T32.xS
Safety manual
Sicherheitshandbuch
Manuel de sécurité
Manual de seguridad
Information on functional safety
for temperature transmitter model T32.xS
Hinweise zur funktionalen Sicherheit
für Temperatur-Transmitter Typ T32.xS
Indications relatives à la sécurité fonctionnelle
pour transmetteur de température type T32.xS
Notas acerca de la seguridad funcional
para transmisores de temperatura modelo T32.xS
Full assessment per IEC 61508
certied by TÜV Rheinland
GB
D
F
E
Head mounting version Rail mounting version
model T32.1S model T32.3S
Safety manual model T32.xS
GB
Page 3 - 18
Sicherheitshandbuch Typ T32.xS
D
Manuel de sécurité type T32.xS
F
E
Manual de seguridad modelo T32.xS
Seite 19 - 32
Page 33 - 46
Página 47 - 59
11583631.02 11/2010 GB/D/F/E
2
WIKA safety manual temperature transmitter T32.xS
Contents
Contents
1. General information 4
1.1 History of this document 4
1.2 Other applicable instrument documentation 4
1.3 Relevant standards 4
1.4 Abbreviations 5
2. Safety 6
2.1 Intended use in safety applications 6
2.2 Labelling / safety labels 7
2.3 Restrictions to operating modes 8
2.4 Error signaling 9
2.5 Write protection 10
GB
2.6 Accuracy of the safe measuring function 11
2.7 Conguration changes 12
2.8 Commissioning and periodic tests 13
2.8.1 Proof Test of the transmitter's complete signal processing chain 13
2.8.2 Reduced proof test - limited testing of the transmitter's signal
conditioning chain 14
2.9 Information on the determination of safety-relevant parameters 15
2.10 Decommissioning the transmitter 15
Appendix 1: SIL Declaration of Conformity 16
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
3
1. General information
1. General information
1.1 History of this document
Documentation changes (compared with the previous issue)
GB
Issue Remarks Firmware
April 2010
May 2010
November
2010
This safety manual on functional safety covers the WIKA temperature transmitter
T32.1S/T32.3S (from Firmware Rev. 2.2.1) solely as part of a safety-related system.
This safety manual is valid with the documentation mentioned in chapter "1.1 Other
applicable instrument documentation". Please also note the safety instructions listed in
the operating manual.
These operating instructions contain important information on working with the Model
T32.1S/T32.3S temperature transmitter. Working safely requires that all safety instructions and work instructions are observed.
First issue
4 languages
(+ French, + Spanish)
Monitoring of the output limits
(optional, not activated by default for
SIL versions starting from 01.01.2011)
T32.1S/ T32.3S
(from Firmware Rev. 2.2.1)
T32.1S/ T32.3S
(from Firmware Rev. 2.2.1)
T32.1S/ T32.3S
(from Firmware Rev. 2.2.1)
The marking on the product label for the instrument with SIL design is
shown in the following illustration. Only the model T32.xS.0xx-S is suitable
for operation in safety-related applications!
The model T32.xS.0xx-S can be combined with the optional Ex version.
1.2 Other applicable instrument documentation
In addition to this safety manual the operating instructions for model T32.xS
(S-No.: 11258421) and the data sheet TE 32.04 are applicable.
1.3 Relevant standards
Standard Model T32.xS
IEC 61508 Safety-related systems for the process industry
Target groups: Manufacturers and suppliers of instruments
IEC 61511
4
Functional safety safety-related electrical/electronic/ programmable
electronic systems
Target groups: designers, integrators, users
WIKA safety manual temperature transmitter T32.xS
11583631.02 11/2010 GB/D/F/E
1. General information
1.4 Abbreviations
Abbreviation
HFT Hardware Fault Tolerance, capability of a functional unit to continue
MTBF Mean interval between two failures
MTTR Mean interval between the occurrence of the failure in a device or
PFD Likelihood of dangerous safety function failures occurring on
PFD
avg
SIL Safety Integrity Level, the international standard IEC 61508
SFF Safe Failure Fraction, the proportion of failures without the potential
T
Proof
XooY Classication and description of the safety-related system with
und λ
λ
sd
λdd +λ
du
λ
du
Description
the execution of the demanded function when faults or anomalies
exist.
system and its repair
demand
Average likelihood of dangerous safety function failures occurring
on demand
denes four discrete safety integrity levels (SIL1 to SIL4). Each
level corresponds to a specic probability range with respect to
the failure of a safety function. The higher the integrity level of the
safety-related system, the lower the likelihood of the demanded
safety functions not occurring.
to put the safety-related system into a dangerous or impermissible
functional state.
In accordance with IEC 61508-4, chapter 3.5.8, TProof is dened
as the periodic testing to expose errors in a safety-related system.
respect to redundancy and the selection procedure used. "Y"
indicates how often the safety function is carried out (redundancy).
"X" determines how many channels must work properly.
λsd Safe detected + λsu Safe undetected
su
Safe failure (IEC 61508-4, chapter 3.6.8):
A safe failure is present when the measuring system switches to the
dened safe state or the fault signalling mode without the process
demanding it.
λdd Dangerous detected + λdu Dangerous undetected
Unsafe failure (IEC 61508-4, chapter 3.6.7):
Generally a dangerous failure occurs if the measuring system
switches into a dangerous or functionally inoperable condition.
λdu Dangerous undetected
A dangerous undetected failure occurs if the measuring system does
not switch into a safe condition or into the error mode on a demand
from the process.
GB
For further relevant abbreviations, see IEC 61508-4.
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
5
2. Safety
2. Safety
2.1 Intended use in safety applications
All safety functions relate exclusively to the analogue output signal (4 … 20 mA). The
GB
device is certied to SIL2 (IEC 61508) . The device software fullls the criteria for SIL3
(IEC 61508). The use of the device in homogeneous reduntant systems is therefore
possible.
The following sensor connections achieve an SFF (Safe Failure Fraction) of >90 %,
sucient for SIL2:
■
Thermocouple (internal cold junction, Pt100)
■
Thermocouple (external cold junction, Pt100)
■
Resistance thermometer with 4-wire connection
■
Resistance thermometer with 3-wire connection
WIKA sensors Model TRxx (see WIKA manufacturer's declaration
Document No. 3011701)
■
Duplex thermocouple and/or duplex resistance thermometer (only in "redundant"
operating mode and when both sensors are used for monitoring the same
measurement point (2 channel)).
The following sensor connections achieve an SFF (Safe Failure Fraction) of >60 % for
SIL1:
■
Resistance thermometers with 3-wire connection
- universal sensors -
■
Resistance thermometers with 2-wire connection
The device generates a current signal in the approved measuring mode of a nominal
4 … 20 mA, that is dependent upon the sensor signal. The eective range of the output
signal limited to a minimum of 3.8 mA and a maximum of 20.5 mA (factory setting in
basic conguration).
WARNING!
Do not exceed the specications for the model T32.xS given in the data
sheets and operating instructions. In order to ensure a safe functionality
of the current output, the correct terminal voltage must be present in the
device.
The following terminal voltage limits apply:
Instrument model Terminal voltage limits
T32.1S.000-S
T32.3S.000-S
T32.1S.0IS-S
T32.3S.0IS-S
6
DC 10,5 ... 42 V
DC 10,5 ... 30 V
WIKA safety manual temperature transmitter T32.xS
11583631.02 11/2010 GB/D/F/E
2. Safety
WARNING !
The following sensors and oerating modes are NOT allowed for operation
in a safety-relevant application:
■
Potentiometer
■
Resistance sensor
■
mV-Sensor
■
Dierential mode in duplex sensor operation
2.2 Labelling / safety labels
Product label
■
Head mounting version, model T32.1S
GB
SIL version
(only at SIL)
Power supply
Sensor, Pt100
or RTD
Output signal
Model
with SIL: T32.1S.0IS-S
without SIL: T32.1S.0IS-Z
Date of manufacture
(year-month)
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
7
GB
2. Safety
■
Rail mounting version, model T32.3S
SIL version
(only at SIL)
Power supply
Sensor, Pt100
or RTD
Output signal
Model
with SIL: T32.1S.0IS-S
without SIL: T32.1S.0IS-Z
Date of manufacture
(year-month)
2.3 Restrictions to operating modes
WARNING!
Under the following operating conditions, the safety function of the device
is not guaranteed:
■
During conguration
■
When the write-protection is deactivated
■
When the HART® multi drop mode is activated.
■
Measured value transmission via HART® protocol
■
During a simulation
■
During the Proof Tests
■
When the write-protection is deactivated
8
Pin assignment
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
2. Safety
2.4 Error signaling
The model T32.xS temperature transmitter monitors the connected sensors and its
own hardware for errors. In the event of a known error condition the device generates
an error signalling current.
The response time from the sensor is a maximum of 90 seconds.
This implies the discovery of the following potential errors:
■
Sensor burnout
■
Sensor short circuit (only for resistance temperature sensors, not for thermocouples)
■
Inadmissably high lead resistance (not with duplex resistance temperature sensors)
The online diagnosis-test interval of the instrument should be a maximum of
35 minutes. This implies the discovery of the following potential device errors:
■
ROM error
■
EEPROM error
■
RAM error
■
Program-counter error
■
Stack-pointer error
Furthermore, the following monitoring functions are carried out continuously:
■
Logical program ow control
■
Internal communications error
■
Over sensor upper limit
■
Under sensor lower limit
■
Cold junction temperature outside permissible limits (only for thermocouples)
■
Duplex sensor drift monitoring (activated optionally)
■
Conguration error
■
Monitoring of the permissible device temperature (optional, activated by default for
SIL versions)
■
Monitoring of the output limits (optional, not activated by default for SIL versions
starting from 01.01.2011)
GB
CAUTION!
The device's error signalling current (error current) is congured in
accordance with the following requirements:
■
Error current fail high (high alarm value):
settable in the range ≥ 21.0 mA to ≤ 23.0 mA (upscale)
■
Error current fail low (low alarm value) :
settable in the range ≥ 3.5 mA to ≤ 3.6 mA (downscale)
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
9
2. Safety
WARNING!
With certain device-side diagnosed hardware errors, the device gives a
downscale error signal with a loop current of < 3.8 mA, and can however,
GB
With certain inadmissible congurations (e.g. with deactivated write-protection) the
transmitter likewise generates an error signal. In order to nd the reason behind the
error signal, the diagnostic functions available over HART
functions are oered, for example, in the WIKA_T32 conguration software (free
download from www.wika.com).
2.5 Write protection
The T32.xS oers a write protection functionality in order to prevent accidental
conguration changes. The write-protection password is factory set to "0".
for technical reasons, also ensure no signal ≤ 3.6 mA with the appropriate
conguration. The evaluation system must therefore interpret a loop
current of < 3.8 mA as a fault condition.
®
should be used. Such
A T32.xS temperature transmitter with SIL option will only work once the
write protection has been activated. Without write protection activated,
such a transmitter will signal an error.
2.5.1 Operation of the write protection
The write protection function is activated via a passsword (numbers in the range 0 to
65535 are allowed) and through a switch (write protection activate/deactivate).
A change in the state of the write protection switch is only possible after the successful
input of the password. The password can be altered via its own menu.
CAUTION!
There is absolutely NO possibility of retrieving a forgotten password! The
only possibility is for the password to be reset at the factory!
Also, activation of the write protection is only possible through the input of
the correct password!
10
WIKA safety manual temperature transmitter T32.xS
11583631.02 11/2010 GB/D/F/E
2. Safety
2.6 Accuracy of the safe measuring function
The following information on the Total Safety Accuracy contains the following components:
■
Basic accuracy (measuring deviation from input and output, and the linearity error
of the transmitter)
■
In addition, for thermocouples, the internal cold-junction compensation (CJC),
except for type B thermocouples
■
Inuence of the ambient temperature in the range -50 ... +85 °C
The dened value for the Total Safety Accuracy for this instrument depends on the
chosen sensor type, and the congured measuring span (see following table).
Up to the minimum spans given in the table, the Total Safety Accuracy is 2 % of the
measuring range with respect to the current output signal of 16 mA.
Otherwise, the absolute values given directly in the table are valid.
CAUTION!
The measuring span is the dierence between the full scale value and the
initial value of a measuring range.
GB
Sensor
type
Permissible
sensor range
for the accuracy
Min. span for
2 % total safety
accuracy
specications
Pt100 -200 ... +850 °C 84 K
JPt100 -200 ... +500 °C 50 K
Ni100 -60 ... +250 °C 21 K
Pt1000
Pt500 70 K 2 K
Pt25 134 K 3 K
Pt10 241 K 5 K
TC type T -150 ... +400 °C 134 K
TC typeL -150 ... +900 °C 138 K
TC type U -150 ... +600 °C 136 K
TC type E -150 ... +1000 °C 164 K
TC type J -150 ... +1200 °C 176 K
TC type K -140 ... +1200 °C 197 K
TC type N -150 ... +1300 °C 154 K
TC type R +50 … +1600 °C 255 K
TC type S +50 … +1600 °C 273 K
TC type B +500 …+1820 °C 283 K
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
-200 ... +850 °C
69 K 2 K
Absolute total
safety accuracy for
small measuring
spans
2 K
3 K
4 K
6 K
11
2. Safety
Application (see table page 11):
■
Example 1
Sensor type Pt100, congured measuring range = -50 … +100 °C, so congured
GB
measuring span = 150 K.
This is not smaller than 84 K. Thus the Total Safety Accuracy is 2 % FS,
thus 2 % * 150 K = 3 K,
and/or 2 % * 16 mA = 320 μA in terms of the current output
■
Example 2
Sensor type Pt100, congured measuring range = 0 … 50 °C, so congured
measuring span = 50 K
This is smaller than 84 K, thus the total safety accuracy is 2 K,
thus 2 K / 50 K = 4 %, and 4 % * 16 mA = 640 μA in terms of the current output
2.7 Conguration changes
WARNING!
During the conguration change, the safety function is not active! Safe
operation is only admissible with activated write protection (password).
Carry out conguration changes within the permissible specications in accordance
with chapter "2.1 Intended use in safety applications".
With the supplied conguration tools, the write protection, and other items, for the
model T32.xS is settable:
■
WIKA T32 Conguration Software
■
AMS
■
SIMATIC PDM
■
DTM (from Version DTM Beta version V1.0.2, January 2003) in conjunction with
operating software to the FDT/DTM Standard, e.g. PACTware, FieldMate
■
HART® hand-held terminal FC475, FC375, MFC4150
WARNING!
The safety function must be checked following any conguration
procedure.
12
WIKA safety manual temperature transmitter T32.xS
11583631.02 11/2010 GB/D/F/E
2. Safety
2.8 Commissioning and periodic tests
The operability and error current of the model T32.xS temperature transmitter must
be tested both during commissioning and at reasonable intervals. Both the nature of
the tests as well as the chosen intervals are the responsibility of the user. The interval
usually conforms to the PFDavg value given in the standard (Values and key data see
"Appendix 1: SIL declaration of conformity"). Normally the repeated test happens every
year.
2.8.1 Proof test of the transmitter's complete signal processing chain
1. If required, bypass the safety controller system and/or take the appropriate action,
to prevent an alarm being triggered unintentionally.
2. Deactivate the device's write protection
3. With the aid of the HART
high alarm value (≥ 21.0 mA). (HART
4. Test whether the current output signal reaches this value.
5. With the aid of the function in simulation mode, set the current output of the
transmitter to a low alarm value (≤ 3.6 mA)
6. Test whether the current output signal reaches this value.
7. Activate the write protection and wait for a minimum of 5 seconds.
8. Switch the device o, or disconnect from the power supply.
9. Restart the device and wait at least 15 seconds from the switch-on time.
10. Check the current output with reference temperature 1) at 2 points. Select for the
initial value, (4 mA to +20 % of the span) and for the nal value (20 mA up to –20 %
of the span).
11. When using a customer-specic linearisation, this must be checked at a minimum
of three points.
12. Remove the bypass on the safety controller system or return to a normal operating
condition for other measures.
13. Following the tests, the results must be documented and archived accordingly.
®
function in simulation mode, set the current output to a
®
command 40: Enter Fixed Current-Mode)
GB
1) checking transmitters without sensors can also be achieved with an appropriate sensor
simulator (Simulator, ref. voltage source, etc.). Here the sensor must be tested to the SIL
demands of the customer's application. The measuring or setting accuracy of the test
instruments used should be at least 0.2 % of the span of the current output (16 mA).
With the testing described above a diagnostic cover of 99% will be
achieved.
