Scribd
Upload
71 views2 pages

Data Declaration: Safety Systems. The Hardware Has Been Subjected To A Failure Modes and Effects Analysis (FMEA)

Uploaded by

Andy Kong King

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt

Data Declaration: Safety Systems. The Hardware Has Been Subjected To A Failure Modes and Effects Analysis (FMEA)

Uploaded by

Andy Kong King
71 views2 pages

Original Title

SIL MTL4511-4514-4516-4516C-4517-5511-5514-5516C-5517

Copyright

© © All Rights Reserved

Available Formats

PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
71 views2 pages

Data Declaration: Safety Systems. The Hardware Has Been Subjected To A Failure Modes and Effects Analysis (FMEA)

Uploaded by

Andy Kong King

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
You are on page 1/ 2

FMEA

IEC 61508
Data Declaration
DOCUMENT NO. MTL08FMEA4517/3

Declaration relating to: MTL4511, MTL4514, MTL4516, MTL4516C, MTL4517, MTL5511,


MTL5514, MTL5516C and MTL5517

Manufactured and assessed by:


Measurement Technology Limited, Power Court, Luton, Bedfordshire, LU1 3JJ

This document is issued as a summary of the hardware failure data affecting the application of the
equipment as a sub-system being part of a Safety Function intended to conform with the
requirements of IEC61508 - Functional Safety of Electrical/Electronic/Programmable Electronic
Safety Systems. The hardware has been subjected to a Failure Modes and Effects Analysis (FMEA)
to determine the specific failure modes and failure rates with the relevant results presented herein.

Product Description
The MTL4511, MTL4514, MTL5511 and MTL5514 are 1 channel and the MTL4516, MTL4516C,
MTL4517, MTL5516C and MTL5517 are 2-channel digital input interface modules which enable
respectively one or two safe area loads to be controlled through relay contacts by one or two
switches or proximity detectors located in a hazardous area. The input sensor excitation provided to
the hazardous area is limited to comply with the requirements of IIC gas atmospheres. Switches are
provided to select phase reversal operation mode and to enable/disable the line fault detection.

Product Failure Rates


The hardware assessment shows that the above Switch / Proximity Detector Interfaces

• have a hardware fault tolerance of 0


• are classified as Type A devices

The definitions for product failure of these modules were determined as:-

Failure mode Failure rate (FIT)


Output stuck ENERGISED1 14
Output stuck DE-ENERGISED2 271
Output state uncertain 2
Correct operation (failures have no effect) 143
NO – normally open relay contact

The above failure rates apply to the operation of a single channel and apply whether normal phase or
reverse phase is selected.
For 2-channel modules, the above figures apply to either channel 1 or channel 2. Both channels of a
2-channel module should not be used in the same safety function.
Note that failures may affect both channels simultaneously.

1
NO (normally open) relay contact closed, NC (normally closed) contact open (if available)
2
NO (normally open) relay contact open, NC (normally closed) contact closed (if available)
FMEA/DD4517/08/08 Page 1 of 2
FMEA
IEC 61508
Example of use in a safety function
In this example, the application context is assumed to be:

• the safety function is to de-energise the output on demand

The failure modes shown above can then be defined as

Failure mode Category


Output stuck ENERGISED Dangerous undetected, λdu
Output stuck DE-ENERGISED Safe undetected, λsu
Output uncertain Dangerous undetected, λdu
Correct operation Safe undetected, λsu
The failure rates for these categories are then (FITs)
Model λsd λsu λdd λdu
MTL4517 or MTL5517 or one of 0 414 0 16
the products listed on the first page

In this example, the safe failure fraction is 96.2%. However, other constraints, in particular the use of
unmonitored relay contact outputs, limit these devices to be used as single devices in Safety
Instrumented Functions up to SIL2.

Notes
• FITs means failures per 109 hours or failures per thousand million hours.
• Reliability data for this analysis is taken from IEC TR 62380:2004 Reliability Data
Handbook.
• Failure mode distributions are taken principally from IEC 62061:2005 Safety of Machinery.
• Both channels of a 2-channel module should not be used in the same safety function unless
due allowance is made for the occurrence of common cause failures affecting both
channels.
• Proof testing must be carried out according to the application requirements, but it is
recommended that this be carried out at least once every three years.
• Consideration should be made of the normal lifetime for a device of this type which would
be in the region of ten years.
• There are no internal diagnostic elements of this product.
• For all other product parameters related to its application (voltage range, environment, etc.)
please refer to the published MTL data sheet for this product, at www.mtl-inst.com.

Signed on behalf of MTL


Analyst Chief Technical Officer
Georg Hahn Jon Malins

Date: 29th August 2008 Date: 1st September 2008

FMEA/DD4517/08/08 Page 2 of 2

You might also like