3 PL d Switch Amplifier SAFETY MANUAL

PROCESS AUTOMATION
SAFETY MANUAL
Switch Amplifier
KFD2-SH-Ex1(.T)(.OP),
KHA6-SH-Ex1
3
PL d
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
With regard to the supply of products, the current issue of the following document is applicable: The
General Terms of Delivery for Products and Services of the Electrical Industry, published by the
Central Association of the Electrical Industry (Zentralverband Elektrotechnik und Elektroindustrie
(ZVEI) e.V.) in its most recent version as well as the supplementary clause: "Expanded reservation
of proprietorship"
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Contents
1 Introduction ........................................................................ 4
1.1
General Information ......................................................................................4
1.2
Intended Use ................................................................................................4
1.3
Manufacturer Information..............................................................................5
1.4
Relevant Standards and Directives...............................................................5
2 Planning .............................................................................. 6
2.1 System Structure ..........................................................................................6
2.1.1 Low Demand Mode of Operation .............................................................6
2.1.2 High Demand or Continuous Mode of Operation......................................6
2.1.3 Safe Failure Fraction ................................................................................6
2.2
Assumptions .................................................................................................7
2.3
Safety Function and Safe State.....................................................................8
2.4
Characteristic Safety Values .........................................................................9
3 Safety Recommendation ................................................. 12
3.1
Interfaces ....................................................................................................12
3.2
Useful Life Time/Mission Time ....................................................................12
3.3
Installation and Commissioning ..................................................................13
4 Proof Test.......................................................................... 14
4.1
Proof Test Procedure..................................................................................14
5 Assessed Sensors List .................................................... 16
2014-05
6 Abbreviations ................................................................... 17
3
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Introduction
1
Introduction
1.1
General Information
This manual contains information on using the device in control circuits that are
related to functional safety.
The corresponding data sheets, the operating instructions, the system
description, the declaration of conformity, the EC-Type Examination Certificate,
and the applicable certificates (see data sheet) are an integral part of this
document.
The stated documents are available at www.pepperl-fuchs.com or from your
local Pepperl+Fuchs representative.
Mounting, installation, commissioning, operation, maintenance and disassembly
of any devices may only be carried out by trained, qualified personnel. The
instruction manual must be read and understood.
In the event of a device fault, the devices must be taken out of operation and
measures must be taken to protect them against unintentional startup. Devices
may be repaired only by the manufacturer. Deactivating or bypassing safety
functions, or failing to observe the instructions in this manual (which lead to faults
or affect the safety functions), can damage property and the environment or
cause personal injury, for which Pepperl+Fuchs GmbH accepts no liability.
The devices have been developed, manufactured, and tested according to the
applicable safety standards. The devices may be used only for the applications
described in the instructions under the specified ambient conditions and
exclusively in connection with the approved peripherals.
1.2
Intended Use
General
The devices are safety components according to the machinery directive
2006/42/EC.
These isolated barriers are used for intrinsic safety applications.
The devices transfer digital signals (SN/S1N proximity sensors or approved dry
contacts) from a hazardous area to a safe area.
Unlike an SN/S1N series proximity sensor, a mechanical contact requires a
10 k resistor to be placed across the contact in addition to a 1.5 k resistor in
series.
Lead breakage (LB) and short circuit (SC) conditions of the control circuit are
continuously monitored. During an fault condition, the fault indication output
energizes and outputs I and II de-energize.
The devices are single device for DIN rail mounting.
4
2014-05
For safety applications up to SIL3, output I must be used. For safety applications
up to SIL2, output I and output II can be used.
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Introduction
KFD2-SH-Ex1, KHA6-SH-Ex1
The input controls one relay contact output with 3 NO contacts (one output is in
series to the both output relays for the safety function), one relay contact output
with one NO contact, and one passive transistor output.
KFD2-SH-Ex1.T(.OP)
The input controls one active voltage output, one relay contact output with a
NO contact, and one passive transistor output.
The KFD2-SH-Ex1.T.OP version can only be supplied by Power Rail.
1.3
Manufacturer Information
Pepperl+Fuchs GmbH
Lilienthalstrasse 200, 68307 Mannheim, Germany
KFD2-SH-Ex1
KFD2-SH-Ex1.T
KFD2-SH-Ex1.T.OP
KHA6-SH-Ex1
Up to SIL3
Up to PL d
1.4
Relevant Standards and Directives
Device specific standards and directives
EMC Directive 2004/108/EC
EN 61326-1:2006, NE 21:2011
Low Voltage Directive 2006/95/EC
EN 61010-1:2010
Machinery Directive 2006/42/EC
EN/ISO 13849, part 1, edition 2008:
Safety-related parts of control systems
(product manufacturer)
Functional safety
IEC 61508 part 1 - 2, edition 2010:
Standard of functional safety of
electrical/electronic/programmable
electronic safety-related systems (product
manufacturer)
Degree of protection
IEC 60529:2001
System specific standards and directives
IEC 61511 part 1, edition 2003:
Standard of functional safety: safety
instrumented systems for the process
industry sector (user)
2014-05
Functional safety
5
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
2
Planning
2.1
System Structure
2.1.1
Low Demand Mode of Operation
If there are two loops, one for the standard operation and another one for the
functional safety, then usually the demand rate for the safety loop is assumed to
be less than once per year.
The relevant safety parameters to be verified are:

