Safety Manual
00809-0200-4004, Rev AC
August 2020
Rosemount™ 8800D Series Vortex Flowmeter
Safety Manual for Safety Instrumented
Systems (SIS)
2
Safety Manual Contents
00809-0200-4004 August 2020
Contents
Chapter 1 Before you begin........................................................................................................5
1.1 Emerson Flow customer service................................................................................................... 5
1.2 About this document...................................................................................................................5
1.3 Related documents......................................................................................................................6
1.4 Terms and definitions.................................................................................................................. 6
1.5 Skill level requirement................................................................................................................. 8
1.6 Documentation and standards.....................................................................................................8
Chapter 2 Installation and commissioning..................................................................................9
2.1 Identification of SIS certified transmitter......................................................................................9
2.2 Set up the flowmeter................................................................................................................. 11
2.3 Enable transmitter write protection........................................................................................... 12
2.4 Set failure mode........................................................................................................................ 13
2.5 Flow simulation diagnostic........................................................................................................ 15
2.6 Replace equipment....................................................................................................................16
Chapter 3 Proof tests................................................................................................................17
3.1 Proof test requirement.............................................................................................................. 17
3.2 Repair and replacement.............................................................................................................17
3.3 Notification of failures............................................................................................................... 17
3.4 Proof test interval...................................................................................................................... 17
3.5 Tools required............................................................................................................................17
3.6 Proof test options...................................................................................................................... 18
3.7 Partial proof test........................................................................................................................ 18
3.8 Comprehensive proof test......................................................................................................... 19
3.9 SIS example............................................................................................................................... 20
Chapter 4 Operating Constraints..............................................................................................25
4.1 Reverse flow.............................................................................................................................. 25
4.2 Reliability data........................................................................................................................... 25
4.3 Report failures........................................................................................................................... 25
Safety Manual 3
Contents Safety Manual
August 2020 00809-0200-4004
4 Rosemount™ 8800D Safety Manual
Safety Manual Before you begin
00809-0200-4004 August 2020
1 Before you begin
1.1 Emerson Flow customer service
Email:
• Worldwide: flow.support@emerson.com
• Asia-Pacific: APflow.support@emerson.com
Telephone:
North and South America Europe and Middle East Asia Pacific
United States 800 522 6277 U.K. 0870 240 1978 Australia 800 158 727
Canada +1 303 527 5200 The Netherlands +31 (0) 704 136
666
Mexico +41 (0) 41 7686
111
Argentina +54 11 4837 7000 Germany 0800 182 5347 Pakistan 888 550 2682
Brazil +55 15 3413 8000 Italy 8008 77334 China +86 21 2892 9000
Venezuela +58 26 1731 3446 Central & Eastern
France 0800 917 901 India 800 440 1468
+41 (0) 41 7686
Europe
Russia/CIS +7 495 995 9559 South Korea +82 2 3438 4600
Egypt 0800 000 0015 Singapore +65 6 777 8211
Oman 800 70101 Thailand 001 800 441 6426
Qatar 431 0044 Malaysia 800 814 008
Kuwait 663 299 01
South Africa 800 991 390
Saudi Arabia 800 844 9564
UAE 800 0444 0684
111
New Zealand 099 128 804
Japan +81 3 5769 6803
1.2 About this document
This document provides information about how to install, commission, and proof test the
Rosemount 8800D Series SIL 2/3 Capable Vortex Flowmeter to comply with Safety
Instrumented Systems (SIS) requirements.
The information in this document assumes that users understand:
• Basic flowmeter installation, configuration, and maintenance concepts and procedures
• Safety Instrumented System (SIS) operations, including bypass procedures, flowmeter
maintenance, and company Management of Change procedures
• All corporate, local government, and national government safety standards and
requirements that guard against injuries or death
Safety Manual 5
Before you begin Safety Manual
August 2020 00809-0200-4004
1.3 Related documents
You can find all product documentation via the Rosemount product documentation DVD
shipped with the product or at www.emerson.com/vortex. For more information, see any
of the following documents:
• Rosemount™ 8800D Series Vortex Flow Meter Product Data Sheet
• Rosemount™ 8800D Series Vortex Flow Meter Quick Start Guide
• Rosemount™ 8800D Series Vortex Flow Meter Reference Manual
• Report No. ROS 06/03-34 R001; FMEDA report for Rosemount 8800D Vortex Flow
Meter Prepared for Emerson by exida.com LLC
1.4 Terms and definitions
BPCS
λ
DU
λ
DD
λ
SU
λ
SD
CPT
Diagnostic
Coverage
Diagnostic Test
Interval
Fail-safe state
Fail dangerous
FIT
Fail Dangerous
Detected
Basic Process Control System
Dangerous Undetected
Dangerous Detected
Safe Undetected
Safe Detected
Comprehensive Proof Test
[DC] Percentage of detectable faults
Time during which all internal diagnostics are carried out at least
once.
