FAQs in FSM
Questions
- Can a manufacturer such as MTL state their products are
- Are MTL backplanes SIL certified?
- Are MTL barriers SIL certified?
- I have product which I would like to use in a SIL loop; as MTL are a certified FSM company can they
- As MTL are a certified FSM company can they provide guidance in developing a SIL loop?
- Is it true that if a safety loop is designed as SIL2 then all the individual components in that loop
- What is a safety manual?
- MTL 55xx series of products are certified for use in hazardous areas so could they all be allowed to
- What types of communication buses or protocols are applicable for SIL 2 or SIL 3 systems?
- MTL55xx isolator datasheet stats that it could be used in SIL3 rated safety function loops so can th
- Who can conduct a functional safety assessment?
- What is functional safety assessment and what is involved?
- Can I replace a SIL2 rated isolator from one supplier with anoth
- Will a SIL rated system require increased maintenance?
- Who should design safety loop and what competency is required?
- Can an individual product (i.e. Isolator) be SIL rated?
- What is a Safety Integrity Level (SIL)?
- What is Functional Safety?
- What is IEC61508?
Answers
Can a manufacturer such as MTL state their products are
The steps required to define, design, verify, install and commission safety functions are given in the life cycle contained within the standards. For the process industries the IEC 61511 standard is the sector specific standard to follow and it would be foolish to attempt any activity for a safety function without reference to this standard.
Are MTL backplanes SIL certified?
No, once again these are regarded as ‘wiring components’ in a similar manner to terminal blocks.
Are MTL barriers SIL certified?
In the context of ‘functional safety’, simple shunt-diode zener barriers do not perform a safety function and are regarded as just ‘wiring components’. Thus the reliability in terms of the MTBF figures is all that is taken into consideration for the safety loop. The more complex or ‘active’ zener barriers, such as the MTL7706+ or the MTL774x models, will be considered for their use in functional safety applications at a later date.
I have product which I would like to use in a SIL loop; as MTL are a certified FSM company can they
No. We are only responsible for our own products.
As MTL are a certified FSM company can they provide guidance in developing a SIL loop?
No, the design of the safety function is the responsibility of the user not the vendor. MTL provide the information needed to select, install, operate and maintain our products in the Safety Manual.
Is it true that if a safety loop is designed as SIL2 then all the individual components in that loop
This is the simplest way to achieve the goal but remember that duplication or triplication of the signal paths is often used to reach the target too. Thus components with lower ratings are employed in parallel to implement the overall safety function, which reduces the demands upon the individual items.
What is a safety manual?
For all suppliers of products and equipment used in safety functions who claim compliance with the standard then a safety manual is required. The purpose of the safety manual for compliant items is to document all the information which is required to enable the integration of the item into a safety-related system, or a subsystem or element, in compliance with the requirements of the standard. The selection, installation, operation, and maintenance of the equipment to achieve the safety function are all detailed in the safety manual.
MTL 55xx series of products are certified for use in hazardous areas so could they all be allowed to
No. With our isolator products Intrinsic Safety relates to the prevention of explosion by constraining the electrical energy passed into the hazardous area under all conditions, both in normal operation and including when faults are present. The risks that are mitigated by the safety functions are concerned with the process under control and maintaining this in a safe state.
What types of communication buses or protocols are applicable for SIL 2 or SIL 3 systems?
In the process control industries, the simple answer is ‘none’. It is the safety loop that achieves the required integrity level. Communications with a ‘logic solver’ that is performing part of a safety function do not form part of that safety function. The use of HART or other communications may provide diagnostics and confirmation of the state of a safety function but are not themselves part of the safety function.
MTL55xx isolator datasheet stats that it could be used in SIL3 rated safety function loops so can th
Look at the definitions of the safety integrity levels. If a component has been assessed as suitable for use up to SIL3 then it can also be used in loops that need to achieve SIL2 or SIL1.
Who can conduct a functional safety assessment?
The steps required to define, design, verify, install and commission safety functions are given in the life cycle contained within the standards. For the process industries the IEC 61511 standard is the sector specific standard to follow and it would be foolish to attempt any activity for a safety function without reference to this standard.
What is functional safety assessment and what is involved?
The objective of the functional safety assessment investigate and arrive at a judgement on the adequacy of the functional safety achieved by the E/E/PE safety-related system(s) or compliant items (e.g. elements/subsystems) based on compliance with the relevant clauses of this standard.
