SIL-Safety Instructions SM/TTX200/TTX300/SIL-EN Temperature Transmitter TTH200, TTR200, TTH300, TTF300, TTF350 Information about functional safety
Blinder Text Temperature Transmitter TTH200, TTR200, TTH300, TTF300, TTF350 SIL-Safety Instructions SM/TTX200/TTX300/SIL-EN 02.2011 Rev. A Translation of the original instruction Manufacturer: ABB Automation Products GmbH Borsigstraße 2 63755 Alzenau Germany Tel.: +49 551 905-534 Fax: +49 551 905-555 Customer service center Phone: +49 180 5 222 580 Fax: +49 621 381 931-29031 automation.service@de.abb.
Contents 1 2 3 4 5 6 6.1 6.2 7 8 9 10 11 Field of Application ......................................................................................................................................4 Acronyms and abbreviations ......................................................................................................................4 Relevant standards ......................................................................................................................................
Field of Application 1 Field of Application Temperature monitoring of solids, fluids and gases of all types in containers and pipes according to the special safety engineering requirements of IEC 61508. The operating limits are defined in the data sheets and operating instructions for the separate models. In case of questions, please contact your ABB partner. 2 4 Acronyms and abbreviations Acronym/ Abbreviation English Description HFT Hardware Fault Tolerance Hardware error tolerance of the unit.
Acronyms and abbreviations Acronym/ Abbreviation English Description SIL Safety Integrity Level The international standard IEC 61508 defines four discrete Safety Integrity Levels (SIL 1 to SIL 4). Each level corresponds to a range of probability for the failure of a safety function. The higher the Safety Integrity Level of the safety-related systems, the lower the probability that they will not perform the required safety function.
Acronyms and abbreviations Acronym/ Abbreviation 6 English Description closed coupled Short connecting lead to the temperature sensor, less than 1 m (39.37 inches) in length and connecting lead laid with mechanical protection. extension wire Long connecting lead to the temperature sensor, more than 1 m (39.37 inches) in length or connecting lead laid without mechanical protection.
Relevant standards 3 4 Relevant standards Standard Designation IEC 61508, Part 1 to 7 Functional safety of electrical/electronic/programmable electronic safety-related systems Other applicable documents and papers Please comply with the following documents in addition to observing the SIL safety instructions: Product designation Document name Document type TTH200 DS/TTH200 Data sheet TTH200 OI/TTH200 Operating instructions TTH200 CI/TTH200 Commissioning instructions TTR200 DS/TTR200 Data sh
Terms and definitions 5 8 Terms and definitions Terms Definitions Dangerous failure A failure that has the potential to place the safety-related system in a dangerous state or render the system inoperative. Safety-related system A safety-related system carries out the safety functions that are required to achieve or maintain a safe state, e.g., for a system. Example: A pressure meter, a logics unit (e.g., limit transmitter) and a valve constitute a safety-related system.
Safety function 6 Safety function TTH200-.H, TTR200-.H, TTH300-.H, TTF300-.H, and TTF350-.H transmitters generate a linear temperature unit signal of 4 ... 20 mA. All safety functions refer strictly to the analog output signal. The entire valid range for the output signal must be configured between min. 3.8 mA and max. 20.5 mA (factory setting). WARNING! In safety mode, HART communication occurs only when write protection is activated.
Safety function The DCS power supply for the transmitter must be capable of providing the required voltage level even when the current output is running with the configured high alarm. The device does not meet safety requirements under the following conditions: • During configuration • When write protection is deactivated • When HART multidrop mode is activated • During a simulation • When the safety function is being checked WARNING! The device's safety function includes the basic device TTH200-.
Safety function 6.2 Measuring point for SIL 3 – Dual configuration Two transmitters DCS for SIL3 E D J A B E H J F G C A00264 Fig. 2 A Sensor 1 B Transmitter 1 C DCS D Measuring circuit 1 E Interface for LCD indicator F Sensor 2 G Transmitter 2 H Measuring circuit 2 Important (Note) The safety-relevant technical parameters are specified in chapter 11 „Management summary FMEDA – Failure modes, effects, and diagnostic analysis“, page 17.
Periodic checks 7 Periodic checks Safety inspections The safety function for the entire safety loop must be checked regularly in accordance with IEC 61508. The inspection intervals are defined when calculating the individual safety loops for a system. Users are responsible for selecting the type of check and the intervals within the specified period. The PFDAV value depends on the selected inspection interval.
Configuration K 8 Configuration The device has been configured and tested according to customer order. However, it can be configured via the LCD indicator with a local keyboard or via DTM / EDD through the HART interface. Other configuration tools such as mobile handheld terminals are not described in these instructions. Reliable operation of the device is not assured during configuration.
Configuration WARNING! Checks: Write protection must be checked as follows: 1. TTH300-.H, TTF300-.H, and TTF350-.H locking via the LCD display with local keyboard - Check whether the lock icon is displayed on the LCD display. - Select the "Fault Signaling" menu and make sure the edit icon is not showing on the LCD display. - Press the Edit button and check that there is no response on the LCD display. 2. TTH200-.H, TTR200-.H, TTH300-.H, TTF300-.H, and TTF350-.
Configuration Configuration parameters affecting the safety function All configuration parameters that are changed via the LCD display with keyboard, DTM / EDD or HART communication when write protection is disabled affect the safety function of the device. The parameters are described in the operating instructions. The safety function is checked in accordance with the SIL safety instructions. For redundancy mode with drift monitoring, the following parameters must be set in DTM, EDD on the TTH300-.
SIL 2 TÜV-Certificate 9 SIL 2 TÜV-Certificate 10 Namur NE 93 TTH200-.H, TTR200-.H, TTH300-.H, TTF300-.H, requirements according to Namur NE 93. 16 and TTH200, TTR200, TTH300, TTF300, TTF350 TTF350-.
Management summary FMEDA – Failure modes, effects, and diagnostic analysis 11 Management summary FMEDA – Failure modes, effects, and diagnostic analysis SM/TTX200/TTX300/SIL-EN TTH200, TTR200, TTH300, TTF300, TTF350 17
Management summary FMEDA – Failure modes, effects, and diagnostic analysis 18 TTH200, TTR200, TTH300, TTF300, TTF350 SM/TTX200/TTX300/SIL-EN
Management summary FMEDA – Failure modes, effects, and diagnostic analysis SM/TTX200/TTX300/SIL-EN TTH200, TTR200, TTH300, TTF300, TTF350 19
Management summary FMEDA – Failure modes, effects, and diagnostic analysis 20 TTH200, TTR200, TTH300, TTF300, TTF350 SM/TTX200/TTX300/SIL-EN
Management summary FMEDA – Failure modes, effects, and diagnostic analysis SM/TTX200/TTX300/SIL-EN TTH200, TTR200, TTH300, TTF300, TTF350 21
Management summary FMEDA – Failure modes, effects, and diagnostic analysis 22 TTH200, TTR200, TTH300, TTF300, TTF350 SM/TTX200/TTX300/SIL-EN
The Company’s policy is one of continuous product improvement and the right is reserved to modify the information contained herein without notice. www.abb.com/temperature Printed in the Fed. Rep. of Germany (02.2011) © ABB 2011 3KXT200005R4801 ABB Limited Salterbeck Trading Estate Workington, Cumbria CA14 5DS UK Tel: +44 (0)1946 830 611 Fax: +44 (0)1946 832 661 ABB Inc. 125 E. County Line Road Warminster, PA 18974 USA Tel: +1 215 674 6000 Fax: +1 215 674 7183 ABB Automation Products GmbH Schillerstr.
