SIL Declaration of Conformity

Similar documents
Failure Modes, Effects and Diagnostic Analysis

Functional safety manual RB223

Failure Modes, Effects and Diagnostic Analysis

Soliphant M with electronic insert FEM54

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Soliphant M with electronic insert FEM57 + Nivotester FTL325P

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S

Failure Modes, Effects and Diagnostic Analysis

itemp HART TMT122 with ma output signal

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Failure Modes, Effects and Diagnostic Analysis

Safety Manual. Vibration Control Type 663. Standard Zone-1-21 Zone Edition: English

Failure Modes, Effects and Diagnostic Analysis

FMEDA Report Failure Modes, Effects and Diagnostic Analysis and Proven-in-use -assessment KF**-CRG2-**1.D. Transmitter supply isolator

FMEDA and Prior-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

ProductDiscontinued. Rosemount TankRadar Rex. Safety Manual For Use In Safety Instrumented Systems. Safety Manual EN, Edition 1 June 2007

Type 9160 / Transmitter supply unit / Isolating repeater. Safety manual

Failure Modes, Effects and Diagnostic Analysis

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Failure Modes, Effects and Diagnostic Analysis

FMEDA and Proven-in-use Assessment. G.M. International s.r.l Villasanta Italy

Type Switching repeater. Safety manual

Micropilot M FMR230/231/232/233/240/244/245

Safety manual. This safety manual is valid for the following product versions: Version No. V1R0

Mobrey Hydratect 2462

HART Temperature Transmitter for up to SIL 2 applications

HART Temperature Transmitter for up to SIL 2 applications

Failure Modes, Effects and Diagnostic Analysis

Hardware safety integrity (HSI) in IEC 61508/ IEC 61511

ida Certification Services IEC Functional Safety Assessment Project: Masoneilan Smart Valve Interface, SVI II ESD Customer: GE Energy

SAFETY MANUAL SIL Switch Amplifier

MANUAL Functional Safety

MANUAL Functional Safety

ACT20X-(2)HTI-(2)SAO Temperature/mA converter. Safety Manual

DK32 - DK34 - DK37 Supplementary instructions

MANUAL Functional Safety

Proline Prowirl 72, 73

Safety Manual VEGASWING 61, 63. Relay (DPDT) With SIL qualification. Document ID: 52082

MANUAL Functional Safety

Failure Modes, Effects and Diagnostic Analysis

Hardware Safety Integrity. Hardware Safety Design Life-Cycle

Rosemount Functional Safety Manual. Manual Supplement , Rev AG March 2015

FUNCTIONAL SAFETY CERTIFICATE

Sense it! Connect it! Bus it! Solve it! SAFETY MANUAL SWITCHING AMPLIFIERS

MACX MCR-EX-SD LP(-SP)

The ApplicATion of SIL. Position Paper of

Vibrating Switches SITRANS LVL 200S, LVL 200E. Relay (DPDT) With SIL qualification. Safety Manual. Siemens Parts

Safety Manual. VEGABAR series ma/hart - two-wire and slave sensors With SIL qualification. Document ID: 48369

PSR-PC50. SIL 3 coupling relay for safety-related switch on. Data sheet. 1 Description

OPTISWITCH 5300C. Safety Manual. Vibrating Level Switch. Relay (2 x SPDT) With SIL qualification

What functional safety module designers need from IC developers

Extension to Chapter 2. Architectural Constraints

Technical Information HAW562

Products Solutions Services. Functional Safety. How to determine a Safety integrity Level (SIL 1,2 or 3)

FUNCTIONAL SAFETY CERTIFICATE

High Performance Guided Wave Radar Level Transmitter

PHOENIX CONTACT - 02/2008

xxx xxx AT/PT xxxx x x..xx weitere Varianten siehe Anhang des Zertifikats further variations see annex of certificate

Functional safety manual Liquiphant M/S with FEL58 and Nivotester FTL325N

2oo4D: A New Design Concept for Next-Generation Safety Instrumented Systems 07/2000

New developments about PL and SIL. Present harmonised versions, background and changes.