Functional safety assessment is the critical activity that ensures functional safety has actually been achieved based on compliance with the relevant clauses of this standard. Those carrying out the functional safety assessment shall be competent, shall have adequate independence and shall consider the activities carried out and the outputs obtained during each phase of every lifecycle and judge the extent to which the objectives and requirements of IEC 61508 have been met. See clause 8 of IEC 61508-1 for further details.
Can I replace a SIL2 rated isolator from one supplier with anoth
Essentially yes, but once you have satisfied that the operational parameters, the intrinsic safety parameters and the functional safety parameters are compatible, then updated the loop design records and documents to support the change. This must then be verified by the safety system designer with the appropriate level of competence. Remember also to consider the proof-test requirements for the new component compared to the old one to ensure the PFD is not impaired. In similar vein to the requirements for maintaining intrinsic safety loops, then any change likely to affect the functional safety of a loop must be adequately assessed, documented and approved.
Will a SIL rated system require increased maintenance?
Compared to what alternative? The fact that a safety system is needed to reduce a process risk is the driving force behind the use of such equipment rather than any consideration of the maintenance! Keeping the safety functions in good working order is a necessary part of achieving the process risk reduction.
Who should design safety loop and what competency is required?
The steps required to define, design, verify, install and commission safety functions are given in the life cycle contained within the standards. For the process industries the IEC 61511 standard is the sector specific standard to follow and it would be foolish to attempt any activity for a safety function without reference to this standard.
Can an individual product (i.e. Isolator) be SIL rated?
Products (components) must be suitable for use in a safety loop (function) up to the integrity level that the loop is to achieve. Remember that it is the complete safety loop or safety function that has a Safety Integrity Level and not a particular component. Each component, by itself, does not perform a safety function – it is the complete chain of components operating together that implement the safety function designed to mitigate the identified risk.
What is a Safety Integrity Level (SIL)?
A safety integrity level is one of four levels, each corresponding to a range of target likelihood of failures of a safety function. Note that a safety integrity level is a property of a safety function rather than of a system or any part of a system.
What is Functional Safety?
- Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.
- Functional safety is achieved when every specified safety function is carried out and the level of performance required of each safety function is met.
- Functional safety relies on active systems.
- An example of functional safety would be the activation of a level switch in a tank containing a flammable liquid, when a potentially dangerous level has been reached, which causes a valve to be closed to prevent further liquid entering the tank and thereby preventing the liquid in the tank from overflowing.
- Safety achieved by measures that rely on passive systems is not functional safety. A fire resistant door or insulation to withstand high temperatures are measures that are passive in nature and can protect against the same hazards as are sometimes controlled by functional safety concepts but are not instances of functional safety.
- See also IEC/TR 61508-0 Ed1.0, Functional safety of E/E/PE safety-related systems - Part 0: Functional safety and IEC 61508 for further details.
What is IEC61508?
IEC 61508 is a ‘generic’ standard, intended to satisfy the needs of all industry sectors. It is a large document, consisting of seven parts and a total of about 400 pages. Ideally it should be used as the basis for writing more specific (e.g. sector- specific and application-specific) standards, but it is also intended to be used directly where these do not exist. It has become a requirement of many customers, and its principles are perceived as defining much of what is considered to be good safety-management practice.
The standard consists of seven parts. The first four are ‘normative’ - i.e. they are mandatory - and the fifth, sixth and seventh are informative - i.e. they provide added information and guidance on the use of the first four.
- Part 1 (General Requirements) defines the activities to be carried out at each stage of the overall safety lifecycle, as well as the requirements for documentation, conformance to the standard, management and safety assessment.
- Part 2 (Requirements for Electrical/ Electronic/ Programmable Electronic (E/E/PE) Safety-Related Systems) and Part 3 (Software Requirements) interpret the general requirements of Part 1 in the context of hardware and software respectively. They are specific to phase 9 of the overall safety lifecycle, illustrated in Figure 4.
- Part 4 (Definitions and Abbreviations) gives definitions of the terms used in the standard.
- Part 5 (Examples of Methods for the Determination of Safety Integrity Levels) gives risk-analysis examples and demonstrates the allocation of safety integrity levels (SILs).
- Part 6 (Guidelines on the Application of Parts 2 and 3) offers guidance as per its title.
- Part 7 (Overview of Techniques and Measures) provides brief descriptions of techniques used in safety and software engineering, as well as references to sources of more detailed information about them. In any given application, it is unlikely that the entire standard would be relevant. Thus, an important initial aspect of use is to define the appropriate part(s) and clauses.