Functional Safety Switch Amplifier KFD2-SR2-Ex .W (.LB) : Manual

Functional Safety
Switch Amplifier
KFD2-SR2-Ex*.W(.LB)
Manual
2
ISO9001
With regard to the supply of products, the current issue of the following document is applicable:
The General Terms of Delivery for Products and Services of the Electrical Industry, published by the Central
Association of the Electrical Industry (Zentralverband Elektrotechnik und Elektroindustrie (ZVEI) e.V.) in its most
recent version as well as the supplementary clause: "Expanded reservation of proprietorship"
Worldwide
Pepperl+Fuchs Group
Lilienthalstr. 200
68307 Mannheim
Germany
Phone: +49 621 776 - 0
E-mail: [email protected]
North American Headquarters
Pepperl+Fuchs Inc.
1600 Enterprise Parkway
Twinsburg, Ohio 44087
USA
Phone: +1 330 425-3555
Asia Headquarters
Pepperl+Fuchs Pte. Ltd.
P+F Building
18 Ayer Rajah Crescent
Singapore 139942
Phone: +65 6779-9091
https://www.pepperl-fuchs.com
Functional Safety KFD2-SR2-Ex*.W(.LB)
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1 Content of this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2 Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Symbols Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Product Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1 Validity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.4 Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.5 Standards and Directives for Functional Safety . . . . . . . . . . . . . . . . . . . 9
3 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1 System Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.3 Safety Function and Safe State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.4 Characteristic Safety Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.5 Useful Lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4 Mounting and Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.1 Proof Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
6 Maintenance and Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
7 List of Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2021-06
3
Contents
2021-06
4
Introduction
1 Introduction
1.1 Content of this Document

This document contains information for usage of the device in functional safety-related
applications. You need this information to use your product throughout the applicable stages
of the product life cycle. These can include the following:
• Product identification
• Delivery, transport, and storage
• Mounting and installation
• Commissioning and operation
• Maintenance and repair
• Troubleshooting
• Dismounting
• Disposal
Note
This document does not substitute the instruction manual.
Note
For full information on the product, refer to the instruction manual and further documentation
on the Internet at www.pepperl-fuchs.com.
The documentation consists of the following parts:

• Present document
• Instruction manual
• Manual
• Datasheet
Additionally, the following parts may belong to the documentation, if applicable:
• EU-type examination certificate
• EU declaration of conformity
• Attestation of conformity
• Certificates
• Control drawings
• FMEDA report
• Assessment report
• Additional documents
For more information about Pepperl+Fuchs products with functional safety,
see www.pepperl-fuchs.com/sil.
2021-06
5
Introduction
1.2 Safety Information

Target Group, Personnel
Responsibility for planning, assembly, commissioning, operation, maintenance,
and dismounting lies with the plant operator.
Only appropriately trained and qualified personnel may carry out mounting, installation,
commissioning, operation, maintenance, and dismounting of the product. The personnel
must have read and understood the instruction manual and the further documentation.
Intended Use
The device is only approved for appropriate and intended use. Ignoring these instructions
will void any warranty and absolve the manufacturer from any liability.
The device is developed, manufactured and tested according to the relevant safety standards.
Use the device only
• for the application described
• with specified environmental conditions
• with devices that are suitable for this safety application
Improper Use
Protection of the personnel and the plant is not ensured if the device is not used according
to its intended use.
2021-06
6
Introduction
1.3 Symbols Used

