Restrictions For Use In Safety-Related Applications - Endress+Hauser Proserve NMS80 Functional Safety Manual

Proserve NMS80
Endress+Hauser
The device can also communicate via HART for information purposes and contains all the
HART features with additional device information.
The safety-related output signal is fed to a downstream logic unit, e.g. a programmable
logic controller or a limit signal transmitter where it is monitored for the following:
• Exceed and/or undershoot a specific level limit.
• The occurrence of a fault, e.g. failure current (≤3.6 mA, ≥21.0 mA), interruption or
short-circuit of the signal line).
In case of fault it must be ensured that the equipment under control achieves or
maintains a safe state.
4.3

Restrictions for use in safety-related applications

• The measuring system must be used correctly for the specific application, taken into
account the medium properties and ambient conditions. Carefully follow instructions
pertaining to critical process situations and installation conditions from the Operating
Instructions. The application-specific limits must be observed.
• Information on the safety-related signal, (→  10).
• The specifications from the Operating Instructions must not be exceeded, (→  8).
• The following restrictions also applies to safety-related use:
• Strong, pulse-like EMC interference on the line can cause transient (< 1 s) deviations
≥ ±2% in the output signal. For this reason, filtering with a time constant of ≥ 1 s
should be performed in the downstream logic unit.
• The error range is device specific and is defined according to FMEDA (Failure Modes,
Effects and Diagnostic Analysis) on delivery. It includes all influential factors described
in the Technical Information (e.g. non-linearity, non-repeatability, hysteresis,
zero drift, temperature drift, EMC influences).
According to IEC / EN 61508 the safety related failures are classified into different
categories, see the following table. The table shows the implications for the safety-
related analog output signal and for measuring uncertainty.
Safety related error Explanation
No device error Safe:
No error
λ Safe detected:
SD
Safe failure which can be
detected
λ Safe undetected:
SU
Safe failure which cannot
be detected
λ Dangerous detected:
DD
Dangerous failure which
can be detected
(Diagnostic within the
device)
λ Dangerous undetected:
DU
Dangerous failure which
cannot be detected
Implications for the Implications for the
safety related output measuring uncertainty
signal (Position, see figure.
→  12)
None 1 Is within the
Causes the output signal 3 No implications
to signal the failsafe mode
(see, →  13)
Is within the defined error 2 May be beyond the
range
Causes the output signal 3 No implications
to signal the failsafe mode
(see, →  13)
May be outside the 4 May be outside the
defined error range
Safety function
specification (see TI,
BA, ...)
specification
defined error range
11