SIL
SIL
SIL
SAFETY MANUAL
Instrument Signal Connections
1
Surge Protection Devices
SD Series, SD07/16/32/55 all versions and SDRTD, SD150X, SD275X.
SLP07D, SLP16D, SLP32D. IOP Series, all versions. TP Series, TP24/7, TP-32, TP-48.
IEC 61508:2010
2
IEC 61508:2010
3
IEC 61508:2010
FUNCTIONAL SAFETY MANAGEMENT
These products are able to be used within a Safety
System conforming to the requirements of IEC
61508:2010 or IEC 61511. The products are not Safety
Elements but may be used to protect instrument loops
designed to achieve Safety Integrity Level of up to SIL3.
MTL is a certified Functional Safety Management company meeting the requirements of IEC61508 Part1:2010 clause 6.
SIL
SIL
SIL
CONTENTS
1 INTRODUCTION 3
1.1 Application and function 3
1.2 Variant Description 3
2 SYSTEM CONFIGURATION 5
2.1.1 Input/Output Characteristics 5
2.1.2 Associated System Components 5
1
IEC 61508:2010
2
IEC 61508:2010
3
IEC 61508:2010
3 SELECTION OF PRODUCT AND IMPLICATIONS 6
4 ASSESSMENT FOR USE IN FUNCTIONAL
SAFETY APPLICATIONS 6
4.1 EMC 8
4.2 Environmental 8
5 INSTALLATION 8
6 MAINTENANCE 8
7 APPENDICES 9
This manual supports the application of the products in functional safety related loops. It must be used in
conjunction with other supporting documents to achieve correct installation, commissioning and operation.
Specifically, the data sheet, instruction manual and applicable certificates for the particular product should be
consulted, all of which are available on the MTL web site.
In the interest of further technical developments, we reserve the right to make design changes.
PAGE 2
www.mtl-inst.com mtlenquiry@eaton.com
1 INTRODUCTION
1.1 Application and function
The products concerned in this manual are ‘Surge Protection’ devices which can be located in safe or hazardous areas
of a process plant to guard against the direct and indirect effects of lightning, or other transient overvoltage, on the
instrumentation and power signals. They are also designed and tested according to IEC 61643-21 (Low voltage surge
protective devices) for use in signal and communication loops.
The location, or mounting, of the surge protection device is a key parameter when considering the operation of the device
and the consequences of breakdown or failure upon the operation of the signal loop to which it is connected.
The TP family of products are designed to protect field-mounted equipment, such as process measurement transmitters
for level, flow, pressure, etc, by fixing directly into the cabling conduit entries of the housing. The SD, SLP and IOP Series
are mounted on DIN rail in a cabinet or enclosure to protect the measuring and control equipment that is usually located
in a control or equipment room.
Each module provides a hybrid surge protection circuit for one or two instrument loops. The devices are passive and
consume no loop current in normal operation.
There are no configuration switches or operator controls to be set on the modules – they perform a fixed function, related
to the model selected, and can be considered as wiring components that pass the process signals without alteration.
SIL
SURGE PROTECTORS SERIES
Note: The information given in this manual is intended to assist in the selection and application of surge protection
devices for instrumentation signals that are being used to provide functional safety according to the latest IEC 61508
and IEC 61511 standards.
Within the context of these standards the surge protection devices themselves do not perform a defined safety function
and thus a full assessment for functional safety to IEC 61508 would not be relevant. The products are regarded as wiring
components, providing connection and termination for the electrical signals, with the key concern being the reliability of
the signal transfer through the device.
See Appendix B where this position is affirmed by a notified certification body.
1.2 Variant Description
Functionally the surge protection devices are essentially the same, within a given Series, but the modules differ in the
maximum signal voltage they will conduct in normal operation.
The TP items become an integral part of the field transmitter and the SD/SLP/IOP models are selected to suit the specific
requirements for protection of one or more process loops.
