WIKA T32.xS User Manual [en, de, es, fr]

Safety manual
Sicherheitshandbuch
Manuel de sécurité
Manual de seguridad

Information on functional safety
for temperature transmitter model T32.xS

Hinweise zur funktionalen Sicherheit
für Temperatur-Transmitter Typ T32.xS

Indications relatives à la sécurité fonctionnelle
pour transmetteur de température type T32.xS

Notas acerca de la seguridad funcional
para transmisores de temperatura modelo T32.xS

Full assessment per IEC 61508
certied by TÜV Rheinland

GB

D

F

E

Head mounting version Rail mounting version
model T32.1S model T32.3S

Safety manual model T32.xS

GB

Page 3 - 18

Sicherheitshandbuch Typ T32.xS

D

Manuel de sécurité type T32.xS

F

E

Manual de seguridad modelo T32.xS

Seite 19 - 32

Page 33 - 46

Página 47 - 59

11583631.02 11/2010 GB/D/F/E

2

WIKA safety manual temperature transmitter T32.xS

Contents

Contents

1. General information 4

1.1 History of this document 4

1.2 Other applicable instrument documentation 4

1.3 Relevant standards 4

1.4 Abbreviations 5

2. Safety 6

2.1 Intended use in safety applications 6

2.2 Labelling / safety labels 7

2.3 Restrictions to operating modes 8

2.4 Error signaling 9

2.5 Write protection 10

GB

2.6 Accuracy of the safe measuring function 11

2.7 Conguration changes 12

2.8 Commissioning and periodic tests 13

2.8.1 Proof Test of the transmitter's complete signal processing chain 13

2.8.2 Reduced proof test - limited testing of the transmitter's signal
conditioning chain 14

2.9 Information on the determination of safety-relevant parameters 15

2.10 Decommissioning the transmitter 15

Appendix 1: SIL Declaration of Conformity 16

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

3

1. General information

1. General information

1.1 History of this document

Documentation changes (compared with the previous issue)

GB

Issue Remarks Firmware

April 2010

May 2010

November
2010

This safety manual on functional safety covers the WIKA temperature transmitter
T32.1S/T32.3S (from Firmware Rev. 2.2.1) solely as part of a safety-related system.
This safety manual is valid with the documentation mentioned in chapter "1.1 Other
applicable instrument documentation". Please also note the safety instructions listed in
the operating manual.

These operating instructions contain important information on working with the Model
T32.1S/T32.3S temperature transmitter. Working safely requires that all safety instruc­tions and work instructions are observed.

First issue

4 languages
(+ French, + Spanish)

Monitoring of the output limits
(optional, not activated by default for
SIL versions starting from 01.01.2011)

T32.1S/ T32.3S
(from Firmware Rev. 2.2.1)

T32.1S/ T32.3S
(from Firmware Rev. 2.2.1)

T32.1S/ T32.3S
(from Firmware Rev. 2.2.1)

The marking on the product label for the instrument with SIL design is
shown in the following illustration. Only the model T32.xS.0xx-S is suitable
for operation in safety-related applications!

The model T32.xS.0xx-S can be combined with the optional Ex version.

1.2 Other applicable instrument documentation

In addition to this safety manual the operating instructions for model T32.xS
(S-No.: 11258421) and the data sheet TE 32.04 are applicable.

1.3 Relevant standards

Standard Model T32.xS

IEC 61508 Safety-related systems for the process industry

Target groups: Manufacturers and suppliers of instruments

IEC 61511

4

Functional safety safety-related electrical/electronic/ programmable
electronic systems
Target groups: designers, integrators, users

WIKA safety manual temperature transmitter T32.xS

11583631.02 11/2010 GB/D/F/E

1. General information

1.4 Abbreviations

Abbreviation

HFT Hardware Fault Tolerance, capability of a functional unit to continue

MTBF Mean interval between two failures
MTTR Mean interval between the occurrence of the failure in a device or

PFD Likelihood of dangerous safety function failures occurring on

PFD

avg

SIL Safety Integrity Level, the international standard IEC 61508

SFF Safe Failure Fraction, the proportion of failures without the potential

T

Proof

XooY Classication and description of the safety-related system with

und λ

λ

sd

λdd +λ

du

λ

du

Description

the execution of the demanded function when faults or anomalies
exist.

system and its repair

demand
Average likelihood of dangerous safety function failures occurring

on demand

denes four discrete safety integrity levels (SIL1 to SIL4). Each
level corresponds to a specic probability range with respect to
the failure of a safety function. The higher the integrity level of the
safety-related system, the lower the likelihood of the demanded
safety functions not occurring.

to put the safety-related system into a dangerous or impermissible
functional state.

