SIL Safety Considerations 24UC ESAM4

SIL Safety Considerations
PSR-S..P-24UC/ESAM4…

Rev 0.0
Phoenix Contact GmbH & Co. KG
Fail Safe Relay for Process Applications

PSR-SCP- 24UC/ESAM4/3X1/1X2/B
PSR-SPP- 24UC/ESAM4/3X1/1X2/B
PSR-SCP- 24UC/ESAM4/2X1/1X2
PSR-SPP- 24UC/ESAM4/2X1/1X2
Hardware Version 01
Author H. Peter Revision: 0.0 Page 1 of 28
Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

Contents
Contents ................................................................................................................................... 2
1 Report Summary .............................................................................................................. 4
2 Brief Description of the modules....................................................................................... 6
3 Failure Modes, Effects and Diagnostic Analysis............................................................... 9
3.1 Definition of the modules safe state.......................................................................... 9
3.2 Definition of the used failure modes ......................................................................... 9
3.3 General assumptions .............................................................................................. 11
3.4 Assumptions for low demand application ............................................................... 11
3.5 Assumptions for high demand application .............................................................. 11
3.6 Subsystems of the module ..................................................................................... 12
3.7 High demand DTS mode ........................................................................................ 13
3.7.1 Raw results of the FMEDA – High demand ........................................................ 13
3.7.2 Calculation for the input circuit............................................................................ 16
3.7.3 Calculation for the redundant structure............................................................... 17
3.7.4 Combined values according to 1oo1 structure ................................................... 18
3.7.5 FMEDA results for DTS high demand mode ...................................................... 20
3.8 Low demand DTS mode ......................................................................................... 21
3.8.1 Raw results of the FMEDA – Low Demand ........................................................ 21
3.8.2 Calculation for the input structure ....................................................................... 24
3.8.3 Calculation for the redundant structure............................................................... 25
3.8.4 Combined values according to 1oo1 structure ................................................... 26
3.8.5 FMEDA results for DTS low demand mode ........................................................ 28
4 Proof Test ....................................................................................................................... 28

Revision Control
Rev. Author Date Remarks

0.0 H. Peter 2011-11-23 Initial revision Draft
Released Version
Input Documents
No. Name Author Rev. Date

[1] 9049014_02-cir.pdf (BT) - 02 09.06.2010
9049016_02-cir.pdf (BT)
[2] IEC 61508 Part 1 - 7:2001 - - -
[3] FMEA_SIL_REPORT.xls H.Peter 03.03.2011

1 Report Summary
This report summarizes the results of the FMEDA that was carried out for the relay modules
PSR-S..P- 24UC/ESAM4/3X1/1X2/B (short PSR-ESAM4/3X1_B)
PSR-S..P- 24UC/ESAM4/2X1/1X2 (short PSR-ESAM4/2X1)
The module PSR-ESAM4/3X1_B under consideration has three NO contacts (13-14, 23-24,
33-34) and one NC contact (41-42). It’s available as a screw pluggable (SCP) and a spring
pluggable version (SPP).
The module PSR-ESAM4/2X1 under consideration has two NO contacts (13-14, 23-24,) and
one NC contact (31-32). It’s available as a screw pluggable (SCP) and a spring pluggable
version (SPP).
The PSR-S..P-24UC/ESAM4… is considered as a multi-role relay for use in process and

machine DTS (De-energized to Safe) applications up to SIL3. It can be used in low-demand-
mode and in high demand mode.
Failure rates used in this report are calculated using the Siemens standard SN29500 for all
components of the module except the relays.
The failure rate of the relay is calculated via SN29500-7 for low-demand-application only. For
low-demand-application a failure direction for the relay contact was used: 80 % contacts
stays open and 20 % contact stays closed.
As a constant failure is without sense in frequently switching applications the failure rate of
the relays is calculated via B10d method while used in high demand.
In this case the failure rate is dived into 50% / 50% with a DC of 99% by using forcibly guided
contacts in the logic for diagnostics.
According to the table 2 of IEC 61508-1 the average PFD of a safety function with low
demand rate should not exceed 10-3 and the maximum PFH of a safety function with high
demand rate should not exceed 10-7. However, as the relay is considered not for standalone
use but as part of a safety-function, its maximum claim of the safety-loop should not exceed
15% of that range.
The results of this document are compressed into table 1 and 2 on the next page.

Table 1: Results for DTS high demand mode of the modules according to 1oo1
structure
Parameters acc. to IEC 61508 Results
Type of the Device A
Mode of operation high demand
Intended use De-energized to safe application
HFT 0
SIL 3
λSD 505 FIT
λSU 505 FIT
λDD 30,8 FIT
λDU 0,5 FIT
λTotal 1040 FIT
SFF 99,95 %
MTBF 1) 109,61 years
PFH 0,5* 10-9 1/h
T1max 20 years
Useful Lifetime 20 years
1)
This includes failures which are not part of the safety function. MTTR has been set to 8
hours
Table 2: Results for DTS low demand mode of the modules according to 1oo1
structure
Mode of operation Low demand
HFT 0
SIL 3
λSD 0 FIT
λSU 1796 FIT
λDD 0 FIT
λDU 6.4 FIT
λTotal 1802 FIT
SFF 99.65 %
MTBF 1) 63.33 years
PFDavg for T1 = 1 year 2.08 * 10-5

T1max 5.36 years
1)
hours

2 Brief Description of the modules

The modules are relay modules with a logic input A1-A2 and different relay outputs: DTS
(De-energized To Safe) NO contacts and one NC contact. The DTS output can be used in
applications up to SIL3. The structure of the modules has two channels and one power
supply. To activate the channels the connectors S11/S12 and S21/S22 have to be closed.
The two channels have a cross-circuit monitoring function.
The S12-S34 feedback circuit has to be closed and reopened to start the module manually.
The S12-S35 feedback circuit has to be closed to start the module automatically.
Internal structure of the PSR-ESAM4/3X1_B:
Structure 1

Internal structure of the PSR-ESAM4/2X1:
Structure 2
Input A1-A2: The input signal can be AC or DC voltage.

– Single-channel use possible, with bridge on S11-S12, S21-S22
A1 accepts signal range nominal:
PSR-S..P- 24UC/ESAM4/3X1/1X2/B  0V (logic 0) and 20.4V-26.4V (logic 1)
PSR-S..P- 24UC/ESAM4/2X1/1X2  0V (logic 0) and 20.4V-26.4V (logic 1)
The input circuit is protected by a varistor.
Input S11-S12, S21-S22: Sensor circuits

– Two-channel for emergency stop monitoring with cross-circuit monitoring
– Two-channel for safety door circuit
S11 is the output for S12 with nominal 24V DC.
S21 is the output for S22 with nominal 0V DC.
Input S34: Start and Feedback Circuits

– Manually monitored activation
– Manually monitored activation and external monitored contact extension.
S34 has to connect to S12 for a manually monitored activation.
Input S35: Start and Feedback Circuits
– Automatic activation
S35 has to connect to S12 for an automatic activation.

Output 13-14, 23-24 and 33-34: One NO contact of each forcibly guided relay is switched in
series.
Single-channel
In case of logic 0 at A1-A2 the output is not conducting.
In case of logic 1 at A1-A2 the output is conducting.
Two-channel
In case of logic sensor is closed S11-S12, S21-S22 and reset is applied the output is
conducting.
In case of logic sensor is open S11-S12 and S21-S22 the output is not conducting.
Output 31-32 or 41-42: One NC contact of each forcibly guided relay is switched in
parallel. This contact is not part of the DTS safety consideration.
Single-channel
In case of logic 0 at A1-A2 the output is conducting.
In case of logic 1 at A1-A2 the output is not conducting.
Two-channel
In case of logic sensor is closed S11-S12, S21-S22 and reset is applied the output is not
conducting.
In case of logic sensor is open S11-S12 and S21-S22 the output is conducting.

3 Failure Modes, Effects and Diagnostic Analysis

The FMEDA was done in a separate document. The following chapters clarify the
assumptions made in this process.
3.1 Definition of the modules safe state
PSR-S..P- 24UC/ESAM4/3X1/1X2/B:
The safe state of the module is defined as contact paths 13-14, 23-24 and 33-34 not
conducting.
The input A1-A2 is de-energized or one path S11-S12 or S21-S22 is opened and minimum
one relay contact in contact paths 13-14, 23-24 and 33-34 is not conducting.
PSR-S..P- 24UC/ESAM4/2X1/1X2:
The safe state of the module is defined as contact paths 13-14 and 23-24 not
conducting.
The input A1-A2 is de-energized or one path S11-S12 or S21-S22 is opened and minimum
one relay contact in contact paths 13-14 and 23-24 is not conducting.
3.2 Definition of the used failure modes

To generate the FMEDA the following failure modes where defined and used in the process
of fault analysis:
“safe (S)”:
A safe failure (S) is defined as a failure that causes the module / (sub)system to go to the
defined fail-safe state.
“dangerous (D)”:
A dangerous failure (D) is defined as a failure that does not respond to a demand from the
process (e.g. being unable to go to the defined fail-safe state).

“fail high (H)”:

A fail high failure (H) is defined as a failure that causes the output 13-14, 23-24 or 33-34 to
go to the ON-state (e.g. both relays energize) without a demand from the process.
“fail low (L)”:

A fail low failure (L) is defined as a failure that causes the output 13-14, 23-24 or 33-34 to go
to the OFF-state (e.g. a relay de-energizes or a relay fails to energize) without a demand
from the process.
“annunciation (A)”:
An annunciation failure (A) is defined as a failure that does not directly impact safety but
does impact the ability to detect a future fault (such as a fault in a diagnostic circuit). When
calculating the SFF this failure mode is not taken into account. It is also not part of the safety
functions total failure rate.
“no effect (#)”:

A no effect failure (#) is defined as a failure of a component that is part of the safety function
but has no effect on the safety. When calculating the SFF this failure mode is not taken into
account. It is also not part of the safety functions total failure rate.
“not considered (!)”:

Not considered (!) means that this failure mode was not considered. When calculating the
SFF this failure mode is divided into 50% safe and 50% dangerous undetected failures. If this
failure mode is used it should be used for all failure modes of the considered part.
“not part (-)”:

Not part (-) means that this component is not part of the safety function but part of the circuit
diagram and is listed for completeness. When calculating the SFF this failure mode is not
taken into account. It is also not part of the safety functions total failure rate.
Note:
A DC (Diagnostic Coverage) factor can be applied to all failure modes so that the
corresponding detected / undetected distribution is generated.

3.3 General assumptions

The following general assumptions have been made during the FMEDA
FMEA_SIL_REPORT.xls of the modules:
 Failure rates are constant, wear out mechanisms are not included.
 Failure rates are bases on the Siemens standard SN29500
 Propagation of failures is not assumed
 Component failure modes are fully known (Type A device)
 The repair time after a safe failure is 8 hours (component is not repaired but
exchanged)
 The beta-factor has been calculated to 2% for the redundant parts
 Average ambient temperature is assumed to 40°C – For higher ambient temperatures

an experience based multiplier of 2.5 should be applied to the failure rates.
 The de-rating given in the documentation needs to be considered
3.4 Assumptions for low demand application

The following assumption and advice only apply for low demand application of the device:
 No DC was applied while the FMEDA for low demand was performed.
 While the proof test of the device may be longer than four years we recommend
switching at least once in four years to counteract cold welding of the contacts.
 The failure rate of the relays was divided into 80% safe and 20% dangerous failures
while in low demand of operation.
3.5 Assumptions for high demand application

The following assumptions only apply for high demand application of the device:
 It is of no sense to apply a constant failure rate to a relay while it is in a frequently

switching application. Failures in high demand do not only occur random but the wear
out plays a significant role. To reflect this, the failure rate for the relays for high
demand application has been determined by the use of the B10d method as
described in EN ISO 13849. The following operating conditions were applied:
o dop (days of operation) = 365d
o hop (hours of operation) = 24h

o tcycle (time for one cycle in seconds) = 3600s (1/h)

o B10d for AC15, 5A load = 300,000 cycles (K1/K2)
The failure rate of the relays was divided into 50% safe and 50% dangerous failures while
in high demand of operation.
 A Switching frequency lower than one cycle per hour has no effect on the failure rate.
3.6 Subsystems of the module