BT50(T) Safety relay / Expansion relay

MACX MCR-EX-SL-2NAM-T(-SP)

Low voltage switchgear and controlgear functional safety aspects

Functional Example AS-FE-I-013-V13-EN

Safety manual for Fisher FIELDVUE DVC6200 SIS Digital Valve Controller, Position Monitor, and LCP200 Local Control Panel

Single/Dual-Port ISDN BRI VoIP Terminal Adapter

Point Level Transmitters. Pointek CLS200 (Standard) Functional Safety Manual 02/2015. Milltronics

Applications & Tools. Speed monitoring with 3TK according to SIL 3 per EN or PL e per EN ISO :2006.

4 Remote I/O. Digital Output Module 8-Channel Version Type 9475/ from Rev. F

IQ Pro SIL option TÜV Certified for use in SIL 2 & 3 applications

FUNCTIONAL SAFETY ASSESSMENT: AN ISSUE FOR TECHNICAL DIAGNOSTICS

FUNCTIONAL SAFETY CHARACTERISTICS

Safety Manual. PROTRAC series ma/hart - four-wire With SIL qualification. Document ID: 49354

PSR-PS21. SIL coupling relay. Data sheet. 1 Description

Special Documentation Liquicap M FMI51, FMI52

Safety instructions. IECEx TUN Ex ia IIC T6 Gb

Service & Support. Functional Safety One Position switch. Safe Machine Concepts without Detours. benefit from the Safety Evaluation Tool.

Functional Safety Manual Cerabar S PMC71, PMP71, PMP75

SIL 2/3 Relays for all applications, with or without Line & Load Diagnostics. Product presentation

PSR-PC20. SIL coupling relay. Data sheet. 1 Description

EL731 PROFIBUS INTERFACE

Level Transmitter. SIL Safety Manual for Enhanced Model 705 Software v3.x. Functional Safety Manual. Application

Report. Certificate Z Rev. 00. SIMATIC Safety System

MACX MCR-SL-(2)I-2)I-ILP(-SP)

IQ SIL Option. IQ actuators for use in applications up to SIL 3. sira CERTIFICATION

////// SUBSTATIONS. Voltage Limiting Device. VGuard

SIL-Safety Instructions SM/261/SIL-EN Rev. 05. Models 261GS/GC/GG/GJ/GM/GN/GR Models 261AS/AC/AG/AJ/AM/AN/AR Pressure Transmitter

MACX MCR-EX-SL-RPSS-2I-2I

Spark gap surge arrester for direct current OLE line

Your Global Automation Partner. Magnetic Field Safety Sensors. Safety Manual

DRAFT. Application Note: Modbus/RS485 Wiring for Conext Core XC Series Inverters. 1.0 Introduction DANGER. 1.1 Related Documents

T600 TACHOMETER MultiTasker - a measurement & monitoring instrument with 2 frequency and 1 analog inputs

PLUS+1 Safety Controllers SC0XX-1XX Safety Controller Family

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

INSTRUCTION & SAFETY MANUAL

Manual. Expert Bypass Switch Gude Analog- und Digitalsysteme GmbH Manual Ver

Technical Report Reliability Analyses

HIT/HIX HART Isolator

Transcription:

SIL Declaration of Conformity FMEDA including SFF determination according to IEC 61508 SIL-11001a/09/en Endress+Hauser Wetzer GmbH+Co. KG, Obere Wank 1, 87484 Nesselwang declares as manufacturer, that the hardware assessment of surge arrester HAW562 according to IEC 61508 has provided following parameters, which can be applied for calculating the functional safety of systems with used surge arresters. Order code HAW562-AAA HAW562-AAB HAW562-AAC HAW562-AAD HAW562-8DA HAW562-AAE 1) 2) 1) 2) 1) 2) 1) 2) 1) 2) HFT 0 0 0 0 0 0 0 0 0 0 Device type A A A A A A A A A A SFF 3) > 78% > 92% - - > 76% > 76% > 85% > 94% > 78% > 94% SD 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT SU 21 FIT 21 FIT 2 FIT 2 FIT 29 FIT 29 FIT 57 FIT 57 FIT 41 FIT 41 FIT DD 0 FIT 4 FIT 0 FIT 0.4 FIT 0 FIT 4 FIT 0 FIT 6 FIT 0 FIT 8 FIT DU 6 FIT 2 FIT 10 FIT 9.6 FIT 14 FIT 10 FIT 10 FIT 4 FIT 11 FIT 3 FIT Total 27 FIT 27 FIT 12 FIT 12 FIT 43 FIT 43 FIT 67 FIT 67 FIT 52 FIT 52 FIT MTBF/years 4182 4182 - - 2636 2636 1696 1696 2221 2221 1) Analysis 1 represents a worst-case analysis. 2) Analysis 2 represents an analysis with the assumption that line short circuits and short circuits to GND are detectable or do not have an effect. 3) The complete sensor or final element subsystem will need to be evaluated to determine the overall Safe Failure Fraction. The number listed is for reference only. Nesselwang, 19.05.2011 Endress+Hauser Wetzer GmbH+Co.KG Wilfried Meissner Geschäftsführer Seite 1 von 1 Page 1 of 1

SIL-Konformitätserklärung FMEDA einschließlich SFF-Bestimmung nach IEC 61508 SIL-11001a/09/de Endress+Hauser Wetzer GmbH+Co. KG, Obere Wank 1, 87484 Nesselwang erklärt als Hersteller, dass die Hardware-Bewertung des Überspannungsschutzes HAW562 nach IEC 61508 folgende Parameter ergeben hat, welche zur Berechnung der funktionalen Sicherheit von Systemen mit eingesetzten Überspannungsschutzgeräten verwendet werden können. Bestelloption HAW562-AAA HAW562-AAB HAW562-AAC HAW562-AAD HAW562-8DA HAW562-AAE 1) 2) 1) 2) 1) 2) 1) 2) 1) 2) HFT 0 0 0 0 0 0 0 0 0 0 Gerätetyp A A A A A A A A A A SFF 3) > 78% > 92% - - > 67% > 76% > 85% > 94% > 78% > 94% SD 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT 0 FIT SU 21 FIT 21 FIT 2 FIT 2 FIT 29 FIT 29 FIT 57 FIT 57 FIT 41 FIT 41 FIT DD 0 FIT 4 FIT 0 FIT 0.4 FIT 0 FIT 4 FIT 0 FIT 6 FIT 0 FIT 8 FIT DU 6 FIT 2 FIT 10 FIT 9.6 FIT 14 FIT 10 FIT 10 FIT 4 FIT 11 FIT 3 FIT Total 27 FIT 27 FIT 12 FIT 12 FIT 43 FIT 43 FIT 67 FIT 67 FIT 52 FIT 52 FIT MTBF/Jahre 4182 4182 - - 2636 2636 1696 1696 2221 2221 1) Analyse 1 ist eine Analyse des ungünstigsten Falls 2) Bei Analyse 2 wird angenommen, dass Leitungskurzschlüsse gegen Erde erkannt werden können oder keine Auswirkungen haben. 3) Das komplette Sensor- oder Aktorteilsystem muss ausgewertet werden, um den Gesamtanteil sicherer Ausfälle (Safe Failure Fraction) zu bestimmen. Die angegebene Zahl dient nur als Referenz. Nesselwang, 19.05.2011 Endress+Hauser Wetzer GmbH+Co.KG Wilfried Meissner Geschäftsführer Seite 1 von 1 Page 1 of 1

Failure Modes, Effects and Diagnostic Analysis Project: Surge protective devices HAW562 Customer: Endress+Hauser Wetzer GmbH+Co KG Nesselwang Germany Contract No.: 10/12-079 Report No.: 10/12-079 R053 Version V1, Revision R0; March 2011 Stephan Aschenbrenner The document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in any event for incidental or consequential damages in connection with the application of the document. All rights on the format of this technical report reserved.

