Fisher IM Supplement: Safety manual for FIELDVUE DVC6200 SIS Digital Valve Controller, Position Monitor, and LCP200 Local Control Panel Manuals & Guides

Instruction Manual Supplement

D103601X012

DVC6200 SIS Digital Valve Controller

February 2022

Safety manual for Fisher™ FIELDVUE™ DVC6200
SIS Digital Valve Controller, Position Monitor,
and LCP200 Local Control Panel

This supplement applies to

Instrument Level SIS
Device Type 130a
Hardware Revision 2
Firmware Revision 7
Device Revision 103
DD Revision 701

1. Purpose

This safety manual provides information necessary to design, install, verify and maintain a Safety
Instrumented Function (SIF) utilizing the Fisher DVC6200 SIS digital valve controller. The DVC6200
SIS can be installed with a local control panel (LCP200). This document must be thoroughly
reviewed and implemented as part of the safety lifecycle. This information is necessary for
meeting the IEC 61508 or IEC 61511 functional safety standards.

WARNING

This instruction manual supplement is not intended to be used as a stand-alone document. It must be used in conjunction
with the following documents:
Fisher DVC6200 Series Quick Start Guide (D103556X012
Fisher DVC6200 SIS Instruction Manual (D103557X012
Fisher LCP200 Instruction Manual (D104296X012

Failure to use this instruction manual supplement in conjunction with the above referenced documents could result in
personal injury or property damage. If you have any questions regarding these instructions or need assistance in obtaining
any of these documents, contact your Emerson sales office

)

)

)

.

www.Fisher.com

DVC6200 SIS Digital Valve Controller

February 2022

Instruction Manual Supplement

D103601X012

2. Description of the Device

The Fisher DVC6200 SIS digital valve controller is an instrument which delivers controlled
pneumatic pressure to modulate a valve actuator in response to an electrical signal. An optional
valve position monitor will either transmit a 420 mA signal in response to the actual valve travel or
open and close a discrete limit switch based on a configurable trip point. An LCP200 can be used in
conjunction with the DVC6200 SIS to locally open and close a safety shutdown valve as well as
initiating a partial stroke test.

This safety manual applies to the DVC6200 SIS instrument with electronics hardware revision 2
(HW2) and firmware revision 4, 5, 6, and 7 with the following product options.

OPTION

MODEL CONSTRUCTION

DVC6200 SIS Integral, Aluminum n n n n n n n n

DVC6200S SIS

DVC6205 SIS
DVC6215

Integral,
Stainless Steel

Remote Mount
Aluminum

DETT ETT 4-20 mA 24 VDC

n n n n n n n n

(1)

,

n n n n n n n n

Double-

Acting

Direct

Single-

Acting

Reverse

Single-

Acting

Direct

Position
Monitor

APPLICATION

DETT n n n n n n n
ETT n n n n n n
4-20 mA n n n n n n n
24 VDC n n n n n n

1. The Remote Mount construction is not available with the DVC6200 SIS High Cv option.

Accessories

LCP100/LCP200Local Control Panel, HART Only
LC340Line Conditioner, 24 VDC

2

Instruction Manual Supplement

D103601X012

DVC6200 SIS Digital Valve Controller

February 2022

3. Terms, Abbreviations, and Acronyms

β Beta factor for common cause effects of failure

DD

DETT Deenergize to Trip

DTM

DVC6200 SIS Digital Valve Controller, product model designation for Safety Instrumented System applications
ESD Emergency Shut Down
ETT Energize to Trip
FIT Failure In Time (1x109 failures per hour)
FMEDA Failure Mode Effect and Diagnostic Analysis

HART

HCv1

HCv2

HCv3 Pneumatic booster with an exhaust Cv of 6.2 and a fill Cv of 3.2 for single direct acting.
HFT Hardware Fault Tolerance

λ

LC340

LCP100
LCP200
Low Demand
Mode

Multidrop

PFD

AVG

PointtoPoint Operating mode of the DVC6200 SIS whereby the instrument is powered with 420 mA.
PVST Partial Valve Stroke Test

Relay A

Relay B

Relay C

Safety Freedom from unacceptable risk of harm.
Safety
Function
SFF Safe Failure Fraction
SIF Safety Instrumented Function
SIL Safety Integrity Level
SIS Safety Instrumented System
SOV Solenoid Operated Valve
Type A
Element
Type B
Element

Device Description, an electronic data file that describes specific features and functions of a
device to be used by host applications.

