC NET. CP AS-Interface Master B C. Preface Contents. Technical Description and Installation Instructions Interface to the User Program

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

Mitigating safety risk and maintaining operational reliability

Automation System TROVIS 6400 TROVIS 6493 Compact Controller

ABB Drives. User s Manual HTL Encoder Interface FEN-31

Instruction Manual Service Program ULTRA-PROG-IR

Contactor Monitoring Relay CMD Cost-Effective Solution for Safe Machines

ABB Drives. User s Manual. Pulse Encoder Interface Module RTAC-01

Instruction Manual Differential Pressure Transmitter

IEC Functional Safety Assessment. United Electric Controls Watertown, MA USA

Permissible ambient temperature Operation Storage, transport

CONFIGURABLE SAFETY RELAYS

Specifications for EM VDC 4 In/4 Out and EM VDC 4 In/4 Relay Out

Electro-Magnetic Flowmeters COPA-XT 2-Wire DT43

DMP 331. Industrial Pressure Transmitter for Low Pressure. Stainless Steel Sensor

T0118 T2118 T3118. Instruction Manual

TÜV FS Engineer Certification Course Being able to demonstrate competency is now an IEC requirement:

Cerabar M PMC51, PMP51/55 Deltabar M PMD55 Deltapilot M FMB50/51/52/53

FACTORY AUTOMATION. Manual Laying loops for Loop detector LC10-1 and LC10-2

Short information Parameters are programmed via front-side membrane keypad

Transcription:

PROCESS AUTOMATION SAFETY MANUAL SIL SMART Transmitter Power Supply KFD2-STC4-(Ex)*, KFD2-STV4-(Ex)*, KFD2-CR4-(Ex)* ISO9001 2 3

With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery for Products and Services of the Electrical Industry, published by the Central Association of the Electrical Industry (Zentralverband Elektrotechnik und Elektroindustrie (ZVEI) e.v.) in its most recent version as well as the supplementary clause: "Expanded reservation of proprietorship"

Contents 1 Introduction... 4 1.1 General Information...4 1.2 Intended Use...4 1.3 Manufacturer Information...5 1.4 Relevant Standards and Directives...5 2 Planning... 6 2.1 System Structure...6 2.1.1 Low Demand Mode of Operation...6 2.1.2 High Demand or Continuous Mode of Operation...6 2.1.3 Safe Failure Fraction...6 2.2 Assumptions...7 2.3 Safety Function and Safe State...8 2.4 Characteristic Safety Values...10 3 Safety Recommendation... 13 3.1 Interfaces...13 3.2 Configuration...13 3.3 Useful Life Time...13 3.4 Installation and Commissioning...14 4 Proof Test... 15 4.1 Proof Test Procedure...15 5 Abbreviations... 20 3