This document contains symbols for the identification of warning messages and
of informative messages.
Warning Messages
You will find warning messages, whenever dangers may arise from your actions.
It is mandatory that you observe these warning messages for your personal safety and in order
to avoid property damage.
Depending on the risk level, the warning messages are displayed in descending order
as follows:
Danger!
This symbol indicates an imminent danger.
Non-observance will result in personal injury or death.
Warning!
This symbol indicates a possible fault or danger.
Non-observance may cause personal injury or serious property damage.
Caution!
This symbol indicates a possible fault.
Non-observance could interrupt the device and any connected systems and plants,
or result in their complete failure.
Informative Symbols
Note
This symbol brings important information to your attention.
Action
This symbol indicates a paragraph with instructions. You are prompted to perform an action
or a sequence of actions.
2021-06
7
Product Description
2 Product Description
2.1 Validity
This manual is only valid for devices with a part number greater than #203350.
Contact your Pepperl+Fuchs representative for information about older devices.
2.2 Function
KFD2-SR2-Ex1.W
This isolated barrier is used for intrinsic safety applications.
The device transfers digital signals from NAMUR sensors or dry contacts from
the hazardous area to the non-hazardous area.
The proximity sensor or switch controls a change-over relay contact for the load
in the non-explosion hazardous area. The output changes state when the input signal changes
state. The normal output state can be reversed using switch S1. Switch S3 is used to enable
or disable line fault detection of the field circuit.
During an error condition the outputs de-energize.
A fault is signalized by LEDs and a separate collective error message output.
The device is mounted on a 35 mm DIN mounting rail according to EN 60715.
KFD2-SR2-Ex2.W
in the non-explosion hazardous area. The normal output state can be reversed using
switches S1 and S2. Switch S3 is used to enable or disable line fault detection of the field
circuit.
A fault is signalized by LEDs and a separate collective error message output.
KFD2-SR2-Ex1.W.LB
in the non-explosion hazardous area. The normal output state can be reversed using
switch S1. Switch S2 allows output II to be switched between the signal output or the fault
indication output. Switch S3 is used to enable or disable line fault detection of the field circuit.
A fault is indicated by a LEDs and output via a fault indication output.
If the device is operated via Power Rail, additionally a collective error message is available.
2021-06
8
Product Description
2.3 Interfaces
The device has the following interfaces:
• Safety-relevant interfaces:
• KFD2-SR2-Ex1.W: input, output
• KFD2-SR2-Ex2.W: input I, input II, output I, output II
• KFD2-SR2-Ex1.W.LB: input, output I, output II
• Non-safety relevant interfaces: fault indication output and collective error message output
Note
For corresponding connections see datasheet.
2.4 Marking
Pepperl+Fuchs Group
Lilienthalstraße 200, 68307 Mannheim, Germany
Internet: www.pepperl-fuchs.com
KFD2-SR2-Ex1.W, KFD2-SR2-Ex2.W, KFD2-SR2-Ex1.W.LB Up to SIL 2
The *-marked letters of the type code are placeholders for versions of the device.
2.5 Standards and Directives for Functional Safety

Device specific standards and directives
Functional safety IEC/EN 61508, part 1 – 7, edition 2010:
Functional safety of electrical/electronic/programmable
electronic safety-related systems (manufacturer)
System-specific standards and directives

Functional safety IEC 61511-1:2016+COR1:2016+A1:2017
EN 61511-1:2017+A1:2017
Functional safety – Safety instrumented systems
for the process industry sector (user)
2021-06
9
Planning
3 Planning
3.1 System Structure
3.1.1 Low Demand Mode of Operation

If there are two control loops, one for the standard operation and another one
for the functional safety, then usually the demand rate for the safety loop is assumed to be less
than once per year.
The relevant safety parameters to be verified are:
• the PFDavg value (average Probability of dangerous Failure on Demand)
and the T1 value (proof test interval that has a direct impact on the PFDavg value)
• the SFF value (Safe Failure Fraction)
• the HFT architecture (Hardware Fault Tolerance)
3.1.2 High Demand or Continuous Mode of Operation

If there is only one safety loop, which combines the standard operation and safety-related
operation, then usually the demand rate for this safety loop is assumed to be higher
than once per year.
The relevant safety parameters to be verified are:
• the PFH value (Probability of dangerous Failure per Hour)
• Fault reaction time of the safety system
• the SFF value (Safe Failure Fraction)
• the HFT architecture (Hardware Fault Tolerance)
3.1.3 Safe Failure Fraction

