Professional Documents
Culture Documents
Safety Instrumented Systems (SIS), Safety Integrity Levels (SIL), IEC61508, and Honeywell Field Instruments
Safety Instrumented Systems (SIS), Safety Integrity Levels (SIL), IEC61508, and Honeywell Field Instruments
For example, the end user can define a process Fail Dangerous Undetected: Failure that is
as a SIL 1 SIS, accepting the risk that the SIS dangerous and that is not being
will be available 90% of the time (for a 10% diagnosed by internal diagnostics.
chance of failure). For instance, a low water
level on a storage tank will normally (90% of Fail Dangerous: Failure that deviates the
the time) be expected to trip a sensor, which in measured input state or the actual
turn will control a valve to refill the tank. 10% output by more than 2% of span and
of the time, the SIS is expected to fail, and the that leaves the output within active
tank will not be refilled. scale.
IEC 61508 and Honeywell Fail High: Failure that will result in an output
current that is higher than 20 mA.
One of the steps required to achieve
Fail Low: Failure that will result in an output
functional safety certification per IEC 61508 is
current that is lower than 4 mA.
a Failure Modes, Effects, and Diagnostic
Analysis (FMEDA). Companies like TUV and
Fail Safe Detected: Failure that leads to a safe
Exida offer their services to perform the
state and that is detected by internal
FMEDA. The result is a certificate, which
diagnostics.
contains the information that the end user needs
to complete a statistical analysis of the SIS.
Fail Safe Undetected: Failure that leads to a
Honeywell used Exida to perform the
safe state and that is not detected by
FMEDA for the ST 3000® pressure
internal diagnostics.
transmitters, and model STT25H HART*
temperature transmitter. Attached to this note is
Fail Safe: Failure that results in the
a copy of the certificate for the pressure
presentation of the selected fail-safe
transmitters. The certificates are also available
input or output condition independent
online at http://field-measurement.com/.
of the actual input state.
The following definitions will be useful
Safe Failure Fraction: The fraction of the
when reading the FMEDA:
overall failure rate of a device that
results in either a safe fault or a
diagnosed unsafe fault.
ST 3000 Pressure Transmitter FMEDA
Certificate
Date: ______________________________
Honeywell ______________________________
Model:
Serial ______________________________
Number:
Tag ______________________________
Number:
Customer ______________________________
PO
Number:
A Failure Modes, Effects and Diagnostics Analysis is one of the steps taken to achieve functional safety certification
per IEC61508 of a device. From the FMEDA, failure rates and safe failure fraction are determined for the analog
operating modes with either the HART or DE Protocol. The failure rates for the ST Integral Meter were also
evaluated. This FMEDA includes all hardware, electronic and mechanical. For full certification purposes all
requirements of IEC61508 must be considered including the software of the transmitter.
The ST 3000 transmitter is an isolated two-wire 4 to 20mA smart device classified as Type B according to IEC61508.
It contains self-diagnostics and is programmed to send its output to a specified failure state, either high or low, upon
internal detection of a failure.
The failure rates, safe failure fraction and PFDavg calculation for the ST 3000 pressure transmitter with HART
Protocol operating in a clean service are as follows*:
The failure rates, safe failure fraction and PFDavg calculation for the ST 3000 pressure transmitter with DE Protocol
operating in a clean service are as follows*:
Based on a 35% PFDavg budget for the sensor subsystem, both transmitters would meet the PFDavg requirements
of SIL2 in a single configuration. Both transmitters would meet the architectural constraint requirements in IEC61508
at a level of SIL1 for a single configuration.
Summary calculations in accordance with the
international IEC 61508 standard. It helps users
As the process industry moves toward adopting carry out a quantitative analysis of the
the newer safety standards, Honeywell Field reliability (safety integrity) of the designed
Instruments are poised to meet the challenge. safety-instrumented functions. It can carry out
The FMEDA certificate, available for the complicated reliability calculations fast and
ST 3000 pressure transmitters and the HART accurately.
temperature transmitter (STT25H), are only a
part of what Honeywell has to offer. Further information about the TPS system can
Honeywell’s TPS system is the industry leader be found at
in building plant safety, with the Fail Safe http://www.acs.honeywell.com/ichome/
Control (FSC®) safety system. In addition, the
FSC SafeCalc is a software tool that was
specially developed by Honeywell Safety
Management System to perform SIL validation
U.S.A.: Honeywell Industrial Measurement and Control, 16404 North Black Canyon Hwy., Phoenix, AZ 85053 Canada: The Honeywell Centre, 155 Gordon
Baker Rd., North York, Ontario M2H 3N7 Latin America: Honeywell Inc., 480 Sawgrass Corporate Parkway, Suite 200, Sunrise, Florida 33325 Japan:
Honeywell K.K. 14-6 Shibaura 1-chome, Minato-ku, Tokyo, Japan 105-0023 Asia: Honeywell Pte. Ltd., Honeywell Building, 17 Changi Business Park Central
1, Singapore 486073 Pacific Division: Honeywell Pty Ltd., 5 Thomas Holt Drive, North Ryde NSW Australia 2113 Europe and Africa: Honeywell S.A.,
Avenue du Bourget 3, 1140 Brussels, Belgium Eastern Europe: Honeywell Praha,s.r.o. Budejovicka 1, 140 21 Prague 4, Czech Republic Middle East:
Honeywell Middle East Ltd., Technology Park, Cert Complex, Block Q, Murror Rd., Abu Dhabi, U.A.E.