Pepperl+Fuchs KFD2-CD-Ex1.32-1, KFD2-CD-Ex1.32-0, KFD2-CD-Ex1.32-3, KFD2-CD-Ex1.32-10, KFD2-CD-Ex1.32-6 Series Manual

2

PROCESS AUTOMATION

MANUAL

Functional Safety

Current/Voltage Driver
KFD2-CD-(Ex)1.32-**

ISO9001

Functional Safety KFD2-CD-(Ex)1.32-**

With regard to the supply of products, the current issue of the following document is applicable:

The General Terms of Delivery for Products and Services of the Electrical Industry, published by the

Central Association of the Electrical Industry (Zentralverband Elektrotechnik und Elektroindustrie (ZVEI) e.V.)

in its most recent version as well as the supplementary clause: "Expanded reservation of proprietorship"

Functional Safety KFD2-CD-(Ex)1.32-**

Content

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.1 Content of this Document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.2 Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.3 Symbols Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Product Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.3 Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.4 Standards and Directives for Functional Safety . . . . . . . . . . . . . . . . . . 8

3 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1 System Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.3 Safety Function and Safe State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.4 Characteristic Safety Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.5 Useful Lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4 Mounting and Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

4.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

4.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5.1 Proof Test Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

6 Maintenance and Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

7 List of Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2018-11

3

Functional Safety KFD2-CD-(Ex)1.32-**

Introduction

1Introduction

1.1 Content of this Document

This document contains information for usage of the device in functional safety-related
applications. You need this information to use your product throughout the applicable stages of
the product life cycle. These can include the following:

• Product identification

• Delivery, transport, and storage

• Mounting and installation

• Commissioning and operation

• Maintenance and repair

• Troubleshooting

• Dismounting

• Disposal

Note!

This document does not substitute the instruction manual.

Note!

For full information on the product, refer to the instruction manual and further documentation
on the Internet at www.pepperl-fuchs.com.

The documentation consists of the following parts:

• Present document

• Instruction manual

•Manual

•Datasheet

Additionally, the following parts may belong to the documentation, if applicable:

• EU-type examination certificate

• EU declaration of conformity

• Attestation of conformity

• Certificates

• Control drawings

• FMEDA report

• Assessment report

• Additional documents

For more information about Pepperl+Fuchs products with functional safety, see www.pepperl­fuchs.com/sil.

2018-11

4

Functional Safety KFD2-CD-(Ex)1.32-**

Introduction

1.2 Safety Information

Target Group, Personnel

Responsibility for planning, assembly, commissioning, operation, maintenance,
and dismounting lies with the plant operator.

Only appropriately trained and qualified personnel may carry out mounting, installation,
commissioning, operation, maintenance, and dismounting of the product. The personnel must
have read and understood the instruction manual and the further documentation.

Intended Use

The device is only approved for appropriate and intended use. Ignoring these instructions will
void any warranty and absolve the manufacturer from any liability.

The device is developed, manufactured and tested according to the relevant safety standards.

Use the device only

• for the application described

• with specified environmental conditions

• with devices that are suitable for this safety application

Improper Use

Protection of the personnel and the plant is not ensured if the device is not used according to
its intended use.

2018-11

5

Functional Safety KFD2-CD-(Ex)1.32-**

Introduction

1.3 Symbols Used

This document contains symbols for the identification of warning messages and of informative
messages.

Warning Messages

You will find warning messages, whenever dangers may arise from your actions.
It is mandatory that you observe these warning messages for your personal safety and in order
to avoid property damage.

Depending on the risk level, the warning messages are displayed in descending order
as follows:

Danger!

This symbol indicates an imminent danger.

Non-observance will result in personal injury or death.

Warning!

This symbol indicates a possible fault or danger.

Non-observance may cause personal injury or serious property damage.

Caution!

This symbol indicates a possible fault.

Non-observance could interrupt the device and any connected systems and plants, or result
in their complete failure.

Informative Symbols

Note!

This symbol brings important information to your attention.

Action

This symbol indicates a paragraph with instructions. You are prompted to perform an action
or a sequence of actions.

2018-11

6

Functional Safety KFD2-CD-(Ex)1.32-**

Product Description

2 Product Description

2.1 Function

KFD2-CD-1.32

This signal conditioner provides the galvanic isolation between field circuits and control
circuits.