In accordance with IEC 61508-4, chapter 3.5.8, TProof is dened
as the periodic testing to expose errors in a safety-related system.

respect to redundancy and the selection procedure used. "Y"
indicates how often the safety function is carried out (redundancy).
"X" determines how many channels must work properly.

λsd Safe detected + λsu Safe undetected

su

Safe failure (IEC 61508-4, chapter 3.6.8):
A safe failure is present when the measuring system switches to the
dened safe state or the fault signalling mode without the process
demanding it.
λdd Dangerous detected + λdu Dangerous undetected
Unsafe failure (IEC 61508-4, chapter 3.6.7):
Generally a dangerous failure occurs if the measuring system
switches into a dangerous or functionally inoperable condition.

λdu Dangerous undetected
A dangerous undetected failure occurs if the measuring system does
not switch into a safe condition or into the error mode on a demand
from the process.

GB

For further relevant abbreviations, see IEC 61508-4.

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

5

2. Safety

2. Safety

2.1 Intended use in safety applications

All safety functions relate exclusively to the analogue output signal (4 … 20 mA). The

GB

device is certied to SIL2 (IEC 61508) . The device software fullls the criteria for SIL3
(IEC 61508). The use of the device in homogeneous reduntant systems is therefore
possible.

The following sensor connections achieve an SFF (Safe Failure Fraction) of >90 %,
sucient for SIL2:

■

Thermocouple (internal cold junction, Pt100)

■

Thermocouple (external cold junction, Pt100)

■

Resistance thermometer with 4-wire connection

■

Resistance thermometer with 3-wire connection
WIKA sensors Model TRxx (see WIKA manufacturer's declaration
Document No. 3011701)

■

Duplex thermocouple and/or duplex resistance thermometer (only in "redundant"
operating mode and when both sensors are used for monitoring the same
measurement point (2 channel)).

The following sensor connections achieve an SFF (Safe Failure Fraction) of >60 % for
SIL1:

■

Resistance thermometers with 3-wire connection

- universal sensors -

■

Resistance thermometers with 2-wire connection

The device generates a current signal in the approved measuring mode of a nominal
4 … 20 mA, that is dependent upon the sensor signal. The eective range of the output
signal limited to a minimum of 3.8 mA and a maximum of 20.5 mA (factory setting in
basic conguration).

WARNING!

Do not exceed the specications for the model T32.xS given in the data
sheets and operating instructions. In order to ensure a safe functionality
of the current output, the correct terminal voltage must be present in the
device.

The following terminal voltage limits apply:

Instrument model Terminal voltage limits

T32.1S.000-S
T32.3S.000-S

T32.1S.0IS-S
T32.3S.0IS-S

6

DC 10,5 ... 42 V

DC 10,5 ... 30 V

WIKA safety manual temperature transmitter T32.xS

11583631.02 11/2010 GB/D/F/E

2. Safety

WARNING !

The following sensors and oerating modes are NOT allowed for operation
in a safety-relevant application:

■

Potentiometer

■

Resistance sensor

■

mV-Sensor

■

Dierential mode in duplex sensor operation

2.2 Labelling / safety labels

Product label

■

Head mounting version, model T32.1S

GB

SIL version

(only at SIL)

Power supply
Sensor, Pt100

or RTD

Output signal

Model
with SIL: T32.1S.0IS-S
without SIL: T32.1S.0IS-Z

Date of manufacture
(year-month)

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

7

GB

2. Safety

■

Rail mounting version, model T32.3S

SIL version

(only at SIL)

Power supply

Sensor, Pt100
or RTD

Output signal

Model
with SIL: T32.1S.0IS-S
without SIL: T32.1S.0IS-Z

Date of manufacture
(year-month)

2.3 Restrictions to operating modes

WARNING!

Under the following operating conditions, the safety function of the device
is not guaranteed:

■

During conguration

■

When the write-protection is deactivated

■

When the HART® multi drop mode is activated.

■

Measured value transmission via HART® protocol

■

During a simulation

■

During the Proof Tests

■

When the write-protection is deactivated

8

Pin assignment

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

2. Safety

2.4 Error signaling

The model T32.xS temperature transmitter monitors the connected sensors and its
own hardware for errors. In the event of a known error condition the device generates
an error signalling current.

The response time from the sensor is a maximum of 90 seconds.
This implies the discovery of the following potential errors:

■

Sensor burnout

■

Sensor short circuit (only for resistance temperature sensors, not for thermocouples)

■

Inadmissably high lead resistance (not with duplex resistance temperature sensors)

The online diagnosis-test interval of the instrument should be a maximum of
35 minutes. This implies the discovery of the following potential device errors:

■

ROM error

■

EEPROM error

■

RAM error

■

Program-counter error

■

Stack-pointer error

Furthermore, the following monitoring functions are carried out continuously:

■

Logical program ow control

■

Internal communications error

■

Over sensor upper limit

■

Under sensor lower limit

■

Cold junction temperature outside permissible limits (only for thermocouples)

■

Duplex sensor drift monitoring (activated optionally)

■

Conguration error

■

Monitoring of the permissible device temperature (optional, activated by default for
SIL versions)

■

Monitoring of the output limits (optional, not activated by default for SIL versions
starting from 01.01.2011)

GB

CAUTION!

The device's error signalling current (error current) is congured in
accordance with the following requirements:

■

Error current fail high (high alarm value):
settable in the range ≥ 21.0 mA to ≤ 23.0 mA (upscale)

■

Error current fail low (low alarm value) :
settable in the range ≥ 3.5 mA to ≤ 3.6 mA (downscale)

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

9

2. Safety

WARNING!

With certain device-side diagnosed hardware errors, the device gives a
downscale error signal with a loop current of < 3.8 mA, and can however,

GB

With certain inadmissible congurations (e.g. with deactivated write-protection) the
transmitter likewise generates an error signal. In order to nd the reason behind the
error signal, the diagnostic functions available over HART
functions are oered, for example, in the WIKA_T32 conguration software (free
download from www.wika.com).

2.5 Write protection

The T32.xS oers a write protection functionality in order to prevent accidental
conguration changes. The write-protection password is factory set to "0".

for technical reasons, also ensure no signal ≤ 3.6 mA with the appropriate
conguration. The evaluation system must therefore interpret a loop
current of < 3.8 mA as a fault condition.

®

should be used. Such

A T32.xS temperature transmitter with SIL option will only work once the
write protection has been activated. Without write protection activated,
such a transmitter will signal an error.

2.5.1 Operation of the write protection

The write protection function is activated via a passsword (numbers in the range 0 to
65535 are allowed) and through a switch (write protection activate/deactivate).
A change in the state of the write protection switch is only possible after the successful
input of the password. The password can be altered via its own menu.

CAUTION!

There is absolutely NO possibility of retrieving a forgotten password! The
only possibility is for the password to be reset at the factory!
Also, activation of the write protection is only possible through the input of
the correct password!

10

WIKA safety manual temperature transmitter T32.xS

11583631.02 11/2010 GB/D/F/E

2. Safety

2.6 Accuracy of the safe measuring function

The following information on the Total Safety Accuracy contains the following components:

■

Basic accuracy (measuring deviation from input and output, and the linearity error
of the transmitter)

■

In addition, for thermocouples, the internal cold-junction compensation (CJC),
except for type B thermocouples

■

Inuence of the ambient temperature in the range -50 ... +85 °C

The dened value for the Total Safety Accuracy for this instrument depends on the
chosen sensor type, and the congured measuring span (see following table).

Up to the minimum spans given in the table, the Total Safety Accuracy is 2 % of the
measuring range with respect to the current output signal of 16 mA.
Otherwise, the absolute values given directly in the table are valid.

CAUTION!

The measuring span is the dierence between the full scale value and the
initial value of a measuring range.

GB

Sensor
type

Permissible
sensor range
for the accuracy

Min. span for
2 % total safety
accuracy

specications

Pt100 -200 ... +850 °C 84 K
JPt100 -200 ... +500 °C 50 K
Ni100 -60 ... +250 °C 21 K
Pt1000
Pt500 70 K 2 K
Pt25 134 K 3 K
Pt10 241 K 5 K
TC type T -150 ... +400 °C 134 K
TC typeL -150 ... +900 °C 138 K
TC type U -150 ... +600 °C 136 K
TC type E -150 ... +1000 °C 164 K

TC type J -150 ... +1200 °C 176 K
TC type K -140 ... +1200 °C 197 K
TC type N -150 ... +1300 °C 154 K
TC type R +50 … +1600 °C 255 K
TC type S +50 … +1600 °C 273 K
TC type B +500 …+1820 °C 283 K

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

-200 ... +850 °C

69 K 2 K

Absolute total
safety accuracy for
small measuring
spans

2 K

3 K

4 K

6 K

11

2. Safety

Application (see table page 11):

■

Example 1
Sensor type Pt100, congured measuring range = -50 … +100 °C, so congured

GB

measuring span = 150 K.
This is not smaller than 84 K. Thus the Total Safety Accuracy is 2 % FS,
thus 2 % * 150 K = 3 K,
and/or 2 % * 16 mA = 320 μA in terms of the current output

■

Example 2
Sensor type Pt100, congured measuring range = 0 … 50 °C, so congured
measuring span = 50 K
This is smaller than 84 K, thus the total safety accuracy is 2 K,
thus 2 K / 50 K = 4 %, and 4 % * 16 mA = 640 μA in terms of the current output

2.7 Conguration changes

WARNING!

During the conguration change, the safety function is not active! Safe
operation is only admissible with activated write protection (password).

Carry out conguration changes within the permissible specications in accordance
with chapter "2.1 Intended use in safety applications".

With the supplied conguration tools, the write protection, and other items, for the
model T32.xS is settable:

■

WIKA T32 Conguration Software

■

AMS

■

SIMATIC PDM

■

DTM (from Version DTM Beta version V1.0.2, January 2003) in conjunction with
operating software to the FDT/DTM Standard, e.g. PACTware, FieldMate

■

HART® hand-held terminal FC475, FC375, MFC4150

WARNING!

The safety function must be checked following any conguration
procedure.

12

WIKA safety manual temperature transmitter T32.xS

11583631.02 11/2010 GB/D/F/E

2. Safety

2.8 Commissioning and periodic tests

The operability and error current of the model T32.xS temperature transmitter must
be tested both during commissioning and at reasonable intervals. Both the nature of
the tests as well as the chosen intervals are the responsibility of the user. The interval
usually conforms to the PFDavg value given in the standard (Values and key data see
"Appendix 1: SIL declaration of conformity"). Normally the repeated test happens every
year.

2.8.1 Proof test of the transmitter's complete signal processing chain

1. If required, bypass the safety controller system and/or take the appropriate action,
to prevent an alarm being triggered unintentionally.

2. Deactivate the device's write protection

3. With the aid of the HART
high alarm value (≥ 21.0 mA). (HART

4. Test whether the current output signal reaches this value.

5. With the aid of the function in simulation mode, set the current output of the
transmitter to a low alarm value (≤ 3.6 mA)

6. Test whether the current output signal reaches this value.

7. Activate the write protection and wait for a minimum of 5 seconds.

8. Switch the device o, or disconnect from the power supply.

9. Restart the device and wait at least 15 seconds from the switch-on time.

10. Check the current output with reference temperature 1) at 2 points. Select for the
initial value, (4 mA to +20 % of the span) and for the nal value (20 mA up to –20 %
of the span).

11. When using a customer-specic linearisation, this must be checked at a minimum
of three points.

12. Remove the bypass on the safety controller system or return to a normal operating
condition for other measures.

13. Following the tests, the results must be documented and archived accordingly.

®

function in simulation mode, set the current output to a

®

command 40: Enter Fixed Current-Mode)

GB

1) checking transmitters without sensors can also be achieved with an appropriate sensor

simulator (Simulator, ref. voltage source, etc.). Here the sensor must be tested to the SIL
demands of the customer's application. The measuring or setting accuracy of the test
instruments used should be at least 0.2 % of the span of the current output (16 mA).

With the testing described above a diagnostic cover of 99% will be
achieved.