PAGE 3
Typical internal construction of the devices is shown in the following diagrams:
*'7
5
7966
5
5
*'7
5
5
*'7
7966
7966
5
Figure 1 IOP Series surge protection arrangement, Figure 2 IOP Series surge protection arrangement, (dual channel)
(single channel)
*'7
5
7966
5
Figure 3 SD Series surge protection arrangement, (typical)
$
*'7
7UDQVPLWWHU
WHUPLQDOV
%
&
7966
0R9
0R9
Figure 4 TP Series surge protection arrangement, (Parallel)
PAGE 4
www.mtl-inst.com mtlenquiry@eaton.com
The surge protection devices covered by this manual are:
SD Series
SD07, SD16, SD32, SD55
SD**R, SD**X, SD**R3,
SD**T3, SD**X3
SD32-L, SD32-BL, SDRTD
SD150X, SD275X
SLP Series
SLP07D, SLP16D,
SLP32D
IOP Series
IOP32, IOP32D, IOP
HC32
TP Series
TP24/7, TP32, TP48**
2 SYSTEM CONFIGURATION
The surge protection devices may be used as protective wiring components in functional safety applications but
the devices are not considered as ‘safety elements’ conforming to the requirements of IEC 61508. As stated
previously, the protection devices limit the energy seen by instrument systems as a consequence of external
electrical events such as induced surges, voltage transients, etc arising from lightning strikes or high voltage
switching for example. Users of these surge protection devices can utilize the failure rate information contained in
this manual in a probabilistic model of a Safety Instrumented Function (SIF) to determine suitability of the safety
instrumented system to achieve the required Safety Integrity Level (SIL).
The figure below shows an example system configuration and specifies detailed interfaces to the safety related
system components. It does not aim to show all details of the internal module structure, but is intended to support
understanding for the application.
SIL
The SD/SLP/IOP modules are designed to protect the input into the safety plc from damaging transients and
surge. The yellow (hatched) area shows the safety relevant system connection.
Consideration must be given to the use of dual channel devices when considering the integrity of the
installation. A failure in one channel of a two channel device will require replacement of the complete
module and the downtime of the two loops connected.
Otherwise, functionally the single channel and dual channel units are the same.
2.1.1 Input/Output Characteristics
The SD/SLP/IOP/TP surge protectors are passive devices and do not modify or alter the signal in normal operation,
but simply limit electrical energy.
2.1.2 Associated System Components
The surge protectors are wiring components in the signal path between safety-related sensors or other field
devices and safety-related instruments or control systems.
PAGE 5
3 SELECTION OF PRODUCT AND IMPLICATIONS
The choice of surge protection component is made according to the location, signal type, signal level and operational
or maintenance considerations for the safety instrumented function rather than any safety aspect of the surge
components themselves.
See the previous comments regarding the nature of surge protection in relation to functional safety applications.
The information given in section 4 provides the hardware failure rates for the surge protection devices according to the expected
consequence of the failures upon the signal passing through the device. The user can thus assess the effect of such failures upon
the safety instrumented function.
4 ASSESSMENT FOR USE IN FUNCTIONAL
SAFETY APPLICATIONS
On their own, surge protection devices do not perform a safety function and are considered as wiring components within the
contexts of IEC 61508 and its associated standards. As such, the evaluation for use within a safety function, to a specific
SIL level of such products, is not possible. However, when used as part of a complete safety system, the product can be
assessed with regard to failure modes and effects on the overall system.
The hardware assessment shows that the surge protection devices:
• have a hardware fault tolerance of 0
• are classified as Type A devices (“Non-complex” component with well-defined failure modes)
• There are no internal diagnostic elements of these products.
The results of a Failure Mode and Effect Analysis to determine the hardware failure rate of the modules were determined
as follows:-
TP Parallel surge suppression devices
Failure mode
Detectable fault on signal* 11.4 12.1 7.6 15.1
Signal affected 6.4 5.4 3.5 7.0
Correct operation (failures have no effect) 42.9 22.9 20.1 40.2
* signal is driven outside normal operating range of 4/20mA and is detectable by the logic solver.
TP24/7 TP32 TP48 2W+G TP48 3/4W+G
Failure rate (FIT)
PAGE 6
www.mtl-inst.com mtlenquiry@eaton.com
SD series surge suppression devices
Failure rate (FIT)
Failure mode
Connected signal not affected 23.9 14.9 22.0 22.0 21.1
Connected signal interrupted 14.5 14.5 20.1 17.8 20.1
Errors in connected signal 1.5 1.5 6.9 5.9 9.0
Correct operation (failures have no effect) 51.4 32.4 51.3 49.9 50.1
(i) SDyy used to represent SD07, SD16, SD32 and SD55
(ii) z3 used to represent R3, T3 and X3
SLP series surge suppression devices
SD07/16/
32/55
SDyyR/X (i) SD07z3 (ii)
SD16/32/
55z3 (ii)
SIL
SDRTD
Failure mode
Connected signal not affected 70 70 70
Connected signal interrupted 76 76 76
Errors in connected signal 2 2 2
Correct operation (failures have no effect) 23 23 23
IOP series surge suppression devices
Failure mode
Connected signal not affected 5.4 5.4 5.4
Connected signal interrupted 65 65 65
Errors in connected signal 0 0 0
Correct operation (failures have no effect) 4.6 4.6 4.6
• FITs means failures per 10
• Reliability data for this analysis is taken either from the Electrical and Mechanical Component Reliability Handbook,
2006, by Exida L.L.C., or from IEC TR 62380:2004.