The device supplies 2-wire transmitters.

The device transfers a current signal from the control side to I/P converters, electrical valves
and positioners located in the field side.

The device is mounted on a 35 mm DIN mounting rail according to EN 60715.

KFD2-CD-Ex1.32-**

This isolated barrier is used for intrinsic safety applications.

The device supplies 2-wire transmitters.

The device transfers a voltage or a current signal from the non-hazardous area to
I/P converters, electrical valves and positioners located in the hazardous area.

The device is designed to provide various inputs and outputs of voltage and current.

The device is mounted on a 35 mm DIN mounting rail according to EN 60715.

2.2 Interfaces

The device has the following interfaces.

• Safety relevant interfaces:

Input, output KFD2-CD-1.32

• Non-safety relevant interfaces: none

Note!

For corresponding connections see datasheet.

KFD2-CD-Ex1.32-0, KFD2-CD-Ex1.32-1, KFD2-CD-Ex1.32-3,
KFD2-CD-Ex1.32-6, KFD2-CD-Ex1.32-10, KFD2-CD-Ex1.32-12,
KFD2-CD-Ex1.32-13, KFD2-CD-Ex1.32-15, KFD2-CD-Ex1.32-21

2018-11

7

Functional Safety KFD2-CD-(Ex)1.32-**

Product Description

2.3 Marking

Pepperl+Fuchs GmbH
Lilienthalstraße 200, 68307 Mannheim, Germany

Internet: www.pepperl-fuchs.com

KFD2-CD-1.32
KFD2-CD-Ex1.32-0, KFD2-CD-Ex1.32-1, KFD2-CD-Ex1.32-3,
KFD2-CD-Ex1.32-6, KFD2-CD-Ex1.32-10, KFD2-CD-Ex1.32-12,
KFD2-CD-Ex1.32-13, KFD2-CD-Ex1.32-15, KFD2-CD-Ex1.32-21

2.4 Standards and Directives for Functional Safety

Device specific standards and directives

Functional safety IEC/EN 61508, part 1 – 7, edition 2010:

Functional safety of electrical/electronic/programmable
electronic safety-related systems (manufacturer)

System-specific standards and directives

Functional safety IEC/EN 61511, part 1 – 3, edition 2003:

Functional safety – Safety instrumented systems for

the process industry sector (user)

Up to SIL 2

2018-11

8

Functional Safety KFD2-CD-(Ex)1.32-**

Planning

3 Planning

3.1 System Structure

3.1.1 Low Demand Mode of Operation

If there are two control loops, one for the standard operation and another one for the
functional safety, then usually the demand rate for the safety loop is assumed to be less
than once per year.

The relevant safety parameters to be verified are:

•the PFD
the T

• the SFF value (Safe Failure Fraction)

• the HFT architecture (Hardware Fault Tolerance)

3.1.2 High Demand or Continuous Mode of Operation

If there is only one safety loop, which combines the standard operation and safety-related
operation, then usually the demand rate for this safety loop is assumed to be higher
than once per year.

value (average Probability of dangerous Failure on Demand) and

avg

value (proof test interval that has a direct impact on the PFD

1

avg

value)

The relevant safety parameters to be verified are:

•the PFH value (Probability of dangerous Failure per Hour)

• Fault reaction time of the safety system

• the SFF value (Safe Failure Fraction)

• the HFT architecture (Hardware Fault Tolerance)

3.1.3 Safe Failure Fraction

The safe failure fraction describes the ratio of all safe failures and dangerous detected failures
to the total failure rate.

SFF = (

A safe failure fraction as defined in IEC/EN 61508 is only relevant for elements or (sub)systems
in a complete safety loop. The device under consideration is always part of a safety loop but is
not regarded as a complete element or subsystem.

For calculating the SIL of a safety loop it is necessary to evaluate the safe failure fraction of
elements, subsystems and the complete system, but not of a single device.

Nevertheless the SFF of the device is given in this document for reference.

+ dd) / (s + dd + du)

s

2018-11

9

Functional Safety KFD2-CD-(Ex)1.32-**

Planning

3.2 Assumptions

The following assumptions have been made during the FMEDA:

• Failure rate based on the Siemens standard SN29500.

• Failure rates are constant, wear is not considered.