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

13

2. Safety

2.8.2 Reduced proof test - limited testing of the transmitter's signal

conditioning chain

1. Bypass the safety controller system and/or take the appropriate action, to prevent

GB

an alarm being triggered unintentionally.

2. Deactivate the device's write protection

3. With the aid of the HART

®

function in simulation mode, set the current output to a

high alarm value (≥ 21.0 mA).

4. Test whether the current output signal reaches this value.

5. With the aid of the function in simulation mode, set the current output of the
transmitter to a low alarm value (≤ 3.6 mA)

6. Test whether the current output signal reaches this value.

7. Activate the write protection and wait for a minimum of 5 seconds.

8. Switch the device o, or disconnect from the power supply.

9. Restart the device and wait at least 15 seconds from the switch-on time.

10. Read the device status

11. Evaluate the device status and check it for conformity with the specications in the
operating instructions.

12. Read the device diagnostics

13. Evaluate the device diagnostics and check it for conformity with the specications
in the operating instructions.

14. Remove the bypass on the safety controller system or return to a normal operating
condition for other measures.

15. Following the tests, the results must be documented and archived accordingly

In contrast to the procedures described in 2.8.1., the signal conditioning chain is not tested here.
Its operational reliability should be ensured through reading and evaluating the device status and
device diagnostics.

With the testing described above, a diagnostic cover of 73 % will be
achieved.

WARNING!

Following the checking of the safety function, the device should be
secured against interference through write protection, since any change
in parameter can prejudice the safety function. The write protection should
be checked as follows: send a write instruction to the model T32.xS via a

®

HART

command. The temperature transmitter must acknowledge this

instruction with the message "Instrument is write protected".

WARNING!

The methods and procedures used for these tests (test scenarios) must
also be documented like the test results

. If the outcome of the function test
is negative, the whole system must be shut down. The process must be
put into a safe condition using appropriate procedures.

14

WIKA safety manual temperature transmitter T32.xS

11583631.02 11/2010 GB/D/F/E

2. Safety

WARNING!

After the proof test of the device, start a functional check of the entire
safety function (safety loop) in order to test whether the transmitter
ensures the safety function of the system. Function tests are intended
to demonstrate the correct function of the whole safety-related system,
including all instruments (sensor, logic unit, and actuator).

2.9 Information on the determination of safety-relevant parameters

The failure rates of the electronics were determined using FMEDA in accordance
with IEC 61508. The calculations were based upon the component failure rates in
accordance with SN 29500.

The following assumptions have been made:

■

The transmitter are only operated in low demand mode applications.

■

The mean ambient temperature during the period of operation is 40 °C.

■

The MTTF following a device failure is 8 hours.

In accordance with ISO 13849-1 a maximum service life for the transmitter of 20 years
is assumed. Replace the device after this time.

2.10 Decommissioning the transmitter

GB

WARNING!

Ensure dvices that have been taken out of service are not accidentally
recommissioned (e.g. through marking the instrument). After
decommissioning the temperature transmitter, a functional test of the
entire safety function (safety loop) should be initiated, in order to test
whether the safety function of the system is still ensured. Function tests
are intended to demonstrate the correct function of the whole safety­related system, including all instruments (sensor, logic unit, and actuator).

11583631.02 11/2010 GB/D/F/E

WIKA safety manual temperature transmitter T32.xS

15

Appendix 1: SIL Declaration of Conformity

GB

SIL Declaration of Conformity

Functional safety per DIN EN 61508 / DIN EN 61511

WIKA Alexander Wiegand SE & Co. KG, Alexander Wiegand Straße 30, 63911 Klingenberg
declares as the manufacturer the accuracy of the following information.

