Yokogawa EJX440A User Manual
Page 38
IM 01C25T03-01E
A-2
APPENDIX 1. SAFETY INSTRUMENTED SYSTEMS INSTALLATION
Table A1.2.5 Proof Testing
Testing method
Tools required
TA0102.EPS
Expected outcome
Remarks
Functional test:
Proof Test Coverage
=52%
The output needs to
be monitored to assure
that the transmitter
communicates the
correct signal.
1. Follow all Management of
Change procedures to bypass
logic solvers if necessary.
2. Execute HART/BRAIN command
to send value to high alarm (21.5
mA) and verify that current has
reached this level.
3. Execute HART/BRAIN command
to send value to low alarm (3.6
mA) and verify that current has
reached this level.
4. Restore logic solvers operation
and verify.
Handheld terminal
Perform three point calibration along
with the functional test listed above.
Proof Test Coverage
=99%
Handheld terminal
Calibrated pressure
source
A1.2.6 Repair and Replacement
If repair is to be performed with the process online the
EJX will need to be bypassed during the repair. The
user should setup appropriate bypass procedures.
In the unlikely event that the EJX has a failure, the
failures that are detected should be reported to
Yokogawa.
When replacing the EJX, the procedure in the installa-
tion manual should be followed.
The personnel performing the repair or replacement of
the EJX should have a sufficient skill level.
A1.2.7 Startup Time
The EJX generates a valid signal within 1 second of
power-on startup.
A1.2.8 Firmware Update
In case firmware updates are required, they will be
performed at factory. The replacement responsibilities
are then in place. The user will not be required to
perform any firmware updates.
A1.2.9 Reliability Data
A detailed Failure Mode, Effects, and Diagnostics
Analysis (FMEDA) report is available from Yokogawa
with all failure rates and failure modes.
The EJX is certified up to SIL2 for use in a simplex
(1oo1) configuration, depending on the PFDavg
calculation of the entire Safety Instrumented Function.
The development process of the EJX is certified up to
SIL3, allowing redundant use of the transmitter up to
this Safety Integrity Level, depending the PFDavg
calculation of the entire Safety Instrumented Function.
When using the transmitter in a redundant configura-
tion, the use of a common cause factor (
-factor) of
2% is suggested. (However, if the redundant transmit-
ters share an impulse line or if clogging of the separate
impulse lines is likely, a common cause factor of 10%
is suggested.)
Note that the failure rates of the impulse lines need to
be accounted for in the PFDavg calculation.
A1.2.10 Lifetime Limits
The expected lifetime of the EJX is 50 years. The
reliability data listed the FMEDA report is only valid
for this period. The failure rates of the EJX may
increase sometime after this period. Reliability calcula-
tions based on the data listed in the FMEDA report for
EJX lifetimes beyond 50 years may yield results that
are too optimistic, i.e. the calculated Safety Integrity
Level will not be achieved.