Danfoss LLS 4000, LLS 4000U Safety guide
Safety Guide
LLS 4000/4000U
Safety Guide | LLS 4000/4000U
Contents Introduction .......................................................................................................................................................................................................................................................................................................................... 3
Scope of the document ............................................................................................................................................................................................................................................................................ 3
Revision history ........................................................................................................................................................................................................................................................................................................ 3
Device description .............................................................................................................................................................................................................................................................................................. 3
Device variants .......................................................................................................................................................................................................................................................................................................... 4
Related documentation............................................................................................................................................................................................................................................................................. 4
Terms and denitions ....................................................................................................................................................................................................................................................................................5
Specication of safety function ......................................................................................................................................................................................................................................................... 6
Preliminary requirements ........................................................................................................................................................................................................................................................................6
Denition of the safety function ................................................................................................................................................................................................................................................. 6
General notes .............................................................................................................................................................................................................................................................................................. 6
Definition of the safety function ...................................................................................................................................................................................................................................... 6
Process response time .....................................................................................................................................................................................................................................................................6
Safety function characteristics ........................................................................................................................................................................................................................................... 7
Safety application conditions (SAC) ...................................................................................................................................................................................................................................... 7
Operation ................................................................................................................................................................................................................................................................................................................................... 9
Conditions of use .................................................................................................................................................................................................................................................................................................. 9
Failure state .....................................................................................................................................................................................................................................................................................................................9
Switch output - relay ................................................................................................................................................................................................................................................................................... 9
Error conditions ....................................................................................................................................................................................................................................................................................................... 9
User parameters .........................................................................................................................................................................................................................................................................................................10
Limits for change of parameters .............................................................................................................................................................................................................................................10
Service .......................................................................................................................................................................................................................................................................................................................................... 11
Periodic maintenance ...............................................................................................................................................................................................................................................................................11
Availability of services ............................................................................................................................................................................................................................................................................... 11
Operation modes and proof tests ........................................................................................................................................................................................................................................11
Continuous and high demand mode .................................................................................................................................................................................................................. 11
Low demand mode ........................................................................................................................................................................................................................................................................11
Proof test ........................................................................................................................................................................................................................................................................................................11
Equipment needed .......................................................................................................................................................................................................................................................................... 12
How to make sure that the device installation is correct ...........................................................................................................................................................12
How to make sure of the relay output capability .................................................................................................................................................................................13
How to make sure of the correct behavior of the device ............................................................................................................................................................13
Troubleshooting .................................................................................................................................................................................................................................................................................................14
Technical Data ...............................................................................................................................................................................................................................................................................................................15
Characteristics for the device safety function ..................................................................................................................................................................................................15
Assumptions .............................................................................................................................................................................................................................................................................................................16
FMEDA is applicable for the conditions that follow: ........................................................................................................................................................................16
Support for SIL-approved devices ........................................................................................................................................................................................................................................16
Appendix ............................................................................................................................................................................................................................................................................. 17
Proof test report form (for copying) ..................................................................................................................................................................................................................................17
2 | BH331633043895en-000501
© Danfoss | Climate Solutions | 2022.03
Safety Guide | LLS 4000/4000U
Introduction Scope of the document
This document supplies functional safety data about the device. This data agrees with the IEC 61508
standard.
General hint
This level detector is a functionally-safe level detector. It may be deployed within safety critical
systems requiring the safety function (for more data, refer to Specication of the safety function on
page 7) at a safety integrity level 2.
In case of a detected potentially hazardous failure, the system performs a safety reaction to bring the
device to a safe state, which is indicated by a safe position on the output relay. Depending on the
failure class, the device will resume the detection mode as soon as the cause of the failure disappears
(application dependent failure) or remains in failure mode (internal system failure). In the latter case,
operator’s interaction is required to restart the detection mode.
For safe operation, the operator / integrator must full some conditions. These conditions are dened
as Safety Application Conditions (SAC). For more data, refer to Safety application conditions (SAC) on
page 7.
INFORMATION!
The data in this supplement only contains the data applicable to the SIL approval. The technical data
for the standard version in the Datasheet (document [N1]) shall be valid, provided that it is not
rendered invalid or replaced by this supplement. If necessary, parts of document [N1] are referenced herein.
INFORMATION!
Installation, commissioning and maintenance may only be carried out by approved personnel.
Device description
Detections are given through 1 output options:
• one switch output - relay
Detections can also be displayed via an application on a smart device with Bluetooth connection. The
switch output - relay is the safety function.
When the device detects a measurement error, it switches the output relay to “safe” position. The “safe”
position is the OPEN state.
Refer also to “Device description” in the Datasheet (document [N1]).
