2017-04
10
Functional Safety KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
3.2 Assumptions
The following assumptions have been made during the FMEDA:
• The fault indication output which signals if the field circuits are broken or
shorted is not considered in the FMEDA and the calculations.
• For output I of the KFD2-SH-Ex1 and KHA6-SH-Ex1 devices, use the
3 redundant relay contacts to establish the necessary redundancy.
• Failure rate based on the Siemens standard SN29500.
• Failure rates are constant, wear is not considered.
• External power supply failure rates are not included.
• The safety-related device is considered to be of type A device with a hardware
fault tolerance of 0.
• Observe for the high demand mode the useful lifetime limitations of the output
relays.
• The device will be used under average industrial ambient conditions, which
are comparable with the classification "stationary mounted" in MIL-HDBK-
217F. Alternatively, the following ambient conditions are assumed:
• IEC/EN 60654-1 Class C (sheltered location) with temperature limits in the
range of the manufacturer's specifications and an average temperature of
40 ºC over a long period. The humidity level is within manufacturer's rating.
For a higher average temperature of 60 ºC, the failure rates must be
multiplied by a factor of 2.5 based on experience. A similar factor must be
used if frequent temperature fluctuations are expected.
SIL 3 application
If you use output I of the device, you can reach SIL 3 according to IEC 61508.
• The device shall claim less than 10 % of the total failure rate for a SIL 3 safety
loop.
• For a SIL 3 application operating in low demand mode the total PFD
avg
value
of the SIF (Safety Instrumented Function) should be smaller than 10
-3
, hence
the maximum allowable PFD
avg
value would then be 10
-4
.
• For a SIL 3 application operating in high demand mode the total PFH value of
the SIF should be smaller than 10
-7
per hour, hence the maximum allowable
PFH value would then be 10
-8
per hour.
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A
device, the SFF must be > 90 % according to table 2 of IEC/EN 61508-2 for a
SIL 3 (sub) system.
To Next Page
Loading...
Need help?
General