Device driver that provides a unified structure for accessing device parameters, configuring and
operating the devices, and diagnosing problems.

Highway Addressable Remote Transducer, open protocol for digital communication
superimposed over a direct current.
Pneumatic booster with a Cv of 1.2 for double acting and both single direct and reverse acting.
(Note: single-acting reverse certified for ETT applications only.)
Pneumatic booster with a Cv of 3.2 for double acting and both single direct and reverse acting.
(Note: single-acting reverse certified for ETT applications only.)

Failure rate. λDD: dangerous detected; λDU: dangerous undetected; λSD: safe detected; λSU: safe
undetected.
Line Conditioner; product model designation for a device that is inserted in the loop when the
instrument (in Multidrop Mode) is powered with a lowimpedance 24 V source, to enable HARTr
communications.
Local Control Panel; product model designation for a device that can be connected to a DVC6200
SIS instrument to enable manuallyinitiated functions.
Mode of operation of a safety instrumented function where the demand interval is greater than
twice the proof test interval.
Operating mode of the DVC6200 SIS where the instrument controls the current drawn to enable
it to be powered with 24 VDC.
Average Probability of Failure on Demand

Pneumatic booster relay for double or single acting applications. Typical construction for double
acting DETT applications.
Pneumatic booster relay for single acting reverse applications. Typical construction for single
acting ETT applications.
Pneumatic booster relay for single acting direct applications. Typical construction for single
acting DETT applications.

Function of a device or combination of devices intended to be used within a Safety Instrumented
System to reduce the probability of a specific hazardous event to an acceptable level.

“NonComplex” element (using discrete components); for details see 7.4.4.1.2 of IEC 615082.

“Complex” element (using complex components such as micro controllers or programmable
logic); for details see 7.4.4.1.3 of IEC 615082.

3

DVC6200 SIS Digital Valve Controller

February 2022

4. Related Literature

D Fisher DVC6200 Series Quick Start Guide (D103556X012)

Instruction Manual Supplement

D103601X012

D Fisher DVC6200 SIS Instruction Manual (D103557X012

D 62.1:DVC6200 SIS, Fisher DVC6200 SIS Product Bulletin (D103555X012

D HART Field Device Specification for Fisher DVC6200 SIS (D103638X012

D Fisher LCP200 Local Control Panel Instruction Manual (D104296X012

D 62.1:LCP200, Fisher LCP200 Local Control Panel Product Bulletin (D104313X012

)

)

)

)

)

D IEC 61508: 2010 Functional safety of electrical/electronic/programmable electronic

safetyrelated systems

D ANSI/ISA 84.00.012004 (IEC 61511 Mod.) Functional Safety – Safety Instrumented Systems for

the Process Industry Sector

D Exida FMEDA Report for Fisher DVC6200 SIS, Position Monitor Applications 

Report No. EFC 12/02027 R001

D Exida FMEDA Report for Fisher DVC6200 SIS, DETT and ETT Applications 

Report No. EFC 12-02-027 R004 V3 R0

D Exida FMEDA Report for Fisher DVC6200 SIS Digital Valve Controller with High Cv Option, ESD

DETT applications - Report No. EFC 12/02-037 R002 V2 R3

D Exida FMEDA Report for Fisher DVC6200 SIS Digital Valve Controller with High Cv Option, ESD

ETT applications - Report No. EFC 14/03-045 R001 V1 R5

4

Instruction Manual Supplement

D103601X012

DVC6200 SIS Digital Valve Controller

5. General Requirements

WARNING

To ensure safe and proper functioning of equipment, users of this document must carefully read all
instructions, warnings, and cautions in this safety manual and the Quick Start Guide.

D Refer to the Fisher DVC6200 SIS Quick Start Guide (D103556X012) for mounting and

configuration.