Introduction 1 Introduction 1.1 General Information This manual contains information on using the device in control circuits that are related to functional safety. The corresponding data sheets, the operating instructions, the system description, the declaration of conformity, the EC-Type Examination Certificate, and the applicable certificates (see data sheet) are an integral part of this document. The stated documents are available at www.pepperl-fuchs.com or from your local Pepperl+Fuchs representative. Mounting, installation, commissioning, operation, maintenance and disassembly of any devices may only be carried out by trained, qualified personnel. The instruction manual must be read and understood. In the event of a device fault, the devices must be taken out of operation and measures must be taken to protect them against unintentional startup. Devices may be repaired only by the manufacturer. Deactivating or bypassing safety functions, or failing to observe the instructions in this manual (which lead to faults or affect the safety functions), can damage property and the environment or cause personal injury, for which Pepperl+Fuchs GmbH accepts no liability. The devices have been developed, manufactured, and tested according to the applicable safety standards. The devices may be used only for the applications described in the instructions under the specified ambient conditions and exclusively in connection with the approved peripherals. 1.2 Intended Use The isolated barriers and signal conditioners KFD2-CR4-(Ex)* and KFD2-STC4-(Ex)* provide power for 2-wire transmitters in a hazardous area. The versions without the designation "Ex" are for safe areas only. The devices transfer their analog signals to the safe area as isolated current sources. The one channel versions KFD2-CR4-(Ex)1* and KFD2-STC4-(Ex)1* can also be used with 3-wire transmitters and 2-wire current sources as inputs. The isolated barriers and signal conditioners KFD2-STC4-(Ex)*-3 and KFD2-STC4-(Ex)*-Y* provide a current sink output while other KFD2-STC4-(Ex)* devices provide a current source output. The isolated barriers and signal conditioners KFD2-STV4-(Ex)* provide power for 2-wire transmitters in a hazardous area. The versions without the designation "Ex" are for safe areas only. The devices transfer the analog signals to the safe area as isolated voltage sources. The one channel versions KFD2-STV4-(Ex)1* can also be used with 3-wire transmitters and 2-wire current sources as inputs. Digital signals may be superimposed on the analog values (SMART signals) and are transferred bidirectionally (only KFD2-STC4-(Ex)* and KFD2-STV4-(Ex)*). The devices are single devices for DIN rail mounting. 4

Introduction 1.3 Manufacturer Information Pepperl+Fuchs GmbH Lilienthalstrasse 200, 68307 Mannheim, Germany Up to SIL2 KFD2-CR4-(Ex)* KFD2-STC4-(Ex)* KFD2-STV4-(Ex)* Up to SIL3 KFD2-CR4-(Ex)1.2O* KFD2-STC4-(Ex)1.2O* KFD2-STV4-(Ex)1.2O* The stars replace a combination of characters, depending on the product. 1.4 Relevant Standards and Directives Device specific standards and directives Functional safety IEC 61508 part 2, edition 2000: Standard of functional safety of electrical/electronic/programmable electronic safety-related systems (product manufacturer) Electromagnetic compatibility: - EN 61326-1:2006 - NE 21:2006 System specific standards and directives Functional safety IEC 61511 part 1, edition 2003: Standard of functional safety: safety instrumented systems for the process industry sector (user) 5

Planning 2 Planning 2.1 System Structure 2.1.1 Low Demand Mode of Operation If there are two loops, one for the standard operation and another one for the functional safety, then usually the demand rate for the safety loop is assumed to be less than once per year. The relevant safety parameters to be verified are: the PFD avg value (average Probability of Failure on Demand) and the T proof value (proof test interval that has a direct impact on the PFD avg ) the SFF value (Safe Failure Fraction) the HFT architecture (Hardware Fault Tolerance) 2.1.2 High Demand or Continuous Mode of Operation If there is only one loop, which combines the standard operation and safety related operation, then usually the demand rate for this loop is assumed to be higher than once per year. The relevant safety parameters to be verified are: the PFH value (Probability of dangerous Failure per Hour) Fault reaction time of the safety system the SFF value (Safe Failure Fraction) the HFT architecture (Hardware Fault Tolerance architecture) 2.1.3 Safe Failure Fraction The safe failure fraction describes the ratio of all safe failures and dangerous detected failures to the total failure rate. SFF = ( s + dd ) / ( s + dd + du ) A safe failure fraction as defined in EN 61508 is only relevant for elements or (sub)systems in a complete safety loop. The device under consideration is always part of a safety loop but is not regarded as a complete element or subsystem. For calculating the SIL of a safety loop it is necessary to evaluate the safe failure fraction of elements, subsystems and the complete system, but not of a single device. Nevertheless the SFF of the device is given in this document for reference. 6