Failure that causes the device to go to the defined fail-safe state
without a demand from the process.
Failure that deviates the process signal or the actual output by
more than the safety deviation specification, drifts away from the
user defined threshold (Trip Point) and that leaves the output
within the active scale.
Failure In Time per billion hours
Failure that is dangerous but is detected.
Fail Dangerous
Undetected
Fail No Effect
Fail Safe
FMEDA
6 Rosemount™ 8800D Safety Manual
Failure that is dangerous and that is not detected.
Failure of a component that is part of the safety function but that
has no effect on the safety function.
Failure that causes the output to go to the defined fail-safe state
without an input from the process.
Failure Modes, Effects and Diagnostic Analysis
Safety Manual Before you begin
00809-0200-4004 August 2020
®
HART
Highway Addressable Remote Transducer
HFT
High demand
mode
Low demand mode
PFD
AVG
PFH
PPT
Random Integrity
Safety Demand
Interval
Systematic
Capability
Hardware Fault Tolerance as defined by 61508-2 7.4.4.1.1
The safety function is only performed on demand, in order to
transfer the EUC (Equipment Under Control) into a specified safe
state, and where the frequency of demands is greater than one per
year (IEC 61508-4).
The safety function is only performed on demand, in order to
transfer the EUC into a specified safe state, and where the
frequency of demands is no greater than one per year (IEC
61508-4).
Average Probability of Failure on Demand
Probability of dangerous failure per hour.
Partial Proof Test
The SIL limit imposed by the architectural constraints that must be
met for each element.
The expected time between safety demands.
A measure (expressed on a scale of SC 1 to SC 4) of the confidence
that the systematic safety integrity of an element meets the
requirements of the specified SIL, in respect of the specified
element safety function, when the element is applied in
accordance with the instructions specified in the compliant item
safety manual for the element as per 61508-4
SFF
SIF
SIL
SIS
Type B device
Safe Failure Fraction
Safety Instrumented Function
Safety Integrity Level - a discrete level (one out of four) for
specifying the safety integrity requirements of the safety
instrumented functions to be allocated to the safety instrumented
systems. SIL 4 has the highest level of safety integrity, and SIL 1 has
the lowest level.
Safety Instrumented System (SIS) - an instrumented system used
to implement one or more safety instrumented functions. An SIS is
composed of any combination of sensors, logic solvers, and final
elements.
Complex device using controllers or programmable logic, as
defined by the standard IEC 61508.
Safety Manual 7
Before you begin Safety Manual
August 2020 00809-0200-4004
1.5 Skill level requirement
System design, installation and commissioning, and repair and maintenance shall be
carried out by suitably qualified personnel.
1.6 Documentation and standards
This section lists the documentation and standards referred to by this safety manual.
Documents Purpose of documents
IEC 61508-2: 2010
IEC 61511 (ANSI/ISA 84.00.01-2004)
ROS 06/03-34 R001
00813-0100-4004
00809-0100-4004
00825-0100-4004
Functional Safety of Electrical/Electronic/
Programmable Electronic Safety-Related Systems
Functional safety - Safety instrumented systems for
the process industry sector
FMEDA Report Version V1, Revision R1, or later, for
the Rosemount 8800D Series Vortex Flowmeter
Rosemount™ 8800D Series Vortex Flow Meter
Product Data Sheet
Rosemount™ 8800D Series Vortex Flow Meter
Reference Manual
Rosemount™ 8800D Series Vortex Flow Meter Quick
Start Guide
8 Rosemount™ 8800D Safety Manual
Safety Manual Installation and commissioning
00809-0200-4004 August 2020
2 Installation and commissioning
Use this chapter to install and commission the Rosemount 8800D Series SIL 2/3 Capable
Vortex Flowmeter. The safety certified output of the Rosemount 8800D is the 4–20 mA
output. This output provides a signal proportional to process flow, between low flow
cutoff and the Upper Range Value (URV). Detected faults are indicated by an offscale
output (see Set failure mode). The safety logic solver should be configured to detect
offscale output levels. While the pulse output may be used, it is not a safety certified
output. Devices ordered without SI option may not be certified per IEC 61508.
