ISO9001
Functional Safety
Inductive Slot Sensor
SJ2-SN, SJ3,5-S(1)N
Manual
2
3
With regard to the supply of products, the current issue of the following document is applicable:
The General Terms of Delivery for Products and Services of the Electrical Industry, published by the Central
Association of the Electrical Industry (Zentralverband Elektrotechnik und Elektroindustrie (ZVEI) e.V.) in its most
recent version as well as the supplementary clause: "Expanded reservation of proprietorship"
Worldwide
Pepperl+Fuchs Group
Lilienthalstr. 200
68307 Mannheim
Germany
Phone: +49 621 776 - 0
E-mail: info@de.pepperl-fuchs.com
North American Headquarters
Pepperl+Fuchs Inc.
1600 Enterprise Parkway
Twinsburg, Ohio 44087
USA
Phone: +1 330 425-3555
E-mail: sales@us.pepperl-fuchs.com
Asia Headquarters
Pepperl+Fuchs Pte. Ltd.
P+F Building
18 Ayer Rajah Crescent
Singapore 139942
Phone: +65 6779-9091
E-mail: sales@sg.pepperl-fuchs.com
https://www.pepperl-fuchs.com
Functional Safety SJ2-SN, SJ3,5-S(1)N
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1 Content of this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2 Safety Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Symbols Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Product Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.4 Standards and Directives for Functional Safety . . . . . . . . . . . . . . . . . . . 9
3 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1 System Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.3 Safety Function and Safe State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.4 Characteristic Safety Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.5 Useful Lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4 Mounting and Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.1 Mounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.3 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.1 Proof Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6 Maintenance and Repair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
7 List of Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2019-12
3
Functional Safety SJ2-SN, SJ3,5-S(1)N
Contents
2019-12
4
Functional Safety SJ2-SN, SJ3,5-S(1)N
Introduction
1 Introduction
1.1 Content of this Document
This document contains information for usage of the device in functional safety-related
applications. You need this information to use your product throughout the applicable stages
of the product life cycle. These can include the following:
• Product identification
• Delivery, transport, and storage
• Mounting and installation
• Commissioning and operation
• Maintenance and repair
• Troubleshooting
• Dismounting
• Disposal
Note
This document does not substitute the instruction manual.
Note
For full information on the product, refer to the instruction manual and further documentation
on the Internet at www.pepperl-fuchs.com.
The documentation consists of the following parts:
• Present document
• Instruction manual
• Datasheet
Additionally, the following parts may belong to the documentation, if applicable:
• EU-type examination certificate
• EU declaration of conformity
• Attestation of conformity
• Certificates
• Control drawings
• FMEDA report
• Assessment report
• Additional documents
For more information about Pepperl+Fuchs products with functional safety,
see www.pepperl-fuchs.com/sil.
2019-12
5
Functional Safety SJ2-SN, SJ3,5-S(1)N
Introduction
1.2 Safety Information
Target Group, Personnel
Responsibility for planning, assembly, commissioning, operation, maintenance,
and dismounting lies with the plant operator.
Only appropriately trained and qualified personnel may carry out mounting, installation,
commissioning, operation, maintenance, and dismounting of the product. The personnel
must have read and understood the instruction manual and the further documentation.
Intended Use
The device is only approved for appropriate and intended use. Ignoring these instructions
will void any warranty and absolve the manufacturer from any liability.
The device is developed, manufactured and tested according to the relevant safety standards.
Use the device only
• for the application described
• with specified environmental conditions
• with devices that are suitable for this safety application
Improper Use
Protection of the personnel and the plant is not ensured if the device is not used according
to its intended use.
2019-12
6
Functional Safety SJ2-SN, SJ3,5-S(1)N
Introduction
1.3 Symbols Used
This document contains symbols for the identification of warning messages and of informative
messages.
Warning Messages
You will find warning messages, whenever dangers may arise from your actions.
It is mandatory that you observe these warning messages for your personal safety
and in order to avoid property damage.
Depending on the risk level, the warning messages are displayed in descending order
as follows:
Danger!
This symbol indicates an imminent danger.
Non-observance will result in personal injury or death.
Warning!
This symbol indicates a possible fault or danger.
Non-observance may cause personal injury or serious property damage.
Caution!
This symbol indicates a possible fault.
Non-observance could interrupt the device and any connected systems and plants,
or result in their complete failure.
Informative Symbols
Note
This symbol brings important information to your attention.
Action
This symbol indicates a paragraph with instructions. You are prompted to perform an action
or a sequence of actions.