2.1.2
the PFDavg value (average Probability of Failure on Demand) and the Tproof
value (proof test interval that has a direct impact on the PFDavg)

the SFF value (Safe Failure Fraction)

the HFT architecture (Hardware Fault Tolerance)
High Demand or Continuous Mode of Operation
If there is only one loop, which combines the standard operation and safety
related operation, then usually the demand rate for this loop is assumed to be
higher than once per year.
The relevant safety parameters to be verified are:
2.1.3

the PFH value (Probability of dangerous Failure per Hour)

Fault reaction time of the safety system

the SFF value (Safe Failure Fraction)

the HFT architecture (Hardware Fault Tolerance architecture)
Safe Failure Fraction
The safe failure fraction describes the ratio of all safe failures and dangerous
detected failures to the total failure rate.
SFF = (s + dd) / (s + dd + du)
A safe failure fraction as defined in EN 61508 is only relevant for elements or
(sub)systems in a complete safety loop. The device under consideration is
always part of a safety loop but is not regarded as a complete element or
subsystem.
For calculating the SIL of a safety loop it is necessary to evaluate the safe failure
fraction of elements, subsystems and the complete system, but not of a single
device.
2014-05
Nevertheless the SFF of the device is given in this document for reference.
6
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
2.2
Assumptions
The following assumptions have been made during the FMEDA analysis:


The fault indication output which signals if the field wiring is broken or shorted
is not considered in the FMEDA and the calculations.
If you want to use output I for safety applications, you must use the relay
contact output with the three NO contacts. This ensures the necessary
redundancy.

Failure rate based on the Siemens SN29500 data base.

Failure rates are constant, wear out mechanisms are not included.

External power supply failure rates are not included.



The safety-related device is considered to be of type A components with a
Hardware Fault Tolerance of 0.
Observe for the High Demand Mode the lifetime limitations of the output
relays.
It is assumed that the device will be used under average industrial ambient
conditions, which are comparable with the classification "stationary mounted"
in MIL-HNBK-217F. Alternatively, the following ambient conditions are
assumed:
•



IEC 60654-1 Class C (sheltered location) with temperature limits in the
range of the manufacturer's specifications and an average temperature
of 40 ºC over a long period. A moisture level within the manufacturer's
specifications is assumed. For a higher average temperature of 60 ºC,
the failure rates must be multiplied by a factor of 2.5 based on empirical
values. A similar multiplier must be used if frequent temperature
fluctuations are expected.
It is assumed that any safe failures that occur (e.g., output in safe condition)
will be corrected within eight hours (e.g., correction of a sensor fault).
While the device is being repaired, measures must be taken to maintain the
safety function (e.g., by using a replacement device).
The indication of a dangerous fault (via fault bus) is detected within 1 hour by
the programmable logic controller (PLC).
SIL3 application
SIL3 according to IEC 61508 can be reached when using output I of this device.


For a SIL3 application operating in Low Demand Mode the total PFDavg value
of the SIF (Safety Instrumented Function) should be smaller than 10-3, hence
the maximum allowable PFDavg value would then be 10-4.
For a SIL3 application operating in High Demand Mode of operation the total
PFH value of the SIF should be smaller than 10-7 per hour, hence the
maximum allowable PFH value would then be 10-8 per hour.
2014-05

The device shall claim less than 10 % of the total failure budget for a SIL3
safety loop.
7
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
SIL2 application
SIL2 according to IEC 61508 can be reached with output I or output II of this
device.



