FUNCTIONAL SAFETY CERTIFICATE

Similar documents
FUNCTIONAL SAFETY CERTIFICATE

Proline Prowirl 72, 73

Hardware safety integrity (HSI) in IEC 61508/ IEC 61511

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Functional safety manual RB223

ida Certification Services IEC Functional Safety Assessment Project: Masoneilan Smart Valve Interface, SVI II ESD Customer: GE Energy

Safety Manual VEGASWING 61, 63. Relay (DPDT) With SIL qualification. Document ID: 52082

Vibrating Switches SITRANS LVL 200S, LVL 200E. Relay (DPDT) With SIL qualification. Safety Manual. Siemens Parts

Failure Modes, Effects and Diagnostic Analysis

Safety Manual. Vibration Control Type 663. Standard Zone-1-21 Zone Edition: English

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S

Certificate of Compliance No

Systematic Capability for Elements

OPTISWITCH 5300C. Safety Manual. Vibrating Level Switch. Relay (2 x SPDT) With SIL qualification

Type 9160 / Transmitter supply unit / Isolating repeater. Safety manual

IQ Pro SIL option TÜV Certified for use in SIL 2 & 3 applications

Failure Modes, Effects and Diagnostic Analysis

New developments about PL and SIL. Present harmonised versions, background and changes.

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Safety manual. This safety manual is valid for the following product versions: Version No. V1R0

Failure Modes, Effects and Diagnostic Analysis

Low voltage switchgear and controlgear functional safety aspects

Failure Modes, Effects and Diagnostic Analysis

ACT20X-(2)HTI-(2)SAO Temperature/mA converter. Safety Manual

Type Switching repeater. Safety manual

FUNCTIONAL SAFETY CHARACTERISTICS

MANUAL Functional Safety

Failure Modes, Effects and Diagnostic Analysis

SAFETY MANUAL SIL Switch Amplifier

FMEDA and Prior-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Mobrey Hydratect 2462

IQ SIL Option. IQ actuators for use in applications up to SIL 3. sira CERTIFICATION

Safety Manual. VEGABAR series ma/hart - two-wire and slave sensors With SIL qualification. Document ID: 48369

Options for ABB drives. User s manual Emergency stop, stop category 0 (option +Q951) for ACS880-07/17/37 drives

SIL Safety Manual DOC.SILM.EF.EN Rev. 0 March EL-O-Matic F-Series Pneumatic Actuator SIL Safety Manual

Report. Certificate Z Rev. 00. SIMATIC Safety System

MANUAL Functional Safety

The ApplicATion of SIL. Position Paper of

Hardware Safety Integrity. Hardware Safety Design Life-Cycle

Hytork XL Pneumatic Actuator

Special Documentation Liquicap M FMI51, FMI52

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Intelligent Valve Controller NDX. Safety Manual

Rosemount Functional Safety Manual. Manual Supplement , Rev AG March 2015

MANUAL Functional Safety

Soliphant M with electronic insert FEM54

Hytork XL Pneumatic Actuator

FMEDA and Proven-in-use Assessment. G.M. International s.r.l Villasanta Italy

SIL Safety Manual DOC.SILM.EF.EN, Rev. 0 March EL-O-Matic F-Series Pneumatic Actuator SIL Safety Manual

ProductDiscontinued. Rosemount TankRadar Rex. Safety Manual For Use In Safety Instrumented Systems. Safety Manual EN, Edition 1 June 2007

What functional safety module designers need from IC developers

MACX MCR-SL-(2)I-2)I-ILP(-SP)

MANUAL Functional Safety

Options for ABB drives. User s manual Prevention of unexpected start-up (option +Q957) for ACS880-07/17/37 drives

HART Temperature Transmitter for up to SIL 2 applications

FMEDA Report Failure Modes, Effects and Diagnostic Analysis and Proven-in-use -assessment KF**-CRG2-**1.D. Transmitter supply isolator