2019-12
7
Functional Safety SJ2-SN, SJ3,5-S(1)N
Product Description
2 Product Description
2.1 Function
General
The device is an inductive slot sensor. Inductive slot sensors consist of a two coil system
sensing across the slot opening.
The device is a NAMUR safety sensor in 2-wire technology. The device transmits the analog
signal according to NAMUR to a connected control unit. A control unit can,
e. g., be a switch amplifier or an I/O card in a PLC.
In safety applications up to SIL 2, the device must be operated on a control unit according
to EN 60947-5-6 (NAMUR). Observe the limitations, see chapter 3.2.
In safety applications up to SIL 3, the device must be operated on a control unit
for SIL 3 safety applications. Pepperl+Fuchs offers control units for SIL 3 safety applications,
i. e. switch amplifier KFD2-SH-Ex1. Observe the limitations, see chapter 3.2.
SJ2-SN
The sensor has NC function (normally-closed). The device is in high impedance state
when the measuring plate is inside of the slot.
The sensor is qualified for safety functions in a temperature range from -40 °C to +100 °C.
The sensor has a slot width of 2 mm.
SJ3,5-SN
The sensor has NC function (normally-closed). The device is in high impedance state
when the measuring plate is inside of the slot.
The sensor is qualified for safety functions in a temperature range from -40 °C to +100 °C.
The sensor has a slot width of 3.5 mm.
SJ3,5-S1N
The sensor has NO function (normally-open). The device is in high impedance state
when the measuring plate is outside of the slot.
The sensor is qualified for safety functions in a temperature range from -25 °C to +100 °C.
The sensor has a slot width of 3.5 mm.
Note
See corresponding datasheets for further information.
2019-12
8
Functional Safety SJ2-SN, SJ3,5-S(1)N
Product Description
2.2 Interfaces
The device has the following interfaces.
• Safety relevant interface: device output
• Non-safety relevant interface: none
Note
For corresponding connections see datasheet.
2.3 Marking
Pepperl+Fuchs Group
Lilienthalstraße 200, 68307 Mannheim, Germany
Internet: www.pepperl-fuchs.com
SJ2-SN
SJ2-SN-Y89620
SJ2-SN-Y272219
SJ3,5-SN
SJ3,5-SN-Y89604
SJ3,5-SN-Y303204
SJ3,5-S1N
SJ3,5-S1N-Y303205
SJ2-SN
SJ2-SN-Y89620
SJ2-SN-Y272219
SJ3,5-SN
SJ3,5-SN-Y89604
SJ3,5-S1N
273025
282583
272219
273026
282586
303204
273027
303205
273025
282583
272219
273026
282586
273027
Allowed for SIL 2 applications
Allowed for SIL 3 applications
2.4 Standards and Directives for Functional Safety
Device-specific standards and directives
Functional safety IEC/EN 61508, part 2, edition 2000:
Functional safety of electrical/electronic/programmable
electronic safety-related systems (manufacturer)
2019-12
9
Functional Safety SJ2-SN, SJ3,5-S(1)N
Planning
3 Planning
3.1 System Structure
3.1.1 Low Demand Mode of Operation
If there are two control loops, one for the standard operation and another one for the functional
safety, then usually the demand rate for the safety loop is assumed to be less
than once per year.
The relevant safety parameters to be verified are:
• the PFD
and the T
• the SFF value (Safe Failure Fraction)
• the HFT architecture (Hardware Fault Tolerance)
3.1.2 High Demand or Continuous Mode of Operation
value (average Probability of dangerous Failure on Demand)
avg
value (proof test interval that has a direct impact on the PFD
1
avg
value)
If there is only one safety loop, which combines the standard operation and safety-related
operation, then usually the demand rate for this safety loop is assumed to be higher
than once per year.
The relevant safety parameters to be verified are:
• the PFH value (Probability of dangerous Failure per Hour)
• Fault reaction time of the safety system
• the SFF value (Safe Failure Fraction)
• the HFT architecture (Hardware Fault Tolerance)
3.1.3 Safe Failure Fraction
The safe failure fraction describes the ratio of all safe failures and dangerous detected failures
to the total failure rate.
SFF = (
A safe failure fraction as defined in IEC/EN 61508 is only relevant for elements or (sub)systems
in a complete safety loop. The device under consideration is always part of a safety loop
but is not regarded as a complete element or subsystem.