Management summary This report summarizes the results of the hardware assessment carried out on the surge protective devices HAW562 in the versions listed in the drawings referenced in section 2.4.1. Table 1 gives an overview of the different configurations that belong to the considered surge protective devices HAW562. The hardware assessment consists of a Failure Modes, Effects and Diagnostics Analysis (FMEDA). A FMEDA is one of the steps taken to achieve functional safety assessment of a device per IEC 61508. From the FMEDA, failure rates are determined and consequently the Safe Failure Fraction (SFF) is calculated for the device. For full assessment purposes all requirements of IEC 61508 must be considered. Table 1: Configuration overview HAW562 HAW562-AAA Combined lightning current and surge arrester module for protecting 1 pair of balanced interfaces with electrical isolation, available with direct or indirect shield earthing; Max. continuous operating voltage U C : 23.3 VAC / 33 VDC HAW562-AAD Combined lightning current and surge arrester module for protecting 1 pair in high-frequency bus systems or video transmission systems, available with direct or indirect shield earthing; Max. continuous operating voltage U C : 4.2 VAC / 6 VDC HAW562-8DA Combined lightning current and surge arrester module for protecting 1 pair in intrinsically safe circuits and bus systems, available with direct or indirect shield earthing; Max. continuous operating voltage U C : 23.3 VAC / 33 VDC HAW562-AAE Combined lightning current and surge arrester module for protecting 2 lines with common signal ground in Prosonic systems; Max. continuous operating voltage U C : line 4: 15 VDC, line 2: 180 VDC For safety applications only the described configurations were considered. All other possible variants or electronics are not covered by this report. The failure rates used in this analysis are from the exida Electrical & Mechanical Component Reliability Handbook for Profile 1. The surge protective devices HAW562 are considered to be Type A 1 subsystems with a hardware fault tolerance of 0. The following tables show how the above stated requirements are fulfilled under worst-case assumptions. 1 Type A subsystem: Non-complex subsystem (all failure modes are well defined); for details see 7.4.3.1.2 of IEC 61508-2. Stephan Aschenbrenner Page 2 of 6

Table 2: HAW562-AAA Failure rates 2 exida Profile 1 Analysis 1 3 Analysis 2 4 Failure category Failure rates (in FIT) Failure rates (in FIT) Fail Safe Detected ( SD ) 0 0 Fail safe detected 0 0 Fail Safe Undetected ( SU ) 21 21 Fail safe undetected 3 3 No effect 18 18 Fail Dangerous Detected ( DD ) 0 4 Fail dangerous detected 0 4 Fail Dangerous Undetected ( DU ) 6 2 Fail dangerous undetected 6 2 No part 1 1 Total failure rate (safety function) 27 FIT 27 FIT SFF 5 78% 92% MTBF 4182 years 4182 years SIL AC 6 SIL2 SIL3 2 It is assumed that complete practical fault insertion tests can demonstrate the correctness of the failure effects assumed during the FMEDA. 3 Analysis 1 represents a worst-case analysis. 4 Analysis 2 represents an analysis with the assumption that line short circuits and short circuits to GND are detectable or do not have an effect. 5 The complete sensor or final element subsystem will need to be evaluated to determine the overall Safe Failure Fraction. The number listed is for reference only. 6 SIL AC (architectural constraints) means that the calculated values are within the range for hardware architectural constraints for the corresponding SIL but does not imply all related IEC 61508 requirements are fulfilled. See also previous footnote. Stephan Aschenbrenner Page 3 of 6