The device shall claim less than 10 % of the total failure budget for a SIL2
safety loop.
For a SIL2 application operating in Low Demand Mode the total PFDavg value
of the SIF (Safety Instrumented Function) should be smaller than 10-2, hence
the maximum allowable PFDavg value would then be 10-3.
For a SIL2 application operating in High Demand Mode of operation the total
PFH value of the SIF should be smaller than 10-6 per hour, hence the
maximum allowable PFH value would then be 10-7 per hour.
PL d application
PL d according to EN/ISO 13849-1 can be reached when using output I of this
device.

2.3
The devices were qualified for use in applications acc. to EN/ISO 13849-1.
They fulfill PL d and are designed as Category 3 equipment. Consider the
rules for use given in this standard.
Safety Function and Safe State
The safe state is defined as the outputs being off (de-energized). It is reached
when the input is in low state.
K***-SH-Ex1
The devices have two outputs that can be used for safety functions. Output I is a
relay output with triplicated output relay, intended for use in applications up to
SIL3 or PL d. Output II is an additional relay output that may by itself be used in
applications up to SIL2.
KFD2-SH-Ex1.T(.OP)
The devices have two outputs that can be used for safety functions. Output I is an
electronic output that may be used in applications up to SIL3 or PL d. Output II
only has one relay and may by itself be used in applications up to SIL2.
LB/SC Diagnosis
The input loop of all versions is supervised. The related safety function is defined
as the outputs are low/de-energized (safe state), if a line fault or a short circuit of
the sensor is detected.
Note!
The fault indication outputs are not safety relevant.
The reaction time for all safety functions is < 30 ms.
8
2014-05
Reaction Time
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
2.4
Characteristic Safety Values
KHA6-SH-Ex1
Parameters acc. to
IEC 61508/ISO 13849-1
Values
Assessment type and
documentation
FMEDA, proven-in-use assessment, certificate
Device type
A
Mode of operation
Low Demand Mode or High Demand Mode
HFT
01
0
SIL
3 (proven-in-use)
2 (proven-in-use)
Safety function
Output I relay contact open when
input in low state
Output II relay contact open when
input in low state
s
266 FIT
179 FIT
0.5 FIT
51.9 FIT
dd
76.8 FIT
50.4 FIT
190 FIT
143 FIT
total (safety function)
533 FIT
424 FIT
MTBF 3
99.86 %
81 %
214 years
269 years
MTTFd
1477 years
–
DCd
99.40 % (High)
–
B10d
250000
–
Category (ISO 13849-1)
3
–
PL
d
–
du
no effect2
SFF
PFH
4.67 x 10-10 1/h
PFDavg for Tproof = 1 year
2.05 x 10
PFDavg for Tproof = 5 years
1.02 x 10-5
10-6
PFDavg for Tproof = 2 years
4.10 x
Reaction time 4
< 30 ms
1
2
3
4
-6
5.19 x 10-8 1/h
2.27 x 10-4
4.55 x 10-4
1.14 x 10-3
< 30 ms
The redundant relays can be considered as elements with hardware fault tolerance. For this calculation the
redundant relays were considered as "diagnostics" for the relay with a DC of 99 % to take care of a
possible common cause failure.
"Annunciation" failures are not directly influencing the safety functions and are therefore added
to the no effect.
acc. to SN29500. This value is calculated with the failure rates of the device components which are
part of the safety function of the device.
Time between fault detection and fault reaction.
2014-05
Table 2.1
9