The ESAM4 modules can be divided into a non redundant input circuit with a HFT of 0 and a
redundant relay part with a HFT of 1. In combination the whole module is seen as a Type-A
module with a HFT of 0. See figure 1 for illustration.
ESAM4 … Subsystems and HFTs
ESAM4…
Input Circuit Relay Circuit

1oo1 Structure 1oo2(D) Structure
1oo1 Structure with HFT=0
Figure 1
The relay Circuit consists of two relay based channels.

3.7 High demand DTS mode

The following chapters present the results of the FMEDA and carry out calculations to get
combined values according to a 1oo1 structure. The assumed mode of operation is high
demand.
3.7.1 Raw results of the FMEDA – High demand

The results for high demand mode of operation are presented in the following three figures.
Figure 2 shows the results for the input circuit and the transformation of the results into IEC
61508 format while figure 3 and 4 shows the results for the relay channels 1 and 2.
Results for Input circuit
Figure 2
The total failure rate λ_IC is the total failure rate of the safety function within the input circuit. It
does not include not-part failures.

Results for relay channel 1
Figure 3
The total failure rate λ_Ch is the total failure rate of the safety function within one channel. It

Figure 4

3.7.2 Calculation for the input circuit

The input circuit is already a 1oo1 structure so the raw results can be used for later
calculations without any further calculations.
Input Circuit
1oo1 Structure
λSD_SC = 2,84E-08
λSU_IC = 2,84E-08
λDD_IC = 0,00E+00
λDU_IC = 0,00E+00

3.7.3 Calculation for the redundant structure
The following calculations are carried out using the lambda values in IEC 61508 form.
Relay Circuit
1oo2D Structure
HFT=1
ß = ßD = 2% (common cause factor)
T1 = 240m = 20a (proof test interval = useful lifetime)
TD = 1h (Diagnose time = cycle time)
     T
DU_RC 1 DU_Ch1 DU_Ch2 T1 1D DD_Ch1 DD_Ch2    DU_Ch1 DU_Ch2 D  DD_Ch1 DD_Ch2  D
2 2 TD2
T1  2   2  T1
Because TD << T1 the above formula can be simplified:
λDU_RC = (1-ß)² * λDU_Ch1 * λDU_Ch2 * T1 + ß * (λDU_Ch1 + λDU_Ch2)/2

λDU_RC = 5,04E-10
Because TD << T1 the above formula is simplified.
λD_RC = (1-ß)² * λD_Ch1 * λD_Ch2 * T1 + ß * (λD_Ch1+λD_Ch2)/2

λD_RC 3,13E-08
λDD_RC = λD_RC - λDU_RC

λDD_RC 3,08E-08

λSD_RC = λSD_Ch1 + λSD_Ch2

λSD_RC 4,77E-07
λSU_RC = λSU_Ch1 + λSU_Ch2

λSU_RC 4,77E-07
λS_RC = λSD_RC + λSU_RC

λS_RC 9,54E-07
λ RC = λS RC + λD RC
λ_RC 9,85E-07
3.7.4 Combined values according to 1oo1 structure
ESAM4…

1oo1 Structure 1oo2D Structure
1oo1D Structure with HFT=0
Figure 5
λDU = λDU IC + λDU RC
λDU (= PFH) 5,04E-10

λDD = λDD_IC + λDD_RC

λDD 3,08E-08
λSU = λSU IC + λSU RC
λSU 5,05E-07
λSD = λSD_IC + λSD_RC

λSD 5,05E-07
λTotal = λ_DU + λ_DD + λ_SD + λ_SU

λTotal 1,04E-06
SFF = 1 - ( λDU / λTotal )

SFF 99,95%
= λ-_IC + λ#_IC + λAU_IC + λAD_IC+ 2 * λ-_Ch + 2 * λ#_Ch + 2 * λAU_Ch + 2 *