Table 3: HAW562-AAD Failure rates exida Profile 1 Analysis 1 7 Analysis 2 8 Failure category Failure rates (in FIT) Failure rates (in FIT) Fail Safe Detected ( SD ) 0 0 Fail safe detected 0 0 Fail Safe Undetected ( SU ) 29 29 Fail safe undetected 3 3 No effect 26 26 Fail Dangerous Detected ( DD ) 0 4 Fail dangerous detected 0 4 Fail Dangerous Undetected ( DU ) 14 10 Fail dangerous undetected 14 10 No part 1 1 Total failure rate (safety function) 43 FIT 43 FIT SFF 9 67% 76% MTBF 2636 years 2636 years SIL AC 10 SIL2 SIL2 7 Analysis 1 represents a worst-case analysis. 8 Analysis 2 represents an analysis with the assumption that line short circuits and short circuits to GND are detectable or do not have an effect. 9 The complete sensor or final element subsystem will need to be evaluated to determine the overall Safe Failure Fraction. The number listed is for reference only. 10 SIL AC (architectural constraints) means that the calculated values are within the range for hardware architectural constraints for the corresponding SIL but does not imply all related IEC 61508 requirements are fulfilled. See also previous footnote. Stephan Aschenbrenner Page 4 of 6

Table 4: HAW562-8DA Failure rates exida Profile 1 Analysis 1 11 Analysis 2 12 Failure category Failure rates (in FIT) Failure rates (in FIT) Fail Safe Detected ( SD ) 0 0 Fail safe detected 0 0 Fail Safe Undetected ( SU ) 57 57 Fail safe undetected 3 3 No effect 54 54 Fail Dangerous Detected ( DD ) 0 6 Fail dangerous detected 0 6 Fail Dangerous Undetected ( DU ) 10 4 Fail dangerous undetected 10 4 No part 1 1 Total failure rate (safety function) 67 FIT 67 FIT SFF 13 85% 94% MTBF 1696 years 1696 years SIL AC 14 SIL2 SIL3 11 Analysis 1 represents a worst-case analysis. 12 Analysis 2 represents an analysis with the assumption that line short circuits and short circuits to GND are detectable or do not have an effect. 13 The complete sensor or final element subsystem will need to be evaluated to determine the overall Safe Failure Fraction. The number listed is for reference only. 14 SIL AC (architectural constraints) means that the calculated values are within the range for hardware architectural constraints for the corresponding SIL but does not imply all related IEC 61508 requirements are fulfilled. See also previous footnote. Stephan Aschenbrenner Page 5 of 6

Table 5: HAW562-AAE Failure rates exida Profile 1 Analysis 1 15 Analysis 2 16 Failure category Failure rates (in FIT) Failure rates (in FIT) Fail Safe Detected ( SD ) 0 0 Fail safe detected 0 0 Fail Safe Undetected ( SU ) 41 41 Fail safe undetected 4 4 No effect 37 37 Fail Dangerous Detected ( DD ) 0 8 Fail dangerous detected 0 8 Fail Dangerous Undetected ( DU ) 11 3 Fail dangerous undetected 11 3 No part 1 1 Total failure rate (safety function) 52 FIT 52 FIT SFF 17 78% 94% MTBF 2221 years 2221 years SIL AC 18 SIL2 SIL3 A user of the surge protective devices HAW562 can utilize these failure rates in a probabilistic model of a safety instrumented function (SIF) to determine suitability in part for safety instrumented system (SIS) usage in a particular safety integrity level (SIL). A full table of failure rates is presented in sections 4.4.1 to 4.4.4 along with all assumptions. It is important to realize that the no effect failures are included in the safe undetected failure category according to IEC 61508:2000. Note that these failures on their own will not affect system reliability or safety, and should not be included in spurious trip calculations. The failure rates are valid for the useful life of the surge protective devices HAW562 (see Appendix 2). 15 Analysis 1 represents a worst-case analysis. 16 Analysis 2 represents an analysis with the assumption that line short circuits and short circuits to GND are detectable or do not have an effect. 17 The complete sensor or final element subsystem will need to be evaluated to determine the overall Safe Failure Fraction. The number listed is for reference only. 18 SIL AC (architectural constraints) means that the calculated values are within the range for hardware architectural constraints for the corresponding SIL but does not imply all related IEC 61508 requirements are fulfilled. See also previous footnote. Stephan Aschenbrenner Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback