functional safety manual rma422 - endress+hauser … · rma422 endress+hauser 3 sil declaration of...
TRANSCRIPT
SD009R/09/en
Functional safety manual
RMA422Process Transmitter
Application
1 to 2-channel transmitter power supply with
intrinsically safe current inputs, limit value monitoring
with 2 change-over contacts, mathematic functions and
1 to 2 analog outputs to satisfy particular safety systems
requirements as per IEC 61508/ IEC 61511-1 (FDIS).
The measuring device fulfils the requirements
concerning
• Functional safety as per
IEC 61508/IEC 61511-1
• Explosion protection (depending on the version)
• Electromagnetic compatibility as per IEC 61326.
Your benefits
• Use in a safety-instrumented system up to SIL 2,
independently evaluated (Functional Assessment) by
exida.com as per IEC 61508/
IEC 61511-1
RMA422
2 Endress+Hauser
Table of contents
SIL Declaration of Conformity . . . . . . . . . . . . . . . . . . . 3
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Abbreviations, standards and terms . . . . . . . . . . . . . . . . . . . . . . . . 4
Determining the Safety Integrity Level (SIL) . . . . . . . . . . . . . . . . . 4
Safety function with RMA422 . . . . . . . . . . . . . . . . . . . 5
Safety function for limit temperature monitoring . . . . . . . . . . . . . . 5
Safety function data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Unit version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Supplementary device documentation RMA422 . . . . . . . . . . . . . . 6
Commissioning and iterative tests . . . . . . . . . . . . . . . . 7
Using the RMA422 for
continuous measurements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Safety-related parameters . . . . . . . . . . . . . . . . . . . . . . 8
Specific safety-related parameters for RMA422 . . . . . . . . . . . . . . . 8
PFDAVG dependent on selected maintenance interval . . . . . . . . . 8
Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Exida.com management summary . . . . . . . . . . . . . . . 11
Declaration of Hazardous Material and De-
Contamination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
RMA422
Endress+Hauser 3
SIL Declaration of Conformity
Functional safety of a process transmitter according to IEC 61508/IEC 61511
Endress+Hauser Wetzer GmbH+Co. KG, Obere Wank 1, 87484 Nesselwang declares as manufacturer, that the process transmitter
RMA 422 is suitable for the use in a safety-instrumented system according to standard IEC 61511-1, provided the relevant safety instructions are observed.
The FMEDA provides the following parameters:
Product RMA 422 with analogue output RMA 422 with limit contact
Analogue input 1 2 1 2
SIL 2
Proof test interval 1 year
Device type B
HFT 1)
0 (single channel use)
SFF > 86 % > 85 %
PFDAVG 2)
3.90x10-4
4.50x10-4
3.86x10-4
4.46x10-4
MTBF 3)
160 years 139 years 154 years 134 years
Safety function 4)
monitoring
low level
high level range
low level
high level range
λsd in FIT 245 55 291 283 69 343 9 9
λsu in FIT 286 286 286 328 328 328 493 587
λdd in FIT 60 250 14 74 289 14 14 14
λdu in FIT 89 89 89 103 103 103 88 102
1) according to clause 11.4.4 of IEC 61511-1
2) the value complies with SIL2 according to ISA S84.01 and IEC 61511-1
3) according to Siemens SN29500
4) assuming setting of 4 to 20 mA
The device including the modification process was assessed on the basis of prior use.
Nesselwang, 30 January 2004 Endress+Hauser Wetzer GmbH+Co. KG
General manager
SIL-04001a/09/e
Hauser+EndressThe Power of Know How
RMA422
4 Endress+Hauser
Introduction
Abbreviations, standards and
terms
Abbreviations
Explanation to the abbreviations used can be found in the SIL-Brochure (SI002Z/11).
Relevant standards
Terms
Determining the Safety
Integrity Level (SIL)
The achievable Safety Integrity Level is determined by the following safety-related parameters:
• Average Probability of Failure on Demand (PFDAVG)
• Hardware Fault Tolerance (HFT) and
• Safe Failure Fraction (SFF).
The specific safety-related parameters for the RMA422, as a part of a safety function, are listed in the "Safety-
related parameters" chapter.
The following table displays the dependence of the "Safety Integrity Level" (SIL) on the "Average Probability of
Failure on Demand" (PFDAVG). Here, the "Low demand mode" has been observed, i.e. the requirement rate for
the safety-related system is maximum once a year.
Sensor, process transmitter, logic unit and actuator together form a safety-related system, which performs a
safety function. The "Average Probability of Failure on Demand" (PFDAVG) is usually divided up into the sensor,
process transmitter, logic unit and actuator sub-systems as per Figure 1.
Fig. 1: Share of the process transmitter in the "average probability of dangerous failure on demand" (PFDAVG
! Note!
This documentation considers the RMA422 as a component of a safety function.
Standard Explanation
IEC 61508,
Part 1 – 7
Functional safety of electrical/electronic/programmable electronic safety-related systems
(Target group: Manufacturers and Suppliers of Devices)
IEC 61511
Part 1 – 3 (FDIS)
Functional safety – Safety Instrumented Systems for the process industry sector (Target
group: Safety Instrumented Systems Designers, Integrators and Users)
Term Explanation
Dangerous
failure
Failure with the potential to put the safety-related system in a dangerous or non-functional
condition.
Safety-related system A safety-related system performs the safety functions that are required to achieve or
maintain a safe condition e.g. in a plant. Example: temperature measuring device – logic
unit (e.g. limit signal generator) – valve form a safety-related system.
Safety function Defined function, which is performed by a safety-related system with the aim of achieving
or maintaining a safe condition for the plant, considering a specified dangerous incident.
Example: limit temperature monitoring
Safety Integrity Level (SIL) PFDAVG (Low demand mode)
4 ≥ 10–5...< 10–4
3 ≥ 10–4...< 10–3
2 ≥ 10–3...< 10–2
1 ≥ 10–2...< 10–1
PFD 10%AVG ≤
Actuator(e.g. valve)
Logic unit(e.g. PLC)
Process transmitter(e.g. RMA 422)
Sensor(e.g. temperaturemeasuring device)
RMA422
Endress+Hauser 5
Safety Integrity Level RMA422 (Type B)
The following table displays the achievable "Safety Integrity Level" (SIL) of the entire safety-related system for
type B systems depending on the "Safe Failure Fraction" (SFF) and the "Hardware Fault Tolerance" (HFT). Type
B systems are, for example, sensors with complex components such as ASICs (→ see also IEC 61508, Part 2).
Safety function with RMA422
Safety function for limit
temperature monitoring
G09-RMA422xx-14-00-xx-en-000
Fig. 2: Safety function with analog output
Safe Failure Fraction
(SFF)
Hardware Fault Tolerance (HFT)
0 1 (0)1)
1) In accordance with IEC 61511-1 (FDIS), Clause 11.4.4, the "Hardware Fault Tolerance" (HFT) can be reduced by
one (values in brackets), if the following conditions are true for devices using sensors and actuators with complex
components:
– The device is "proven in use".
– The device allows adjustment of process-related parameters only, e.g. measuring range, upscale or downscale
failure direction, etc.
– The adjustment level of the process-related parameters of the device is protected, e.g. by jumper, password (here:
numeric code or key combination)
– The function has a "Safety Integrity Level" (SIL) requirement less than 4.
All conditions are true for the RMA422.
2 (1)1
< 60% not permitted SIL 1 SIL 2
60 ...< 90 % SIL 1 SIL 2 SIL 3
90 ...< 99 % SIL 2 SIL 3 –
≥ 99 % SIL 3 – –
RMA422
6 Endress+Hauser
G09-RMA422xx-14-00-xx-en-001
Fig. 3: Safety function with relay
The sensors, powered by the RMA422 process transmitter, generate an analog signal (4 to 20 mA) in proportion
to the measured value. Mathematic functions allow the formation of a new process variable. The process
transmitter makes the analog signals in proportion to the new process variable available to a downstream logic
unit, such as a PLC. The limit values can also be monitored directly with the RMA422 by means of 2 change-
over contacts.
Safety function data
" Caution!
The data for the safety functions are listed in the "Safety-related parameters" chapter.
! Note!
MTTR is set at eight hours.
Safety-related systems without a self-locking function must be monitored or set to an otherwise safe state after
carrying out the safety function within MTTR.
Unit version SIL from serial number: 5C00104114, December 2002
Supplementary device
documentation RMA422
Depending on the version, the following documentation must be available for the Process transmitter RMA422:
" Caution!
• The installation and setting instructions, and the technical limit values must be observed in accordance with
the Operating Instructions (BA103R).
• For devices which are used in explosion-hazardous, the supplementary documentation (XA) resp. Control
Drawings must also be used in accordance with the table.
RMA422 supplementary documentation
For further information, see Technical Information TI072R.
Explosion protection/Certificates Operating instructions Other Ex-Documentation
none BA103R none
ATEX II(1)GD [EEx ia] IIC BA103R Safety instructions XA003R
RMA422
Endress+Hauser 7
Commissioning and iterative tests
Using the RMA422 for
continuous measurements
The operability of the safety installation must be tested at appropriate time intervals. It is the responsibility of
the user to select the type of check and the intervals in the specified time frame. The test must be completed
in such a way that the fault free function of the safety installation combined with all components can be
validated.
Settings
Settings It is possible to set up on the RMA422. When used as part of a safety function, an analog signal or a limit relay
can be used. Please refer to the following table for information on the settings which are permitted or not when
using the RMA422 in a safety-related application.
RMA422 with current output:
RMA422 with relay:
For further information see the BA103R operating instructions.
" Caution!
Check the safety function after entering all the parameters.
Locking Device operation has to be locked to protect the process-related parameters from being altered. This is done
using a code which is selected by the user.
Parameter Setting up selections Setting for safety function
Output range 4-20 mA permitted
0-20 mA not permitted
0-10 V not permitted
Fault condition hold not permitted
min permitted
max permitted
Parameter Setting up selections Setting for safety function
Operating mode off not permitted
min permitted
max permitted
trd permitted
alarm permitted
min- not permitted
max- not permitted
trd- not permitted
Parameter Setting up selection Setting for safety function
User code 0000 to 9999 0001 to 9999 (0000 is not permitted,
because no user code is active)
RMA422
8 Endress+Hauser
Safety-related parameters
Specific safety-related
parameters for RMA422
The table displays the specific safety-related parameters for the RMA422:
PFDAVG dependent on
selected maintenance interval
The following diagram presents the dependence of the PFDAVG on the maintenance interval. The PFDAVG
increases as the maintenance interval increases.
Fig. 4: "Average probability of dangerous failure on demand" (PFD AVG) depending on the maintenance interval selected for the RMA422 with analog input 4-20 mA and analog output 4-20 mA.
With analog input 4-20 mA and
analog output 4-20 mA
With 2 analog inp. 4-20 mA and
analog output 4-20 mA
With analog input 4-20 mA and
relay
With 2 analog inp. 4-20 mA and
relay
SIL SIL 2 SIL 2 SIL 2 SIL 2
HFT 0 0 0 0
SFF > 86% > 86% > 85% > 85%
PFDAVG 3,90 x 10–4 4,50 x 10–4 3,86 x 10–4 4,46 x 10–4
TI 1) annual annual annual annual
1) complete function test
1oo1D st ructure
0,00E+00
5,00E-04
1,00E-03
1,50E-03
2,00E-03
2,50E-03
3,00E-03
3,50E-03
4,00E-03
4,50E-03
0 1 2 3 4 5 6 7 8 9 10
Years
Pro
ba
bili
ty
PFDavg
RMA422
Endress+Hauser 9
Fig. 5: "Average probability of dangerous failure on demand" (PFD AVG) depending on the maintenance interval selected for the RMA422 with 2 analog inputs 4-20 mA and analog output 4-20 mA.
Fig. 6: "Average probability of dangerous failure on demand" (PFD AVG) depending on the maintenance interval selected for the RMA422 with analog input 4-20 mA and relay.
1oo1D structure
0,00E+00
5,00E-04
1,00E-03
1,50E-03
2,00E-03
2,50E-03
3,00E-03
3,50E-03
4,00E-03
4,50E-03
5,00E-03
0 1 2 3 4 5 6 7 8 9 10
Years
Pro
ba
bili
ty
PFDavg
1oo1D st ructure
0,00E+00
5,00E-04
1,00E-03
1,50E-03
2,00E-03
2,50E-03
3,00E-03
3,50E-03
4,00E-03
4,50E-03
0 1 2 3 4 5 6 7 8 9 10
Years
Pro
ba
bili
ty
PFDavg
RMA422
10 Endress+Hauser
Fig. 7: "Average probability of dangerous failure on demand" (PFD AVG) depending on the maintenance interval selected for the RMA422 with 2 analog inputs 4-20 mA and relay.
Repair
Repair
! Note!
Together with the failed, SIL-marked E+H device, having been operated in a functional safety application, the
form "Declaration of Hazardous Material and De-Contamination" containing the appropriate information
" Used as SIL device in a Safety Instrumented System" has to be returned.
The "Declaration of Hazardous Material and De-Contamination" can be found in the Appendix at the end of
this Functional Safety Manual.
1oo1D structure
0,00E+00
5,00E-04
1,00E-03
1,50E-03
2,00E-03
2,50E-03
3,00E-03
3,50E-03
4,00E-03
4,50E-03
5,00E-03
0 1 2 3 4 5 6 7 8 9 10
Years
Pro
ba
bili
ty
PFDavg
RMA422
Endress+Hauser 11
Exida.com management summary
© e
xid
a.c
om
Gm
bH
e+
h 0
3-0
2-1
7 r
021 v
1 r
1.0
, January
27,
2004
Ste
phan A
schenbre
nner
Page 2
of
29
Ma
na
ge
me
nt
su
mm
ary
Th
is r
ep
ort
su
mm
ari
ze
s t
he
re
su
lts o
f th
e h
ard
wa
re a
sse
ssm
en
t w
ith
pri
or-
use
co
nsid
era
tio
n
acco
rdin
g t
o I
EC
61
50
8 /
IE
C 6
15
11
ca
rrie
d o
ut
on
th
e P
roce
ss T
ran
sm
itte
r R
MA
42
2 w
ith
so
ftw
are
ve
rsio
n V
1.1
2.
Th
e
ha
rdw
are
a
sse
ssm
en
t co
nsis
ts
of
a
Fa
ilure
M
od
es,
Eff
ects
a
nd
D
iag
no
stics
An
aly
sis
(F
ME
DA
). A
FM
ED
A i
s o
ne
of
the
ste
ps t
ake
n t
o a
ch
ieve
fu
nctio
na
l sa
fety
asse
ssm
en
t o
f a
d
evic
e p
er
IEC
61
50
8.
Fro
m t
he
FM
ED
A,
failu
re r
ate
s a
re d
ete
rmin
ed
an
d c
on
se
qu
en
tly t
he
S
afe
F
ailu
re F
ractio
n (S
FF
) is
ca
lcu
late
d fo
r th
e d
evic
e.
Fo
r fu
ll a
sse
ssm
en
t p
urp
ose
s a
ll re
qu
ire
me
nts
of
IEC
61
50
8 m
ust
be
co
nsid
ere
d.
Th
e f
ailu
re r
ate
s u
se
d i
n t
his
an
aly
sis
are
th
e b
asic
fa
ilure
ra
tes f
rom
th
e S
iem
en
s s
tan
da
rd
SN
29
50
0.
Acco
rdin
g t
o t
ab
le 2
of
IEC
61
50
8-1
th
e a
ve
rag
e P
FD
fo
r syste
ms o
pe
ratin
g i
n l
ow
de
ma
nd
mo
de
h
as to
b
e
≥10
-3 to
<
1
0-2
fo
r S
IL 2
sa
fety
fu
nctio
ns.
Ho
we
ve
r, a
s th
e m
od
ule
u
nd
er
co
nsid
era
tio
n i
s o
nly
on
e p
art
of
an
en
tire
sa
fety
fu
nctio
n i
t sh
ou
ld n
ot
cla
im m
ore
th
an
10
% o
f th
is r
an
ge
. F
or
a S
IL 2
ap
plic
atio
n t
he
to
tal
PF
DA
VG v
alu
e o
f th
e S
IF s
ho
uld
be
sm
alle
r th
an
1
,00
E-0
2,
he
nce
th
e m
axim
um
allo
wa
ble
PF
DA
VG v
alu
e f
or
the
pro
ce
ss t
ran
sm
itte
r w
ou
ld t
he
n
be
1,0
0E
-03
.
