KROHNE OPTISWITCH 5xx0C NAMUR SIL EN User Manual
Page 4
l
IEC
61508
-
Functional safety of electrical/electronic/programmable elec-
tronic safety-related systems
l
IEC
61511-1
-
Functional safety - safety instrumented systems for the
process industry sector - Part 1: Framework, definitions,
system, hardware and software requirements
Failure limit values for a safety function, depending on the SIL class (of
IEC
61508-1, 7.6.2)
Safety integrity level
Low demand mode
High demand mode
SIL
PFD
avg
PFH
4
≥
10
-5
… < 10
-4
≥
10
-9
… < 10
-8
3
≥
10
-4
… < 10
-3
≥
10
-8
… < 10
-7
2
≥
10
-3
… < 10
-2
≥
10
-7
… < 10
-6
1
≥
10
-2
… < 10
-1
≥
10
-6
… < 10
-5
Safety integrity of the hardware for safety-related subsystems of type A
(IEC 61508-2, 7.4.3)
Safe failure fraction
Hardware
fault toler-
ance
SFF
HFT = 0
HFT = 1
HFT = 2
<
60 %
SIL
1
SIL
2
SIL
3
60 % … < 90 %
SIL
2
SIL
3
(SIL4)
90 % … < 99 %
SIL
3
(SIL4)
(SIL4)
≥
99 %
SIL
3
(SIL4)
(SIL4)
According to IEC 61511-1, paragraph 11.4.4, the failure tolerance HFT
can be reduced by one for service-proven subsystems if the following
conditions are met:
l
The instrument is service proven
l
Only process-relevant parameters can be modified on the instru-
ment (e. g. measuring range, current output in case of failure …)
l
The modification of these process-relevant parameters is pro-
tected (e. g. password, …)
l
The safety function requires less than SIL4
The assessment by Change Management was a part of the "service
proven" verification.
Relevant standards
Safety requirements
Service proven
4
OPTISWITCH series 5000 • - NAMUR
1 Functional safety
32747
-EN
-100128