4 | Functional safety
D-LX 201/721
27
4 Functional safety
This section relates only to those devices and components that perform safety func-
tions as parts of a system's safeguarding equipment and within the context of func-
tional safety, and that have been inspected in order to work out the Safety Integrity
Level (SIL). Within product family D-LX 201/721, these are product versions D‑LX***
***-*1/*. The relevant output signals within the sense of functional safety are the flame
contact and the operational readiness contact (the latter only when connected to the
flame contact in series).
4.1 Relevant standard
The relevant standard is
● DIN EN 61508 (edition as per the relevant SIL document) Functional Safety of
Electrical/Electronic/Programmable Electronic Safety-related Systems
The term definitions and requirements set out in this standard are applied as part of
this section without being repeated.
4.2 Functions of the flame monitor
The devices in product family D-LX 201/721 are flame monitors for the monitoring of
industrial burners. When a flame is present, the fuel being transported into the com-
bustion chamber is consumed by means of a reaction with oxygen and no combustible
materials can accumulate. If the flame were to go out, however, any fuel still intro-
duced to the combustion chamber would not be consumed, and together with the air in
the chamber could form an explosive mixture that would react immediately on contact
with a source of ignition.
The flame monitor evaluates a suitable physical signal from the flame in order to es-
tablish whether or not a flame is present. The measurement signal acquired from the
physical signal is compared with the threshold values defined by the operator during
commissioning of the device. If the measured signal is higher than the threshold value,
this indicates that a flame is present. If it is lower than the threshold value, the flame
signal disappears. The setting to be selected is described in section 8 Flame monitor
settings [}71].
The flame monitor's operating function consists of the continual monitoring for the
presence of a flame. The presence of a flame is indicated by a closed flame relay. If
no flame is present, this is indicated by an open flame relay. For more information on
this, see also section 6.1 Functional description [}41].
The safety function of the flame monitor consists of indicating at the flame relay the
loss of a flame during planned operation of the burner (e.g. flame rupture), at the latest
following a pre-defined Flame Failure Detection Time (FFDT) specified by the operator
within the context of the applicable standards. The loss of a flame is indicated by the
opening of the relay contact. This must result in the supply of fuel being interrupted by
the operator. The flame monitor is part of the functional safety chain (flame signal →
flame monitor → safety controller → fuel valves → fuel flow) and so must be included in
the overall safety validation process that takes the entire safety chain into account.
To Next Page
Loading...
Need help?
General