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
KFD2-SH-Ex1
Parameters acc. to
IEC 61508/ISO 13849-1
Values
Assessment type and
documentation
FMEDA, proven-in-use assessment, certificate
Device type
A
Mode of operation
Low Demand Mode or High Demand Mode
HFT
01
0
SIL
3 (proven-in-use)
2 (proven-in-use)
Safety function
Output I relay contact open when
input in low state
Output II relay contact open when
input in low state
s
293 FIT
205 FIT
0.5 FIT
51.9 FIT
dd
50.5 FIT
36.6 FIT
215 FIT
156 FIT
total (safety function)
559 FIT
449 FIT
MTBF 3
99.86 %
82 %
204 years
254 years
MTTFd
2240 years
–
DCd
99.08 % (High)
–
B10d
250000
–
Category (ISO 13849-1)
3
–
PL
d
–
du
no effect2
SFF
PFH
PFDavg for Tproof = 1 year
4.67 x 10-10 1/h
2.05 x 10-6
PFDavg for Tproof = 2 years
4.10 x 10
Reaction time 4
< 30 ms
PFDavg for Tproof = 5 years
1
2
3
4
1.02 x 10
-6
-5
5.19 x 10-8 1/h
2.27 x 10-4
4.55 x 10-4
1.14 x 10-3
< 30 ms
The redundant relays can be considered as elements with hardware fault tolerance. For this calculation the
redundant relays were considered as "diagnostics" for the relay with a DC of 99 % to take care of a
possible common cause failure.
"Annunciation" failures are not directly influencing the safety functions and are therefore added
to the no effect.
acc. to SN29500. This value is calculated with the failure rates of the device components which are
part of the safety function of the device.
Time between fault detection and fault reaction.
2014-05
Table 2.2
10
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Planning
KFD2-SH-Ex1.T(.OP)
Parameters acc. to
IEC 61508/ISO 13849-1
Values
Assessment type and
documentation
FMEDA, proven-in-use assessment, certificate
Device type
A
Mode of operation
Low Demand Mode or High Demand Mode
HFT
0
SIL
3 (proven-in-use)
2 (proven-in-use)
Safety function
Output I transistor output deenergized when input in low state
Output II relay contact open when
input in low state
s
181 FIT
194 FIT
1.4 FIT
51.6 FIT
dd
38.4 FIT
38.4 FIT
195 FIT
130 FIT
total (safety function)
415 FIT
413 FIT
MTBF 2
99.37 %
81 %
275 years
276 years
MTTFd
2860 years
–
96.5 % (High)
–
B10d
–
–
Category (ISO 13849-1)
3
–
PL
d
–
du
no effect1
SFF
DCd
1.39 x 10-9 1/h
PFH
PFDavg for Tproof = 1 year
6.04 x 10-6
PFDavg for Tproof = 2 years
1.21 x 10
Reaction time 3
< 30 ms
PFDavg for Tproof = 5 years
1
2
3
3.02 x 10
-6
-5
5.16 x 10-8 1/h
2.26 x 10-4
4.52 x 10-4
1.13 x 10-3
< 30 ms
"Annunciation" failures are not directly influencing the safety functions and are therefore added
to the no effect.
acc. to SN29500. This value is calculated with the failure rates of the device components which are
part of the safety function of the device.
Time between fault detection and fault reaction.
Table 2.3
The characteristic safety values like PFD, PFH, SFF, HFT and Tproof are taken
from the FMEDA report and the assessment documentation created by the
issuer. Please note, PFD and Tproof are related to each other. The function of the
devices has to be checked within the proof test interval (Tproof).
2014-05
The safety values MTTFd, DCd, Category and PL for the machinery directive are
taken from the assessment report and certificate.
11
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Recommendation
3
Safety Recommendation
3.1
Interfaces
The device has the following interfaces. For corresponding terminals see data
sheet.
3.2

