Functional Safety KFD2-VR4-Ex1.26
Planning
2018-03
9
3.2 Assumptions
The following assumptions have been made during the FMEDA:
• The device will be used under average industrial ambient conditions comparable to
the classification "stationary mounted" according to MIL-HDBK-217F.
Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time of
40 ºC may be assumed. For a higher average temperature of 60 ºC, the failure rates must
be multiplied by a factor of 2.5 based on experience. A similar factor must be used if
frequent temperature fluctuations are expected.
• The device shall claim less than 15 % of the total failure budget for a SIL 2 safety loop.
• For a SIL 2 application operating in low demand mode the total PFD
avg
value of the
SIF (Safety Instrumented Function) should be smaller than 1 x 10
-2
, hence the maximum
allowable PFD
avg
value would then be 1.5 x 10
-3
.
• For a SIL 2 application operating in high demand mode the total PFH value of the
SIF should be smaller than 1 x 10
-6
per hour, hence the maximum allowable PFH value
would then be 1.5 x 10
-7
per hour.
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device, the
SFF must be > 60 % according to table 2 of IEC/EN 61508-2 for a SIL 2 (sub) system.
• Failure rate based on the Siemens standard SN29500.
• Any safe failures that occur (e. g. output in safe state) will be corrected within 8 hours
(e. g. remove sensor fault).
• While the device is being repaired, measures must be taken to maintain the safety function
(e. g. substitution by a replacement device).
• Propagation of failures is not relevant.
• There is no signalization of dangerous failures available at the output of the device.
Therefore any fault detection by external safety devices is not assumed.
To Next Page
Loading...
Need help?
General