Th
e P
roce
ss T
ran
sm
itte
r R
MA
42
2 i
s c
on
sid
ere
d t
o b
e a
Typ
e B
1 c
om
po
ne
nt
with
a h
ard
wa
re
fau
lt t
ole
ran
ce
of
0.
Typ
e B
co
mp
on
en
ts w
ith
a S
FF
of
60
% t
o <
90
% m
ust
ha
ve
a h
ard
wa
re f
au
lt t
ole
ran
ce
of
1
acco
rdin
g t
o t
ab
le 3
of
IEC
61
50
8-2
fo
r S
IL 2
(su
b-)
syste
ms.
Fo
r sa
fety
ap
plic
atio
ns o
nly
th
e c
urr
en
t o
r re
lay o
utp
ut
sh
all
be
use
d.
All
oth
er
po
ssib
le o
utp
ut
va
ria
nts
or
ele
ctr
on
ics a
re n
ot
co
ve
red
by t
his
re
po
rt.
As t
he
Pro
ce
ss T
ran
sm
itte
r R
MA
42
2 is s
up
po
se
d t
o b
e a
pro
ve
n-i
n-u
se
de
vic
e,
an
asse
ssm
en
t o
f th
e h
ard
wa
re w
ith
a
dd
itio
na
l p
rio
r-u
se
d
em
on
str
atio
n fo
r th
e d
evic
e w
as ca
rrie
d o
ut.
T
he
p
rio
r-u
se
in
ve
stig
atio
n
wa
s
ba
se
d
on
fie
ld
retu
rn
da
ta
co
llecte
d
an
d
an
aly
ze
d
by
En
dre
ss+
Ha
use
r W
etz
er
Gm
bH
+ C
o.
KG
.
Acco
rdin
g to
th
e re
qu
ire
me
nts
o
f IE
C 6
15
11
-1 F
irst
Ed
itio
n 2
00
3-0
1 se
ctio
n 1
1.4
.4 a
nd
th
e
asse
ssm
en
t d
escri
be
d i
n s
ectio
n 5
.2 t
he
de
vic
e i
s c
on
sid
ere
d t
o b
e s
uita
ble
fo
r u
se
in
SIL
2
sa
fety
fu
nctio
ns.
Th
e d
ecis
ion
on
th
e u
sa
ge
of
pri
or-
use
de
vic
es,
ho
we
ve
r, i
s a
lwa
ys w
ith
th
e
en
d-u
se
r.
Assu
min
g t
ha
t a
co
nn
ecte
d l
og
ic s
olv
er
ca
n d
ete
ct
bo
th o
ve
r-ra
ng
e (
fail
hig
h)
an
d u
nd
er-
ran
ge
(f
ail
low
), h
igh
an
d lo
w f
ailu
res c
an
be
cla
ssifie
d a
s s
afe
de
tecte
d f
ailu
res o
r d
an
ge
rou
s d
ete
cte
d
failu
res d
ep
en
din
g o
n w
he
the
r th
e P
roce
ss T
ran
sm
itte
r R
MA
42
2 i
s u
se
d i
n a
n a
pp
lica
tio
n f
or
“lo
w l
eve
l m
on
ito
rin
g”,
“h
igh
le
ve
l m
on
ito
rin
g”
or
“ra
ng
e m
on
ito
rin
g”.
Fo
r th
ese
ap
plic
atio
ns t
he
fo
llow
ing
ta
ble
s s
ho
w h
ow
th
e a
bo
ve
sta
ted
re
qu
ire
me
nts
are
fu
lfill
ed
.
Typ
e B
co
mp
on
en
t:
“Co
mp
lex”
co
mp
on
en
t (u
sin
g m
icro
co
ntr
olle
rs o
r p
rog
ram
ma
ble
lo
gic
); fo
r d
eta
ils
see 7
.4.3
.1.3
of IE
C 6
1508-2
. T
he d
ocum
ent
was p
repare
d u
sin
g b
est
effort
. T
he a
uth
ors
make n
o w
arr
anty
of
any k
ind a
nd s
hall
not
be lia
ble
in
any e
vent
for
incid
enta
l or
consequential dam
ages in c
onnection w
ith t
he a
pplic
ation o
f th
e d
ocum
ent.
© A
ll rights
reserv
ed.
FM
ED
A a
nd
Pri
or-
us
e A
ss
es
sm
en
t
Pro
ject:
Pro
ce
ss T
ran
sm
itte
r R
MA
42
2
Cu
sto
me
r:
Endre
ss+
Hauser
Wetz
er
Gm
bH
+ C
o. K
G
Ne
sse
lwa
ng
G
erm
an
y
Co
ntr
act
No
.: E
+H
03
/02
-17
R
ep
ort
No
.: E
+H
03
/02
-17
R0
21
Ve
rsio
n V
1,
Re
vis
ion
R1
.0,
Ja
nu
ary
20
04
Ste
ph
an
Asch
en
bre
nn
er
RMA422
12 Endress+Hauser
© e
xid
a.c
om
Gm
bH
e+
h 0
3-0
2-1
7 r
021 v
1 r
1.0
, January
27,
2004
Ste
phan A
schenbre
nner
Page 4
of
29
Tab
le 5
: S
um
mary
fo
r R
MA
422 w
ith
rela
y o
utp
ut
an
d o
ne in
pu
t – P
FD
AV
G v
alu
es
T[P
roo
f] =
1 y
ea
r T
[Pro
of]
= 5
ye
ars
T
[Pro
of]
= 1
0 y
ea
rs
PF
DA
VG =
3,8
6E
-04
P
FD
AV
G =
1,9
3E
-03
P
FD
AV
G =
3,8
5E
-03
Tab
le 6
: S
um
mary
fo
r R
MA
422 w
ith
rela
y o
utp
ut
an
d o
ne in
pu
t – F
ailu
re r
ate
s
λ sd
λ su
λ dd
λ du
SF
F
DC
S
DC
D
9 F
IT
49
3 F
IT
14
FIT
8
8 F
IT
> 8
5%
2
%
14
%
Tab
le 7
: S
um
mary
fo
r R
MA
422 w
ith
rela
y o
utp
ut
an
d t
wo
in
pu
ts –
PF
DA
VG v
alu
es
T[P
roo
f] =
1 y
ea
r T
[Pro
of]
= 5
ye
ars
T
[Pro
of]
= 1
0 y
ea
rs
PF
DA
VG =
4,4
6E
-04
P
FD
AV
G =
2,2
3E
-03
P
FD
AV
G =
4,4
5E
-03
Tab
le 8
: S
um
mary
fo
r R
MA
422 w
ith
rela
y o
utp
ut
an
d t
wo
in
pu
ts –
Failu
re r
ate
s
λ sd
λ su
λ dd
λ du
SF
F
DC
S
DC
D
9 F
IT
58
7 F
IT
14
FIT
1
02
FIT
>
85
%
2%
1
2%
Th
e b
oxe
s m
ark
ed
in
ye
llow
(
)
me
an
th
at
the
ca
lcu
late
d P
FD
AV
G va
lue
s a
re w
ith
in th
e
allo
we
d r
an
ge
fo
r S
IL 2
acco
rdin
g t
o t
ab
le 2
of
IEC
61
50
8-1
bu
t d
o n
ot
fulfill
th
e r
eq
uir
em
en
t to
n
ot
cla
im m
ore
th
an
10
% o
f th
is r
an
ge
, i.e
. to
be
be
tte
r th
an
or
eq
ua
l to
1,0
0E
-03
. T
he
bo
xe
s
ma
rke
d i
n g
ree
n (
) m
ea
n t
ha
t th
e c
alc
ula
ted
PF
DA
VG v
alu
es a
re w
ith
in t
he
allo
we
d r
an
ge
fo
r S
IL 2
acco
rdin
g t
o t
ab
le 2
of
IEC
61
50
8-1
an
d t
ab
le 3
.1 o
f A
NS
I/IS
A–
84
.01
–1
99
6 a
nd
do
fu
lfill
th
e r
eq
uir
em
en
t to
no
t cla
im m
ore
th
an
10
% o
f th
is r
an
ge
, i.e
. to
be
be
tte
r th
an
or
eq
ua
l to
1
,00
E-0
3.