For calculating the SIL of a safety loop it is necessary to evaluate the safe failure fraction
of elements, subsystems and the complete system, but not of a single device.
+ dd) / (s + dd + du)
s
10
2019-12
Functional Safety SJ2-SN, SJ3,5-S(1)N
Planning
3.2 Assumptions
The following assumptions have been made during the FMEDA:
• Failure rate based on the Siemens standard SN 29500.
• Failure rates are constant, wear is not considered.
• External power supply failure rates are not included.
• The safety-related device is considered to be of type A device with a hardware fault
tolerance of 0.
• The device will be used under average industrial ambient conditions comparable
to the classification "stationary mounted" according to MIL-HDBK-217F.
Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time
of 40 ºC may be assumed. For a higher average temperature of 60 ºC, the failure rates
must be multiplied by a factor of 2.5 based on experience. A similar factor must be used
if frequent temperature fluctuations are expected.
SIL 2 Application
Only use the device in SIL 2 applications in combination with a control unit according
to EN 60947-5-6 (NAMUR).
• The device claims less than 25 % of the total failure budget for a SIL 2 safety loop.
• For a SIL 2 application operating in low demand mode the total PFD
of the SIF (Safety Instrumented Function) should be smaller than 1 x 10
hence the maximum allowable PFD
• For a SIL 2 application operating in high demand mode the total PFH value
of the SIF should be smaller than 1 x 10
PFH value would then be 2.5 x 10
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device,
the SFF must be > 60 % according to table 2 of IEC/EN 61508-2 for a SIL 2 (sub) system.
value would then be 2.5 x 10-3.
avg
-6
-7
per hour, hence the maximum allowable
per hour.
avg
value
-2
,
SIL 3 Application
Only use the device in SIL 3 applications in combination with a control unit for
SIL 3 safety applications from Pepperl+Fuchs, i. e. switch amplifier KFD2-SH-Ex1.
• The device claims less than 25 % of the total failure rate for a SIL 3 safety loop.
• For a SIL 3 application operating in low demand mode the total PFD
of the SIF (Safety Instrumented Function) should be smaller than 10
hence the maximum allowable PFD
value would then be 2.5 x 10-4.
avg
• For a SIL 3 application operating in high demand mode the total PFH value
-7
of the SIF should be smaller than 10
-8
would then be 2.5 x 10
per hour.
per hour, hence the maximum allowable PFH value
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device,
the SFF must be > 90 % according to table 2 of IEC/EN 61508-2 for a SIL 3 (sub) system.
avg
-3
value
,
2019-12
11
Functional Safety SJ2-SN, SJ3,5-S(1)N
b
d
S
ao
S
ar
sns
0
a
c
c
Slot length
Lateral immersion of the reference object Distance to the slot base
Planning
3.3 Safety Function and Safe State
Safe State
The safe state of the device is the high impedance state (low current).
Applications with control units or safety functions where the safe state is the low impedance
state (high current) were not evaluated.
Safety Function
Figure 3.1 Distance values for the design of the safety function (abstract figure)
a Length of the reference object
b Width of the reference object
c Thickness of the reference object
d Distance to the slot base
s Current operating distance (immersion depth)
S
Assured operating distance (immersion depth) of a PDDB
ao
S
Assured release distance (immersion depth) of a PDDB
ar
s
Rated immersion depth (lateral)
n
The SN sensor signals the safe state when the reference object is inside of the slot (s > Sao).
The assured operating distance S
for the SN sensor is 8.0 mm.
ao
The S1N sensor signals the safe state when the reference object is outside of the slot (s < S
The assured release distance S
for the S1N sensor is 0.0 mm.
ar
These distances are valid when using the following reference objects:
Sensor SJ2-SN SJ3,5-S(1)N
Dimensions of the reference
5 mm x 8 mm x 0.5 mm 10 mm x 7 mm x 0.3 mm
object (a x b x c)
Distance to the slot base (d) 0.5 mm 2.5 mm
Material of the reference
object
Aluminum 3.0255.10 Aluminum 3.0255.10
).
ar
12
Table 3.1
To ensure the safety of the safety loop according to SIL 2, only use control units according
to EN 60947-5-6 (NAMUR).
2019-12
Functional Safety SJ2-SN, SJ3,5-S(1)N
Planning
To ensure the safety of the safety loop according to SIL 3, only use control units
for SIL 3 safety applications from Pepperl+Fuchs, i. e. switch amplifier KFD2- SH-Ex1.
Reaction Time
The reaction time for all safety functions is < 1 ms.