The safe failure fraction describes the ratio of all safe failures and dangerous detected failures
to the total failure rate.
SFF = (s + dd) / (s + dd + du)
A safe failure fraction as defined in IEC/EN 61508 is only relevant for elements or (sub)systems
in a complete safety loop. The device under consideration is always part of a safety loop but
is not regarded as a complete element or subsystem.
For calculating the SIL of a safety loop it is necessary to evaluate the safe failure fraction
of elements, subsystems and the complete system, but not of a single device.
Nevertheless the SFF of the device is given in this document for reference.
2021-06
10
Planning
3.2 Assumptions
The following assumptions have been made during the FMEDA:
• Failure rates are constant, wear is not considered.
• Failure rate based on the Siemens standard SN 29500.
• The safety-related device is considered to be of type A device with a hardware
fault tolerance of 0.
• External power supply failure rates are not included.
• Only one input and one output are part of the safety function (only for 2-channel version).
• Short circuit (SC) detection and lead breakage (LB) detection are enabled.
• The device will be used under average industrial ambient conditions comparable
to the classification "stationary mounted" according to MIL-HDBK-217F.
Alternatively, operating stress conditions typical of an industrial field environment similar
to IEC/EN 60654-1 Class C with an average temperature over a long period of time
of 40 ºC may be assumed. For a higher average temperature of 60 ºC, the failure rates
must be multiplied by a factor of 2.5 based on experience. A similar factor must be used
if frequent temperature fluctuations are expected.
SIL 2 application
• To build a SIL safety loop for the defined SIL, it is assumed as an example that this device
uses 10 % of the available budget for PFDavg/PFH.
• For a SIL 2 application operating in low demand mode the total PFDavg value
of the SIF (Safety Instrumented Function) should be smaller than 10-2,
hence the maximum allowable PFDavg value would then be 10-3.
• For a SIL 2 application operating in high demand mode the total PFH value
of the SIF should be smaller than 10-6 per hour, hence the maximum allowable PFH value
would then be 10-7 per hour.
• Since the safety loop has a hardware fault tolerance of 0 and it is a type A device,
the SFF must be > 60 % according to table 2 of IEC/EN 61508-2 for a SIL 2 (sub) system.
SILCL and PL Application

• The device was qualified for use in safety functions up to SIL2 acc. to IEC/EN 61508.
The risk reduction is equivalent to PL d acc. to EN/ISO 13849-1 or to SILCL2 acc. to
IEC/EN 62061. See chapter 4 of EN/ISO 13849-1 for details on comparison between
SIL and PL statements.
2021-06
11
Planning
3.3 Safety Function and Safe State

Safe State
In the safe state of the safety function the output is de-energized.
Safety Function for 1-channel Devices

KFD2-SR2-Ex1.W
S1 position I (normal The safe state is reached if the NAMUR sensor input
operation) is in the off state.
S1 position II (inverse The safe state is reached if the NAMUR sensor input
operation) is in the on state.
KFD2-SR2-Ex1.W.LB
S1 position I (normal The safe state is reached if the NAMUR sensor input
operation) is in the off state.
S1 position II (inverse The safe state is reached if the NAMUR sensor input
operation) is in the on state.
S2 position I (output II as Output II has the same switching state like output I.
signal output)
S2 position II (output II as fault LB/SC output – de-energized in case of fault.
indication output) Not for safety relevant application of output II.
Safety Function for 2-channel Devices

KFD2-SR2-Ex2.W
S1 position I (normal The safe state of output I is reached if the NAMUR sensor
operation input channel I) input I is in the off state.
S1 position II (inverse The safe state of output I is reached if the NAMUR sensor
operation input channel I) input I is in the on state.
S2 position I (normal The safe state of output II is reached if the NAMUR sensor
operation input channel II) input II is in the off state.
S2 position II (inverse The safe state of output II is reached if the NAMUR sensor
operation input channel II) input II is in the on state.
2021-06
12
Planning
LB/SC Diagnosis
For use in a safety function enable the line fault detection.
If the line fault detection is active (mandatory, see datasheet), the input loops of all device
versions are supervised. The line fault detection is activated if switch S3 is in position I.
The related safety function is defined as the outputs are de-energized (safe state),
if there is a line fault detected.
Note
The fault indication output and the collective error message output are not safety relevant.
Reaction Time
The fault reaction time is < 20 ms.
Note
See corresponding datasheets for further information.
2021-06
13
Planning
3.4 Characteristic Safety Values