DK32 - DK34 - DK37 Supplementary instructions

BRE Global Limited Scheme Document SD 186: Issue No December 2017

Safety Manual. PROTRAC series ma/hart - four-wire With SIL qualification. Document ID: 49354

Special Documentation Soliphant M with electronic insert FEM57 + Nivotester FTL325P

HART Temperature Transmitter for up to SIL 2 applications

Extension to Chapter 2. Architectural Constraints

Functional Example AS-FE-I-013-V13-EN

Report. Certificate M6A SIMATIC S7 Distributed Safety

Failure Modes, Effects and Diagnostic Analysis

Removal of Hardware ESD, Independent of Safety Logic Solver

Scheme Document. For more information or help with your application contact BRE Global on +44 (0) or

Report. Certificate M6A SIMATIC Safety System

Failure Modes, Effects and Diagnostic Analysis

Point Level Transmitters. Pointek CLS200 (Standard) Functional Safety Manual 02/2015. Milltronics

IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification

Service & Support. Functional Safety One Position switch. Safe Machine Concepts without Detours. benefit from the Safety Evaluation Tool.

Technical Report Reliability Analyses

Soliphant M with electronic insert FEM57 + Nivotester FTL325P

AUDITOR / LEAD AUDITOR PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRY

itemp HART TMT122 with ma output signal

Scheme Document SD 003

Table of Content: 1 Objective of assessment Abbreviations and glossary System Overview... 6

Accreditation Criteria For Conformity Assessment Bodies

PLUS+1 SC Controller SC0XX-1XX Controller Family

Safety-related controls SIRIUS Safety Integrated

Options for ABB drives. User s manual Emergency stop, stop category 1 (option +Q964) for ACS880-07/17/37 drives

INTERNATIONAL STANDARD

PSR-PC50. SIL 3 coupling relay for safety-related switch on. Data sheet. 1 Description

Energize to Trip Requirement for SIL 3 according to IEC 61511

ISO INTERNATIONAL STANDARD. Safety of machinery Safety-related parts of control systems Part 1: General principles for design

Functional safety manual Liquiphant M/S with FEL58 and Nivotester FTL325N

Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY

MANUAL VAA-2E2A-G12-SAJ/EA2L Original Instructions Version 1.0

TITLE: IECEx Cybersecurity Workshop, June 2018, Weimar Report as copy of workshop presentation INTRODUCTION

Executive summary. by Michel Bonnet, Maximilien Laforge, and Jean-Baptiste Samuel

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF FOOD SAFETY MANAGEMENT SYSTEMS

MACX MCR-EX-SD LP(-SP)

CNAS-RC01. Rules for Accreditation of Certification Bodies

2oo4D: A New Design Concept for Next-Generation Safety Instrumented Systems 07/2000

PFH and PFDavg Data for Trusted TMR System

Update assessment for the Guard I/O DeviceNet Safety Modules 1791DS-IB8XOBV4, 1732DS-IB8XOBV4, 1791DS-IB16 and 1732DS-IB8. Rockwell Automation

Application of Functional Safety in All-Electric Control Systems. Dr. Carsten Mahler Prof. Dr. Markus Glaser 24 October 2018

Transcription:

FUNCTIONAL SAFETY CERTIFICATE This is to certify that the GSS (GSA******-*) Series Global Safety Limit Switch Manufactured by Honeywell International Inc. 315 East Stephenson Street, Freeport, Illinois, IL61032, USA. Has been assessed by with reference to the Hardware and Systematic Safety Integrity and found to meet the requirements of IEC 61508-2:2010 Routes 1 H & 1 S Systematic Capability (SC3) As an element/subsystem suitable for use in safety related systems performing safety functions up to and including SIL 2 capable with HFT=0 (1oo1)* SIL 3 capable with HFT=1 (1oo2)* When used in accordance with the scope and conditions of this certificate. *This certificate does not waive the need for further functional safety verification to establish the achieved Safety Integrity Level (SIL) of the safety related system Certification Manager: Mr. W Thomas Initial Certification: 25/03/2010 This certificate issued: 03/07/2015 Renewal date: 15/06/2020 This certificate may only be reproduced in its entirety, without any change. Page 1 of 5