Note
See corresponding datasheets for further information.
3.4 Characteristic Safety Values
Parameters Characteristic values
-11
1
1/h
-7
-7
-6
Assessment type and
FMEDA report with proven-in-use assessment
documentation
Device type A
Mode of operation Low Demand Mode or High Demand Mode
HFT 0
Safety function High impedance state, depending on the position of the measuring plate
SIL (SC) 2 (3)
in combination with a control unit
according to EN 60947-5-6 (NAMUR)
3
in combination with a control unit
for SIL 3 safety applications from
Pepperl+Fuchs, i. e. switch amplifier
KFD2-SH-Ex1
2
s
du
total (safety function)
15.3 FIT 24.9 FIT
9.7 FIT 0.09 FIT
25.0 FIT 25.0 FIT
SFF 61.3 % 99.64 %
PFH 9.67 x 10-9 1/h 9 x 10
PFD
PFD
PFD
MTTF
for T1 = 1 year 4.24 x 10
avg
for T1 = 2 years 8.47 x 10
avg
for T1 = 5 years 2.12 x 10
avg
d
11800 years
-5
-5
-4
3.94 x 10
7.88 x 10
1.97 x 10
Useful life time 20 years
Reaction time
3
< 1 ms
Table 3.2
1
For the proven-in-use demonstration, sales figures, customer returns and questionnaires filled out by customers were used
which show that no unknown systematic faults are expected. The device is based on a former device that was evaluated
for a proven-in-use statement by exida.com GmbH.
2
"No effect" failures are not influencing the safety functions and are therefore included into the safe failures.
3
Step response time, also valid under fault conditions (including fault detection and fault reaction)
The characteristic safety values like PFD, SFF, HFT and T1 are taken from
the SIL report/FMEDA report. Observe that PFD and T
are related to each other.
1
The function of the devices has to be checked within the proof test interval (T
2019-12
).
1
13
Functional Safety SJ2-SN, SJ3,5-S(1)N
Planning
3.5 Useful Lifetime
Although a constant failure rate is assumed by the probabilistic estimation this only applies
provided that the useful lifetime of components is not exceeded. Beyond this useful lifetime,
the result of the probabilistic estimation is meaningless as the probability of failure significantly
increases with time. The useful lifetime is highly dependent on the component itself
and its operating conditions – temperature in particular. For example, electrolytic capacitors
can be very sensitive to the operating temperature.
This assumption of a constant failure rate is based on the bathtub curve, which shows
the typical behavior for electronic components.
Therefore it is obvious that failure calculation is only valid for components that have
this constant domain and that the validity of the calculation is limited to the useful lifetime
of each component.
It is assumed that early failures are detected to a huge percentage during the installation
and therefore the assumption of a constant failure rate during the useful lifetime is valid.
The standard EN/ISO 13849-1:2015 proposes a useful lifetime T
used within industrial environments. This device is designed for this lifetime.
Observe that the useful lifetime can be reduced if the device is exposed to the following
conditions:
• highly stressful environmental conditions such as constantly high temperatures
• temperature cycles with high temperature differences
• permanent repeated mechanical stress (vibration)
Please note that the useful lifetime refers to the (constant) failure rate of the device.
The effective lifetime can be higher.
The estimated useful lifetime is greater than the warranty period prescribed by law
or the manufacturer's guarantee period. However, this does not result in an extension
of the warranty or guarantee services. Failure to reach the estimated useful lifetime
is not a material defect.
of 20 years for devices
M
14
2019-12
Functional Safety SJ2-SN, SJ3,5-S(1)N
Mounting and Installation
4 Mounting and Installation
Mounting and Installing the Device
1.
Observe the safety instructions in the instruction manual.
2. Observe the information in the manual.
3. Observe the requirements for the safety loop.
4. Connect the device only to devices that are suitable for this safety application.
5. Check the safety function to ensure the expected output behavior.
4.1 Mounting
Danger!
Danger to life from missing safety function
An incorrectly mounted, incorrectly positioned or missing measuring plate can lead to failure
of the safety loop.
• Fasten the measuring plate in a suitable manner.
• For SN sensors: Do not remove the measuring plate.
Mounting the Measuring Plate
1.
Mount the measuring plate with the correct rated immersion depth (lateral) sn and the correct
distance to the slot base d, see chapter 3.3. Observe the ambient conditions.
2. Fasten the measuring plate so that the measuring plate does not come loose or get lost.
4.2 Installation
Connecting the Sensor
1.