Planning 2.2 Assumptions The following assumptions have been made during the FMEDA analysis: Only one input and one output are part of the considered safety function (only 2-channel version). Failure rate based on the Siemens SN29500 data base. Failure rates are constant, wear out mechanisms are not included. External power supply failure rates are not included. The devices are not protected against power supply failures. It is within the responsibility of the user to ensure that low supply voltages are detected and adequate reaction on this fault is implemented. The safety-related device is considered to be of type A components with a Hardware Fault Tolerance of 0. It is assumed that the device will be used under average industrial ambient conditions, which are comparable with the classification "stationary mounted" in MIL-HDBK-217F. Alternatively, the following ambient conditions are assumed: IEC 60654-1 Class C (sheltered location) with temperature limits in the range of the manufacturer's specifications and an average temperature of 40 ºC over a long period. A moisture level within the manufacturer's specifications is assumed. For a higher average temperature of 60 ºC, the failure rates must be multiplied by a factor of 2.5 based on empirical values. A similar multiplier must be used if frequent temperature fluctuations are expected. It is assumed that any safe failures that occur (e.g., output in safe condition) will be corrected within eight hours (e.g., correction of a sensor fault). While the device is being repaired, measures must be taken to maintain the safety function (e.g., by using a replacement device). The HART protocol is only used for setup, calibration, and diagnostic purposes, not during operation. The application program in the programmable logic controller (PLC) is configured to detect underrange and overrange failures. SIL3 application SIL3 can be reached if the two outputs of a KFD2-***-(Ex)1.2O* device are connected to the same DCS/ESD device and evaluated if the deviation remains below 2 %. The device shall claim less than 10 % of the total failure budget for a SIL3 safety loop. For a SIL3 application operating in Low Demand Mode the total PFD avg value of the SIF (Safety Instrumented Function) should be smaller than 10-3, hence the maximum allowable PFD avg value would then be 10-4. For a SIL3 application operating in High Demand Mode of operation the total PFH value of the SIF should be smaller than 10-7 per hour, hence the maximum allowable PFH value would then be 10-8 per hour. 7

Planning Since the loop has a Hardware Fault Tolerance of 0 and it is a type A component, the SFF must be > 90 % according to table 2 of IEC 61508-2 for a SIL3 (sub)system. SIL2 application The device shall claim less than 10 % of the total failure budget for a SIL2 safety loop. For a SIL2 application operating in Low Demand Mode the total PFD avg value of the SIF (Safety Instrumented Function) should be smaller than 10-2, hence the maximum allowable PFD avg value would then be 10-3. For a SIL2 application operating in High Demand Mode of operation the total PFH value of the SIF should be smaller than 10-6 per hour, hence the maximum allowable PFH value would then be 10-7 per hour. Since the loop has a Hardware Fault Tolerance of 0 and it is a type A component, the SFF must be > 60 % according to table 2 of IEC 61508-2 for a SIL2 (sub)system. 2.3 Safety Function and Safe State Safety Function The safety function of the devices is the transfer of the analog signals from the input to the output with a tolerance of 2 %. Device type Input signals Output signals KFD2-CR4-(Ex)* and 0/4 ma 20 ma 0/4 ma... 20 ma KFD2-STC4-(Ex)* KFD2-STV4-(Ex)*-1 0/4 ma 20 ma 0/1 V 5 V KFD2-STV4-(Ex)*-2 0/4 ma 20 ma 0/2 V 10 V Table 2.1 Safe State The user must ensure that the ESD system reacts adequately when the outputs are: < 4 ma or > 20 ma for the KFD2-CR4-(Ex)* and KFD2-STC4-(Ex)* < 1 V or > 5 V for the KFD2-STV4-(Ex)*-1 < 2 V or > 10 V for the KFD2-STV4-(Ex)*-2 Reaction Time The reaction time for all safety functions is < 20 ms. 8

Planning Functional Safety Wiring Configuration for KFD2-***-(Ex)1.2O* Devices SIL2 transmitter KFD2-***-(Ex)1.2O* Output 1 DCS 1/ ESD system 1 Input A Output 2 DCS 2/ ESD system 2 Input B Figure 2.1 SIL2 application for KFD2-***-(Ex)1.2O* devices SIL3 transmitter KFD2-***-(Ex)1.2O* Output 1 Output 2 ESD system Input A Compare input A + B 1oo2 deviation max. 2 % Input B Figure 2.2 SIL3 application for KFD2-***-(Ex)1.2O* devices 9