λ-#_Total λAD_Ch
λ-#_Total 0,00E+00
(no part, no effect and annunciation failures)
MTBF [h] = MTTF+ MTTR = 1/( λTotal + λ-# Total) + 8h

MTBF [a] 109,61

3.7.5 FMEDA results for DTS high demand mode
Table 1: Results for DTS high demand mode of the modules according to 1oo1
structure
Mode of operation high demand
HFT 0
SIL 3
λSD 505 FIT
λSU 505 FIT
λDD 30,8 FIT
λDU 0,5 FIT
λTotal 1040 FIT
SFF 99,95 %
MTBF 1) 109,61 years
PFH 0,5* 10-9 1/h
T1max 20 years
Useful Lifetime 20 years
1)
hours

3.8 Low demand DTS mode

The following chapters present the results of the FMEDA and carry out calculations to get
combined values according to a 1oo1 structure. The assumed mode of operation is low
demand.
3.8.1 Raw results of the FMEDA – Low Demand

The results for low demand mode of operation are presented in the following three figures.
Figure 5 shows the results for the input circuit and the transformation of the results into IEC
61508 format while figure 6 and 7 showing the results for the relay channels 1 and 2.
Results for Input circuit
Figure 6
The total failure rate λ_IC is the total failure rate of the safety function within the input circuit. It

Figure 7

Figure 8

3.8.2 Calculation for the input structure

The input circuit is already a 1oo1 structure so the raw results can be used for later
calculations without any further calculations.
Input Circuit
1oo1 Structure
λSD_IC = 0,00E+00
λSU_IC = 5,67E-08
λDD_IC = 0,00E+00
λDU_IC = 0,00E+00

3.8.3 Calculation for the redundant structure

The following calculations are carried out using the lambda values in IEC 61508 form.
Relay Circuit
1oo2 Structure
HFT=1
ß = 2% (common cause factor)
T1 = 66m = 5.5a (proof test interval)
Max. SIL fraction = 15%
 DU _ Ch1  DU _ Ch 2 

DU _ RC  1   2  DU _ Ch1  DU _ Ch 2  T1     
 2 
( DC = 0%  simplified formula)
λDU_RC = (1-ß)² * λDU_Ch1 * λDU_Ch2 * T1 + ß * (λDU_Ch1 + λDU_Ch2)/2

λDU RC = 6,39E-09
λDD_RC = (1-ßD)² * λDD_Ch1 * λDD_Ch2 * T1 + ßD * (λDD_Ch1 + λDD_Ch2)/2

λDD_RC 0,00E+00
λSD_RC = 2 * ((λSD_Ch1 + λSD_Ch2)/2

λSD_RC 0,00E+00
λSU RC = 2 * (λSU Ch1 + λSU Ch2)/2
λSU_RC 1,74E-06

λ_RC = λSD_RC + λSU_RC + λDD_RC + λDU_RC

λ_RC 1,75E-06
3.8.4 Combined values according to 1oo1 structure
ESAM4…

1oo1 Structure 1oo2 Structure
1oo1 Structure with HFT=0
Figure 9
λDU = λDU_IC + λDU_RC

λDU 6,39E-09
λDD = λDD_IC + λDD_RC

λDD 0,00E+00
λSU = λSU_IC + λSU_RC

λSU 1,80E-06
λSD = λSD IC + λSD RC
λSD 0,00E+00

λTotal = λ_DU + λ_DD + λ_SD + λ_SU

λTotal 1,80E-06
1
PFDav(T1  1a )   DU  T1
2
PFDav(T1=1a) = 2,80E-05
SFF = 1 - ( λDU / λTotal )

SFF 99,65%
T1max(max. SIL fraction) = (xx% of SIL3) / PFDav(T1)
T1max(max. SIL fraction) [a] 5,36

proof test interval T1max is limited to XX months by the result of the
FMEA *.xls carried out in the calculation sheet LD PFDav .
= λ-_IC + λ#_IC + λAU_IC + λAD_IC+ 2 * λ-_Ch