February 2022

D If a LCP200 is used, refer to the Fisher LCP200 instruction manual (D104296X012

configurations and mounting.

D Tools needed:

DVC6200 SIS

D Flat Head Screwdriver, 3 mm Thin Blade (wiring terminations)

D Phillips Screwdriver

D 3/8” Hex Key (terminal box conduit plug)

D 6 mm Hex Key (module base screws)

D 5 mm Hex Key (terminal box screw)

D 2.5 mm Hex Key (I/P converter screws)

D 1.5 mm Hex Key (terminal box cover screw)

D 9/64” Hex Key (spool valve screws, HCv1)

D 3 mm Hex Key (spool valve screws, HCv2 and HCv3)

LCP200

) for wiring

D Phillips Screwdriver (ground screw)

D Flat Head Screwdriver, 3 mm Thin Blade (wiring terminations)

D 10 mm Hex Key (cable entry plug)

D 4 mm Hex Key (terminal cover screw)

D 2.5 mm Hex Key (LED module screw, front panel screw)

D Torque wrench capable of 2 - 2.5 N•m (18 - 22 lb•in) (terminal cover screw)

D Personnel performing maintenance and testing on the DVC6200 SIS and LCP200 shall be

competent to do so.

5

DVC6200 SIS Digital Valve Controller

February 2022

Instruction Manual Supplement

D103601X012

6. Safety Instrumented System Design

When using the DVC6200 SIS digital valve controller or DVC6200 SIS with the LCP200 in a safety
instrumented system, the following items must be reviewed and considered.

6.1 SIL Capability

6.2 Safety Function

6.3 Failure Rates

6.4 Application Limits

6.5 Environmental Limits

6.6 Application of the Switch Output for Diagnostic Annunciation

6.1. SIL Capability

D Systematic Integrity

SIL 3 Capable— the digital valve controller has met manufacturer design process
requirements of IEC 61508 Safety Integrity Level 3.

D Random Integrity

D The digital valve controller is classified as a Type A device according to IEC 61508. The

complete final element subsystem will need to be evaluated to determine the SFF. If the
SFF of the subsystem is >90%, and the PFD

< 103, the design can meet SIL 3 @ HFT=0.

avg

D The position monitor is classified as a Type B device according to IEC 61508. The

complete final element subsystem will need to be evaluated to determine the SFF. If the
SFF of the subsystem is >90%, and the PFD
If the SFF of the subsystem is between 60% and 90%, and the PFD

< 102, the design can meet SIL 2 @ HFT=0.

avg

< 101, the design

avg

can meet SIL 1 @ HFT=0.

D The LCP200 is classified as a Type B device per IEC61508. If the SFF of the relay output

state change subsystem is >90% and the PFD

avg

0. If the SFF of the subsystem is between 60% and 90%, and the PFD

< 10

2,

the design can meet SIL2 @ HFT =

< 101, the design

avg

can meet SIL 1 @ HFT=0.

6

Instruction Manual Supplement

D103601X012

DVC6200 SIS Digital Valve Controller

February 2022

6.2. Safety Function

D Deenergize to Trip Application: The application of the digital valve controller is limited for SIS

to low demand mode. Table 1 describes the normal and safe states of DVC6200 SIS for a DETT
configuration. The digital valve controller may be operated with one of the following control
signals:

D 024 VDC: Normal operation is with a 24 VDC signal applied to the digital valve

controller. A shutdown command is issued by interrupting the loop or taking the
voltage signal to 1 VDC or less.

D 420 mA: Normal operation is with a 20 mA current loop signal to the digital valve

controller. A shutdown command is issued by taking the current signal to 4 mA
(nominal). If a looppowered LCP100/LCP200 is attached, the shutdown command is
issued by taking the current signal to 8 mA (nominal).