Planning 2.4 Characteristic Safety Values KFD2-CR4-(Ex)1, KFD2-STC4-(Ex)1, KFD2-STC4-(Ex)1-3, KFD2-STC4-(Ex)1-Y*, KFD2-STV4-(Ex)1-1, KFD2-STV4-(Ex)1-2 Parameters acc. to IEC 61508 Assessment type Device type Demand mode Safety function 2 HFT 0 SIL 2 s 1 dd du 2 no effect Values FMEDA report A Low Demand Mode or High Demand Mode Transfer of analog values 192 FIT 118 FIT 36 FIT 192 FIT not part 212 FIT total (safety function) 346 FIT SFF 89 % MTBF 3 204 years PFH 3.60 x 10-8 1/h PFD avg for T proof = 1 year 1.58 x 10-4 PFD avg for T proof = 2 years 3.15 x 10-4 PFD avg for T proof = 5 years 7.88 x 10-4 1 "Fail high" and "Fail low" failures are considered as dangerous detected failures dd. 2 "No effect" failures are not influencing the safety functions and are therefore added to the s. 3 acc. to SN29500. This value includes failures which are not part of the safety function. Table 2.2 10

Planning KFD2-CR4-(Ex)1.2O, KFD2-STC4-(Ex)1.2O, KFD2-STC4-(Ex)1.2O-3, KFD2-STC4-(Ex)1.2O-Y*, KFD2-STV4-(Ex)1.2O-1, KFD2-STV4-(Ex)1.2O-2 Parameters acc. to IEC 61508 Values Assessment type Device type Demand mode Safety function 2 HFT 0 FMEDA report A Low Demand Mode or High Demand Mode Transfer of analog values SIL 2 3 Input and output function Input Output Single output used in safety function Both outputs used in safety function s 120 FIT 144 FIT 264 FIT 670.2 FIT 1 dd 71.6 FIT 95.3 FIT 166.9 FIT 85.4 FIT du 14.4 FIT 43.8 FIT 57.2 FIT 16.6 FIT 2 no effect 120 FIT 144.1 FIT 264 FIT 408 FIT not part 107 FIT 205 FIT 312 FIT 517 FIT total (safety function) 206 FIT 284 FIT 490 FIT 774 FIT SFF 88 % 97 % MTBF 3 142 years 147 years PFH 4 5.72 x 10-8 1/h 1.66 x 10-8 1/h PFD avg for T proof = 1 year 2.50 x 10-4 7.26 x 10-5 PFD avg for T proof = 2 years 5.01 x 10-4 1.45 x 10-4 PFD avg for T proof = 5 years 1.25 x 10-3 3.63 x 10-4 1 "Fail high" and "Fail low" failures are considered as dangerous detected failures dd. 2 "No effect" failures are not influencing the safety functions and are therefore added to the s. 3 acc. to SN29500. This value includes failures which are not part of the safety function. 4 The safety characteristic values were calculated considering a common cause factor of 5 % for the safety relevant output part. For the application with both outputs in the safety function, the ESD system needs to evaluate if the outputs differ by more than 2 %. Table 2.3 11

