Safety Manual 95-8599 Eagle Quantum Premier ® SIL 2 Rated Fire & Gas System 5.
Table Of Contents INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Quality Policy Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Document Structure. . . . . . . . . . . . . . . . . . . . . .
safety manual Eagle Quantum Premier ® SIL 2 Rated Fire & Gas System Note Where a definition of the term or abbreviation is given in IEC 61508-4 “Definitions and Abbreviations”, the definition from the standard is given first in quotation marks, followed by further explanation if this is necessary. INTRODUCTION This Safety Manual describes the actions that must be taken to use the Det-Tronics Eagle Quantum Premier® (EQP) Safety System in safety-related applications.
The safety related functions of the EQP Safety System include the following: PRODUCT OVERVIEW – Trouble annunciation for compromised safety function by de-energizing the Controller’s Trouble relay EQP SYSTEM The EQP System (on which the Det-Tronics EQP Safety System is based) was originally developed to meet the requirements of industrial fire and gas detection and mitigation. The system comprises (see Figure 1): – Digital input for lockout of inhibits. The EQP Safety System employs a 1oo1D (i.e.
22. Flame Detector with Explosion-Proof Camera 4. UV/IR Hydrocarbon Flame Detector 3. Single Frequency IR Hydrocarbon Flame Detector 2. Multispectrum IR Hydrogen Flame Detector 5. UV Flame Detector 7. H2S Gas Sensor with Display 8. Hydrocarbon Combustible Gas Detector with Display 9. Combustible Gas Open Path Detector 6. Toxic Gas Detector with Display 10. Hydrocarbon Combustible Gas Detector 1. Multispectrum IR Hydrocarbon Flame Detector 14. Local Operating Network/ Signaling Line Circuit 19.
EQP Safety System Component Overview Safety Certified Product Identification Figure 2 gives an overview of the role that each element of the EQP Safety System has in implementing the safety function. All safety certified EQP System modules are clearly identified as such on the product label. X3301 MULTISPECTRUM IR FLAME DETECTOR IS A SINGLE INPUT DEVICE SUITABLE IN LOW DEMAND SIL 2 SAFETY INSTRUMENTED SYSTEMS. EDIO SAFETY MODULE CONFIGURED FOR DIGITAL INPUTS.
EQP SAFETY CONTROLLERS Communication with Remote Modbus Devices The EQP Safety Controllers share a common hardware and software platform with standard EQP Controllers. The SIL rated version of the Controller conducts additional diagnostic checks and annunciates additional fault conditions. EQP Safety Controllers can read or write data to Remote Modbus devices. Any data read from such devices is not safety-related and shall not be used to block or disable safety-related logic.
EQP Safety Controller Diagnostic Checks EQP SAFETY DEVICES The EQP Safety Controller automatically carries out a number of diagnostic checks on a continuous basis. A number of other diagnostic tests are also conducted to ensure the integrity of the EQPSL communication network and proper operation of the user’s logic program. EQP Safety rated field devices share many of the same attributes as standard EQP devices.
The SIL AIM module provides eight channels of configurable analog input. The AIM Module is specially designed to meet the requirements of IEC 61508 and expands the input capability of the Det-Tronics Eagle Quantum Premier System. EQP Safety Device Diagnostics The EQP Safety devices (EDIO/AIM/X3301/Eclipse) automatically carry out a number of diagnostic checks on a continuous basis. All checks are completed at least once every two hours (diagnostic test interval).
This table indicates which EDIO channel configurations are IEC 61508 SIL rated. Definition POWER SUPPLIES The power supply selected must provide over-voltage protection to the EQP System. The over-voltage protection must be set for a maximum of 33 Vdc.
S3 Password Protection Restricted Access Enabled The user must define what measures are to be applied to protect against project changes. S3 provides safeguards described in the following paragraphs. This feature is intended to give limited access of the EQP port configurations for viewing and documentation purposes. Access to the S 3 software program is restricted by password protection. Passwords can be changed at any time by the user with correct privileges.
