Safety Measuring UNIT SIL2

Original

User Manual

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik

Marschnerstraße 26 01307 Dresden
Phone (03 51) 44 55 30 fax (03 51) 44 55 555
www.ast.de [email protected]
Content

1.  General .............................................................................................................. 1 

2.  Short description ............................................................................................. 1 
3.  Transport, Packaging, Storage ....................................................................... 2 
4.  Personnel qualification .................................................................................... 2 
5.  Functional description ..................................................................................... 2 
6.  General operational data ................................................................................. 3 
6.1.  Safety ratings of SMU ...................................................................................... 4 
6.2.  Technical specifications .................................................................................. 5 
6.3.  Product types ................................................................................................... 5 
7.  Installation and set up ..................................................................................... 5 
7.1.  Pin assignment of connectors ........................................................................ 6 
8.  Repair ................................................................................................................ 6 
9.  Safety specifications ....................................................................................... 6 
10.  Recommended Evaluation concept of Safety-PLC ....................................... 7 
11.  Certificate ....................................................................................................... 12 
User manual Safety Measuring UNIT SIL2

1. General

- This user manual describes a force sensor with an integrated Safety Measuring Unit (SMU), how to use it in
industrial environments for safety critical applications. It refers to a series of sensors of different
mechanical designs and measuring ranges in which the same SMU is integrated and therefore has an
identical user interface.
- This operating manual includes important information on handling the device correctly. Basis for safe
workings is the observance of all given safety and work instructions. It is part of the product and must
be kept in the immediate vicinity of the device and readily accessible to skilled personnel at any time.
- Furthermore unconditionally observe the relevant local accident prevention regulations and general
safety regulations for the device's range of use.
- The manual contains a complete description of the force sensor with its integrated Safety Measurement
Unit (SMU) and qualified personnel must have carefully read and understood this manual before
starting any work.
- The manufacturer’s liability is void in the case of any damage caused by using the product contrary to its
intended use, non-compliance with these operating instructions, assignment of insufficiently qualified
skilled personnel or unauthorized modifications to the SMU.
- If the serial number gets illegible (e. g. by mechanical damage), the traceability of the device is not
possible any more. In the event that the hermetic seal of the sensor is broken, its certification expires.

-The general terms and conditions contained in the sales documentation shall apply.
-The SMU is subject to technical modifications.
- Further information:
WEB: www.ast.de
Data sheet: User Manual BA612_en.pdf
Mail: [email protected]

2. Short description

- The force sensor together with its integrated Safety Measuring Unit (SMU) meets the requirements for
the functional safety according the standards IEC 61508 / EN 62061 (SIL2) and the requirements of the
standard EN ISO 13849-1, Performance Level „d". The integrated SMU is suitable for load and force
sensors with different bridge signals. For safety-related applications (SIL2) additionally a Safety PLC
with implemented diagnostic software is mandatory.
- The complete safety-related system (SIL2) is always being composed of a sensor with its integrated
SMU and a connected safety diagnostic unit (Safety PLC).

Technische Änderungen vorbehalten 10/2020 Seite 1 von 10

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

3. Transport, Packaging, Storage

- Transport: Check the device for any damage that may have been caused during transportation. Obvious
damage must be reported immediately.

- Packaging: Do not remove packaging until just before mounting. Keep the packaging as it will provide
optimum protection during transport (e.g. change in installation site, sending for repair).

- Storage: Avoid exposure to the following factors

 Direct sunlight or closeness to hot objects

 Mechanical vibration, mechanical shock (putting it down hard)
 Soot, vapor, dust and corrosive gases
 Moisture or wet environment
Store the device in its original packaging in a location that fulfils the conditions listed above.

4. Personnel qualification
- For installation and starting of the devices the personnel has to be familiar with the relevant regulations
and directives of the country and must have the qualification required.

- Particularly the qualified personnel have to undergo a briefing or training about the use and handling of
safety-related products according the functional safety (SIL2, PL „d").

- The activities described in these operating instructions may only be carried out by skilled personnel who
have the qualifications. They have to be acquainted with electric circuits, are capable of carrying out the
work described and can independently recognize potential hazards. Depending on the operation
conditions of the application they have to have the corresponding knowledge.

5. Functional description
- The block diagram [Picture 4] shows the structure of the SMU as a part of a complete user application. The
safety-related measurement system is being composed of two measurement channels, each consisting of a
full bridge sensor and measurement amplifier, and one Safety PLC with diagnostic software and connected
actuators.

Picture 1: Block diagram of a user application chain

Seite 2 von 10 Technische Änderungen vorbehalten 10/2020

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

The safety concept of the SMU is based on a redundant (two-channel) measurement system which converts
the physical quantity (force, pressure) to be measured into 2 independent proportional standard current values.
The difference between the measured current values of both channels must not exceed 5% (∆l= 0,8 mA) in
order to regard the measured value as valid.
For monitoring of invalid measurement results, overloads and faulty signals the diagnostic software of a
Safety PLC is being used.
An essential safety feature to detect any malfunction of the sensor or SMU is the ability to cyclically detune the
resistance measuring bridge of one of the sensors by a precisely defined amount of ∆l= +1mA. This detuning is
evaluated by the diagnostic module of the Safety PLC.
If during the duration of the detuning pulse the output current change on the corresponding channel is not inside
the limit of +1 mA ±5%, a malfunction of the system must be assumed. By contrast, the defined deviation is
evaluated as an indication of correct functioning.

Picture 2: Block diagram of the SMU

6. General operational data

The user has to ensure that the system is supplied by a PELV/SELV power unit
and that the supply voltage is limited to 60 VDC on error.
Warning Danger

Output current la
Description Comment
channel A, channel B
Extended to detect an “out of range”
Operating current range 0...24 mA
malfunction
Valid measuring range 4…20 mA Range for an acceptable measured value
Output current below the valid range <4 mA: -5 % Detection of malfunction by the Safety PLC
Output current above the valid range >20 mA: +5% Detection of malfunction by the Safety PLC
Diagnostic pulse/detuning +1 mA ±5 % Detuning of output current of channel B
Measuring accuracy of the current value
Maximum tolerance per channel ±5 % per channel: ±0,8 mA referring to the
measuring range 16 mA
Measuring accuracy of the current symmetry
Tolerance of the channel symmetry 5% (Channel A - Channel B)
Maximal deviation of current: 0,8 mA abs

Table 1: Rating

Technische Änderungen vorbehalten 10/2020 Seite 3 von 10

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

mA
24
reserve
22 2
out of acceptable range (see note )
20

nominal measurement range

4 1
out of acceptable range (see note )
2
reserve
0

Picture 3: Overview of operation modes

In the following cases the PLC has to switch to a safe state:

1)
1. The current output values of channel A and/or channel B are below the zero point of 3,2 mA (4mA - 0,8
mA (-5%)).

2. The current output values of channel A and/or channel B are above the maximum measuring range of 20,8
mA2) (20 mA + 0,8 mA (5%)).

3. The difference of currents (symmetry of current) between channel A and channel B is more than 0,8 mA (5%).

4. The response (increase of the measured value) of detuning by the diagnostic pulse UD = 24 VDC is outside of
the range of +0,95 mA…+1,05 mA (± 5 %).
1
) different limit in case of detuning : 4,15 mA (3,2 mA + 0,95 mA)
2
) different limit in case of detuning : 21,85 mA (20,8 mA + 1,05 mA)

6.1. Safety ratings of SMU

HFT = 1; 1oo2 architecture structure (HFT (Hardware Failure Tolerance) = 1 means, that if there are
appearing two failures simultaneously, the safe state of the system is lost)
SIL2 - Product safety is only available when a Safety PLC with a diagnostic software is analysing the
signals
PL „d" / Category 3 - Product safety PL"d" / Category 3 is only available when a Safety PLC with a
diagnostic software is analysing the signals
DCavg = 97,92% (Average of diagnostic coverage must be ≥90%)
PFH = 3,79 E-9 h-1 (Possibility of a dangerous failure per hour)
MTTFd > 100 years (Mean time to dangerous failure)
The frequency of the diagnostic pulse has to be specified in that way, that the complete system is
switching to a safe state within the process safety time (dependent on application) when a dangerous
failure appears.
The reaction time of the SMU: t < 1 ms

Table 2: Safety ratings (without PLC)

Seite 4 von 10 Technische Änderungen vorbehalten 10/2020

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

6.2. Technical specifications

Parameter Rating
Maximum allowed supply voltage according PELV/SELV and UBmax = 60 VDC
DIN EN 60204-1
Nominal supply voltage UBnom = 24 VDC
Nominal supply voltage range 18,0…36,0 VDC
Maximum load resistance 500 Ω
Maximum current consumption 100 mA
Maximum deviation of output current ±0,8 mA (±5%)
Nominal voltage level of diagnostic pulse UDIAG = 24 VDC
Voltage level range of diagnostic pulse 18,0…36,0 VDC
Increase of current output on diagnostic pulse loutincrease = 1 mA
Valid range of increase of current output on diagnostic pulse 0,95...1,05 mA (±5%)
Frequency of diagnostic pulse user defined (depending on PLC cycle time)
Minimum waiting time to get a correct result after UDIAG = on 250 µs
Minimum waiting time to get a correct result after UDIAG = off 250 µs
Ambient operation temperature T = -25...+60 °C
Storing temperature T = -25...+85 °C
Air pressure p = 86...106 kPa
Maximum altitude for application H = 2000 m
Vibration fatigue limit (wave) Sine wave:
f = 5...500 Hz
UAMP = 0,15 mm
amax = 20 m/s2
Impact strength (shock) maximal acceleration, half-sine amax = 150 m/s2
Difference of velocity ∆v = 1,1 m/s
Time of nominal pulse T = 11 ms
Table 3: Technical specification

6.3. Product types

The Safety Measuring Module is available in the following two product types:
 Load/force cell with integrated SMU (Product family: KAx-E, KMx-E, KSx-E, KUx-E)
 Future product - DIN-rail enclosure (Product family: xxxx )

7. Installation and set up

The force sensor with the integrated SMU is factory adjusted. The adjusment input is sealed and not accessible
for the customer. Opening the seal leads to the loss of certification.
For the connection to the Safety PLC a plug and socket system M12x1(coding A) is used and is supplied
together with the signal cables. Both cables are identical as well as the two measuring channels of the
integrated SMU and therefore a specific assignment of the channels is not necessary.
The length of the cable is determined by the customer and is a maximum of 100 m. The signal cables have a
guaranteed elimination of errors according ISO EN 13849.

Electromagnetic parasitic inductions may impair the function and safety of the system.
Therefore it is necessary to use at least single shielded cables for the connecting cables
Warning between the sensor or the external amplifier and PLC.
Technische Änderungen vorbehalten 10/2020 Seite 5 von 10
A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

7.1. Pin assignment of connectors

 Connectors at the sensor

 Connectors at the cable

Pin-# Colour Function

1 yellow 0 Volt (GND)
2 brown +UB
3 green Out+
4 white Out-
5 grey test
black shield

The adjustment of the SMU is done by the manufacturer only in factory or on site at the user‘s installation. The
devices are handed over sealed to the user by the manufacturer. After the adjustment of the system the valid
running period and the serial number are recorded by the manufacturer.

8. Repair

Repair works on the product may only be carried out by the skilled personnel of the company A.S.T.-
Angewandte System Technik GmbH.

9. Safety specifications
The product types Product family KAx-E, KMx-E, KSx-E, KUx-E meet the specified safety requirements,
which is certified by TÜV Süd. The examination of the integrated SMU was done according the standards
below. The load/force sensor was not part of the examination.

IEC 61508:2010 (SIL2)

EN 62061:2005+AC:2010+A1:2013 (SIL2)
ISO 13849-1:2008+AC:2009 (PL „d“, Cat. 3 )

Standards for EMC:

DIN EN 61000-4-2 (CE conformity)
DIN EN 61000-4-3 (CE conformity)
DIN EN 61000-4-8 (CE conformity)

Standards for environment:

DIN EN 60068-2-1:2008 Test procedure cold, Ae
DIN EN 60068-2-2:2008 Test procedure dry heat, Ae
DIN EN 60068-2-30:2005 Test procedure humid heat Db
DIN EN 60068-2-6:2008 Test procedure vibration (sinusoidal), Fc

Seite 6 von 10 Technische Änderungen vorbehalten 10/2020

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

10. Recommended Evaluation concept of Safety-PLC

Technische Änderungen vorbehalten 10/2020 Seite 7 von 10

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

Seite 8 von 10 Technische Änderungen vorbehalten 10/2020

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

Technische Änderungen vorbehalten 10/2020 Seite 9 von 10

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

Seite 10 von 10 Technische Änderungen vorbehalten 10/2020

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

Check No. Requirements Mark OK / NOK

1 The SMU is supplied with a PELV/SELV power unit
2 The operating voltage is within the specified range
Ensure that the downstream PLC with diagnostic unit fulfils the
3
safety-related requirements according SIL2 (Cat.3) and PL „d"
Ensure that the complete system being composed of sensor,
4 measuring amplifier and PLC fulfils the safety-related
requirements according SIL2 (Cat. 3) and PL „d"
Ensure that the complete system changes into a safe state when
5 the current output values of channel A and/or B are below fail
minimum (4 mA - 0,8 mA (5%))3
Ensure that the complete system changes into a safe state when
6 the current output values of channel A and/or B are above fail
maximum (20 mA + 0,8 mA (5%))3
Ensure that an increase of current of ∆I = 1 mA is generated
7
(5%) when the diagnostic pulse of UPI = 24 VDC is started
Ensure that the complete system changes into a safe state
8 when the current pulse is different to the expected value (out of
the range 1,05...0,95 mA)
Ensure that the complete system changes into a safe state
9 when the difference of current (Symmetry of current) between
channel A and channel B is more than 0,8 mA (5%)
Ensure, that the frequency of the diagnostic pulse together with
the time of evaluation is within the Process Safety Time (PST) and
10
that the detection of the error and the change of the application
into a safe state is guaranteed within the PST
Ensure that only suitable sensors with measuring bridges
11*)
according SMU requirements are used

Table 4: Check list with instructions to ensure the functional safety of the SMU

*) Not applicable for integrated SMU’s

Technische Änderungen vorbehalten 10/2020 Seite 11 von 10

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik
User manual Safety Measuring UNIT SIL2

11. Certificate

Seite 12 von 10 Technische Änderungen vorbehalten 10/2020

A.S.T. - Angewandte System Technik GmbH, Mess- und Regeltechnik