2.1 Identification of SIS certified transmitter
IEC 61508 relevant requirements
The Rosemount 8800D is certified per the relevant requirements of IEC 61508.
Systematic capability
Random capability Low Demand:
Safety Integrity Level (SIL) 3 capable
• Type B element
• SIL 2 capable @ HFT≥0 (single transmitter)
• SIL 3 capable @ HFT≥1 (multiple single transmitters i.e. dual,
2 single or quad flow meter minimum)
High Demand:
• Type B element
• SIL 2 or 3 capable @ HFT≥1 (multiple single transmitters i.e.
dual, 2 single or quad flow meter minimum)
Failure rates per IEC 61508 in FIT
Table 2-1: Rosemount 8800D Series SIL 2/3 Capable Vortex Flowmeter
Failure categories λ
Low Flow Trip 0 76 387 74
High Flow Trip 0 32 387 119
SD
λ
SU
λ
DD
λ
DU
SIS-certified versions
All Rosemount 8800D Vortex Flowmeters must be identified as safety certified before
installing into SIS systems.
To identify a safety certified Rosemount 8800D Vortex with single or dual flow meter,
requirements 1 and 2, or requirements 2 and 3 must be satisfied. The requirements are:
8800 Single and Dual meters
1. Verify the option code "SI" in the model code. The SI code will appear somewhere
after the 16th character of the model code (after the required fields.) Note that the
Safety Manual 9
Installation and commissioning Safety Manual
August 2020 00809-0200-4004
optional options, including SI, can appear in any order and be valid. Please refer to A
of Figure 2-1.
• For example: 8800D................SI
2. Verify 4-20mA marking on the transmitter housing nameplate. Please refer to B of
Figure 2-1.
3. Confirm firmware revision is one of the revisions listed in Table 2-2.
Note
Software version information may be verified in the device from the Field Communicator:
Overview → Device Information → Revision Number.
Figure 2-1: Example of transmitter nameplate for Single or Dual meters
A. SI option code
B. 4–20mA Output
To identify a safety certified transmitters with in an 88800D Quad Vortex Flowmeter,
requirements 1 and 2, or requirements 2 and 3 must be satisfied. The requirements are:
8800 Quad meters
1. SI[X] option code to be present in respects to the transmitter in question. Please
refer to A of Figure 2-2 for location of transmitter number. Confirm model string
contains SI[X], where X is the transmitter number, option code for the indicated
transmitter. Please refer to B of Figure 2-2 for location of SI[X] option code(s). The
SI[X] code will appear somewhere after the 26th character of the model code (after
the required fields). Note that the optional options, including SI[X], can appear in
any order and be valid
• For example: 8800DQ................SI1SI2SI3
Note
In this example, Transmitter 4 may not be safety certified.
2. Verify 4–20mA marking on the transmitter housing nameplate. Please refer to C of
Figure 2-2.
3. Confirm firmware revision is one of the revisions listed in Table 2-2.
10 Rosemount™ 8800D Safety Manual
Safety Manual Installation and commissioning
00809-0200-4004 August 2020
Figure 2-2: Example of Quad transmitter nameplate
A. Transmitter number
B. SI option code
C. 4–20mA Output
Table 2-2: Rosemount 8800D SIS revisions and versions
Device Display tag Safety certified version combinations
8800D firmware Universal revision 5 5 7
Transmitter revision 2 3 2
Software revision 8 4 4
8800D hardware Hardware revision 1 2 2
Safety precautions
Prior to making any changes to the flowmeter,such as changing the configuration or
replacing the transmitter hardware or sensor:
• Take appropriate action to avoid a false trip by electronically bypassing the safety logic
solver.
• Prior to placing the meter online and removing the bypass from the safety logic solver,
verify the transmitter configuration and all safety parameters per Set up the flowmeter.
Important
Ensure alternate means are in place to maintain the process in a safe state.
2.2 Set up the flowmeter
1 2 3
Use the following procedure to make sure the flowmeter is installed and configured for SIS
applications.
You can use ProLinkIII software, AMS Device Manager,or the Field Communicator to verify,
or configure these settings. For more information, see the product reference manual.
The flowmeter does not require special installation other than the standard installation
procedures in the reference manual.
