Weidmuller SAFESERIES SIL3 Safety Relays Instruction Manual
- June 13, 2024
- Weidmuller
Table of Contents
SIL Safety Manual
Manual SCS 24VDC P1SIL3DS
Scope and standards
1.1 Scope
This safety manual applies to SIL3 relays from Weidmüller’s SAFESERIES for the
following items produced after 03/2012:
| SCS 24VDC P1SIL3DS | 1303890000 |
|---|---|
| SCS 24VDC P1SIL3DS M | 1303760000 |
| SCS 24VDC P1SIL3DS MG3 | 1304040000 |
SIL3 relays in the SCS 24VDC P1SIL3DS series from
Weidmüller Interface GmbH & Co KG
Klingenbergstrasse 26
32758 Detmold
Germany
have been certified by
Certification Body TÜV NORD CERT GmbH
Am TÜV 1
45307 Essen
Germany
according to EN 61508 SIL3. They are certified as “Safety Approved” for use in
“low demand mode” and “high demand mode” systems.
Certificate Registration No:
44 207 13773714
1.2 Abbreviations
Safety Integrity Level (SIL):
Four discrete levels (SIL1 to SIL4). The higher the SIL of a safety-related
system, the lower the probability that it will not perform the required safety
functions.
Average Probability of Failure on Demand (PFDavg): Average probability of
failure of a safety function working in low demand mode of operation.
Probability of Failure per Hour (PFH): Average probability of failure of a
safety function working in high demand or continuous mode of operation.
Safe Failure Fraction (SFF): Percentage part of safe failures and dangerous
detected failures of a safety function or a subsystem related to all failures.
Hardware Fault Tolerance (HFT): HFT = n means, that n+1 faults could cause a
loss of the safety function.
Low demand mode of operation: Frequency of demands on a safety-related system
no greater than one per year and no greater than twice the proof-test
frequency.
High demand or continuous mode of operation: Frequency of demands on a
safety-related system greater than one per year or greater than twice the
proof-test frequency.
Device type A (simple subsystem): The failure modes of all constituent
components are well defined and the behaviour under fault conditions can be
completely determined.
FMEDA (Failure Mode, Effects and Diagnostic Analysis): Systematic way to
identify and evaluate the effects of different component failure modes, to
determine what could eliminate or reduce the chance of failure, and to
document a system in consideration.
Failure rates (λ): λSD, Total failure rate for safe detected failures
λSU, Total failure rate for safe undetected failures
λDD, Total failure rate for dangerous detected failures
λDU, Total failure rate for dangerous undetected failures
MTTF (Mean Time To Failure): Mean time between two failures. MTTF is a
basic measure of reliability for non-repairable systems.
Proof-test interval (Tproof): Interval between periodic tests performed
to detect failures in a safety-related system.
Device description and application
2.1 General
Our SAFESERIES line of safety relays are used for safety-related shutdowns
(DTS = de-energized to safe) of facilities in the process industry.
All products in this series comply with the requirements found in EN 61508,
SIL 3 for “low demand mode” and “high demand mode”.
The “M” and “M G3” types also feature a monitoring circuit for receiving
signals from the field.
The “M G3” types also feature a special coating over the electronics that
protects them from harsh industrial conditions, as described in the standard
ISA S71.04-1985, Class G3.
2.2 Design and function
Three relays are connected in parallel in the input circuit (A1/A2). The
relay’s output contacts (terminals 13 and 15) are wired in series. Thus,
safety-related shutdowns are ensured even where there is a welding contact.
The output is protected with a 5 A fuse against overloads and short circuits.
The output contacts (terminals 14 and 15) are used when using external fuse
protection or when checking the fuse. It is also possible to check the
switching status of a relay in the safety circuit by using the output (NC)
contact at terminal T.
The relay coils are energised when the nominal voltage of 24 V DC is applied
between the input terminals A1 and A2.
The switch function is signalled with the “RELAY OUTPUT” LED display.
2.3 Block diagram
Notes on configuring
3.1 Low demand mode of operation
The SIL3 relays from the SAFESERIES are used in low demand mode, when their
demand frequency isno more than five times per year and no more than double
the repeated testing frequency (refer to DIN EN 61508-4, 3.5.12).
The corresponding parameter is the value PFDavg = 3.07 ⋅ 10 -6 , which is
valid for a testing interval Tproof of 12 years.
3.2 High demand mode ofoperation
If the “low demand mode of operation” usage cannot be applied, then the SIL3 relay should be used as a safety-critical sub-system operating at high demand mode or continuous mode (DIN EN 61508-4, 3.5.12). The following values are valid for the frequency of demand and the corresponding PFH value:
| Once per month | PFH = 6,83 ⋅ 10 -11 h -1 |
|---|---|
| Once per week | PFH = 1,83 ⋅ 10 -10 h -1 |
| Once per day | PFH = 1,08 ⋅ 10 -9 h -1 |
3.3 Types of malfunctions
A safe failure is not able to render a technical safety system dangerous or
non-functional. The SIL3 relay passes to a predefined safe state.
A dangerous, undetected failure has the potential to render a technical safety
system dangerous or nonfunctional.
The SIL3 relay does not pass to a predefined safe state.
3.4 Test intervals
The test interval is the time between complete repeated tests.
Incidental hardware errors can be detected within this time period (Tproof =
12 years).
Mounting and installation
The operating instructions for the SIL3 relay with the order number
IS SCS 24VDC P1SIL3DS 1345290000 must be made available.
The instructions, constraints and limitations contained in these instructions
must be taken into consideration when installing and operating the SIL3 relay.
The SIL3 relay should be checked to see if it is functioning properly before
it is first used and after any wiring change is make. Refer to section 5.1
“Functional check” for more details.
The output circuit is protected with a miniature device fuse (GS fuse).
The fuse is accessible on the front side of the housing. It can be swapped out
without opening the housing.
If there is a short circuit, you must make sure that the cause of the short
circuit has been fixed. A functional test should be carried out after the fuse
has been replaced.
Periodic inspections
The inspections should be carried out so that the flawless operation of the safety functions in conjunction with components can be proven.
5.1 Functional check
Active input circuit
-
Apply U1 = 21.6 V DC to the connection terminals A1(+) and A2(-)
◊ The current consumption is I1 = 35 to 44.3 mA (current meter A1) -
The “RELAY OUTPUT” LED lights up
-
No electrical connection between terminal 14 and terminal T
◊ The current consumption is I2 = 0 mA (current meter A2) -
Electrical connection between terminal 14 and terminal 15
◊ The current consumption is I3 = 10 mA (current meter A3)
Inactive input circuit
-
Apply U1 = 0 V DC to the connection terminals A1(+) and A2(-)
◊ The current consumption is I1 = 0 mA (current meter A1) -
The “RELAY OUTPUT” LED does not light up
-
Electrical connection between terminal 14 and terminal T
◊ The current consumption is I2 = 10 mA (current meter A2) -
No electrical connection between terminal 13 and terminal 15
◊ The current consumption is I3 = 0 mA (current meter A3)
Technical safety values
6.1 Assumptions
-
The monitoring circuit is used exclusively for detecting field signals and responding to the control unit throughout the range 24 to 230 V UC.
The monitoring circuit should not be used for technical safety-critical operations. -
The max. allowable ambient temperature is 50 °C.
-
The environmental conditions correspond to the average industrial environment.
-
The specifications in the data sheet and the operating instructions should not be exceeded.
6.2 Safety data
Safety basic data|
---|---
Safety category| SIL3
Safety standard| DIN EN 61508
Device type| A
HFT| 2
Tproof in years| 12
Safety parameters “low demand mode”
Frequency of demands| 5 per year
Part of architecture| 1oo1| 1oo3
PFDavg| 1.75 ⋅ 10-6| 1.31 ⋅ 10-6
λDD in FIT| 0.00| 0.00
λDU in FIT| 0.03| 1.00
λSD + λSU in FIT| 188.97| 1.00
λTotal in FIT| 189.00| 2.00
SFF in %| 99.98| 50.00
PFDavg (complete)| 3.07 ⋅ 10-6
Safety parameters “high demand mode”
Frequency of demands| Once per month| Once per week| Once per day
Part of architecture| 1oo1| 1oo3| 1oo1| 1oo3| 1oo1| 1oo3
PFH in h-1| 3.33 ⋅ 10-11| 3.43 ⋅ 10-11| 3.33 ⋅ 10-11| 1.48 ⋅ 10-10| 3.33 ⋅
10-11| 1.05 ⋅ 10-9
λDD in FIT| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00
λDU in FIT| 0.03| 0.69| 0.03| 2.97| 0.03| 21.00
λSD + λSU in FIT| 188.97| 0.69| 188.97| 2.97| 188.97| 21.00
λTotal in FIT| 189.00| 1.38| 189.00| 5.94| 189.00| 42.00
SFF in %| 99.98| 50.00| 99.98| 50.00| 99.98| 50.00
PFH in h-1 (complete)| 6.76 ⋅ 10-11| 1.82 ⋅ 10-10| 1.08 ⋅ 10-9
Weidmüller Interface GmbH & Co. KG
Klingenbergstraße 26
32758 Detmold
Germany
Phone +49 (0) 5231 14-0
Fax +49 (0) 5231 14-292083
www.weidmueller.com
Order number: 1373930000/03/04-2023
Documents / Resources
|
Weidmuller SAFESERIES SIL3 Safety
Relays
[pdf] Instruction Manual
SAFESERIES SIL3 Safety Relays, SAFESERIES, SIL3 Safety Relays, Safety Relays,
Relays
---|---
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>