• External power supply failure rates are not included.

• The safety-related device is considered to be of type A device with a hardware
fault tolerance of 0.

• The device will be used under average industrial ambient conditions comparable
to the classification "stationary mounted" according to MIL-HDBK-217F.

Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time of

40 ºC may be assumed. For a higher average temperature of 60 ºC, the failure rates must

be multiplied by a factor of 2.5 based on experience. A similar factor must be used
if frequent temperature fluctuations are expected.

• For cases in which the connected field device detects a too high output signal, the failure
rate 
in a different way. If a reaction is introduced that brings the application to the safe state,
then the failure rate 
or to the safe failure rate 

• The connected field device must be set to its safe state if the output of the field device
reached a value below the specified valid range for the safety application.
For field devices with current output, this value is 3.6 mA. For field devices with
voltage output, this value is 0.9 V or 1.8 V.

may be subtracted from the dangerous undetected failure rate du and regarded

fail high

can be added to the dangerous detected failure rate dd

fail high

.

s

SIL 2 application

• The device shall claim less than 10 % of the total failure budget for a SIL 2 safety loop.

• For a SIL 2 application operating in low demand mode the total PFD
of the SIF (Safety Instrumented Function) should be smaller than 10
maximum allowable PFD

• For a SIL 2 application operating in high demand mode the total PFH value
of the SIF should be smaller than 10
would then be 10

-7

per hour.

value would then be 10-3.

avg

-6

per hour, hence the maximum allowable PFH value

• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device,
the SFF must be > 60 % according to table 2 of IEC/EN 61508-2 for a SIL 2 (sub) system.

value

avg

-2

, hence the

10

2018-11

Functional Safety KFD2-CD-(Ex)1.32-**

Planning

3.3 Safety Function and Safe State

Safety Function

The device transfers analog signals from the input to the output with a deviation
of less than 2 %.

Device Input signal Output signal

KFD2-CD-1.32, KFD2-CD-Ex1.32-0 0 mA to 20 mA 0 mA to 20 mA

KFD2-CD-Ex1.32-1 4 mA to 20 mA 0 mA to 20 mA

KFD2-CD-Ex1.32-3 0 V to 5 V 0 mA to 20 mA

KFD2-CD-Ex1.32-6 0 V to 10 V 0 mA to 20 mA

KFD2-CD-Ex1.32-10 4 mA to 20 mA 0 V to 5 V

KFD2-CD-Ex1.32-12 0 mA to 20 mA 0 V to 10 V

KFD2-CD-Ex1.32-13 4 mA to 20 mA 0 V to 10 V

KFD2-CD-Ex1.32-15 0 V to 10 V 0 V to 10 V

KFD2-CD-Ex1.32-21 0 V to 10 V 0 V to 5 V

Table 3.1

Safe State

The safe state of the application is introduced when the output drops below the valid range.
For currents the limit is 3.6 mA, for voltages the limits are 0.9 V or 1.8 V depending
on the device version.

Reaction Time

The reaction time for all safety functions is < 50 ms.

Note!

See corresponding datasheets for further information.

2018-11

11

Functional Safety KFD2-CD-(Ex)1.32-**

Planning

3.4 Characteristic Safety Values

Parameters Characteristic values

Assessment type and
documentation

Device type A (only hardware)

Mode of operation Low demand mode, high demand mode or continuous mode

Safety function Transfer of analog signals from

HFT 0

SIL (hardware) 2

sd + 



dd



du



total (safety function)



no effect



fail high

SFF

1

su

1

2

1

PTC 100 % 100 %

MTBF

3

PFH 4.76 x 10-8 1/h 4.83 x 10-8 1/h

PFD

PFD

PFD

Reaction time

Table 3.2

for T1 = 1 years 2.08 x 10

avg

for T1 = 3 years 6.25 x 10

avg

for T1 = 5 years 1.04 x 10

avg

4

Full assessment

Transfer of analog signals from the
the input to the output with a
deviation of less than 2 %, current

to the output with a deviation of less

than 2 %, voltage driver function.
driver function.