Safety Manual 11
Installation and commissioning Safety Manual
August 2020 00809-0200-4004
Note
Transmitter output is not safety-rated during the following: Configuration changes, loop
test mode, simulation mode, multidrop operation, temperature compensation of the
process fluid, SMART fluid diagnostics, saturated steam or mass flow with temperature
and/or pressure compensation. Alternative means should be used to ensure process safety
during configuration and maintenance activities.
1. Verify that the software revision running is one of the revisions listed in Table 2-2.
ProLink III Software Device Tools → Device Information → Software Revision
2. Verify all safety parameters.
a. Verify that all appropriate flow calibration parameters are set (Reference K-
Factor, Process Fluid, Fixed Process Temperature, Fixed Process Density).
b. Verify that the Lower Range Value (LRV) and the Upper Range Value (URV)
for the 4-20 mA output is configured
2.3 Enable transmitter write protection
Write-protection helps protect the transmitter against accidental changes to
configuration. When the transmitter is write-protected, no changes to the transmitter
configuration will be accepted.
Tip
Write protecting the transmitter prevents accidental changes to configuration. It does not
prevent normal operational use. You can always disable write protection, perform any
required configuration changes, then re-enable write protection.
The SECURITY jumper enables write protection.
• If the jumper is in the ON position, write protection is enabled.
• If the jumper is in the OFF position, write protection is disabled.
1. If you are in a hazardous area, power down the transmitter.
2. WARNING
Never remove the transmitter housing cover in a hazardous area when the
transmitter is powered up. Failure to follow these instructions may result in an
explosion.
Remove the transmitter housing cover (opposite of the terminal block).
3. Move the two-pin SECURITY jumper to the ON position.
The location of the security switch depends upon whether or not the transmitter
has the (M5) optional display.
12 Rosemount™ 8800D Safety Manual
Safety Manual Installation and commissioning
00809-0200-4004 August 2020
Figure 2-3: SECURITY jumper location without M5 optional display
Figure 2-4: SECURITY jumper location with M5 optional display
4. Replace the transmitter housing cover.
5. Power up the transmitter.
2.4 Set failure mode
As part of normal operations, the flowmeter continuously runs a self-diagnostic routine. If
the routine detects an internal failure, the failure mode setting determines whether the
flowmeter output is driven to a low or high alarm level.
The failure mode setting is controlled by the ALARM jumper, which is set at the factory per
the CDS (Configuration Data Sheet); the default setting is HI.
• If the ALARM jumper is in the HI position, the flowmeter output will be driven to a high
alarm level in the event of a failure.
• If the ALARM jumper is in the LOW position, the flowmeter output will be driven to a
low alarm level in the event of a failure.
Safety Manual 13
Installation and commissioning Safety Manual
August 2020 00809-0200-4004
Note
For exact alarm values, see the product reference manual.
1. If you are in a hazardous area, power down the transmitter.
2. WARNING
Never remove the transmitter housing cover in a hazardous area when the
transmitter is powered up. Failure to follow these instructions may result in an
explosion.
Remove the transmitter housing cover (opposite of the terminal block).
3. Move the two-pin ALARM jumper to the HI or LOW position, as desired.
The location of the ALARM jumper depends upon whether or not the transmitter
has the (M5) optional display.
Figure 2-5: ALARM jumper location without (M5) optional display
Figure 2-6: ALARM jumper location with (M5) optional display
4. Replace the transmitter housing cover.
5. Power up the transmitter.
14 Rosemount™ 8800D Safety Manual
Safety Manual Installation and commissioning
00809-0200-4004 August 2020
2.5 Flow simulation diagnostic
Performing an internal flow simulation ensures the current calibration state of the
transmitter by carrying out a verification of the electronics board stack to indicate the
health of the various components on the board stack. Failure may indicate a need to
replace the electronics. Every transmitter comes with internal flow simulation capabilities.
Note
For the Flow Simulation Function to operate, Primary Variable must be set to Velocity
Flow, Volume Flow, or Mass Flow and the write protection must be disabled (see Enable
transmitter write protection).
1. Ensure that the write protection is disabled (see Enable transmitter write
protection).
2. Read the calculated Shedding Frequency at URV.
ProLink III Software
3. Navigate to Flow Simulation.
ProLink III Software
4. Select Internal Flow Simulation, Fixed Flow, Percent of Range and enter 50%
flow.