PROOF TESTING aim INPUT CHANNEL PROOF TEST Tools Required: None After installation and start-up have been completed, Proof Tests must be performed for the Det-Tronics EQP Safety System. 1. Bypass the safety function and take appropriate action to avoid a false trip. Personnel performing Proof Test procedures must be competent to perform the task. All Proof Test results must be recorded, analyzed, and any errors in the safety functionality must be corrected.
X3301 MAGNETIC Oi PROOF TEST EQP USER LOGIC VERIFICATION Tools Required: All user Safety Logic needs to be fully tested and verified using the safety inputs and outputs. This is a commissioning activity, however, if logic is modified in the future, proof testing must be repeated. If the Controller is replaced, project information must be loaded into the new Controller and verified. The CRC of project related data is calculated and saved by the controller after each project download.
GENERAL APPLICATION REQUIREMENTS S3 Safety System Software Programming, downloading safety-related parameters and programs and switching between operating states is carried out via an engineering workstation using S 3 Software. System Application Restrictions The following application level restrictions have been assumed: • The EQP system is only used for safety applications that are low demand according to IEC 61508 definitions.
Table 1 provides the low demand EQP SIL 2 Safety Function model and recommendations for complex modeling (see Note 3). Example 2 (Figure 3B) Gas alarm from a PIRECL and output to an EDIO. PFDavg = 0.58 x 10 -3 + (0.38 x 10 -3 + 0.1 x 10 -3) + 0.1 x 10 -3 + valve & supply = 1.16 x 10 -3 + valve & supply PFDavg for each element is calculated according to the equation above, where lDU is the undetected dangerous failure rate per 109 hours and T1 is the proof test interval.
X3301 Simplex EQ3xxx EQ3730EDIO IR FLAME EQP SAFETY EQP SAFETY DETECTOR CONTROLLER* EDIO** λDU = 133 T1 = 1 YEAR PFDavg = 0.58 x 10-3 λDU = 87.5 + 22.8 T1 = 1 YEAR PFDavg = (0.38 x 10-3 + 0.1 x 10-3) VALVE λDU = 21.8 T1 = 1 YEAR PFDavg = 0.1 x 10-3 λDU Valve*** and Power Supply λDU IS FAILURE RATE PER 109 HOURS, TP OF 1 YEAR = 8760 HOURS, PFDavg IS THE PROBABILITY OF FAILURE ON DEMAND. *Includes Worst Case Safety Communication (λDU = 22.8, PFDavg = 0.
System Response Time Product Repair The EQP Safety System will have a typical response time of less than 1 second, to which must be added the response time of the final elements to give the total response time. The EQP Controller and Field Devices are not fieldrepairable and any internal device repairs must be conducted at the factory. No firmware changes are permitted or authorized.
APPENDIX A SUMMARY OF SAFETY RELATED DATA CERTIFICATION AND FAILURE RATE DATA All Safety-Certified EQP devices are certified compliant to: IEC 61508: 2000 Type B Device Systematic Capability: SIL 2 certified HFT: 0 Low Demand Mode PFDavg should be calculated for any safety instrumented function using the EQP System. (Refer to tables and / or FMEDA report for necessary information, including DU rate). Safety Accuracy: Specified per device Safety Response Time: See ‘System Response Time’ section 5.
IEC 61508 Failure Rates Certified for use up to SIL 2 Configuration 1oo1D Architecture Type B Hardware Fault Tolerance 0 Safe Failure Fraction > 90% Failure Rate Data Part Model lDU (dangerous undetected failure rate per 109 hours) SFF % EQP Safety Controller EQ3xxx 87.5 96.7 EDIO Safety Module Configured as Input* EQ3730EDIO Common = 20.9 Input Monitored for Opens = 6.6 Input Monitored for Opens & Shorts = 0.68 97.1 93.0 99.