It is assumed that the device is installed, operated and maintained according to the product specification. The product
has been assumed to operate at an average ambient temperature of 40°C under normal conditions. For a higher average
temperature of 60°C, or if subject to frequent temperature fluctuation, the failure rates should be multiplied with an
experience based factor of 2.5.
9
hours or failures per thousand million hours.
SLP07D SLP16D SLP32D
IOP32 IOP32D IOP HC32
Failure rate (FIT)
Failure rate (FIT)
The information given here is to help the designer of a Safety Instrumented Function assess the impact of including surge
protection devices on the operation and availability of the instrument loops.
The surge devices themselves are not ‘safety elements’.
PAGE 7
4.1 EMC
The surge protection devices are designed for operation in normal industrial electromagnetic environment but, to support good
practice, modules should be mounted without being subjected to undue conducted or radiated interference, see Appendix A for
applicable standards and levels.
Any maintenance or other testing activity should only be conducted when the field loop is not in service, to avoid any possibility of
introducing a transient change in the field signal.
4.2 Environmental
The surge protection devices operate over the temperature range from -40°C to +70°C, and at up to 95% non-condensing relative
humidity.
The devices are intended to be mounted in a normal industrial environment without excessive vibration, as specified for the specific
product ranges. See Appendix A for applicable standards and levels.
Continued reliable operation will be assured if the exposure to temperature and vibration are within the values given in
the specification.
5 INSTALLATION
There are two particular aspects of safety that must be considered when installing the surge protection devices and these are:
• Functional safety (applicable when used in SIFs)
• Intrinsic safety (only applicable when used in intrinsic safety loops)
When required, reference must be made to the relevant sections within the instruction sheet or manual for the product series which
contain basic guides for the installation of the interface equipment to meet the requirements of intrinsic safety. In many countries
there are specific codes of practice, together with industry guidelines, which must also be adhered to.
Provided that these installation requirements are followed then there are no additional factors to meet the needs of applying the
products for functional safety use.
With the exception of the TP models which are designed for field mounting, to guard against the effects of dust and water the
modules should be mounted in an enclosure providing at least IP54 ingress protection rating, or the location of mounting should
provide equivalent protection such as inside an equipment cabinet.
6 MAINTENANCE
To follow the guidelines pertaining to operation and maintenance of intrinsically safe equipment in a hazardous area, periodic
audits of the installation are required by the various codes of practice.
In addition, proof-testing of the instrumented loop operation to conform with functional safety requirements should be carried
out at the intervals determined by safety case assessment.
The continuity of the surge device will be tested (not surge function) when the overall loop function is tested both during
commissioning and through the life of the intended safety function. The removal of the Surge protective device during these
tests is not required.
If an MTL surge protection device is found to be faulty during commissioning or during the normal lifetime of the product then
such failures should be reported to MTL. When appropriate, a Customer Incident Report (CIR) will be notified to enable the return
of the unit to the factory for analysis. If the unit is within the warranty period then a replacement unit will be sent.
Consideration should be made of the normal lifetime for a device of this type which would be in the region of twenty years, with
a typical warranty period of ten years.
PAGE 8
www.mtl-inst.com mtlenquiry@eaton.com
7 APPENDICES
Appendix A: Summary of applicable standards
The annex lists together all standards referred to in the previous sections of this document:
IEC 61508:2010 Functional safety of electrical/electronic/programmable electronic
safety-related systems. Parts 1 and 2 as relevant.
IEC 60654-1:1993 Industrial-process measurement and control equipment. Operating
conditions. Climatic conditions
IEC 61643-21:2000+A1:2008 Low voltage surge protective devices - Part 21: Surge protective
devices connected to telecommunications and signalling networks
- Performance requirements and testing methods.
SIL
PAGE 9
Appendix B: Functional Safety and Surge Protection Devices
PAGE 10
www.mtl-inst.com mtlenquiry@eaton.com
SIL
PAGE 11
Eaton’s Crouse-Hinds
The safety you rely on.
See the complete offering of Pharmaceutical & Biotechnology solutions at www.mtl-inst.com
U.S. (Global Headquarters):
Eaton’s Crouse-Hinds Business
1201 Wolf Street
Syracuse, NY 13208
(866) 764-5454
FAX: (315) 477-5179
FAX Orders Only:
(866) 653-0640
crouse.customerctr@
cooperindustries.com
For more information:
If further assistance is
required, please contact
an authorised MTL
Distributor, Sales Office,
or Customer Service
Department
AUSTRALIA
MTL Instruments Pty Ltd,
205-209 Woodpark Road, Smithfield,
New South Wales 2164, Australia
Tel: + 61 1300 308 374 Fax: + 61 1300 308 463
E-mail: mtlsalesanz@eaton.com
CHINA
Cooper Electric (Shanghai) Co. Ltd.