Safety relevant interfaces: input, output I, output II

Non-safety relevant interfaces: output ERR, power supply
Useful Life Time/Mission Time
Although a constant failure rate is assumed by the probabilistic estimation this
only applies provided that the useful life time of components is not exceeded.
Beyond this useful life time, the result of the probabilistic calculation is
meaningless as the probability of failure significantly increases with time. The
useful life time is highly dependent on the component itself and its operating
conditions – temperature in particular (for example, the electrolytic capacitors can
be very sensitive to the working temperature).
This assumption of a constant failure rate is based on the bathtub curve, which
shows the typical behavior for electronic components.
Therefore it is obvious that failure calculation is only valid for components that
have this constant domain and that the validity of the calculation is limited to the
useful life time of each component.
It is assumed that early failures are detected to a huge percentage during the
installation period and therefore the assumption of a constant failure rate during
the useful life time is valid.
However, according to IEC 61508-2, a useful life time, based on experience,
should be assumed. Experience has shown that the useful life time often lies
within a range period of about 8 ... 12 years.
As noted in DIN EN 61508-2:2011 note NA4, appropriate measures taken by the
manufacturer and operator can extend the useful lifetime.
Our experience has shown that the useful life time of a Pepperl+Fuchs product
can be higher


if there are no components with reduced life time in the safety path (like
electrolytic capacitors, relays, flash memory, opto coupler) which can
produce dangerous undetected failures and
if the ambient temperature is significantly below 60 °C.
2014-05
Please note that the useful life time refers to the (constant) failure rate of the
device.
12
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Recommendation
Maximum Switching Power of Output Contacts KFD2-SH-Ex1
I (A)
resistive load
DC
2
1
0.5
resistive load
AC
Electrical life
max. 105 switching cycles
0.2
0.1
30
0
10 20
50
100 200 500
U (V)
Figure 3.1
The maximum number of switching cycles is depending on the electrical load and
may be higher when reduced currents and voltages are applied.
Maximum Switching Power of Output Contacts KHA6-SH-Ex1
I (A)
2
resistive load
DC
resistive load
AC
1
0.5
Electrical life
max. 105 switching cycles
0.2
0.1
30
0
10 20
253
50
100 200 500
U (V)
Figure 3.2
The maximum number of switching cycles is depending on the electrical load and
may be higher when reduced currents and voltages are applied.
3.3
Installation and Commissioning
2014-05
During installation all aspects regarding the SIL level of the loop must be
considered. The safety function must be tested to ensure the expected outputs
are given. When replacing a device, the loop must be shut down or the safety
integrity of the process must be maintained by using loop redundancy. In all
cases, devices must be replaced by the same type.
13
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Proof Test
4
Proof Test
4.1
Proof Test Procedure
According to IEC 61508-2 a recurring proof test shall be undertaken to reveal
potential dangerous failures that are otherwise not detected by diagnostic test.
The functionality of the subsystem must be verified at periodic intervals
depending on the applied PFDavg in accordance with the data provided in this
manual. see chapter 2.4
The operator has to choose the correct proof test for the type of devices and the
interval time period.
The ancillary equipment required:

Digital multimeter with an accuracy better than 0.1 %
For the proof test of the intrinsic safety side of the devices, a special digital
multimeter for intrinsically safe circuits must be used.
Intrinsically safe circuits that were operated with non-intrinsically safe circuits
may not be used as intrinsically safe circuits afterwards.

Power supply set at nominal voltage of 24 V DC.

Potentiometer 4.7 k.

Resistor 220 /150 k.

Resistor 1.3 k/0.5 W (.T(.OP) version only).

Resistor 1 k/1 W.
Procedure:
Sensor state must be simulated by a potentiometer of 4.7 k (threshold for
normal operation), by a resistor of 220  (short circuit detection) and by a resistor
of 150 k (lead breakage detection).
The voltage output of the .T(.OP) version needs to be loaded with 1.3 k and
observed with a Digital Volt Meter. The relay output needs to be supplied by
24 V DC externally and loaded by a 1 k resistor. It is tested with a current meter
for the on state. For versions with triplicated relays, each single relay is tested
with an impedance meter if the off state must be reached. The input threshold
must be between 2.1 mA and 2.8 mA. The hysteresis must be between 170 µA
and 250 µA (measured with input current meter and potentiometer).
If the input current is above the threshold
the voltage output must be activated, voltage level higher than 20 V DC
(.T(.OP) version only),

the relay output must conduct (approx. 240 mA),

the yellow LED must be on.
For the philosophy of Functional Safety it is important to test, that the voltage
output is definitely off (less than 1 V DC) and each single relay of the output is
definitely open (high impedance), if the input is below the lower threshold
(typ. 2.5 mA) or above the higher threshold (typ. 6 mA).
14
2014-05

Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Proof Test
If the resistor RSC (220 ) or the resistor RLB (150 k) is connected to the input,
the unit must detect an external error. The red LED shall be flashing, the voltage
output is off, the relay outputs are high impedant (> 100 k).
As the unit does not have any switches or settings, no special actions have to be
taken in terms of different configurations. The mode of operation is only
interchangeable by the use of a different sensor (S1N instead of SN type)
Multimeter
( I)
KFD2-SH-Ex1
1 kΩ/
1W
13
10+
RSC
RLB
220 Ω
150 kΩ
Multimeter
(Ω)
19
Multimeter 24 V DC
(Ω)
1220
14
15
21
16+
I
Multimeter
(Ω)
Multimeter
( I)
II
ERR
17-
Multimeter
(mA)
Supply +
Zone 0, 1, 2
Div. 1, 2
Figure 4.1
Supply
Bus
I supply
Supply -
24 V DC
Power
supply
Zone 2
Div. 2
Proof test set-up for KFD2-SH-Ex1, KHA6-SH-Ex1
KFD2-SH-Ex1.T.OP
Multimeter
( I)
4+
RSC
RLB
220 Ω
150 kΩ
V
7+
89
6-
I
1 kΩ/
1W
24 V DC
10
11
Multimeter
( I)
II
ERR
12
Multimeter
(mA)
Supply +
Zone 0, 1, 2
Div. 1, 2
I supply
Supply -
24 V DC
Power
supply
Zone 2
Div. 2
Proof test set-up for KFD2-SH-Ex1.T(.OP)
2014-05
Figure 4.2
Supply
Bus
15
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Assessed Sensors List
5
Assessed Sensors List
The evaluation to PL d/SIL3 was done for use with the following sensors:
NJ2-11-SN
NJ2-11-SN-G
NJ2-11-SN-G-..M 1
NJ2-12GK-SN
NJ2-12GK-SN-..M 1
NJ4-12GK-SN
NJ4-12GK-SN-..M 1
NJ3-18GK-S1N
NJ3-18GK-S1N-..M 1
NJ5-18GK-SN
NJ5-18GK-SN-..M 1
NJ8-18GK-SN
NJ8-18GK-SN-..M 1
NJ6-22-SN
NJ6-22-SN-G
NJ6-22-SN-G-..M 1
NJ5-30GK-S1N
NJ5-30GK-S1N-..M 1
NJ10-30GK-SN
NJ10-30GK-SN-..M 1
NJ15-30GK-SN
NJ15-30GK-SN-..M 1
NJ6S1+U1+N1
NJ15S+U1+N
NJ20S+U1+N
NJ40-FP-SN-P1
SJ2-SN
SJ2-S1N
SJ3,5-SN
SJ3,5-SN-Y89604
SJ3,5-S1N
NCN3-F25-SN4-V1
PL2-F25-SN4-K
PL3-F25-SN4-K
1
-..M means different cable lengths in meter (m)
2014-05
Additionally, mechanical switches may be used. See chapter 1.2.
16
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
Abbreviations
6
Abbreviations
B10d
Number of switching cycles of relays until 10 % of these
components have failed
Category
Category acc. to EN/ISO 13849-1
DCd
DCS
ESD
FIT
Diagnostic Coverage of dangerous faults
Distributed Control System
Emergency Shutdown
Failure In Time in 10-9 1/h
FMEDA
Failure Mode, Effects and Diagnostics Analysis
s
Probability of safe failure
dd
du
Probability of dangerous detected failure
Probability of dangerous undetected failure
no effect
Probability of failures of components in the safety path that have
no effect on the safety function
not part
Probability of failures of components that are not in the safety path
total (safety function)
Safety function
HFT
Hardware Fault Tolerance
MTBF
Mean Time Between Failures
MTTFd
Mean Time To dangerous Failures
MTTR
Mean Time To Repair
PFDavg
Average Probability of Failure on Demand
PFH
Probability of dangerous Failure per Hour
PL
Performance Level acc. to EN/ISO 13849-1
PTC
Proof Test Coverage
SFF
Safe Failure Fraction
SIF
Safety Instrumented Function
SIL
Safety Integrity Level
SIS
Safety Instrumented System
Tproof
Proof Test Interval
ERR
Fault
LB
Lead Breakage
Line Fault Detection
SC
Short Circuit
2014-05
LFD
17
Safety Manual SIL KFD0-RSH-1(-Y2), KFD2-SL-4
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
2014-05
Notes
18
Safety Manual KFD2-SH-Ex1(.T)(.OP), KHA6-SH-Ex1
2014-05
Notes
19
PROCESS AUTOMATION –
PROTECTING YOUR PROCESS
Worldwide Headquarters
Pepperl+Fuchs GmbH
68307 Mannheim · Germany
Tel. +49 621 776-0
E-mail: info@de.pepperl-fuchs.com
For the Pepperl+Fuchs representative
closest to you check www.pepperl-fuchs.com/contact
www.pepperl-fuchs.com
Subject to modifications
Copyright PEPPERL+FUCHS • Printed in Germany
DOCT-2992
05/2014