TERMS AND DEFINITIONS DD Dangerous Detected DU Dangerous Undetected EQP Eagle Quantum Premier System EQPSL/SLC Eagle Quantum Premier Safety Loop / Signaling Line Circuit FMEDA Failure Mode Effects and Diagnostics Analysis HART Highway Addressable Remote Transducer HFT Hardware Fault Tolerance PFD Probability of Failure on Demand (Probability of Dangerous Failure) PFDavg Average Probability of Failure on Demand SD Safe Detected SFF Safe Failure Fraction SIF Safety Instrumented Function
Appendix B EQP CONTROLLER LOGIC GATE TABLE USER-DOCUMENTATION The “SIL” column indicates if the gate is suitable for use with alarm processing with a 61508 approved system. Gates that utilize stored values which are not duplicated, or that depend on the floating-point or string libraries are not safety rated. For detailed information about a gate, refer to the help file for that gate in the S³ EQP logic window. Gate Name Description SIL ABS Absolute Value. The values can be integer, double or float.
BTWT Between Time Compare. There are three input time/date items. Two are the comparison values and the third is the compare item. If the compare item is equal to or between the comparison values, a Boolean True is output, if not a Boolean False is output; e.g. if the <= input is 15:00:00 and the IN input is 12:00:00 and the >= input is 06:00:00 then the output would be True. No CEIL Ceiling. This function performs a round up. The input is a float. The result will be a double; e.g. –2.8 = -2, 2.
CTUD-SIL SIL Up/Down Counter. The SIL Up Counter operates the same as the standard CTU, but has additional error checking in the Controller against random memory error. Yes DBLFLT Double to Float. The input double is converted to a float. No DBLINT Double to Integer. The input double is converted to an integer. Yes DBLSTR Double to String. When the enable input is True, the 32-bit double input value is converted to a string. No DIV Divide. The input values can be integer, double or float.
INTBOL Integer to Boolean. If the input is equal to zero, the output will be False. If the input is not equal to zero, the output will be True. Yes INTDBL Integer to Double. The input integer is converted to a double. Yes INTFLT Integer to Float. The Input integer is converted to a float. The result will be a float. No INTSTR Integer to String. When the enable input is True, the 16-bit integer input value is converted to a string. No LMT Limit. The values can be integer, double or float.
MOFN M of N. All of the Boolean inputs are examined for a True condition. The result is compared against the Preset (PR). The output “>” is True if the count is greater than the PR. The output “=” is True if the count is equal to the PR. The output “<” is True if the count is less than the PR. Yes MOSP Multiple One Shot Pulse. The inputs are Boolean. The output is a Boolean. Each input has a one-shot pulse function.
PKDT Pack Date/Time. This function performs packing of 6 integers into a Time/Date data type. PULSER Pulser. This function block creates periodic pulse of defined ON and OFF time-values. The ON and OFF time-values may be different. RND Round. Half way values are rounded to the nearest even number (Bankers rounding). The input value is a float. The result will be a double; e.g. 5.5 rounds to 6, 6.5 rounds to 6, -5.5 rounds to -6, -6.5 rounds to -6. No RS Reset/Set.
STRAPD String Append. When the enable input is True, source string 2 is appended to the end of source string 1 and placed in the destination string. No STRCPY String copy. When the enable input is True, the source string is copied to the destination string. No STNCPY String “n” copy. This function is used to extract parts from a string. When the enable is True, not more then ‘Count’ characters starting with character ‘Index’ are copied to the destination string. No STREQ String Equal.
95-8599 Detector Electronics Corporation 6901 West 110th Street Minneapolis, MN 55438 USA X3301 Multispectrum IR Flame Detector PointWatch Eclipse® IR Combustible Gas Detector FlexVu® Universal Display w/ GT3000 Toxic Gas Detector Eagle Quantum Premier® Safety System T: 952.941.5665 or 800.765.3473 F: 952.829.8750 W: http://www.det-tronics.com E: det-tronics@det-tronics.
