2 planning – KROHNE OPTISWITCH 5xx0C 2wire SIL EN User Manual
Page 5
1
.2 Planning
The safety function of this measuring system is the identification and
signalling of the condition of the vibrating element.
A difference is made between the two conditions "covered" and
"
uncovered".
The safe state depends on the mode:
Overflow protection
(max. operation)
Dry run protection
(min. operation)
Vibrating element in safe
state
covered
uncovered
Output current in safe
state
12.5 … 23.5 mA
2.3 … 11.5 mA
Failure current "fail low"
<
2.3 mA
<
2.3 mA
Failure current "fail high"
>
23.5 mA
>
23.5 mA
A safe failure exists when the measuring system switches to the
defined safe state or the fault mode without the process demanding it.
A dangerous undetected failure exists if the measuring system
switches neither to the defined safe condition nor to the failure mode
when the process requires it.
If the measuring system delivers output currents of "fail low" or "fail
high", it can be assumed that there is a malfunction.
The processing unit must therefore interpret such currents as a
malfunction and output a suitable fault signal.
If this is not the case, the corresponding portions of the failure rates
must be assigned to the dangerous failures. The stated values in
chapter "Safety-relevant characteristics" can thus worsen.
The processing unit must correspond to the SIL level of the
measurement chain.
If the demand rate is only once a year, then the measuring system can
be used as safety-relevant subsystem in "low demand mode"
(IEC 61508-4, 3.5.12).
If the ratio of the internal diagnostics test rate of the measuring system
to the demand rate exceeds the value 100, the measuring system can
be treated as if it is executing a safety function in the mode with low
demand rate (IEC 61508-2, 7.4.3.2.5).
An associated characteristic is the value PFD
avg
(average Probability
of dangerous Failure on Demand). It is dependent on the test interval
T
Proof
between the function tests of the protective function.
Safety function
Safe state
Fault description
Configuration of the
processing unit
Low demand mode
OPTISWITCH series 5000 • - two-wire
5
1 Functional safety
32750
-
EN
-
100128