Instruction Manual
OPERATOR AND MAINTENANCE MANUAL
Doc Number 552864
Issue 02 June 2004 Page 13 of 23
5. FAULT FINDING
The 8000 Series System is capable of detecting and isolating faults to module
level, while its two-out-of-three voting architecture prevents faults from propagating
to the system outputs. Various means are provided for directing maintenance
personnel to the faulty module. Most system modules are hot-replaceable,
providing continuous system operation.
The following paragraphs describe how faults are detected, annunciated, and
cleared in the 8000 Series
System. They also describe some of the basic
procedures that the user should follow when diagnosing faults and repairing the
8000 Series
System.
Note: System repair must be done promptly to ensure continued fault-tolerant operation
of the 8000 Series
System. TUV certification does not specify a minimum
replacement time for faulty modules, because safety is not compromised and the
faulty channel will fail-safe if further faults develop. However, it is recommended
that modules that have been diagnosed as having failed should always be replaced
within eight hours to maintain production (availability). Systems with a safety
integrity level (SIL) rating will have a time to repair as part of the calculation, which
must be followed to maintain the SIL. Modules must be replaced before the
Second Fault Occurrence Time (the average probable time before a second fault)
to avoid shutdown.