Safety-related characteristics, Safety-related characteristics 7.1 assumptions – KROHNE DK 32-DK 34-DK 37 Safety V1 EN User Manual
Page 11
SAFETY-RELATED CHARACTERISTICS
7
11
DK32 - DK34 - DK37
www.krohne.com
02/2012 - 4000574702 MA DK32 34 37 SIL R02 en
Safety-related characteristics
7.1 Assumptions
The following assumptions have been made during the Failure Modes, Effects and Diagnostic
Analysis of the variable-area flowmeter DK32, DK34 and DK37.
• Failure rates are constant, wear out mechanisms are not included.
• Propagation of failures is not relevant.
• Failures resulting from incorrect use of the flowmeters DK3*, in particular humidity entering
through incompletely closed housings or inadequate cable feeding through the inlets, are not
considered.
• Sufficient tests are performed prior to shipment to verify the absence of vendor and/or
manufacturing defects that prevent proper operation of specified functionality to product
specifications or cause operation different from the design analyzed.
• The mean time to restoration (MTTR) after safe failure is 24 hours.
• All modules are operated in the low demand mode of operation.
• External power failure rates are not included.
• The HART protocol at DK37M8E is only used for setup, calibration and diagnostics purpose,
not during safety operation mode.
• Practical fault insertion test can demonstrate the correctness of the failure effects assumed
during FMEDAs.
• The stress levels are average for an industrial outdoor environment and can be compared to
exida Profile 2 or Profile 4 with temperature limits within the manufacture’s rating. Other
environmental characteristics are assumed to be within the manufacturer’s ratings.
• The switching contact outputs are connected to a fail-safe NAMUR amplifier. The failure
rates of the amplifier are not included in the listed failure rates.
• The application program in the safety logic solver is configured to detect under-range and
over-range failures and does not automatically trip on these failures; therefore these failures
have been classified as dangerous detected failures. The failure rates of the safety logic
solver are not included in the listed failures rates.
• No effect failures are included in the “safe undetected” failure category. Note that these
failures on its own will not affect system reliability or safety, and should not be included in
spurious trip calculations.
The variable area flowmeter DK32, DK34, DK37M8M with inductive limit switches are classified
as Type A subsystems (non-complex subsystem according 7.4.3.1.2. of IEC 61508-2) with
hardware fault tolerance HFT=0. For Type A subsystems the SFF has to be > 60% for SIL2
subsystems with a hardware fault tolerance of 0 (table 2 of IEC 61508-2).
The variable area flowmeter DK37M8E with 4…20mA output is classified as Type B subsystem
(complex subsystem according 7.4.3.1.3. of IEC 61508-2) with hardware fault tolerance HFT=0.
For Type B subsystems the SFF has to be > 60% for SIL1 subsystems with a hardware fault
tolerance of 0 (table 3 of IEC 61508-2).
MA_DK32_34_37_SIL_R02_en_574702_PRT.book Page 11 Thursday, March 1, 2012 9:53 AM