Connect the device in safety applications up to SIL 2 to a control unit according
to EN 60947-5-6 (NAMUR).
Observe the limitations, see chapter 3.2.
2. Observe that the insulation resistance must be greater than 1 M.
Insulate the single wires from any other electrical connections.
3. Observe that the loop resistance must be less than 50 .
4. Connect the device in safety applications up to SIL 3 to a control unit for
SIL 3 safety applications.
Pepperl+Fuchs offers control units for SIL 3 safety applications,
i. e. switch amplifier KFD2-SH-Ex1. Observe the limitations, see chapter 3.2.
4.3 Configuration
A configuration of the device is not necessary and not possible.
2019-12
15
Functional Safety SJ2-SN, SJ3,5-S(1)N
Operation
5 Operation
Danger!
Danger to life from missing safety function
If the safety loop is put out of service, the safety function is no longer guaranteed.
• Do not deactivate the device.
• Do not bypass the safety function.
• Do not repair, modify, or manipulate the device.
Operating the device
1.
Observe the safety instructions in the instruction manual.
2. Observe the information in the manual.
3. Use the device only with devices that are suitable for this safety application.
4. Correct any occurring safe failures within 8 hours. Take measures to maintain
the safety function while the device is being repaired.
5.1 Proof Test
If you perform a proof test for the safety loop, the following steps are necessary:
• Check the device for housing damages. If moisture penetrates into the device
or internal components of the device are damaged, this can lead to unpredictable effects.
• Check that the device is working correctly. If the device is not working correctly
or not working, replace the device.
For this proof test, no proof test coverage (PTC) can be claimed as only a full functional test
with the defined reference object over the temperature range can reveal an unacceptable
dislocation of the switching point (PTC = 100 %). But the safety characteristic values
are considered low enough to continually manage without proof test.
16
2019-12
Functional Safety SJ2-SN, SJ3,5-S(1)N
Maintenance and Repair
6 Maintenance and Repair
Danger!
Danger to life from missing safety function
Changes to the device or a defect of the device can lead to device malfunction.
The function of the device and the safety function is no longer guaranteed.
Do not repair, modify, or manipulate the device.
Maintaining or Replacing the Device
In case of maintenance or replacement of the device, proceed as follows:
1. Implement appropriate maintenance procedures for regular maintenance of the safety loop.
2. While the device is maintained or replaced, the safety function does not work.
Exception: The safety function is still guaranteed if the device is operated in redundancy.
Take appropriate measures to protect personnel and equipment while the safety function
is not available.
Secure the application against accidental restart.
3. Do not repair a defective device.
4. If there is a defect, always replace the device with an original device.
2019-12
17
Functional Safety SJ2-SN, SJ3,5-S(1)N
List of Abbreviations
7 List of Abbreviations
d Distance to the slot base
DC Diagnostic Coverage of dangerous faults
FIT Failure In Time in 10
FMEDA Failure Mode, Effects, and Diagnostics Analysis
s
dd
du
no effect
not part
total (safety function)
HFT Hardware Fault Tolerance
MTBF Mean Time Between Failures
MTTF
D
MTTR Mean Time To Restoration
OSSD Output Signal Switching Device
PDDB Proximity Device with Defined Behaviour under fault conditions
PFD
avg
PFH Average frequency of dangerous failure per hour
PL Performance Level
PLC Programmable Logic Controller
PTC Proof Test Coverage
s Current operating distance (immersion depth)
S
ao
S
ar
s
n
SC Systematic Capability
SFF Safe Failure Fraction
SIL Safety Integrity Level
T
1
Probability of safe failure
Probability of dangerous detected failure
Probability of dangerous undetected failure
Probability of failures of components in the safety loop that have
no effect on the safety function.
Probability of failure of components that are not in the safety loop
Probability of failure of components that are in the safety loop
Mean Time To dangerous Failure
Average Probability of dangerous Failure on Demand
Assured operating distance (immersion depth) of a PDDB
Assured release distance (immersion depth) of a PDDB
Rated immersion depth (lateral)
Proof Test Interval
-9
1/h
18
2019-12
Functional Safety SJ2-SN, SJ3,5-S(1)N
Notes
2019-12
19
Pepperl+Fuchs Quality
Download our latest policy here:
www.pepperl-fuchs.com/quality
© Pepperl+Fuchs · Subject to modifications
www.pepperl-fuchs.com
Printed in Germany / DOCT-5975B
Loading...