Th
e fu
nc
tio
na
l a
ss
es
sm
en
t h
as
s
ho
wn
th
at
the
P
roc
es
s T
ran
sm
itte
r R
MA
4
22
h
as
a
PF
DA
VG
wit
hin
th
e
all
ow
ed
ra
ng
e
for
SIL
2
ac
co
rdin
g
to
tab
le
2
of
IEC
6
15
08
-1
an
d
tab
le 3
.1 o
f A
NS
I/IS
A–
84
.01
–1
99
6 a
nd
a S
afe
Fa
ilu
re F
rac
tio
n (
SF
F)
of
> 8
5%
. B
as
ed
on
the
ve
rifi
ca
tio
n o
f "p
rio
r u
se
" i
t c
an
be
us
ed
as
a s
ing
le d
ev
ice
fo
r S
IL2
Sa
fety
Fu
nc
tio
ns
in t
erm
s o
f IE
C 6
15
11
-1 F
irs
t E
dit
ion
20
03
-01
.
A u
se
r o
f th
e P
roce
ss T
ran
sm
itte
r R
MA
42
2 c
an
utiliz
e t
he
se
fa
ilure
ra
tes i
n a
pro
ba
bili
stic
mo
de
l o
f a
sa
fety
in
str
um
en
ted
fu
nctio
n
(SIF
) to
d
ete
rmin
e
su
ita
bili
ty
in
pa
rt
for
sa
fety
in
str
um
en
ted
syste
m (
SIS
) u
sa
ge
in
a p
art
icu
lar
sa
fety
in
teg
rity
le
ve
l (S
IL).
Th
e c
om
ple
te lis
t o
f fa
ilure
ra
tes is p
rese
nte
d in
se
ctio
n 5
.1 t
o 5
.4 a
lon
g w
ith
all
assu
mp
tio
ns.
Th
e t
wo
in
pu
ts a
nd
th
e t
wo
ou
tpu
ts o
n e
ach
mo
du
le s
ha
ll n
ot
be
use
d t
o in
cre
ase
th
e h
ard
wa
re
fau
lt t
ole
ran
ce
, n
ee
de
d t
o a
ch
ieve
a h
igh
er
SIL
fo
r a
ce
rta
in s
afe
ty f
un
ctio
n,
as t
he
y c
on
tain
co
mm
on
co
mp
on
en
ts.
Th
e t
wo
in
pu
ts a
re o
nly
allo
we
d t
o b
e u
se
d t
o c
om
bin
e t
wo
sa
fety
cri
tica
l in
pu
t sig
na
ls u
sin
g t
he
ba
sic
ma
the
ma
tics m
od
es o
f a
dd
itio
n /
su
btr
actio
n /
mu
ltip
lica
tio
n t
o
ca
lcu
late
fu
rth
er
pro
ce
ss v
alu
es.
It
is
imp
ort
an
t to
re
aliz
e
tha
t th
e
“do
n’t
ca
re”
failu
res
an
d
the
“a
nn
un
cia
tio
n”
failu
res
are
cla
ssifie
d a
s “
sa
fe u
nd
ete
cte
d”
failu
res a
cco
rdin
g t
o I
EC
61
50
8.
No
te t
ha
t th
ese
fa
ilure
s o
n i
ts
ow
n w
ill n
ot
aff
ect
syste
m re
liab
ility
o
r sa
fety
, a
nd
sh
ou
ld n
ot
be
in
clu
de
d in
sp
uri
ou
s tr
ip
ca
lcu
latio
ns.