0 FIT 0 FIT

92 FIT 97.1 FIT

47.6 FIT 48.3 FIT

139.6 FIT 145.4 FIT

110 FIT 102 FIT

24.8 FIT 28.2 FIT

65.90 % 66.81 %

278 years 265 years

-4

-4

-3

2.11 x 10

6.34 x 10

1.06 x 10

< 50 ms

-4

-4

-3

1

"No effect failures" and "No part failures" are not influencing the safety function and are therefore not included in the SFF calculation
of the safety function.

2

May be used if too high output values are detected by the field device, see chapter 3.2.

3

acc. to SN29500. This value is valid for the safety function of the device/MTTR = 8 h.

4

Time between fault detection and fault reaction

The characteristic safety values like PFD, SFF, HFT and T1 are taken from
the SIL report/FMEDA report. Observe that PFD and T

The function of the devices has to be checked within the proof test interval (T

are related to each other.

1

1

).

12

2018-11

Functional Safety KFD2-CD-(Ex)1.32-**

Planning

3.5 Useful Lifetime

Although a constant failure rate is assumed by the probabilistic estimation this only applies
provided that the useful lifetime of components is not exceeded. Beyond this useful lifetime,
the result of the probabilistic estimation is meaningless as the probability of failure significantly
increases with time. The useful lifetime is highly dependent on the component itself and its

operating conditions – temperature in particular. For example, the electrolytic capacitors can

be very sensitive to the operating temperature.

This assumption of a constant failure rate is based on the bathtub curve, which shows
the typical behavior for electronic components.

Therefore it is obvious that failure calculation is only valid for components that have
this constant domain and that the validity of the calculation is limited to the useful lifetime
of each component.

It is assumed that early failures are detected to a huge percentage during the installation
and therefore the assumption of a constant failure rate during the useful lifetime is valid.

However, according to IEC/EN 61508-2, a useful lifetime, based on general experience,
should be assumed. Experience has shown that the useful lifetime often lies within
a range period of about 8 to 12 years.

As noted in DIN EN 61508-2:2011 note N3, appropriate measures taken by the manufacturer
and plant operator can extend the useful lifetime.

Our experience has shown that the useful lifetime of a Pepperl+Fuchs product can be higher
if the ambient conditions support a long life time, for example if the ambient temperature is

significantly below 60 °C.

Please note that the useful lifetime refers to the (constant) failure rate of the device.
The effective life time can be higher.

2018-11

13

Functional Safety KFD2-CD-(Ex)1.32-**

Mounting and Installation

4 Mounting and Installation

Mounting and Installing the Device

1. Observe the safety instructions in the instruction manual.

2. Observe the information in the manual.

3. Observe the requirements for the safety loop.

4. Connect the device only to devices that are suitable for this safety application.

5. Check the safety function to ensure the expected output behavior.

4.1 Installation

Connecting the Field Device

Connect the field device to the current/voltage driver.
If possible, use a field device that detects values that are too high and reacts
on them accordingly. For field devices with current output, this value is > 21 mA.
For field devices with voltage output, this value is > 5.25 V or > 10.5 V.

4.2 Configuration

A configuration of the device is not necessary and not possible.

14

2018-11

Functional Safety KFD2-CD-(Ex)1.32-**

Operation

5Operation

Danger!

Danger to life from missing safety function

If the safety loop is put out of service, the safety function is no longer guaranteed.

• Do not deactivate the device.

• Do not bypass the safety function.

• Do not repair, modify, or manipulate the device.

Operating the device

1. Observe the safety instructions in the instruction manual.

2. Observe the information in the manual.

3. Use the device only with devices that are suitable for this safety application.

4. Correct any occurring safe failures within 8 hours. Take measures to maintain the
safety function while the device is being repaired.

5.1 Proof Test Procedure

According to IEC/EN 61508-2 a recurring proof test shall be undertaken to reveal potential
dangerous failures that are not detected otherwise.

Check the function of the subsystem at periodic intervals depending on the applied PFD
in accordance with the characteristic safety values. See chapter 3.4.

It is under the responsibility of the plant operator to define the type of proof test and the interval
time period.

Equipment required:

• Digital multimeter with an accuracy better than 0.1 %
Use for the proof test of the intrinsic safety side of the device a special digital multimeter

for intrinsically safe circuits.

If intrinsically safe circuits are operated with non-intrinsically safe circuits, they must
no longer be used as intrinsically safe circuits.

