The document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in
any event for incidental or consequential damages in connection with the application of the document.
© All rights on the format of this technical report reserved.
Failure Modes, Effects and Diagnostics Analysis
Project:
Level Transmitter LB490 Uni-Probe
Customer:
Berthold Technologies GmbH & Co. KG
Bad Wildbad
Germany
Contract No.: Berthold Technology 04/08-10
Report No.: Berthold Technology 04/08-10 R003
Version V1, Revision R3, Apr. 2007
Rainer Faller
© exida.com GmbH berthold 0408-10 r003 v1r3.doc, Apr. 12, 2007
Rainer Faller Page 2 of 18
Management summary
This report summarizes the results of the hardware assessment according to IEC 61508 carried
out on the Level Transmitter LB490 Uni-Probe. For safety applications only level measurement
and the 4..20mA output is considered. The HART™ communication shall not be used for safety
applications. The configuration set up using HART™ shall be checked by functional testing.
The hardware assessment consists of a Failure Modes, Effects and Diagnostics Analysis
(FMEDA). A FMEDA is one of the steps taken to achieve functional safety assessment of a
device per IEC 61508. For full assessment purposes all requirements of IEC 61508 must be
considered.
From the FMEDA, failure rates are determined and consequently the Safe Failure Fraction
(SFF) is calculated for the device. A dangerous failure is defined as a failure that does not
correctly respond to a demand from the process outside a measurement band of more than 5%
full span at ambient temperature. Failure rates used in this analysis are basic failure rates from
the Siemens standard SN 29500. For the photo-multiplier field failure evaluations from Berthold
Technologies and the manufacturer (Photonis) were used. For the mechanical design of the
detector unit field failure evaluations from Berthold Technologies were used.
The Level Transmitter LB490 Uni-Probe is considered to be a Type B sub-system with a
hardware fault tolerance of HFT=0.
It is assumed that the current output signal is fed to a SIL compliant analog input of a safety
PLC (programmable logic controller). The analog input and the application program of the
connected safety PLC shall be configured according to NAMUR NE43 to detect under-range
and over-range failures. Under the assumptions described in section 4 the following table shows
the failure rates according to IEC 61508. Additional to the FMEDA, fault injection tests have
been executed to confirm the effectiveness of the fault detection mechanisms.
Table 1 Summary for the Level Transmitter LB490 Uni-Probe incl. photomultiplier – IEC 61508
Failure rates
O
sd
O
su
O
dd
O
du
SFF DC
S
1
DC
D
783 fit 535 fit 427 fit 74 fit 96% 59% 85%
These failure rates are valid for operating stress conditions typical of an industrial field
environment similar to IEC 60654-1, class C (sheltered location) with an average temperature
over a long period of time of 40ºC. For a higher average temperature of 60°C, the failure rates
should be multiplied with an experience-based factor of 2.5. A similar multiplier should be used
if frequent temperature fluctuation must be assumed.
The failure rates do not include failures resulting from incorrect use of the transmitter, in
particular high vibration at the photomultiplier tube and humidity entering through incompletely
closed housings or inadequate cable feeding through the PG inlets.
A user of the Level Transmitter LB490 Uni-Probe can utilize these failure rates in a probabilistic
model of a safety instrumented function (SIF) to determine suitability in part for safety
instrumented system (SIS) usage in a particular safety integrity level (SIL). A full table of failure
rates is presented in section 5.1 along with all assumptions in section 4.
1
DC means the diagnostic coverage (safe or dangerous).
To Next Page
Loading...
