2 planning – KROHNE SU 501 EX EN User Manual

Safety integrity of the hardware for safety-relating subsystems

of type A (IEC 61508-2, 7.4.3)

Safe failure fraction

Hardware

fault tole-

rance

SFF

HFT = 0

HFT = 1

HFT = 2

<60 %

SIL1

SIL1

SIL2

60 % up to <90 %

SIL2

SIL3

(SIL4)

90 % up to <99 %

SIL3

(SIL4)

(SIL4)

>=99 %

SIL3

(SIL4)

(SIL4)

9.2 Planning

l

The measuring system must be used acc. to the

application

l

The application-specific limits must be maintained and the

specifications must not be exceeded.

l

Acc. to the specifications in the operating instructions

manual, the current load of the output circuits must be

within the limits.

For the implementation of FMEDA (Failure Mode, Effects and

Diagnostics Analysis) the following assumptions form the

basis:

l

Failure rates are constant, wear of the mechanical parts is

not taken into account

l

Failure rates of external power supplies are not included

l

Multiple errors are not taken into account

l

The average ambient temperature during the operating

time is +40°C (104°F)

l

The environmental conditions correspond to an average

industrial environment

l

The lifetime of the components is around 8 to 12 years

(IEC 61508-2, 7.4.7.4, remark 3)

l

The condition of the output circuit is further processed acc.

to the quiescent current principle

l

The repair time (exchange of the meas. system) after a fail-

safe error is eight hours (MTTR = 8 h)

If the demand rate is only once a year, then the measuring

system can be used as safety-relevant subsystem in "low

demand mode" (IEC 61508-4, 3.5.12).

General instructions and

restrictions

Assumptions

Low demand mode

26

SU 501 Ex - Signal conditioning instrument

Functional safety

27953

-EN
-050616