• Power supply set to nominal voltage of 24 V DC

• Process calibrator with an accuracy better than 20 µA

avg

2018-11

15

Functional Safety KFD2-CD-(Ex)1.32-**

KFD2-CD-Ex1.32-**

Zone 0, 1, 2
Div. 1, 2

Zone 2

Div. 2

I

supply

1+

2-

10-

11+

9+

7+

8-

mA

V

Multimeter

(mA/V)

Signal calibration

4 mA to 20 mA 2 V to 10 V

24 V DC

Power
supply

Operation

Proof Test Procedure

1. Put the entire safety loop out of service. Protect the application by means of other measures.

2. Prepare a test set-up, see figures below.

3. Test the devices. Verify the current/voltage values as given in table below.

4. Set the device back to the original settings for the application after the test.

Step
No.

Input value Output value

Current source (mA) Voltage source (V) Current sink (mA) Voltage sink (V) Voltage sink (V)

1 20.0 10.0 20.0 ± 0.4 5.0 ± 0.1 10.0 ± 0.2
2 12.0 6.0 12.0 ± 0.4 3.0 ± 0.1 6.0 ± 0.2
3 4.0 2.0 4.0 ± 0.4 1.0 ± 0.1 2.0 ± 0.2
4 23.0 11.5 23.0 ± 0.4 5.75 ± 0.1 11.5 ± 0.2

5 0 0 < 0.2 < 0.1 < 0.1

Table 5.1

16

Figure 5.1 Proof test set-up for KFD2-CD-Ex1.32-**

Usage in Zone 0, 1, 2/Div. 1, 2 only for KFD2-CD-Ex1.32-**

2018-11

Functional Safety KFD2-CD-(Ex)1.32-**

Maintenance and Repair

6 Maintenance and Repair

Danger!

Danger to life from missing safety function

Changes to the device or a defect of the device can lead to device malfunction.
The function of the device and the safety function is no longer guaranteed.

Do not repair, modify, or manipulate the device.

Maintaining, Repairing or Replacing the Device

In case of maintenance, repair or replacement of the device, proceed as follows:

1. Implement appropriate maintenance procedures for regular maintenance of the safety loop.

2. While the device is maintained, repaired or replaced, the safety function does not work.
Take appropriate measures to protect personnel and equipment while the safety function
is not available.
Secure the application against accidental restart.

3. Do not repair a defective device. A defective device must only be repaired
by the manufacturer.

4. If there is a defect, always replace the device with an original device.

2018-11

17

Functional Safety KFD2-CD-(Ex)1.32-**

List of Abbreviations

7 List of Abbreviations

ESD Emergency Shutdown

FIT Failure In Time in 10

FMEDA Failure Mode, Effects, and Diagnostics Analysis



s



dd



du



no effect



not part



total (safety function)

HFT Hardware Fault Tolerance

MTBF Mean Time Between Failures

MTTR Mean Time To Restoration

PCS Process Control System

PFD

avg

PFH Average frequency of dangerous failure

PLC Programmable Logic Controller

PTC Proof Test Coverage

SFF Safe Failure Fraction

SIF Safety Instrumented Function

SIL Safety Integrity Level

SIL (SC) Safety Integrity Level (Systematic Capability)

SIS Safety Instrumented System

T

1

Probability of safe failure

Probability of dangerous detected failure

Probability of dangerous undetected failure

Probability of failures of components in the safety loop that have
no effect on the safety function. The no effect failure is not used for
calculation of SFF.

Probability of failure of components that are not in the safety loop

Probability of failure of components that are in the safety loop

Average Probability of dangerous Failure on Demand

Proof Test Interval

-9

1/h

18

2018-11

Functional Safety KFD2-CD-(Ex)1.32-**

Notes

2018-11

19

Subject to modifications
Copyright PEPPERL+FUCHS • Printed in Germany

www.pepperl-fuchs.com

Worldwide Headquarters

Pepperl+Fuchs GmbH
68307 Mannheim

· Germany
Tel. +49 621 776-0
E-mail: info@de.pepperl-fuchs.com

For the Pepperl+Fuchs representative
closest to you check www.pepperl-fuchs.com/contact

PROCESS AUTOMATION –
PROTECTING YOUR PROCESS

DOCT-6209

11/2018