Useful Lifetime; Systematic Capability; Safe Failure Fraction Sff; Average Probability Of Dangerous Failure On Demand Pfd Avg - ABB TTH200 Additional Instructions

TTH200, TTR200, TTF200 TEMPERATURE TRANSMITTER | SM/TTX200/SIL-EN REV. E 7

Useful Lifetime

According IEC 61508-2, a useful lifetime, based on experience, should be assumed.
The useful lifetime is highly dependent on the component itself and its operating conditions – temperature in particular.
Beyond the useful lifetime, the result of the probabilistic calculation method is meaningless, as the probability of failure significantly
increases with time. The assumption of a constant failure rate is based on the bathtub curve, which shows the typical behavior for
electronic components. Therefore, it is obvious that the PFDAVG calculation is only valid for components which have this constant
domain and that the validity of the calculation is limited to the useful lifetime of each component.
It is assumed that early failures are detected to a huge percentage during the installation period and therefore the assumption of a
constant failure rate during the useful lifetime is valid.
The useful lifetime by the worst components contributing to (dangerous undetected failures) for the TTH200-*H, TTR200-*H, and
DU
TTF200-*H transmitter electronics at 40 °C average temperature conditions is assumed to approximately 500.000 hours.
When plant experience indicates a shorter useful lifetime, the number based on plant experience should be used.

Systematic Capability

This device has been qualified according the IEC 61508:2010 and fulfills the Part 1 - 3 requirements for a Systematic Safety Integrity of
SC 3 (SIL 3 capable).
The overall functional safety management, development and change process has been assessed by TÜV Nord according
SEBS-A.164837/12TB Rev 1.0
IEC 61508:2010 Ed2 with results reported within TÜV Report .
The FMEDA has been performed by Exida Germany with results reported within FMEDA Report 12-04-016 TTx200 R023 Version V3,
Revision R0. The summarized results are attached within Appendix 'Exida FMEDA Report'.
Note
The systematic safety integrity indicated by the systematic capability can be achieved only when the instructions and constraints are
observed. Where violations occur, the claim for systematic capability is partially or wholly invalid.

Safe Failure Fraction SFF

The IEC 61508 route 1H approach involves calculating the Safe Failure Fraction for the entire element. Related values are listed within
'Appendix Exida FMEDA Report'.
The number listed assumes that the temperature sensing device and the transmitter together are an element according to
IEC 61508:2010. However, it would also be possible to consider both parts as separate elements where each element must fulfill the
related SFF.
Average probability of dangerous failure on demand PFD
AVG
For SIL2 applications, the PFD value of the overall SIS needs to be < 1.00E-02.
AVG
Assuming 35 % of these overall budget for the sensor assembly part leads to < 3.5E-03.
The SIS PFDAVG calculation must be done based on certain important variables including:
(1) Failure Rates, Failure Modes and Diagnostics
(2) Redundancy Architecture incl. Common Cause Failures
(3) Proof Test Coverage, Proof Test Interval, Proof Test Duration
(4) Mission Time
(5) Operational/Maintenance Capability
(6) Mean Time to Repair
As only (1) is under control by the device manufacturer it is the responsibility of the Safety Instrumented Function designer to
perform the PFD calculations for the final assembled SIS in combination with PFD values of other devices of a Safety
AVG AVG
Instrumented Function (SIF) in order to determine suitability for the demanded Safety Integrity Level (SIL).
The chapter 'Example PFDAVG calculation' contains related PFDAVG values for a single channel 1oo1 architecture on selected proof
test inspection intervals as simplified calculation.