Product description and scope of certification The GSS (part numbers are identified as GSA******-*) Series Global Safety Limit Switch is a plunger actuated switch intended for medium and large doors in industrial machinery. The switch is fitted with up to four pairs of switching contacts (available in several configurations). It has a metal enclosure, sealed to IP67, with either an integral cable or a connector which requires the installer to use a conduit plug rated for IP67 and above to ensure the integrity of sealing. Figure 1: Final Assembly of the GSS (GSA******-*) Series Global Safety Limit Switch Use in safety function(s) The functionality of the certified device that has been assessed for use by safety functions is to open the normally closed (NC) contacts on actuation of the switch. The user should note the number of cycles for which the safety-related data is valid. Certified Data in support of use in safety functions The assessment has been carried out with reference to IEC61508:2010 for Hardware Safety Integrity using the Route 1 H approach and the Conformity Assessment of Safetyrelated Systems (CASS) methodology for Systematic Safety Integrity using the Route 1s approach. Based on the documents submitted by Honeywell Control Systems Ltd, the Failure Mode and Effect analysis (FMEA) of the GSS (GSA******-*) Series Global Safety Limit Switch have verified the documents as evidence of conformity to IEC61508-2:2010 in respect of hardware and systematic safety integrity. Component failure rates have been sourced using Item software reliability package and RIAC automated data book. The table below summarizes the FMEA assessment. Page 2 of 5

Table 1; FMEA results of the GSS (GSA******-*) Series Global Safety Limit Switch Define Safety Function: The functionality of the certified device that has been assessed for use by safety functions is to open the normally closed (NC) contacts on actuation of the switch. The user should note the number of cycles for which the safety-related data is valid. Summary of IEC 61508-2 GSS (GSA******-*) Series Global Safety Limit Clauses 7.4.2 and 7.4.4 Switch Verdict Architectural constraints & Type of product A/B HFT=0 HFT=1 Type A Safe Failure Fraction (SFF) 85% 85% HFT 0 HFT 1 SIL 2 SIL 3 Random hardware failures: [h -1 ] λ DD λ DU 1.77E-08 1.77E-09 Random hardware failures: [h -1 ] λ SD λ SU 1.03E-07 1.04E-08 Diagnostic coverage (DC) 0.00% 0.00% PFD @ PTI = 730Hrs MTTR = 8 Hrs 7.75-E-05 7.76-E-06 Probability of Dangerous failure (High Demand - PFH) [h -1 ] 1.77E-08 1.77E-09 Hardware safety integrity compliance Route 1 H Systematic safety integrity compliance See report R70017229C (Route 1 s ) Systematic Capability (SC1, SC2, SC3, SC4) SC3 Hardware safety integrity achieved SIL 2 achieved with HFT=0 SIL 3 achieved with HFT=1 Note 1: The failure data: 1) Failure rates stated in the above tables are in units of failures per hour 2) The PFD AVG figure shown is for illustration only assuming a proof test interval of 8760 hours and MTTR of 8 hours. Refer to IEC 61508-6 for guidance on PFD AVG calculations from the failure data. 3) The failure rates do not include no parts failures. Table 2: Conditions for maintaining safety integrity capability 1 Product identification: GSS (GSA******-*) Series Global Safety Limit Switch 2 Functional specification: The functionality of the certified device that has been assessed for use by safety functions is to open the normally closed (NC) contacts on actuation of the switch. 3-5 Random hardware failure rates: Refer to table 1 above. 6 Environment limits: Temperature Range: The user should note the number of cycles for which the safety-related data is valid. Page 3 of 5

