47 / 443
Local Fuel – The Shoreham Oil Terminal
Gasoline Import - Safety Instrument System
P & I Design Ltd
DOCUMENT NO: LF364006_RPT
2 Reed Street, Thornaby, UK, TS17 7AF
ISSUE: C DATE: 13.05.16
Tel: + 44 (0)1642 617444
PAGE 7 OF 23
Fax: + 44 (0)1642 616447
www.pidesign.co.uk6.1.3 Sensor Subsystem Hardware Fault Tolerance
A Failure Modes, Effects and Diagnostic Analysis is one of the steps to be taken to achieve
functional safety certification per IEC 61508 of a device. From the FMEDA, failure rates and
Safe Failure Fraction are determined. The FMEDA that is described, concerns only the
hardware of the Safety IntelliPoint RF
TM
Series Point Level Switch, electronic and mechanical,
including the probe assembly. For full functional safety certification purposes all requirements
of IEC 61508 must be considered.
The Safety IntelliPoint RF
TM
Series Point Level Switch is a two-wire, 4 - 20 mA smart device
with discrete output levels. It contains self-diagnostics and is programmed to send its output to
a specified state upon internal detection of a failure. For safety instrumented systems usage it
is assumed that the 4 - 20 mA output is used as the primary safety variable. All other possible
output variants are not covered by this report. The different devices can be equipped with or
without display.
The Safety IntelliPoint RF
TM
Series Point Level Switch is classified as a Type B device
according to IEC61508, having a hardware fault tolerance of 0. The analysis shows that the
device has a safe failure fraction between 90 and 99% (assuming that the logic solver is
programmed to detect any currents outside the discrete output levels boundaries and therefore
may be used up to SIL 2 as a single device.
The FMEDA analysis was performed for the High Level Fail Safe setting of the switch (HLFS).
Table 1 lists the failure rates for the Safety IntelliPoint RF
TM
Series Point Level Switch
according to IEC 61508, assuming that the logic solver is set to detect any currents outside a
1mA range around the three output levels.
Table 1: Failure rates according to IEC 61508
Safety IntelliPoint RF™ Series
Point Level Switch
ʎ
sd
ʎ
su2
ʎ
dd
ʎ
du
SFF
High Level Fail Safe application
0 FIT
300 FIT
686 FIT
73 FIT
93.2%
These failure rates are valid for the useful lifetime of the product.
The user of the Safety IntelliPoint RF
TM
Series Point Level Switch can utilize these failure
rates in a probabilistic model of a safety instrumented function (SIF) to determine suitability
in part for safety instrumented system (SIS) usage in a particular safety integrity level (SIL).
The clause of hardware fault tolerance from BSEN 61508 has been applied.
BS EN 61508-2:2010 Section 7.4.3 requires architectural constraints on hardware safety
integrity.
Table 3 of the standard is reproduced below: