A.2.9 reliability data, A.2.10 lifetime limits, A.2.11 environmental limits – Yokogawa Wireless Temperature Transmitter YTA510 User Manual

APPENDIX A. SAFETY INSTRUMENTED SYSTEMS INSTALLATION

IM 01C50T01-01E

A-3

A.2.9 Reliability Data

A detailed Failure Mode, Effects, and Diagnostics
Analysis (FMEDA) report is available from Yokogawa
with all failure rates and failure modes.

The YTA is certified up to SIL2 for use in a simplex
(1oo1) configuration, depending on the PFDavg
respectively PFH calculation of the entire Safety
Instrumented Function.

The development process of the YTA is certified up to
SIL3, allowing redundant use of the transmitter up to
this Safety Integrity Level, depending the PFDavg
respectively PFH calculation of the entire Safety
Instrumented Function.

When using the transmitter in a redundant configura-
tion, the use of a common cause factor (

␤-factor) of

5% is suggested. If the owner-operator of the plant
would institute common cause failure training and
more detailed maintenance procedures for avoiding
common cause failure, a beta factor of 2% would be
applicable.

A.2.10 Lifetime Limits

The expected lifetime of the YTA is 50 years. The
reliability data listed in the FMEDA report is only
valid for this period. The failure rates of the YTA may
increase sometime after this period. Reliability
calculations based on the data listed in the FMEDA
report for YTA lifetimes beyond 50 years may yield
results that are too optimistic, i.e. the calculated Safety
Integrity Level will not be achieved.

A.2.11 Environmental Limits

The environmental limits of the YTA are specified in
the user’s manual IM 01C50B01-01E.

A.2.12 Application Limits

The application limits of the YTA are specified in the
user’s manual IM 01C50B01-01E. If the transmitter is
used outside of the application limits, the reliability
data listed in A.2.9 becomes invalid.

A.3

Terms and Definitions

FMEDA

Failure Mode Effect and
Diagnostic Analysis

SIF

Safety Instrumented Function

SIL

Safety Integrity Level

SIS

Safety Instrumented System –
Implementation of one or more
Safety Instrumented Functions.

A SIS is composed of any
combination of sensor(s), logic
solver(s), and final element(s).

SLC

Safety Lifecycle

Safety

Freedom from unacceptable risk
of harm

Functional Safety

The ability of a system to carry
out the actions necessary to
achieve or to maintain a defined
safe state for the equipment /
machinery / plant / apparatus
under control of the system

Basic Safety

The equipment must be designed
and manufactured such that it
protects against risk of damage to
persons by electrical shock and
other hazards and against resulting
fire and explosion. The protection
must be effective under all
conditions of the nominal
operation and under single fault
condition

Verification

The demonstration for each phase
of the life-cycle that the (output)
deliverables of the phase meet the
objectives and requirements
specified by the inputs to the
phase. The verification is usually
executed by analysis and / or
testing

Validation

The demonstration that the safety-
related system(s) or the
combination of safety-related
system(s) and external risk
reduction facilities meet, in all
respects, the Safety Requirements
Specification. The validation is
usually executed by testing.

Safety Assessment

The investigation to arrive at a
judgment - based on evidence - of
the safety achieved by safety-
related systems

Further definitions of terms used for safety techniques
and measures and the description of safety related
systems are given in IEC 61508-4.