Safety Manual SIL KFD2-ST*4-(Ex)*, KFD2-CR4-(Ex)*
Planning
2014-09
7
2.2 Assumptions
The following assumptions have been made during the FMEDA analysis:
Only one input and one output are part of the considered safety function
(only 2-channel version).
Failure rate based on the Siemens SN29500 data base.
Failure rates are constant, wear out mechanisms are not included.
External power supply failure rates are not included.
The devices are not protected against power supply failures. It is within the
responsibility of the user to ensure that low supply voltages are detected and
adequate reaction on this fault is implemented.
The safety-related device is considered to be of type A components with a
Hardware Fault Tolerance of 0.
It is assumed that the device will be used under average industrial ambient
conditions, which are comparable with the classification "stationary mounted"
in MIL-HDBK-217F. Alternatively, the following ambient conditions are
assumed:
• IEC 60654-1 Class C (sheltered location) with temperature limits in the
range of the manufacturer's specifications and an average temperature
of 40 ºC over a long period. A moisture level within the manufacturer's
specifications is assumed. For a higher average temperature of 60 ºC,
the failure rates must be multiplied by a factor of 2.5 based on empirical
values. A similar multiplier must be used if frequent temperature
fluctuations are expected.
It is assumed that any safe failures that occur (e.g., output in safe condition)
will be corrected within eight hours (e.g., correction of a sensor fault).
While the device is being repaired, measures must be taken to maintain the
safety function (e.g., by using a replacement device).
The HART protocol is only used for setup, calibration, and diagnostic
purposes, not during operation.
The application program in the programmable logic controller (PLC) is
configured to detect underrange and overrange failures.
SIL3 application
SIL3 can be reached if the two outputs of a KFD2-***-(Ex)1.2O* device are
connected to the same DCS/ESD device and evaluated if the deviation remains
below 2 %.
The device shall claim less than 10 % of the total failure budget for a SIL3
safety loop.
For a SIL3 application operating in Low Demand Mode the total PFD
avg
value
of the SIF (Safety Instrumented Function) should be smaller than 10
-3
, hence
the maximum allowable PFD
avg
value would then be 10
-4
.
For a SIL3 application operating in High Demand Mode of operation the total
PFH value of the SIF should be smaller than 10
-7
per hour, hence the
maximum allowable PFH value would then be 10
-8
per hour.
www.acornfiresecurity.com
www.acornfiresecurity.com
To Next Page
Loading...
Need help?
General