1. General information

Permissible options
Safety-relevant output signal 4 … 20 mA
Error current Adjustable: ≤ 3.6 mA and ≥ 21.0 mA

Evaluated measurands /function Temperature in °C, °F, K, R
Safety function Single sensor

Device type per IEC 61508-2 B (complex components)
Operating mode Low Demand Mode
Current hardware version 6
Current software version (Firmware) 2.2.1
Safety handbook Issue 05/2010
Type of evaluation Complete evaluation, in parallel with development,

Evaluation through Report No. TÜV Rheinland 968/EL 632.01/10
Test documents Safety-Product Requirement Specication

T32.1S.xxx-S / T32.3S.xxx-S (xxx = 000/0IS/0NI)

(Factory settings: 3.5 mA and 21.5 mA to NAMUR
NE43)

Duplex sensor, Redundant, Minimum value,
Maximum value, Average value

of hardware and software incl. FMEDA on a
component level and change process to
IEC 61508-2,3

Product Requirements Specication
Functional Safety Management Plan
Product verication plan
Data Sheet TE 32.04
FMEA at component level
Safety handbook

2. SIL Integrity

Systematic safety integrity SIL3-capable software
Integrity against "random, dangerous

hardware errors"
(Type B components)

16

Single channel operation (HFT = 0, e.g. 1v1); SIL2
Two channel operation SIL3: to IEC 61508-6 Annex D
must determine a β-factor for the two channel (redun­dant) application, in order to incorporate the 'Common
Cause Failure Probability'.
For further information, see WIKA contact data

WIKA safety manual temperature transmitter T32.xS

Page 1/3

11583631.02 11/2010 GB/D/F/E

Appendix 1: SIL Declaration of Conformity

SIL Declaration of Conformity

Functional safety per DIN EN 61508 / DIN EN 61511

3.1 FMEDA Pt100 3-wire (safety function for 4 … 20 mA output)

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 98.6 %
MTTR 8 h
PFD for T

1 year 1.316 x 10

proof

DC proof-test-coverage
incl. signal conditioning chain

3.2 FMEDA Pt100 4-wire (safety function for 4 … 20 mA output)

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 98.6 %
MTTR 8 h
PFD for T

1 year 1.482 x 10

proof

DC proof-test-coverage
incl. signal conditioning chain

3.3 FMEDA Pt100 2-wire (safety function for 4 … 20 mA output)

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 81.2 %
MTTR 8 h
PFD for T
DC proof-test-coverage
incl. signal conditioning chain

1 year 1.815 x 10

proof

30 FIT
2037 FIT
118 FIT

99 %

34 FIT
2037 FIT
119 FIT

99 %

414 FIT
1657 FIT
118 FIT

99 %

1)

1)

1)

-4

1)

1)

1)

-4

1)

1)

1)

-3

GB

2)

3.4 FMEDA thermocouple with internal cold junction
(safety function for 4 … 20 mA output)

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 94.9 %
MTTR 8 h
PFD for T

1 year 1.162 x 10

proof

DC proof-test-coverage
incl. signal conditioning chain

1) FIT = Failure in time, Unit: Quantity of failures per 10

2) Determine the distribution of error patterns in WIKA TRxx Sensors

11583631.02 11/2010 GB/D/F/E

265 FIT
4807 FIT
116 FIT

99 %

9

h

WIKA safety manual temperature transmitter T32.xS

1)

1)

1)

-3

Page 2/3

17

Appendix 1: SIL Declaration of Conformity

GB

SIL Declaration of Conformity

Functional safety per DIN EN 61508 / DIN EN 61511

3.5 FMEDA thermocouple with external cold junction

(safety function for 4 … 20 mA output)

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 90.7 %
MTTR 8 h
PFD for T

1 year 2.91 * 10

proof

DC proof-test-coverage
incl. signal conditioning chain

3.6 FMEDA duplex sensor Pt100 (safety function for 4 … 20 mA output)

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 98.8 %
MTTR 8 h
PFD for T

1 year 2.495 * 10

proof

DC proof-test-coverage
incl. signal conditioning chain

3.7 FMEDA duplex sensor thermocouple with internal cold junction

(safety function for

λ

du

λ

dd

λsu +λ

sd

SFF – Safe Failure Fraction 95.3 %
MTTR 8 h
PFD for T
DC proof-test-coverage
incl. signal conditioning chain

1) FIT = Failure in time, Unit: Quantity of failures per 10

proof

4 … 20 mA output

)

1 year 2.262 * 10

664 FIT
6407 FIT
118 FIT

99 %

57 FIT
4017 FIT
119 FIT

99 %

516 FIT
9557 FIT
117 FIT

99 %

9

h

1)

1)

1)

-3

1)

1)

1)

-4

1)

1)

1)

-3

18

Page 3/3

WIKA safety manual temperature transmitter T32.xS

11583631.02 11/2010 GB/D/F/E