Appendix; Explanations To Safety Application Conditions (Sac) - Siemens SITRANS F Additional Operating Instructions

APPENDIX

6

6.1 Explanations to safety application conditions (SAC)

For some SACs (for details refer to
explanations are given below:
SAC1: System changes
Every state of the system which does not meet its specification might be hazardous, because
those states were not completely analyzed. Hazardous states can be reached by
- the use of failed, but not as "failed" marked parts, or not tested parts,
- changing the wiring, especially the use of the serial interfaces in combination with a service
computer ("notebook") during operation with safety responsibility.
Most measures within the communication network are harmless, but not all. In any case, the
related safety application conditions must be observed.
SAC2: Mounting and connecting
Incorrect installation will have an effect on measurement and on the measuring accuracy in
general. Therefore, the correct execution of the safety function cannot be guaranteed if the
installation conditions are not met.
SAC3: SIL mode
The device can be operated in SIL mode, providing the safety function or in non-SIL mode. In
non-SIL mode, the key figures given in this manual (for details refer to
indicators
measures are disabled for performance reasons and the safety reaction is switched off.
SAC4: Parameter input
The internal check functions can only detect range failures or incompatibilities in the whole data
set. They cannot decide whether the data is configured as intended.
The actual parameter setting must be executed carefully.
SAC5: Maintenance mode
The maintenance mode is intended to test a device which has already potentially failed. To
provide full test capability, the safe output (4..20 mA current output) is not blocked.
Consequently, the operator must implement other measures temporarily to keep the overall
system in a safe state.
SAC6: Resetting the fail-safe flag
When the safety reaction is triggered because a hazardous failure has been detected, a flag is
saved in persistent memory to prevent the device from starting safe operation after a reset.
The device must be completely tested (for details refer to
page 19). The fail-safe flag shall be reset only, if the operator is sure that the device is still intact
(for details refer to
safe operation as soon as the fail-safe flag is reset.
The NAMUR diagnostic information must not be used to decide whether the device is intact or
not. Reason is that this information is not safe, as the "latest" diagnostic message(s) may get lost
due to a device failure.
30
on page 27) are not valid. During operation in non-SIL mode, some diagnostic
Resetting the fail-safe flags
Safety application conditions (SAC)
on page 23). Note that the device will (re-)start
www.siemens.com/flow
SITRANS FX330
on page 8) additional
Safety relevant key
Operation modes and proof test
10/2017 - A5E40875009-AB EN
on