-25 o C to +85 o C Operational 7 Lifetime/replacement limits: Mechanical endurance: Sira TA 09002/02 Electrical endurance: Sira TA 09012/02 8 Proof Test requirements: Refer to Installation Instructions (GSS series) 9 Maintenance requirements: Refer to Installation Instructions (GSS series) 10 Diagnostic coverage: 0%, no diagnostics are available. 11 Diagnostic test interval: No diagnostic testing is available. 12 Repair constraints: Refer to Installation Instructions (GSS series) 13 Safe Failure Fraction: 85%. 14 Hardware fault tolerance (HFT): HFT=0 is SIL2. HFT=1 is SIL3. 15 Highest SIL (architecture/type A/B): SIL3 with HFT=1, Type A product. 16 Systematic failure constraints: Refer to Installation Instructions (GSS series) 17 Evidence of similar conditions in previous Not applicable product is proven by design type. use: 18 Evidence supporting the application Not applicable product is proven by design type. under different conditions of use: 19 Evidence of period of operational use: Not applicable product is proven by design type. 20 Statement of restrictions on functionality: Not applicable product is proven by design type. 21 Systematic capability: SC3. 22 Systematic fault avoidance measures: See report R70017229C. 23 Systematic fault tolerance measures: See report R56A19357A. 24 Validation records: See reports R70017229C and R56A19357A. Management of functional safety The assessment has demonstrated that the product is supported by an appropriate functional safety management system that meets the relevant requirements of IEC 61508-1:2010 clause 6, see report R70017229C. Identification of certified equipment A full list of certified equipment documents are defined below: Document no. Rev Date Document description GS series chart 1, type E A 27/06/2013 Engineering drawing for switch, incl. variants GS series chart 1, type I A 12/04/2013 Installation drawing for switch, incl. variants PK 80086 8 N/A Installation instructions (GSS series) Conditions of Certification The validity of the certified base data is conditional on the manufacturer complying with the following conditions: 1. The manufacturer shall analyze failure data from returned products on an on-going basis. Sira Certification Service shall be informed in the event of any indication that the actual failure rates are worse than the certified failure rates. (A process to rate the validity of field data should be used. To this end, the manufacturer should co-operate with users to operate a formal fieldexperience feedback programme). Page 4 of 5

2. Sira shall be notified in advance (with an impact analysis report) before any modifications to the certified equipment or the functional safety information in the user documentation is carried out. Sira may need to perform a re-assessment if modifications are judged to affect the product s functional safety certified herein. 3. On-going lifecycle activities associated with this product (e.g., modifications, corrective actions, field failure analysis) shall be subject to surveillance by Sira in accordance with Regulations Applicable to the Holders of Sira Certificates. Conditions of Safe Use The validity of the certified base data in any specific user application is conditional on the user complying with the following conditions: 1. Selection of this equipment for use in safety functions and the installation, configuration, overall validation, maintenance and repair shall only be carried out by competent personnel, observing the manufacturer s conditions and recommendations in the user documentation. 2. All information associated with any field failures of this product should be collected under a dependability management process (e.g., IEC 60300-3-2) and reported to the manufacturer. 3. A proof test interval of 1 year. General Conditions and Notes 1. This certificate is based upon a functional safety assessment of the product described in Sira Test & Certification Assessment Reports R70017229A, R70017229C and R56A19357A. 2. If the certified product is found not to comply, should be notified immediately at the address shown on this certificate. 3. The use of this Certificate and the Sira Certification Mark that can be applied to the product or used in publicity material are subject to the Regulations Applicable to the Holders of Sira Certificates and Supplementary Regulations Specific to Functional Safety Certification. 4. This document remains the property of Sira and shall be returned when requested by the issuer. 5. No part of the Functional safety related aspects stated in the installation instructions shall be changed without approval of the certification body. 6. This certificate will remain valid subject to completion of two surveillance audits within the five year certification cycle, and upon receipt of acceptable response to any findings raised during this period. This certificate can be withdrawn if the manufacturer no longer satisfies scheme requirements. Certificate History Issue Date Project No. Comment 02 03/07/2015 70017229 Revision 2 of this certificate to support recertification of the GSS (GSA******-*) Series Global Safety Limit Switch to IEC61508:2010. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback