Section 9: Architectural Constraints - Emerson EL-O-Matic F Series Safety Manual
Hide thumbs
Also See for EL-O-Matic F Series:
- Installation, operation and maintenance manual (67 pages) ,
- Installation, operation and maintenance manual (51 pages) ,
- Safety manual (22 pages)
Table of Contents
Advertisement
SIL Safety Manual
DOC.SILM.EF.EN Rev. 1
Section 9: Architectural Constraints
For the evaluation of the conformity to the requirement of Hardware safety integrity
architectural constraints of the standard IEC 61508, both Route 1
Route 1
• The product has a single channel configuration, HFT (hardware fault tolerance)=0
• Safe failure rate λ
For this reason, according to definition 3.6.15 of IEC 61508-4, we have:
•
•
Route 2
•
•
In conclusion:
The product can be used in single channel configuration up to:
•
•
Architectural Constraints
H
:
S
–
Single Acting Actuators: According to IEC 65108 definitions (in particular
definitions 3.6.8 and 3.6.13 of IEC 61508-4), no Safe Failures are possible
in a Single Acting actuator. Each failure mode of the actuator itself shall be
classified as "Dangerous" or "No Effect" (failures which can generate the
spurious operation of the safety function are only external to the actuator
itself, or are related to components that "plays no part in implementing
the safety function", e.g. components of the pneumatic cylinder.
Therefore, according to definition 3.6.13 of IEC 61508- 4, they cannot be
used for the calculation of the SFF.
Hence λ
=0 for each type of single acting actuator.
S
–
Double Acting Actuators: According to IEC 65108 definitions (in particular
definitions 3.6.8 and 3.6.13 of IEC 61508-4), no Safe Failures are possible
in a Double Acting actuator. Each failure mode of the actuator itself shall
be classified as "Dangerous" or "No Effect" (failures which can generate
the spurious operation of the safety function are only external to the
actuator itself, and in the case of loss of power supply the actuator "stays
put"). Therefore, according to definition 3.6.13 of IEC 61508- 4, they
cannot be used for the calculation of the SFF.
Hence λ
=0 for each type of Double Acting actuator.
S
SFF=0 without external diagnostic tests;
SFF>0 with external diagnostic tests, carried out according to definition 3.8.7 of IEC
61508-4, and according to what written in Section 6 above
(see the same paragraph for the SFF / DC reachable).
H
The application of Route 2
As the product is classified as "Type A", no requirements for SFF are
given for Route 2
.
H
SIL 2 without external diagnostic tests
SIL 3 considering external diagnostic tests
Section 9: Architectural Contraints
("field feedback") is assessed.
H
September 2018
and Route 2
are used.
H
H
16
Advertisement
Table of Contents