Planning KFD2-CR4-(Ex)2, KFD2-STC4-(Ex)2, KFD2-STC4-(Ex)2-3, KFD2-STC4-(Ex)2-Y*, KFD2-STV4-(Ex)2-1, KFD2-STV4-(Ex)2-2 Parameters acc. to IEC 61508 Values Assessment type FMEDA report Device type A Demand mode Low Demand Mode or High Demand Mode Safety function 2 Transfer of analog values HFT 0 SIL 2 s 165 FIT 1 dd 111 FIT du 36 FIT 2 no effect 165 FIT not part 111 FIT total (safety function) 312 FIT SFF 88 % MTBF 3 269 years PFH 3.60 x 10-8 1/h PFD avg for T proof = 1 year 1.58 x 10-4 PFD avg for T proof = 2 years 3.15 x 10-4 PFD avg for T proof = 5 years 7.88 x 10-4 1 "Fail high" and "Fail low" failures are considered as dangerous detected failures dd. 2 "No effect" failures are not influencing the safety functions and are therefore added to the s. 3 acc. to SN29500. This value includes failures which are not part of the safety function. Table 2.4 The characteristic safety values like PFD, PFH, SFF, HFT and T proof are taken from the SIL report/fmeda report. Please note, PFD and T proof are related to each other. The function of the devices has to be checked within the proof test interval (T proof ). 12

Safety Recommendation 3 Safety Recommendation 3.1 Interfaces The device has the following interfaces. For corresponding terminals see data sheet. Safety relevant interfaces: Input I, output I Input I, output I, output II Input I, input II, output I, output II KFD2-CR4-(Ex)1, KFD2-STC4-(Ex)1, KFD2-STC4-(Ex)1-3, KFD2-STC4-(Ex)1-Y*, KFD2-STV4-(Ex)1-1, KFD2-STV4-(Ex)1-2 KFD2-CR4-(Ex)1.2O, KFD2-STC4-(Ex)1.2O, KFD2-STC4-(Ex)1.2O-3, KFD2-STC4-(Ex)1.2O-Y*, KFD2-STV4-(Ex)1.2O-1, KFD2-STV4-(Ex)1.2O-2 KFD2-CR4-(Ex)2, KFD2-STC4-(Ex)2, KFD2-STC4-(Ex)2-3, KFD2-STC4-(Ex)2-Y*, KFD2-STV4-(Ex)2-1, KFD2-STV4-(Ex)2-2 3.2 Configuration Non-safety relevant interfaces: none The HART communication is not relevant for functional safety. A configuration of the device is not necessary and not possible. 3.3 Useful Life Time Although a constant failure rate is assumed by the probabilistic estimation this only applies provided that the useful life time of components is not exceeded. Beyond this useful life time, the result of the probabilistic calculation is meaningless as the probability of failure significantly increases with time. The useful life time is highly dependent on the component itself and its operating conditions temperature in particular (for example, the electrolytic capacitors can be very sensitive to the working temperature). This assumption of a constant failure rate is based on the bathtub curve, which shows the typical behavior for electronic components. Therefore it is obvious that failure calculation is only valid for components that have this constant domain and that the validity of the calculation is limited to the useful life time of each component. It is assumed that early failures are detected to a huge percentage during the installation period and therefore the assumption of a constant failure rate during the useful life time is valid. However, according to IEC 61508-2, a useful life time, based on experience, should be assumed. Experience has shown that the useful life time often lies within a range period of about 8... 12 years. As noted in DIN EN 61508-2:2011 note NA4, appropriate measures taken by the manufacturer and operator can extend the useful lifetime. 13

Safety Recommendation Our experience has shown that the useful life time of a Pepperl+Fuchs product can be higher if there are no components with reduced life time in the safety path (like electrolytic capacitors, relays, flash memory, opto coupler) which can produce dangerous undetected failures and if the ambient temperature is significantly below 60 C. Please note that the useful life time refers to the (constant) failure rate of the device. 3.4 Installation and Commissioning During installation all aspects regarding the SIL level of the loop must be considered. The safety function must be tested to ensure the expected outputs are given. When replacing a device, the loop must be shut down. In all cases, devices must be replaced by the same type. 14