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
13
2. Safety
2.8.2 Reduced proof test - limited testing of the transmitter's signal
conditioning chain
1. Bypass the safety controller system and/or take the appropriate action, to prevent
GB
an alarm being triggered unintentionally.
2. Deactivate the device's write protection
3. With the aid of the HART
®
function in simulation mode, set the current output to a
high alarm value (≥ 21.0 mA).
4. Test whether the current output signal reaches this value.
5. With the aid of the function in simulation mode, set the current output of the
transmitter to a low alarm value (≤ 3.6 mA)
6. Test whether the current output signal reaches this value.
7. Activate the write protection and wait for a minimum of 5 seconds.
8. Switch the device o, or disconnect from the power supply.
9. Restart the device and wait at least 15 seconds from the switch-on time.
10. Read the device status
11. Evaluate the device status and check it for conformity with the specications in the
operating instructions.
12. Read the device diagnostics
13. Evaluate the device diagnostics and check it for conformity with the specications
in the operating instructions.
14. Remove the bypass on the safety controller system or return to a normal operating
condition for other measures.
15. Following the tests, the results must be documented and archived accordingly
In contrast to the procedures described in 2.8.1., the signal conditioning chain is not tested here.
Its operational reliability should be ensured through reading and evaluating the device status and
device diagnostics.
With the testing described above, a diagnostic cover of 73 % will be
achieved.
WARNING!
Following the checking of the safety function, the device should be
secured against interference through write protection, since any change
in parameter can prejudice the safety function. The write protection should
be checked as follows: send a write instruction to the model T32.xS via a
®
HART
command. The temperature transmitter must acknowledge this
instruction with the message "Instrument is write protected".
WARNING!
The methods and procedures used for these tests (test scenarios) must
also be documented like the test results
. If the outcome of the function test
is negative, the whole system must be shut down. The process must be
put into a safe condition using appropriate procedures.
14
WIKA safety manual temperature transmitter T32.xS
11583631.02 11/2010 GB/D/F/E
2. Safety
WARNING!
After the proof test of the device, start a functional check of the entire
safety function (safety loop) in order to test whether the transmitter
ensures the safety function of the system. Function tests are intended
to demonstrate the correct function of the whole safety-related system,
including all instruments (sensor, logic unit, and actuator).
2.9 Information on the determination of safety-relevant parameters
The failure rates of the electronics were determined using FMEDA in accordance
with IEC 61508. The calculations were based upon the component failure rates in
accordance with SN 29500.
The following assumptions have been made:
■
The transmitter are only operated in low demand mode applications.
■
The mean ambient temperature during the period of operation is 40 °C.
■
The MTTF following a device failure is 8 hours.
In accordance with ISO 13849-1 a maximum service life for the transmitter of 20 years
is assumed. Replace the device after this time.
2.10 Decommissioning the transmitter
GB
WARNING!
Ensure dvices that have been taken out of service are not accidentally
recommissioned (e.g. through marking the instrument). After
decommissioning the temperature transmitter, a functional test of the
entire safety function (safety loop) should be initiated, in order to test
whether the safety function of the system is still ensured. Function tests
are intended to demonstrate the correct function of the whole safetyrelated system, including all instruments (sensor, logic unit, and actuator).
11583631.02 11/2010 GB/D/F/E
WIKA safety manual temperature transmitter T32.xS
15
Appendix 1: SIL Declaration of Conformity
GB
SIL Declaration of Conformity
Functional safety per DIN EN 61508 / DIN EN 61511
WIKA Alexander Wiegand SE & Co. KG, Alexander Wiegand Straße 30, 63911 Klingenberg
declares as the manufacturer the accuracy of the following information.