5. Verify that flow rate output is 50% of full scale and Frequency is 1/2 of calculated
Frequency at URV.
a. If the flow rate output is 50% of full scale, the electronics are working
properly.
b. If the flow rate output is not 50% of full scale, see the troubleshooting
information in the product reference manual.
Note
(Optional): Verify shedding frequency from internal signal generator is the same as
displayed on handheld communicator, Prolink III, or AMS Device Manager. This can
be accomplished by connecting a device such as a Fluke multi-meter with frequency
measurement capability to the test points behind the display labeled "TP1" and
Ground (using the universal ground symbol). Connect the positive lead of the
digital multi-meter to TP1 and the negative lead to the Ground lug. The frequencies
should match to a plant specified tolerance that is no less than the tolerance of the
device used to read the frequency.
• If the shedding frequency is 50% of full scale, the electronics are working
properly.
Device Tools → Configuration → Process Measurement →
Signal Processing
Device Tools → Diagnostics → Testing → Flow Simulation
• If the shedding frequency is not 50% of full scale, see the troubleshooting
information in the product reference manual.
6. Exit simulation by selecting Normal Flow Measurement or Exit.
7. Enable write protection (see Enable transmitter write protection).
Safety Manual 15
Installation and commissioning Safety Manual
August 2020 00809-0200-4004
2.6 Replace equipment
If you need to replace hardware, purchase all spare parts from Emerson. You cannot use
user-supplied components on any Rosemount printed circuit assemblies.
1. Replace the hardware by contacting your local Emerson or Emerson affiliated sales
representative to obtain the correct part number.
Use the product reference manual or quick start guide for proper maintenance
guidelines.
2. Verify the transmitter configuration and all safety parameters (see Set up the
flowmeter).
3. Enable write protection (see Enable transmitter write protection).
4. Set the failure mode (see Set failure mode.)
16 Rosemount™ 8800D Safety Manual
Safety Manual
00809-0200-4004 August 2020
Proof tests
3 Proof tests
3.1 Proof test requirement
During operation, an SIF must be proof tested. The objective of proof testing is to detect
failures within the equipment in the SIF that are not detected by any automatic
diagnostics of the system. Undetected failures that prevent the SIF from performing its
function are the main concern.
Periodic proof tests shall take place at the frequency (or interval) defined by the SIL
verification calculation. The proof-tests must be performed more frequently than or as
frequently as specified in the SIL verification calculation in order to maintain the required
safety integrity of the overall SIF.
Results from periodic proof tests shall be recorded and periodically reviewed.
3.2 Repair and replacement
Repair procedures in the product reference manual must be followed.
3.3 Notification of failures
In case of malfunction of the system or SIF, the Rosemount 8800D Series SIL 2/3 Capable
Vortex Flowmeter shall be put out of operation and the process shall be kept in a safe state
by other measures.
Emerson must be informed when the Rosemount 8800D Series SIL 2/3 Capable Vortex
Flowmeter is required to be replaced due to failure. The occurred failure shall be
documented and reported to Emerson using the contact details on the back page of this
functional safety manual. This is an important part of Emerson SIS management process.
3.4 Proof test interval
The time intervals for proof testing are defined by the SIL verification calculation (subject
to the PFDAVG). The proof tests must be performed more frequently than or as frequently
as specified in the SIL verification calculation in order to maintain the required safety
integrity of the overall SIF.
Results from periodic proof tests shall be recorded and periodically reviewed. For the
specification of customer requirements required to fulfil this SIS requirement, please see
IEC-61511.
3.5 Tools required
• HART host or Field Communicator
• mA meter
Safety Manual 17
Proof tests
Safety Manual
August 2020 00809-0200-4004
3.6 Proof test options
The flowmeter has two proof tests you can use to detect failures. Proof tests can be
performed using ProLink III software or the Field Communicator.
Table 3-1: Proof test options
Device Proof test Description DU failure
detection
8800D Partial • Low/High alarm checks
• Visual inspection of flow meter
• Single point reasonability check or internal
• Checking for alarms
• Checking configuration
Comprehensive• Low/High alarm checks
• Visual inspection of flow meter
• 3 to 5-point calibration check using reference
• Checking for alarms
• Checking configuration
3.7 Partial proof test
The partial proof test is recommended for all Rosemount 8800D Series SIL 2/3 Capable
Vortex Flowmeters.
This procedure assumes that you are familiar with plant procedures. For details on how to
do any of the following steps, see the product reference manual.