Proof Test 4 Proof Test 4.1 Proof Test Procedure According to IEC 61508-2 a recurring proof test shall be undertaken to reveal potentially dangerous failures that are otherwise not detected by diagnostic tests. The functionality of the subsystem must be verified at periodic intervals depending on the applied PFD avg in accordance with the data provided in this manual. See chapter 2.4. It is under the responsibility of the operator to define the type of proof test and the interval time period. With the following instructions a proof test can be performed which will reveal almost all of the possible dangerous faults (diagnostic coverage > 90 %). The ancillary equipment required: Digital multimeter with an accuracy better than 0.1 % For the proof test of the intrinsic safety side of the devices, a special digital multimeter for intrinsically safe circuits must be used. Intrinsically safe circuits that were operated with non-intrinsically safe circuits may not be used as intrinsically safe circuits afterwards. Power supply set at nominal voltage of 24 V DC Process calibrator with ma current source/sink feature (accuracy better than 20 µa) The entire measuring loop must be put out of service and the process held in safe condition by means of other measures. Prepare a test set-up for testing the devices (view Figures). Choose the proper input terminals (passive input or active input) in accordance with the specific application and follow the steps indicated in the table below. Restore the safety loop. Any by-pass of the safety function must be removed. 15

Proof Test Proof Test for all Channels Step No. Set input value (ma) Measurement point Output value (ma) for STC4 and CR4 devices Output value (V) for STV4 devices, -1 version Output value (V) for STV4 devices, -2 version 1 20.0 20.0 ± 0.4 5.0 ± 0.1 10.0 ± 0.2 2 12.0 12.0 ± 0.4 3.0 ± 0.1 6.0 ± 0.2 3 4.0 4.0 ± 0.4 1.0 ± 0.1 2.0 ± 0.2 4 23.0 23.0 ± 0.4 5.75 ± 0.1 11.5 ± 0.2 5 0 < 0.2 < 0.1 < 0.1 Table 4.1 Signal calibration 4 ma... 20 ma 1+ KFD2-STC4-Ex2 7- Multimeter (ma) 3-8+ 4+ 250 Ω 9 10- Multimeter (ma) 6-11+ 250 Ω 12 Zone 0, 1, 2 Div. 1, 2 14+ 15- I supply 24 V DC Power supply Zone 2 Div. 2 Figure 4.1 Proof test set-up for KFD2-CR4-(Ex)* and KFD2-STC4-(Ex)* Usage in Zone 0, 1, 2/Div. 1, 2 only for Ex versions For KCD2-CR4-(Ex)1 and KFD2-STC4-(Ex)1 do not regard the second channel. 16

Proof Test Signal calibration 4 ma... 20 ma 1+ KFD2-STC4-Ex2-3 7- Multimeter (ma) 3-8+ 4+ 250 Ω 9 10- Multimeter (ma) 6-11+ 250 Ω 12 Zone 0, 1, 2 Div. 1, 2 14+ 15- I supply 24 V DC Power supply Zone 2 Div. 2 Figure 4.2 Proof test set-up for KFD2-STC4-(Ex)*-3 and KFD2-STC4-(Ex)*-Y* Usage in Zone 0, 1, 2/Div. 1, 2 only for Ex versions For KFD2-STC4-(Ex)1-3 and KFD2-STC4-(Ex)1-Y* do not regard the second channel. Signal calibration 4 ma... 20 ma 1+ KFD2-STV4-Ex2-2 7- Multimeter (V) 3-8+ 4+ 250 Ω 9 10- Multimeter (V) 6-11+ 250 Ω 12 Zone 0, 1, 2 Div. 1, 2 14+ 15- I supply 24 V DC Power supply Zone 2 Div. 2 Figure 4.3 Proof test set-up for KFD2-STV4-(Ex)*-1 and KFD2-STV4-(Ex)*-2 Usage in Zone 0, 1, 2/Div. 1, 2 only for Ex versions For KFD2-STV4-(Ex)1-1 and KFD2-STV4-(Ex)1-2 do not regard the second channel. 17