Room 2001, China Life Tower, 16 Chao Yang Men Wai Street,
Chao Yang District, Beijing, China 100020
Tel: + 86 10 5980 0231 Fax: + 86 10 8562 5725
E-mail: mtl-cn@eaton.com
FRANCE
MTL Instruments sarl,
7 rue des Rosiéristes, 69410 Champagne au Mont d’Or
France
Tel: + 33 (0)4 37 46 16 70 Fax: +33 (0)4 37 46 17 20
E-mail: mtlfrance@eaton.com
GERMANY
MTL Instruments GmbH,
Heinrich-Hertz-Str. 12, 50170 Kerpen, Germany
Tel: + 49 (0)22 73 98 12 - 0 Fax: + 49 (0)22 73 98 12 - 2 00
E-mail: mtlgmbh@eaton.com
INDIA
MTL India,
No.36, Nehru Street, Off Old Mahabalipuram Road
Sholinganallur, Chennai - 600 119, India
Tel: + 91 (0) 44 24501660 /24501857 Fax: + 91 (0) 44 24501463
E-mail: mtlindiasales@eaton.com
ITALY
MTL Italia srl,
Via A. Meucci, 10, I-20094 Corsico (MI), Italy
Tel: + 39 (0)2 61802011 Fax: + 39 (0)2 61294560
E-mail: chmninfo@eaton.com
JAPAN
Cooper Crouse-Hinds Japan KK,
MT Building 3F, 2-7-5 Shiba Daimon, Minato-ku,
Tokyo, Japan 105-0012
Tel: + 81 (0)3 6430 3128 Fax: + 81 (0)3 6430 3129
E-mail: mtl-jp@eaton.com
NETHERLANDS
MTL Instruments BV
Terheijdenseweg 465, 4825 BK Breda
The Netherlands
Tel: +31 (0) 76 7505360 Fax: +31 (0) 76 7505370
E-mail: mtl.benelux@eaton.com
NORWAY
Norex AS
Fekjan 7c, Postboks 147,
N-1378 Nesbru, Norway
Tel: +47 66 77 43 80 Fax: +47 66 84 55 33
E-mail: info@norex.no
SINGAPORE
Cooper Crouse-Hinds Pte Ltd
No 2 Serangoon North Avenue 5, #06-01 Fu Yu Building
Singapore 554911
Tel: + 65 6 645 9888 Fax: + 65 6 487 7997
E-mail: sales.mtlsing@eaton.com
SOUTH KOREA
Cooper Crouse-Hinds Korea
12F, Vision Tower, 707-2 Yeoksam-Dong Gangnam-Gu,
Seoul 135-080, South Korea.
Tel: +82 2 538 3481 Fax: +82 2 538 3505
E-mail: mtl-korea@eaton.com
UNITED ARAB EMIRATES
MTL Instruments,
Office Nos 316, 317, 318, Al Arjan Building,
Defence Road, P.O Box 106298, Abu Dhabi, UAE
Tel: + 971-2 -815 2860 Fax: + 971-2 -815 2906
E-mail: mtlgulf@eaton.com
UNITED KINGDOM
Measurement Technology Limited,
Great Marlings, Butterfield, Luton
Beds LU2 8DL
Tel: + 44 (0)1582 723633 Fax: + 44 (0)1582 422283
E-mail: mtlenquiry@eaton.com
AMERICAS
Cooper Crouse-Hinds MTL Inc.
3413 N. Sam Houston Parkway W.
Suite 210, Houston TX 77086, USA
Tel: + 1 281-571-8065 Fax: + 1 281-571-8069
E-mail: mtl-us-info@eaton.com
Measurement Technology Limited
Great Marlings, Butterfield, Luton
Beds LU2 8DL, UK.
Tel: + 44 (0)1582 723633 Fax: + 44 (0)1582 422283
E-mail: mtlenquiry@eaton.com
www.mtl-inst.com
© 2014 MTL
All Rights Reserved
ZL-B-SMSURGE-ISC-EN-0614
June 2014
Measurement Technology Limited
Great Marlings, Butterfield, Luton
Beds LU2 8DL, UK.
Tel: + 44 (0)1582 723633 Fax: + 44 (0)1582 422283
E-mail: mtlenquiry@eaton.com
Eaton is a registered trademark.
All other trademarks are property
of their respective owners.
Loading...