High flow trip:
85%
Low flow trip:
77%
flow simulation at 2 points
High flow trip:
94%
Low flow trip:
92%
standard
1. Take appropriate action to avoid a false trip by electronically bypassing the safety
Programmable Logic Controller (PLC).
2. Inspect flowmeter for any leaks, visible damage or contamination.
3. Verify that the transmitter does not indicate alarms or warnings using HART host or
LCD.
4. Cycle power and use HART communications to retrieve any diagnostics and take
appropriate action.
5. Disable write protection (see Enable transmitter write protection).
6. Using the Loop Test function, send a HART command to the transmitter to go to the
high alarm current output and verify that the analog current reaches that value.
• Loop Test can be found at Service Tools → Simulate → Analog Output → Loop
Test.
• High alarm and low alarm levels can be found in the product reference manual.
18 Rosemount™ 8800D Safety Manual
Safety Manual
00809-0200-4004 August 2020
This step tests for compliance voltage problems, such as low voltage on the loop
power supply, or increased wiring resistance.
7. Send a HART command to the transmitter to go to the low alarm current output
and verify that the analog current reaches that value.
This step tests for possible failures related to quiescent current.
8. Exit fixed current mode.
9. Compare the process flow with the Low Flow Cutoff, and do one of the following:
Option Description
Proof tests
Process flow greater than
Low Flow Cutoff
Process flow less than Low
Flow Cutoff
10. Verify all safety-critical configuration parameters (see Set up the flowmeter).
11. Enable write-protection (see Enable transmitter write protection).
12. Remove the bypass and otherwise restore normal operation.
13. Document the results of this proof test as part of your plant safety management
procedures.
Confirm measured flow compares reasonably to an
independent measurement.
Check output at 2 points using internal flow
simulation, with at least one point between LFC and
URV.
3.8 Comprehensive proof test
The comprehensive proof test is recommended for all Rosemount 8800D Series SIL 2/3
Capable Vortex Flowmeters.
This procedure assumes that you are familiar with plant procedures. For details on how to
do any of the following steps, see the product reference manual.
1. Take appropriate action to avoid a false trip by electronically bypassing the safety
Programmable Logic Controller (PLC).
2. Inspect flow meter for any leaks, visible damage or contamination.
3. Verify that the transmitter does not indicate alarms or warnings using HART host or
LCD.
4. Cycle power and use HART communications to retrieve any diagnostics and take
appropriate action.
5. Disable write protection (see Enable transmitter write protection).
6. Using the Loop Test function, send a HART command to the transmitter to go to the
high alarm current output and verify that the analog current reaches that value.
• Loop Test can be found at Service Tools → Simulate → Analog Output → Loop
Test.
• High alarm and low alarm levels can be found in the product reference manual.
Safety Manual 19
Proof tests Safety Manual
August 2020 00809-0200-4004
This step tests for compliance voltage problems, such as low voltage on the loop
power supply, or increased wiring resistance.
7. Send a HART command to the transmitter to go to the low alarm current output
and verify that the analog current reaches that value.
This step tests for possible failures related to quiescent current.
8. Exit fixed current mode.
9. Perform a 3 to 5-point calibration check of the transmitter and flowmeter against a
reference standard.
10. Verify all safety-critical configuration parameters (see Set up the flowmeter).
11. Enable write-protection (see Enable transmitter write protection).
12. Remove the bypass and otherwise restore normal operation.
13. Document the results of this proof test as part of your plant safety management
procedures.
3.9 SIS example
The following figures illustrate the indicative benefits of using a combination of
comprehensive and partial proof tests to manage the level of risk associated with a
particular SIS Installation. Figure 3-1 shows a typical 1oo1 safety system configuration.
Figure 3-2 through Figure 3-5 illustrate the benefit of implementing a combination of
comprehensive and partial proof tests on the system's PFD.
Note
It is assumed that the sensor typically contributes ∼30% to the systems SIL 2 PFD budget,
with the logic solver and actuator the remaining ∼70%.
