System Safety Requirement Assignment; System Structure; Safety Requirement Allocation; Safety Routines - ABB 266 HART Operating Instruction

266 Models - HART
System safety requirement assignment I/O system response time
The total system response time is determined by the following elements:
- Sensor detection time,
- Logic solver time;
- Actuator response time;
The total system response time must be less than the process safety time. To ensure a safe operation of the system, the scan
rate of each section of the logic solver multiplied by the number of channels shall be taken into account together with the safety
time of actuator and sensor response time.

System structure

System configuration drawings shall be available to describe the equipment and interfaces required for a complete operational
system. The system must be fully operational before start-up.

Safety requirement allocation

Each safety function, with its associated safety integrity requirement, shall be allocated to the designated safety related systems
taking into account the risk reductions achieved by the other technology safety-related systems and external risk reduction
facilities, so the necessary risk reduction for that safety function is achieved.
The allocation indicated shall be done in such a way that all safety functions are allocated and the safety integrity requirements
are met for each safety function.

Safety routines

Safety additional requirements may be defined in order to ensure the correct functionality of sequences in the Safety
Instrumented System.

Commissioning

Overall system functionality

The activity to validate the required safety functionality of the system together with the pressure transmitter according to the
Safety Requirement Specification is the Pre-Startup Acceptance test.

Faults outside the functional safety

The redundant algorithms and the electronics are designed to detect all the internal hardware faults therefore the transmitter
diagnostic is not able to detect faults related to the process and to the installation configuration. In the following table the known
weaknesses resulting from the transducer FMEA (Failure Mode and Effect Analysis) are listed.
– Assembled material at the pipes of the transmitter, blockage of pipe.
– Application outside specified temperature range.
– Excess of temperature
– Assembled gas at the transmitter, if the transmitter is mounted above the process line
– Overload pressure, high peak pressure pulses in process lines
– Penetration of hydrogen, diaphragm crack in applications with hydrogen process medium.
– Thin walled diaphragm, leaky diaphragm in applications with abrasive medium.
– Thin walled diaphragm, leaky diaphragm in applications with corrosive medium.
– Higher diaphragm stiffness, crack in application with contamination of metal ions
– Mechanical damage through cleaning, damage of the coating, corrosion.
Other considerations
The alarm levels of the transmitter (down-scale or up-scale) can be selected by the user. As default all the 266 devices are
configured with up-scale alarm. For some faults (e.g. crystal breakdown), the output will latch at 3.6 mA even if the up scale alarm
level is selected.
72 OI/266/HART-EN Rev. D | 2600T Series Pressure transmitters