© Danfoss | Climate Solutions | 2022.03
BH331633043895en-000501 | 3
Safety Guide | LLS 4000/4000U
x
Device variants
The model name for the level transmitter and its options are identied by the VF type code on the
device nameplate.
The SIL variant of the device shows a SIL2 logo on the device nameplate. When this logo appears on
the device nameplate, the device is delivered for safety applications If this logo does not appear on
the device nameplate, the device shall not be used for safety applications.
xxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxx
xxxxxxxx
xxxxxxx
S/N: xxxxxxxxxxxxxxxx
Supply: 24 V DC 80 mA
Connection type: xxxxxxxx / xxxx
MWP (PS): 65 bars
Process temp.: -50°C to +120°C
MD: xxxx/xx IP66/IP67
FCC ID:
IC: 1991D-SWSILBT01 CMIIT: xxxxxxxxxxx
xxxxxxxxxxxxxxxx
xxxxxxxx xxxx
xxxx/xx
Q6BSWSILBT01
xxx PV01
xxxxxxxxxxx
Danfoss A/S, 6430 Nordborg, Denmark
MADE IN FRANCE
lbl. nr. FZ 4007312201
Figure 1-1: Location of the SIL logo on the device nameplate is in the middle right
Related documentation
[N1] LLS 4000 Datasheet AI323832972563
[N2] IEC 61508-1 to 7: 2010 Functional safety of electrical / electronic / programmable electronic
safety-related systems
[N3] Liquid Level Switch Installation guide/Quick start AN317523977313
4 | BH331633043895en-000501
© Danfoss | Climate Solutions | 2022.03
Safety Guide | LLS 4000/4000U
Terms and denitions
DC
D
Diagnostic Coverage of dangerous failures
Firmware Software embedded in the device
FIT Failure In Time (1×10-9 failures per hour)
FMEDA Failure Modes, Eects and Diagnostics Analysis
FRT Fault Response Time (diagnostic test interval + Fault Reaction Time)
HFT Hardware Fault Tolerance
High demand or
continuous mode
λ
DD
λ
DU
λ
SD
λ
SU
Low demand mode
Where the frequency of demands for operation made on a safety-related system is greater
than one time per year
Rate for dangerous detected failure
Rate for dangerous undetected failure
Rate for safe detected failure
Rate for safe undetected failure
Where the frequency of demands for operation made on a safety-related system is no
greater than one time per year
MTBF Mean Time Between Failures
MTTF Mean Time To Failure
MTTR Mean Time To Recovery
PFD
AVG
Average Probability of Failure on Demand
PFH Probability of a dangerous Failure per Hour
Process safety time
Safety Application
Conditions
The time interval between a potentially dangerous failure and an error value from the
current output
Conditions that are demands to be observed when using a safety related system or subsystem
SFF Safe Failure Fraction
SIL Safety Integrity Level
SIS Safety Instrumented System
Measure (expressed on a scale of SC 1 to SC 3) of the condence that the systematic safety
Systematic Capability
integrity of an element meets the requirements of the specied SIL, in respect of the
specied element safety function, when the element is applied in accordance with the
instructions
Type A system
Type B system
"Non-complex" system (all failure modes are well dened). For more data, refer to
subsection 7.4.3.1.2 of IEC 61508-2
"Complex" system (all failure modes are not well dened). For more data, refer to
subsection 7.4.3.1.2 of IEC 61508-2
T[Proof] Proof Test Interval
T[Repair] Time to Repair
T[Test] Internal Diagnostics Test Interval
2oo2 2 out of 2 channels architecture
© Danfoss | Climate Solutions | 2022.03
BH331633043895en-000501 | 5
Safety Guide | LLS 4000/4000U
Specication of
safety function
Preliminary requirements
The device must be operated within the process and ambient conditions specied in the Datasheet
(document [N1]) of the device.
The following chapter denes additional conditions, which have to be obeyed for safety applications
Denition of the safety function
General notes
The device contains a safety function that agrees with International Standard IEC 61508 (document [N2])
This safety function operates if the device detects a liquid in front of it.
Denition of the safety function
Within a maximum fault response time of 10s, the device sets its output relay to its fundamental state
(open) if the level of a specied liquid in a tank has reached the middle of the sensing interface ±5 mm
tolerance.
The safety integrity level of this safety function is SIL2.
Fault response time
The fault response time is the time that is necessary for the device to go into safe state after an error
occurred in the safety function.
The maximum time is 10 seconds, as it is the time for the device to run all its internal diagnostics.
.
6 | BH331633043895en-000501
© Danfoss | Climate Solutions | 2022.03
Loading...