λ-# Total + 2 * λ#_Ch + 2 * λAU_Ch + 2 * λAD_Ch
λ-#_Total 0,00E+00
(MTTR:=8h)
MTBF [h] = MTTF+ MTTR = 1/( λTotal + λ-# Total) + 8h

MTBF [a] 63,33

3.8.5 FMEDA results for DTS low demand mode

Table 2: Results for DTS low demand mode of the modules according to 1oo1
structure
Mode of operation Low demand
HFT 0
SIL 3
λSD 0 FIT
λSU 1796 FIT
λDD 0 FIT
λDU 6.4 FIT
λTotal 1802 FIT
SFF 99.65 %
MTBF 1) 63.33 years
PFDavg for T1 = 1 year 2.08 * 10-5

T1max 5.36 years
1)
hours
4 Proof Test
The
PSR-S..P- 24UC/ESAM4/3X1/1X2/B (short ESAM4_B)
PSR-S..P- 24UC/ESAM4/2X1/1X2 (short ESAM4)
can be proof tested by simply de-energizing the module and restarting it. If the module
should not start both relays (Status LED K1 and Status LED K2), it must be changed.
Proof testing has to be done every 5.5 years in low demand DTS (De-energized to Safe)
applications. In high demand DTS applications with applied diagnostics no special proof test
has to be made within the useful lifetime of the module. At the end of the lifetime no proof
test shall be made but the module should be exchanged. The lifetime of the module can be
limited by the number of switching cycles. This should be considered during layout of the
safety function.

SIL Safety Considerations 24UC ESAM4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SIL Safety Considerations 24UC ESAM4

Uploaded by

Copyright:

Available Formats

SIL Safety Considerations

SIL Safety Considerations

Phoenix Contact GmbH & Co. KG

Fail Safe Relay for Process Applications

Author H. Peter Revision: 0.0 Page 1 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

Author H. Peter Revision: 0.0 Page 2 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

Rev. Author Date Remarks

No. Name Author Rev. Date

[3] FMEA_SIL_REPORT.xls H.Peter 03.03.2011

Author H. Peter Revision: 0.0 Page 3 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

The PSR-S..P-24UC/ESAM4… is considered as a multi-role relay for use in process and

Author H. Peter Revision: 0.0 Page 4 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

PFDavg for T1 = 1 year 2.08 * 10-5

Author H. Peter Revision: 0.0 Page 5 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

2 Brief Description of the modules

Internal structure of the PSR-ESAM4/3X1_B:

Author H. Peter Revision: 0.0 Page 6 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

Internal structure of the PSR-ESAM4/2X1:

Input A1-A2: The input signal can be AC or DC voltage.

The input circuit is protected by a varistor.

Input S11-S12, S21-S22: Sensor circuits

Input S34: Start and Feedback Circuits

Author H. Peter Revision: 0.0 Page 7 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

Author H. Peter Revision: 0.0 Page 8 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

3 Failure Modes, Effects and Diagnostic Analysis

3.1 Definition of the modules safe state

3.2 Definition of the used failure modes

Author H. Peter Revision: 0.0 Page 9 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

“fail high (H)”:

“fail low (L)”:

“no effect (#)”:

“not considered (!)”:

“not part (-)”:

Author H. Peter Revision: 0.0 Page 10 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

3.3 General assumptions

 Average ambient temperature is assumed to 40°C – For higher ambient temperatures

3.4 Assumptions for low demand application

3.5 Assumptions for high demand application

 It is of no sense to apply a constant failure rate to a relay while it is in a frequently

Author H. Peter Revision: 0.0 Page 11 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

o tcycle (time for one cycle in seconds) = 3600s (1/h)

3.6 Subsystems of the module

ESAM4 … Subsystems and HFTs

Input Circuit Relay Circuit

1oo1 Structure with HFT=0

The relay Circuit consists of two relay based channels.

Author H. Peter Revision: 0.0 Page 12 of 28

Date: 2011-11-23 Date/Author: 2012-02-13 / H. Peter

3.7 High demand DTS mode

3.7.1 Raw results of the FMEDA – High demand

Results for Input circuit

Author H. Peter Revision: 0.0 Page 13 of 28