1 safety integrity of the hardware, 6 safety manual – JUMO 701150 14597 safetyM STB/STW - Safety Temperature Limiter and Safety Temperature Monitor Operating Manual User Manual
Page 45
6 Safety Manual
45
6.9.1
Safety integrity of the hardware
According to DIN EN 61 508, a distinction must be made between systems of type A and systems of type B.
A subsystem can be considered to be type A if, for the components required to achieve the safety function,
-
the failure behavior of all components used is sufficiently defined; and
-
the behavior of the subsystem can be fully determined under failure conditions; and
-
reliable failure data from experience in the field exists for the subsystem to show that the assumed failure rates for detected
and undetected dangerous failures are achieved.
A subsystem can be considered to be type B if, for the components required to achieve the safety function,
-
the failure behavior of at least one of the components used is not sufficiently defined; or
-
the behavior of the subsystem cannot be fully determined under failure conditions; or
-
no sufficiently reliable failure data from experience in the field exists for the subsystem to support the utilized failure rates
for detected and undetected dangerous failures.
The 701150 temperature monitoring unit corresponds to a type B system.
The following table shows the achievable Safety Integrity Level (SIL) in dependency on the proportion of non-dangerous fail-
ures (SFF) and the hardware fault tolerance (HFT) for safety-related type B subsystems.
For 701150 the following table applies:
Safe Failure Fraction (SFF)
Hardware fault tolerance (HFT) for type B
0
1
2
<60 %
Not allowed
SIL1
SIL2
60 to <90 %
SIL1
SIL2
SIL3
90 to <99%
SIL2
SIL3
SIL4
≥
99 %
SIL3
SIL4
SIL4