12 requirements for safety integrity, 1 fail safe state, 2 safety function – Flowserve 420 IOM User Manual

User Instructions - Logix® 420 Series Digital Positioners FCD LGENIM0106-06 12/13

flowserve.com

28

12

REQUIREMENTS FOR SAFETY
INTEGRITY

This section provides information and additional user
responsibilities in order to meet Safety Integrity Level 2
(SIL 2) per IEC 61508.
The safety function of the positioner is to go to the fail-safe
state (vent air from the actuator) given a low power
condition to the 4 to 20 mA input terminal.

12.1 Fail Safe State

The fail safe state is when the relay valve is at less than
5% of full stroke such that output port is venting.

NOTE: The fail safe state above represent the fail safe
state of the positioner. The valve fail safe state may be
different depending on spring configuration and tubing.
Ensure the valve fail-safe state is appropriate for your
application.

12.2 Safety Function

The Logix 420 positioner moves to fail-safe state upon the
removal of analog input power (less than 3.6 mA)

12.3 Fail Safe State Response Time

Test to find the final valve assembly response time to
ensure it meets application-specific requirements.
Response times will vary widely with actuator size, the use
of boosters, stroke length, starting position, fail-safe
direction, tubing size, supply pressure, and temperature.
The air flow capacity also affects the response time. See
section 2.4 Pneumatic Output for air flow capacity.

Typically, the Logix 420 can de-energize a 122 cm^2 (19
in^2) diaphragm actuator from fully open to fully closed in
under 2 seconds. This test was performed at 22

°C, using

4.1 bar supply, quarter inch tubing.

The typical response times for a relay to travel from fully
energized to fully de-energized (exhausted) state are:



4180 ms at -52

°C



650 ms at -40

°C;



172 ms at 22

°C;



214 ms at 85

°C;

NOTE: During the stroke calibration (Quick-Cal), stroke
times are measured and recorded in the positioner. To find
these times, see tuning parameters on the positioner menu
or in the DTM.

12.4 Installation

Ensure installation of the positioner is properly performed
according to this manual. Ensure tubing is configured to
the actuator so that the fail-safe state of the positioner
matches the desired fail-safe state of the valve.

12.5 Required Configuration Settings

The following user settable options must be properly
configured for the individual application in order to provide
the designed safety integrity for that application.



Calibrate the analog input (command). The fail safe
state of the valve must correspond to the analog input
command at less than 3.6 mA.



Set the desired PST settings using the DTM.



It is recommended to lock the local interface to prevent
unintended adjustments of the settings by an
unauthorized user.

12.6 Maximum Achievable SIL

The Flowserve 420 Valve Positioner covered by this safety
manual is suitable for use in low demand mode of
operation Safety Integrity Functions (SIF) up to SIL 2 in
simplex (1oo1) configurations and up to SIL 3 in redundant
configurations with a HFT of at least 1. The achieved SIL
for a particular SIF needs to be verified by PFDavg
calculation for the entire SIF including the failure rates of
the associated sensors and valves that are also part of the
SIF.
Use of the Flowserve 420 Valve Positioner in a redundant
(1ooN) configurations is also limited to SIL 2.

For details, contact your Flowserve representative for
Failure Mode, Effects, and Diagnostics Analysis (FMEDA)
report for Logix 420.

12.7 Reliability data

For reliability data, a detailed Failure Mode, Effects, and
Diagnostics Analysis (FMEDA) report has been prepared
and is available from Flowserve with all failure rates and
failure modes for use in SIL verification. See FMEDA
report for Logix 420.

Note that the failure rates of the associated actuator need
to be accounted for in the Safety Instrumented Function
(SIF) level Probability of Failure High over Average
Probability of Failure on Demand (PFH / PFDAVG)
calculation.

12.8 Lifetime limits

The expected lifetime of the Flowserve 420 positioner is
approximately 10 years. The reliability data listed the
FMEDA report is only valid for this period. The failure rates
of the Flowserve 420 Valve Positioner may increase
sometime after this period. Reliability calculations based on
the data listed in the FMEDA report for lifetimes beyond 10
years may yield results that are too optimistic, i.e. the
calculated Safety Integrity Level may not be achieved.