1. General information
Permissible options
Safety-relevant output signal 4 … 20 mA
Error current Adjustable: ≤ 3.6 mA and ≥ 21.0 mA
Evaluated measurands /function Temperature in °C, °F, K, R
Safety function Single sensor
Device type per IEC 61508-2 B (complex components)
Operating mode Low Demand Mode
Current hardware version 6
Current software version (Firmware) 2.2.1
Safety handbook Issue 05/2010
Type of evaluation Complete evaluation, in parallel with development,
Evaluation through Report No. TÜV Rheinland 968/EL 632.01/10
Test documents Safety-Product Requirement Specication
T32.1S.xxx-S / T32.3S.xxx-S (xxx = 000/0IS/0NI)
(Factory settings: 3.5 mA and 21.5 mA to NAMUR
NE43)
Duplex sensor, Redundant, Minimum value,
Maximum value, Average value
of hardware and software incl. FMEDA on a
component level and change process to
IEC 61508-2,3
Product Requirements Specication
Functional Safety Management Plan
Product verication plan
Data Sheet TE 32.04
FMEA at component level
Safety handbook
2. SIL Integrity
Systematic safety integrity SIL3-capable software
Integrity against "random, dangerous
hardware errors"
(Type B components)
16
Single channel operation (HFT = 0, e.g. 1v1); SIL2
Two channel operation SIL3: to IEC 61508-6 Annex D
must determine a β-factor for the two channel (redundant) application, in order to incorporate the 'Common
Cause Failure Probability'.
For further information, see WIKA contact data
WIKA safety manual temperature transmitter T32.xS
Page 1/3
11583631.02 11/2010 GB/D/F/E
Appendix 1: SIL Declaration of Conformity
SIL Declaration of Conformity
Functional safety per DIN EN 61508 / DIN EN 61511
3.1 FMEDA Pt100 3-wire (safety function for 4 … 20 mA output)
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 98.6 %
MTTR 8 h
PFD for T
1 year 1.316 x 10
proof
DC proof-test-coverage
incl. signal conditioning chain
3.2 FMEDA Pt100 4-wire (safety function for 4 … 20 mA output)
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 98.6 %
MTTR 8 h
PFD for T
1 year 1.482 x 10
proof
DC proof-test-coverage
incl. signal conditioning chain
3.3 FMEDA Pt100 2-wire (safety function for 4 … 20 mA output)
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 81.2 %
MTTR 8 h
PFD for T
DC proof-test-coverage
incl. signal conditioning chain
1 year 1.815 x 10
proof
30 FIT
2037 FIT
118 FIT
99 %
34 FIT
2037 FIT
119 FIT
99 %
414 FIT
1657 FIT
118 FIT
99 %
1)
1)
1)
-4
1)
1)
1)
-4
1)
1)
1)
-3
GB
2)
3.4 FMEDA thermocouple with internal cold junction
(safety function for 4 … 20 mA output)
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 94.9 %
MTTR 8 h
PFD for T
1 year 1.162 x 10
proof
DC proof-test-coverage
incl. signal conditioning chain
1) FIT = Failure in time, Unit: Quantity of failures per 10
2) Determine the distribution of error patterns in WIKA TRxx Sensors
11583631.02 11/2010 GB/D/F/E
265 FIT
4807 FIT
116 FIT
99 %
9
h
WIKA safety manual temperature transmitter T32.xS
1)
1)
1)
-3
Page 2/3
17
Appendix 1: SIL Declaration of Conformity
GB
SIL Declaration of Conformity
Functional safety per DIN EN 61508 / DIN EN 61511
3.5 FMEDA thermocouple with external cold junction
(safety function for 4 … 20 mA output)
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 90.7 %
MTTR 8 h
PFD for T
1 year 2.91 * 10
proof
DC proof-test-coverage
incl. signal conditioning chain
3.6 FMEDA duplex sensor Pt100 (safety function for 4 … 20 mA output)
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 98.8 %
MTTR 8 h
PFD for T
1 year 2.495 * 10
proof
DC proof-test-coverage
incl. signal conditioning chain
3.7 FMEDA duplex sensor thermocouple with internal cold junction
(safety function for
λ
du
λ
dd
λsu +λ
sd
SFF – Safe Failure Fraction 95.3 %
MTTR 8 h
PFD for T
DC proof-test-coverage
incl. signal conditioning chain
1) FIT = Failure in time, Unit: Quantity of failures per 10
proof
4 … 20 mA output
)
1 year 2.262 * 10
664 FIT
6407 FIT
118 FIT
99 %
57 FIT
4017 FIT
119 FIT
99 %
516 FIT
9557 FIT
117 FIT
99 %
9
h
1)
1)
1)
-3
1)
1)
1)
-4
1)
1)
1)
-3
18
Page 3/3
WIKA safety manual temperature transmitter T32.xS
11583631.02 11/2010 GB/D/F/E
Loading...