ida
e
excellence in dependable automation
FMEDA including SFF determination
and PFD calculation
Project:
HART multiplexer KFD2-HMM-16 together with KFD0-HMS-16 and 2700 HART Signal Multiplexer
Customer:
Pepperl+Fuchs GmbH
Mannheim
Germany
Contract No.: P+F 02/4-11
Report No.: P+F 02/4-11 R006
Version V1, Revision R1.2, July 2002
Stephan Aschenbrenner
CONFIDENTIAL INFORMATION
Management summary
This report summarizes the results of the analysis carried out on the HART multiplexer
KFD2-HMM-16 together with KFD0-HMS-16 and the 2700 HART Signal Multiplexer.
The assessment does not contain an evaluation of the correct functioning of the HART
multiplexer but a statement about the interference freeness on the safety related 4..20mA
loop when used for HART communication with regard to the suitability in part for Safety Instrumented System (SIS) usage in a particular Safety Integrity Level (SIL).
The failure rates are based on the Siemens standard SN 29500.
According to table 2 of IEC 61508-1 the average PFD for systems operating in low demand
mode has to be ≥10-4 to < 10-3 for SIL 3 safety functions and ≥10-3 to < 10-2 for SIL 2 safety材料科学与
工程学报
functions. However, as the modules under consideration are only one part of an entire safety
function they should not claim more than 10% of this range, i.e. they should be better than or
equal to 10-4 for SIL 3 and better than or equal to 10-3 for SIL 2.
The modules under evaluation can be considered to be Type B components. However, the components that can contribute to a disturbance of the safety system are considered to be Type
A components.
For Type A components the SFF has to fulfill the requirements as stated in table 2 of
IEC 61508-2 which are the following:
Hardware fault tolerance (HFT)
0 1 2 SIL 2 60% ≤ SFF < 90% SFF < 60%
SIL 3 90% ≤ SFF < 99% 60% ≤ SFF < 90% SFF < 60%
The following tables show under which conditions the critical components of the two modules
that can contribute to a disturbance of the safety system fulfill this requirement (considering only
one communication line being part of the safety function).
Table 1: KFD2-HMM-16 together with KFD0-HMS-16 without additional module interface
T[Proof] = 1 year T[Proof] = 5 years T[Proof] = 10 years
PFD AVG = 1.23E-06PFD AVG = 6.13E-06PFD AVG = 1.23E-05
than 10% of this range, i.e. to be better than or equal to 10-3. The PFD values even fulfill the requirements of higher SILs but the system does only fulfill the architectural constraints requirements (HFT/SFF) for SIL 2 which are set by table 2 of IEC 61508-2 for type A components having a hardwa
re fault tolerance of 0.
If the HART multiplexer KFD2-HMM-16 and KFD0-HMS-16 are used together with the module interface as described in section 4.1 then two de-coupling capacitors have to fail to bring the (sub)system into a dangerous state. This corresponds to a hardware fault tolerance of 1.
Table 2: KFD2-HMM-16 together with KFD0-HMS-16 with additional module interface T[Proof] = 1 year T[Proof] = 5 years T[Proof] = 10 years
PFD AVG = 6.13E-08PFD AVG = 3.07E-07PFD AVG = 6.13E-07
than 10% of this range, i.e. to be better than or equal to 10-4. The PFD values even fulfill the requirements of a higher SIL but the system does only fulfill the architectural constraints requirements (HFT/SFF) for SIL 3 which are set by table 2 of IEC 61508-2 for type A components having a hardware fault tolerance of 1.
Table 3: 2700 HART Signal Multiplexer
T[Proof] = 1 year T[Proof] = 5 years T[Proof] = 10 years
PFD AVG = 2.50E-07PFD AVG = 1.25E-06PFD AVG = 2.50E-06
than 10% of this range, i.e. to be better than or equal to 10-4. The PFD values even fulfill the requirements of higher SILs but the system does only fulfill the architectural constraints requirements (HFT/SFF) for SIL 3 which are set by table 2 of IEC 61508-2 for type A components having a hardware fault tolerance of 1.