© e
xid
a.c
om
Gm
bH
e+
h 0
3-0
2-1
7 r
021 v
1 r
1.0
, January
27,
2004
Ste
phan A
schenbre
nner
Page 3
of
29
Tab
le 1
: S
um
mary
fo
r R
MA
422 w
ith
cu
rren
t o
utp
ut
an
d o
ne in
pu
t – P
FD
AV
G v
alu
es
T[P
roo
f] =
1 y
ea
r T
[Pro
of]
= 5
ye
ars
T
[Pro
of]
= 1
0 y
ea
rs
PF
DA
VG =
3,9
0E
-04
P
FD
AV
G =
1,9
5E
-03
P
FD
AV
G =
3,8
9E
-03
Tab
le 2
: S
um
mary
fo
r R
MA
422 w
ith
cu
rren
t o
utp
ut
an
d o
ne in
pu
t – F
ailu
re r
ate
s
Fa
ilu
re C
ate
go
rie
s
λ sd
λ su
λ dd
λ du
SF
F
DC
S 2
D
CD
λ low =
λsd
λ hig
h =
λdd
24
5 F
IT
28
6 F
IT
60
FIT
8
9 F
IT
> 8
6%
4
6%
4
0%
λ low =
λdd
λ hig
h =
λsd
55
FIT
2
86
FIT
2
50
FIT
8
9 F
IT
> 8
6%
1
6%
7
4%
λ low =
λsd
λ hig
h =
λsd
29
1 F
IT
28
6 F
IT
14
FIT
8
9 F
IT
> 8
6%
5
0%
1
4%
Ta
ble
3:
Su
mm
ary
fo
r R
MA
42
2 w
ith
cu
rre
nt
ou
tpu
t a
nd
tw
o in
pu
ts –
PF
DA
VG v
alu
es
T[P
roo
f] =
1 y
ea
r T
[Pro
of]
= 5
ye
ars
T
[Pro
of]
= 1
0 y
ea
rs
PF
DA
VG =
4,5
0E
-04
P
FD
AV
G =
2,2
5E
-03
P
FD
AV
G =
4,4
9E
-03
Ta
ble
4:
Su
mm
ary
fo
r R
MA
42
2 w
ith
cu
rre
nt
ou
tpu
t a
nd
tw
o in
pu
ts –
Fa
ilu
re r
ate
s
Fa
ilu
re C
ate
go
rie
s
λ sd
λ su
λ dd
λ du
SF
F
DC
S
DC
D
λ low =
λsd
λ hig
h =
λdd
28
3 F
IT
32
8 F
IT
74
FIT
1
03
FIT
>
86
%
46
%
42
%
λ low =
λdd
λ hig
h =
λsd
69
FIT
3
28
FIT
2
89
FIT
1
03
FIT
>
86
%
17
%
74
%
λ low =
λsd
λ hig
h =
λsd
34
3 F
IT
32
8 F
IT
14
FIT
1
03
FIT
>
86
%
51
%
12
%
2 D
C m
ea
ns th
e d
iag
no
stic c
ove
rag
e (
sa
fe o
r d
an
ge
rou
s)
of th
e s
afe
ty lo
gic
so
lve
r fo
r R
MA
42
2.
RMA422
Endress+Hauser 13
Declaration of Hazardous Material and De-Contamination
Because of legal regulations and for the safety of our employees and operating equipment, we need the "Declaration of Hazardous Materialand De-Contamination", with your signature, before your order can be handled. Please make absolutely sure to attach it to the outside of thepackaging.Aufgrund der gesetzlichen Vorschriften und zum Schutz unserer Mitarbeiter und Betriebseinrichtungen, benötigen wir die unterschriebene"Erklärung zur Kontamination und Reinigung", bevor Ihr Auftrag bearbeitet werden kann. Bringen Sie diese unbedingt außen an derVerpackung an.
Serial numberSeriennummer ________________________
Type ofi nstrument / sensorGeräte-/Sensortyp ____________________________________________
Process data/ Prozessdaten Temperature / _________ [°C]Conductivity / _________ [ S ]
TemperaturLeitfähigkeit
Pressure / __________ [ Pa ]Viscosity / __________ [mm /s]
DruckViskosität 2
Used as SIL device in a Safety Instrumented System / Einsatz als SIL Gerät in Schutzeinrichtungen
RA No.
Erklärung zur Kontamination und ReinigungDeclaration of Hazardous Material and De-Contamination
Please reference the Return Authorization Number (RA#), obtained from Endress+Hauser, on all paperwork and mark the RA#clearly on the outside of the box. If this procedure is not followed, it may result in the refusal of the package at our facility.Bitte geben Sie die von E+H mitgeteilte Rücklieferungsnummer (RA#) auf allen Lieferpapieren an und vermerken Sie dieseauch außen auf der Verpackung. Nichtbeachtung dieser Anweisung führt zur Ablehnung ihrer Lieferung.
Instruments International
Endress+HauserInstruments International AGKaegenstrasse 24153 ReinachSwitzerland
Tel. +41 61 715 81 00Fax +41 61 715 25 [email protected]
SD009R/09/en/13.10
FM+SGML 6.0 ProMoDo