20 Rosemount™ 8800D Safety Manual
Safety Manual
Proof tests
00809-0200-4004 August 2020
Figure 3-1: Single use 1oo1 (1 out of 1) for SIL 2 low demand (SIL 2@HFT=0)
A. Sensor (Rosemount 8800D)
B. Logic solver
C. Actuator
Figure 3-2: PFD and PFD average of system when no proof testing applied
C
D
A
0 2 4 6 8 10
B
A. PFD (Probability of failure on demand)
B. Mission time (years)
C. PFD
(average probability of failure on demand)
AVG
D. Predicted PFD
Safety Manual 21
Proof tests
Safety Manual
August 2020 00809-0200-4004
Figure 3-3: Unit subjected to either no proof test or a comprehensive proof test every
5 years
D
C
E
A
0 2 4 6 8 10
B
E
E
A. PFD (Probability of failure on demand)
B. Mission time (years)
C. PFD
(average probability of failure on demand)
AVG
D. Predicted PFD
E. Predicted PFD + CPT (comprehensive proof test)
Figure 3-4: Unit subjected to a partial proof test every year and a comprehensive
proof test every 3 years
D
C
D
A
0 2 4 6 8 10
B
A. PFD (Probability of failure on demand)
B. Mission time (years)
C. PFD
(average probability of failure on demand)
AVG
D. Predicted PFD + PPT (partial proof test) + CPT (comprehensive proof test)
22 Rosemount™ 8800D Safety Manual
Safety Manual Proof tests
00809-0200-4004 August 2020
Figure 3-5: Unit subjected to a partial proof-test every year and a comprehensive
proof test every 5 years
D
C
D
A
0 2 4 6 8 10
B
A. PFD (Probability of failure on demand)
B. Mission time (years)
C. PFD
(average probability of failure on demand)
AVG
D. Predicted PFD + PPT (partial proof test) + CPT (comprehensive proof test)
Safety Manual 23
Proof tests Safety Manual
August 2020 00809-0200-4004
24 Rosemount™ 8800D Safety Manual
Safety Manual Operating Constraints
00809-0200-4004 August 2020
4 Operating Constraints
4.1 Reverse flow
Use appropriate means to ensure only zero or forward flow through the meter, as
indicated by the arrow on the meter body. Reverse flow operation may result in erroneous
non-zero flow indication.
4.2 Reliability data
The Rosemount 8800D Series SIL 2/3 Capable Vortex Flowmeter:
• Has a specified safety deviation of 2%. Internal component failures are listed in the
device failure rate if they will cause an on-scale error of 2% or greater.
• Reports an internal failure within 30 minutes of fault occurrence – worst case scenario.
• Generates a valid signal within 6 seconds plus configured damping response of a
power-on startup.
FMEDA report
The Failure Mode, Effects, and Diagnostics Analysis (FMEDA) report is used to calculate the
failure rate. A FMEDA report for a Vortex Flow Meter with a Rosemount 8800D transmitter
contains:
• All failure rates and failure modes
• Common cause factors for applications with redundant devices that should be included
in reliability calculations
• The expected lifetime of your flowmeter and transmitter, as the reliability calculations
are valid only for the lifetime of the equipment
Obtain a FMEDA report at www.emerson.com/vortex.
Environmental and application limits
See the product data sheet for environmental and application limits.
Using the flowmeter or transmitter outside environmental or application limits invalidates
the reliability data in the FMEDA report.
4.3 Report failures
If you have detected any failures that compromise safety, contact the Flow Solutions
Group Product Safety Officer.
Contact the Product Safety Officer through the Flow Solutions Group customer service.
Customer service is available 24 hours a day, seven days a week. Contact information is
located at the front of this manual.
Safety Manual 25
*00809-0200-4004*
00809-0200-4004
Rev. AC
2020
Emerson Automation Solutions USA
7070 Winchester Circle
Boulder, Colorado USA 80301
T +1 303-527-5200
T +1 800-522-6277
F +1 303-530-8459
www.emerson.com
Emerson Automation Solutions Asia
1 Pandan Crescent
Singapore 128461
Republic of Singapore
T +65 6363-7766
F +65 6770-8003
©
2020 Rosemount, Inc. All rights reserved.
The Emerson and Rosemount logos are trademarks and service marks of Emerson Electric Co. All
other marks are property of their respective owners.
Emerson Automation Solutions Europe
Neonstraat 1
6718 WX Ede
The Netherlands
T +31 (0) 70 413 6666
F +31 (0) 318 495 556
www.micromotion.nl
Emerson Automation Solutions United
Kingdom
Emerson Process Management Limited
Horsfield Way
Bredbury Industrial Estate
Stockport SK6 2SU U.K.
T +44 0870 240 1978
F +44 0800 966 181
Loading...