The calculations are based on the assumption that the HART multiplexer are mounted in an environment that is IP 54 compliant (e.g. housing, control cabinet or control room).
Table of Contents
Management summary (2)
1Purpose and Scope (5)
2Project management (5)
2.1Roles of the parties involved (5)
2.2Standards / Literature used (5)
液氮机2.3Reference documents (6)
2.3.1Documentation provided by the customer (6)
2.3.2Documentation generated by exida (6)
3Description of the HART communication (7)
4Description of the analyzed modules (8)
4.1KFD2-HMM-16 and KFD0-HMS-16 (8)
4.22700 HART Signal Multiplexer (11)
caco35Failure Modes, Effects, and Diagnostics Analysis (12)
5.1Description of the failure categories (12)
5.2Methodology – FMEDA, Failure rates (12)
5.2.1FMEDA (12)
5.2.2Failure rates (12)
5.2.3Assumption (13)
6Results of the assessment (13)
6.1KFD2-HMM-16 and KFD0-HMS-16 (15)
6.22700 HART Signal Multiplexer (17)
7Terms and Definitions (19)
8Status of the document (20)
8.1Liability (20)
8.2Releases (20)
8.3Release Signatures (20)
1 Purpose and Scope
This report shall describe the results of the FMEDAs carried out on the HART multiplexer KFD2-HMM-16 together with KFD0-HMS-16 and the 2700 HART Signal Multiplexer.
It shall be shown that the HART multiplexer do not electrically interfere with the connected safety related system when using the 4..20mA loop for the HART communication.
It shall be assessed whether these modules meet the Probability of Failure on Demand (PFD) requirements for SIL 2 / SIL 3 sub-systems according to IEC 61508 with regard to the interference freeness on the safety related 4..20mA loop.
The assessment does neither consider any calculations necessary for proving intrinsic safety nor an evaluation of the correct functioning of the HART multiplexer.
Pepperl+Fuchs GmbH contracted exida in May 2002 with the FMEDA and PFD calculation of the above mentioned modules.
2 Project management
2.1 Roles of the parties involved
Pepperl+Fuchs Manufacturer of the HART multiplexer.
exida Did the FMEDAs together with the determination of the Safe Failure Fraction (SFF) and calculated the Probability of Failure on Demand (PFD)
using Markov models.
2.2 Standards / Literature used
The services delivered by exida were performed based on the following standards / literature.
[N1] IEC 61508-2:1999 Functional Safety of Electrical/Electronic/Programmable
Electronic Safety-Related Systems
[N2] ISBN: 0471133019 Electronic Components: Selection and Application Guidelines
by Victor Meeldijk
John Wiley & Sons
[N3] FMD-91, RAC 1991 Failure Mode / Mechanism Distributions
[N4] SN 29500 Failure rates of components
2.3 Reference documents
2.3.1 Documentation provided by the customer
[D1] DL0799, DL0800 of 21.04.01 Circuit diagram for KFD2-HMM-16 and KFD0-HMS-16 [D2] 107905 Bill of material for KFD2-HMM-16
[D3] ES-984240/1-A1 of 18.11.99 Circuit diagram for 2700 HART Signal Multiplexer
(Mother Board Multiplexer / Interface Circuit)
功率自行车[D4] CL-984240/1-A4 of 24.03.99 Bill of material for 2700 HART Signal Multiplexer (Mother Board)
[D5] ES-984240/2-A1 of 18.11.99 Circuit diagram for 2700 HART Signal Multiplexer
(µProcessor Board)opcns
[D6] CL-984240/2-A3 of 16.03.99 Bill of material for 2700 HART Signal Multiplexer
(µProcessor Board)
[D7] Datasheet metallized polyester capacitor WIMA MKS 2 2.3.2 Documentation generated by exida
[R1] FMEDA KFD2-HMM-16 V1 R1.0 – Analysis of 24.06.02
[R2] FMEDA KFD2-HMM-16 V1 R1.0 – Results of 24.06.02
[R3] FMEDA MUX 2700 V1 R1.0 – Analysis of 24.06.02
Cho细胞[R4] FMEDA MUX 2700 V1 R1.0 – Results of 24.06.02
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议