Decommissioning and withdrawal from service
© exida.com GmbH TURCK 04-07-14 R001 V2R0.doc; February 8, 2013
Stephan Aschenbrenner Page 11 of 25
4 Failure Modes, Effects, and Diagnostic Analysis
The Failure Modes, Effects, and Diagnostic Analysis was done together with Werner Turck
GmbH & Co. KG and is documented in [R1] and [R2]. When the effect of a certain failure mode
could not be analyzed theoretically, the failure modes were introduced on component level and
the effects of these failure modes were examined on system level. This resulted in failures that
can be classified according to the following failure categories.
4.1 Description of the failure categories
In order to judge the failure behavior of the Isolating Transducers IM33-**(Ex)-Hi/24VDC and
Analog Signal Transmitters IM35-**Ex-Hi/24VDC, the following definitions for the failure of the
product were considered.
Fail Safe Failure that causes the module / (sub)system to go to the defined
fail-safe state without a demand from the process or has no effect
on the safety function.
Fail Dangerous Failure that does not respond to a demand from the process (i.e.
being unable to go to the defined fail-safe state) or deviates the
output current by more than 2% full scale (+/-0.32mA).
Fail High Failure that causes the output signal to go to the maximum output
current (> 21 mA)
Fail Low Failure that causes the output signal to go to the minimum output
current (< 3.6 mA)
Fail No Effect Failure of a component that is part of the safety function but that
has no effect on the safety function or deviates the output current
by not more than 2% full scale. For the calculation of the SFF it is
treated like a safe undetected failure.
Not part Failures of a component which is not part of the safety function
but part of the circuit diagram and is listed for completeness.
When calculating the SFF this failure mode is not taken into
account. It is also not part of the total failure rate.
IM33-**(Ex)-Hi/24VDC
Fail-Safe State Depending on the application the fail-safe state is defined as the
output going to "fail-low" or “fail high”.
IM35-**Ex-Hi/24VDC
Fail-Safe State The fail-safe state is defined as the output going to "fail-low".
The “no effect” failures are provided for those who wish to do reliability modeling more detailed
than required by IEC 61508. In IEC 61508 the “no effect” failures are defined as safe
undetected failures even though they will not cause the safety function to go to a safe state.
Therefore they need to be considered in the Safe Failure Fraction calculation.
To Next Page
Loading...