Proof Test Proof Test for Versions with Splitter Functionality (1.2O) Step No. Set input value (ma) Measurement point Values for Outputs I and II (ma) for STC4 and CR4 devices Values for Outputs I and II (V) for STV4 devices, -1 version Values for Outputs I and II (V) for STV4 devices, -2 version 1 20.0 20.0 ± 0.4 5.0 ± 0.1 10.0 ± 0.2 2 12.0 12.0 ± 0.4 3.0 ± 0.1 6.0 ± 0.2 3 4.0 4.0 ± 0.4 1.0 ± 0.1 2.0 ± 0.2 4 23.0 23.0 ± 0.4 5.75 ± 0.1 11.5 ± 0.2 5 0 < 0.2 < 0.1 < 0.1 Table 4.2 Signal calibration 4 ma... 20 ma 1+ KFD2-STC4-Ex1.2O 7- Multimeter (ma) 2-8+ 3 5-250 Ω 9 10- Multimeter (ma) 11+ 250 Ω 12 6+ Zone 0, 1, 2 Div. 1, 2 14+ 15- I supply 24 V DC Power supply Zone 2 Div. 2 Figure 4.4 Proof test set-up for KFD2-CR4-(Ex)1.2O and KFD2-STC4-(Ex)1.2O Usage in Zone 0, 1, 2/Div. 1, 2 only for Ex versions 18

Proof Test Signal calibration 4 ma... 20 ma 1+ KFD2-STC4-Ex1.2O-3 7- Multimeter (ma) 2-8+ 3 5-250 Ω 9 10- Multimeter (ma) 11+ 250 Ω 12 6+ Zone 0, 1, 2 Div. 1, 2 14+ 15- I supply 24 V DC Power supply Zone 2 Div. 2 Figure 4.5 Proof test set-up for KFD2-STC4-(Ex)1.2O-3 and KFD2-STC4-(Ex)1.2O-Y* Usage in Zone 0, 1, 2/Div. 1, 2 only for Ex versions Signal calibration 4 ma... 20 ma 1+ KFD2-STV4-Ex1.2O-2 7- Multimeter (V) 2-8+ 3 5-250 Ω 9 10- Multimeter (V) 11+ 250 Ω 12 6+ Zone 0, 1, 2 Div. 1, 2 14+ 15- I supply 24 V DC Power supply Zone 2 Div. 2 Figure 4.6 Proof test set-up for KFD2-STV4-(Ex)1.2O-1 and KFD2-STV4-(Ex)1.2O-2 Usage in Zone 0, 1, 2/Div. 1, 2 only for Ex versions 19

Abbreviations 5 Abbreviations DCS ESD Distributed Control System Emergency Shutdown FIT Failure In Time in 10-9 1/h FMEDA s dd du no effect not part total (safety function) HFT MTBF MTTR PFD avg PFH PTC SFF SIF SIL SIS T proof Failure Mode, Effects and Diagnostics Analysis Probability of safe failure Probability of dangerous detected failure Probability of dangerous undetected failure Probability of failures of components in the safety path that have no effect on the safety function Probability of failure of components that are not in the safety path Safety function Hardware Fault Tolerance Mean Time Between Failures Mean Time To Repair Average Probability of Failure on Demand Probability of dangerous Failure per Hour Proof Test Coverage Safe Failure Fraction Safety Instrumented Function Safety Integrity Level Safety Instrumented System Proof Test Interval 20

Notes 21

Notes 22

Notes 23

PROCESS AUTOMATION PROTECTING YOUR PROCESS Worldwide Headquarters Pepperl+Fuchs GmbH 68307 Mannheim Germany Tel. +49 621 776-0 E-mail: info@de.pepperl-fuchs.com For the Pepperl+Fuchs representative closest to you check www.pepperl-fuchs.com/contact www.pepperl-fuchs.com Subject to modifications Copyright PEPPERL+FUCHS Printed in Germany DOCT-1895B 09/2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information