Table 1. Normal and Safe States for De-Energize to Trip (DETT) Application

Action Output Type

Direct

Single

Reverse

Double Direct

1. DVC6200 SIS High Cv option is not certified for single-acting reverse DETT application.

(1)

Input Voltage or

Current

0 VDC or 4 mA Port A < 1 psi

24 VDC or 20 mA

0 VDC or 4 mA

24 VDC or 20 mA Port B < 1 psi

0 VDC or 4 mA

24 VDC or 20 mA

Normal State Safe State

Port A

≥ 95% of Supply

Output B ≥ Supply

Pressure less 5 psi

Port A pressure

≤ Port B pressure

Port A ≥ 95% of Supply

Port B < 1 psi

D Energize to Trip Application (a less common application): The application of the digital valve

controller is limited for SIS to low demand mode. Normal operation is with a 4 mA current
loop signal to the digital valve controller. If a looppowered LCP100/LCP200 is attached,
normal operation is with an 8 mA (nominal) current loop signal to the digital valve controller.
Table 2 describes the normal and safe states of DVC6200 SIS for an ETT configuration. A
shutdown command is issued by taking the current signal to 20 mA (nominal).

Table 2. Normal and Safe States for Energize to Trip (ETT) Application

Action Output Type Input Current Normal State Safe State

Single Reverse

Double Direct

4 mA Port B ≥ 95% of Supply

20 mA Port B < 1 psi

4 mA

20 mA

Port A < 1 psi

Port B ≥ 95% of Supply

Port A ≥ Port B

pressure

D Position Monitor Application: The safety function of the position transmitter output is to

transmit a 420 mA analog signal that represents valve position. The safety function of the
limit switch output is to transmit a discrete signal that represents a user configurable

7

DVC6200 SIS Digital Valve Controller

February 2022

Instruction Manual Supplement

threshold of valve position. Table 3 describes the normal and alarm states of the Position
Monitor function of the DVC6200 SIS.

Table 3. Normal and Alarm States for the Position Monitor Application

Output Function Normal State Accuracy Alarm State

420 mA

Position Transmitter

0/1A

Limit Switch

1. Configurable high or low. Values are per NAMUR NE43. Fail high when the instrument is powered.

2. On loss of loop circuit power, the limit switch will go to the open state.

Actual Valve Position 5%

CLOSED 5% OPEN

>22.5 mA or

<3.6 mA

(1)

(2)

D LCP200

D The LCP200 will respond to a local TRIP button press with a change of state of the Trip

relay output.

D The LCP200 will respond to a local RESET button press with a change of state of the reset

relay output.

6.3. Failure Rates

D103601X012

The failure rate data listed in tables 4, 5, 6, 8, 7, 9, and 10 is only valid for the 15year useful
lifetime of the DVC6200 SIS digital valve controller and the LCP200, when used. The failure rates
will increase after this time period. Reliability calculations based on the data listed in the FMEDA
report for mission times beyond the useful lifetime may yield results that are too optimistic, i.e.
the calculated Safety Integrity Level will not be achieved. When used, the LCP100/LCP200 failure
rates and the LC340 failure rates are to be added to the failure rates of the DVC6200 SIS. These
failure rates assume that the self test shutdowns in the DVC6200 SIS are disabled. Consult the
FMEDA report for a detailed list of the assumptions used in the analysis.

Table 4. Failure Rates for DVC6200 SIS with 024 VDC or 420 mA Control Signal, DETT

Failure Rate (in FIT)

DVC6200 SIS

Failure

Category

Fail Safe
Detected

Fail Safe
Undetected

Fail Dangerous
Detected

Fail Dangerous
Undetected

No Effect 1,060 1,636 884 1,460 27 - - ­Annunciation

Failure Detected
Annunciation

Failure
Undetected

1. This number can be subtracted from the annunciated failure undetected number when the DVC6200 SIS is configured to perform a SOV test.

Double Acting, Single

Acting, Direct Acting

w/PVST

Diagnostics

182 0 182 - - - - 62

143 325 132 314 29 34 19 0

72 0 103 - - - - -

44 117 52 155 1 2 - -

398 0 398 - - - - -

177 0 177 - - - - 62

Normal

Single Acting,

Reverse Acting

w/PVST

Diagnostics

Normal LCP100 LCP200

Adders for LCP Loop or

24V External Power

Non-Interfering

LC340

SOV
Test

Config.

(1)

8