6 Safety Manual
44
6.6.3 Redundant use of the system
If the transmitter is used redundantly (HFT > 0), it can meet SIL 3 according to DIN EN 61508-2, 7.4.3.2 (systematic suitability)
and 7.4.4.2.4 (suitability of the architecture).
707071 safety architecture 1oo1D
This corresponds to architecture category 2 according to DIN EN ISO 13849, i.e.
the system has a safety channel and an additional diagnostics channel.
Hardware failure tolerance HFT = 0
Safe failure fraction SFF ≥ 90 %
CCF If the system is used redundantly: calculation according to DIN EN 61508 Part 7
Appendix D and/or DIN EN ISO 13849-1 Table F.1 at least 65
Average failure probability of a safety
function on demand (overall system)
SIL 2:
Low demand: PFD
avg
< 10
-2
High demand: PFH < 10
-6
Interval for the proof test T
i
max. 10 years
Lifetime 10 years
Planned operating duration
Mission time (T
M
)
max. 10 years
Architecture according to DIN EN ISO
13849-1
Category 2
MTTF
d
-DC
avg
according to DIN EN ISO
13849-1 Table K.1
PL c:
≥ 22 years (DC
avg
≥ 60 %)
Modes of operation and software class
according to DIN EN 60730-2-9
The system has the following modes of operation: 2K
Only in the case of redundancy: 2N
Software class C
Safety feature Requirement / comment
To Next Page
Loading...