Parameters Characteristic values
Assessment type and Full assessment
documentation
Device type A
Mode of operation Low demand mode or high demand mode
HFT 0
SIL 2
SC 3
Safety function Output is de-energized
s1 113 FIT
dd 0 FIT
du 37.8 FIT
total (safety function)1 151 FIT
no part 127 FIT
SFF 75 %
DC 0%
MTBF 2 288 years
MTTFD 3023 years
PFH 3.77 x 10-8 1/h
Test version Manual proof test In-loop proof test
PTC 100 % 90 %
3 -4
PFDavg for T1 = 1 year 1.65 x 10 3.15 x 10-4
PFDavg for T1 = 2 years 3 3.31 x 10-4 4.64 x 10-4
PFDavg for T1 = 3 years 3 4.96 x 10-4 6.13 x 10-4
Fault reaction time 4 < 20 ms
Table 3.1
1 "No effect failures" are not influencing the safety function and are therefore not included in SFF and in the failure rates
of the safety function.
2 acc. to SN29500. This value includes failures which are not part of the safety function/MTTR = 8 h. The value is calculated
for one safety function of the device.
3
Since the current PTC value is < 100 % and therefore the probability of failure will increase, calculate the PFD value according
to the following formula:
PFDavg = (du / 2) x (PTC x T1 + (1 – PTC) x Tservice)
A service time Tservice of 10 years was assumed for the calculation of PFDavg.
4
Step response time, also valid under fault conditions (including fault detection and fault reaction)
The characteristic safety values like PFD, SFF, HFT and T1 are taken
from the SIL report/FMEDA report. Observe that PFD and T1 are related to each other.
The function of the devices has to be checked within the proof test interval (T1).
2021-06
14
Planning
3.5 Useful Lifetime

Although a constant failure rate is assumed by the probabilistic estimation this only applies
provided that the useful lifetime of components is not exceeded. Beyond this useful lifetime,
the result of the probabilistic estimation is meaningless as the probability of failure significantly
increases with time. The useful lifetime is highly dependent on the component itself and
its operating conditions – temperature in particular. For example, the electrolytic capacitors
can be very sensitive to the operating temperature.
This assumption of a constant failure rate is based on the bathtub curve, which shows
the typical behavior for electronic components.
Therefore it is obvious that failure calculation is only valid for components that have
this constant domain and that the validity of the calculation is limited to the useful lifetime
of each component.
It is assumed that early failures are detected to a huge percentage during the installation
and therefore the assumption of a constant failure rate during the useful lifetime is valid.
The standard EN/ISO 13849-1:2015 proposes a useful lifetime TM of 20 years for devices
used within industrial environments. This device is designed for this lifetime.
Observe that the useful lifetime can be reduced if the device is exposed
to the following conditions:
• highly stressful environmental conditions such as constantly high temperatures
• temperature cycles with high temperature differences
• permanent repeated mechanical stress (vibration)
As noted in DIN EN 61508-2:2011 note N3, appropriate measures taken by the manufacturer
and plant operator can extend the useful lifetime.
Please note that the useful lifetime refers to the (constant) failure rate of the device.
The effective lifetime can be higher.
The estimated useful lifetime is greater than the warranty period prescribed by law
or the manufacturer's guarantee period. However, this does not result in an extension
of the warranty or guarantee services. Failure to reach the estimated useful lifetime is not
a material defect.
Derating
For the safety application, reduce the number of switching cycles or the maximum current.
A derating to 2/3 of the maximum value is adequate.
Maximum Switching Power of Output Contacts

The useful lifetime is limited by the maximum switching cycles of the relays under load
conditions.
For requirements regarding the connected output load, refer to the documentation
of the connected peripheral devices.
Devices with relay contact outputs are not intended for applications with continuous demand,
as the relay contacts are subject to mechanical wear. To exclude higher failure rates,
a maximum number of 10 switching cycles per hour is considered adequate. A higher number
of switching cycles can lead to higher failure rates than given in the table.
Note
2021-06
15
Mounting and Installation
4 Mounting and Installation

Mounting and Installing the Device
1. Observe the safety instructions in the instruction manual.

2. Observe the information in the manual.
3. Observe the requirements for the safety loop.
4. Connect the device only to devices that are suitable for this safety application.
5. Check the safety function to ensure the expected output behavior.
4.1 Configuration
Configuring the Device
The device is configured via DIP switches. The DIP switches for setting the safety functions
are on the front of the device.
1. De-energize the device before configuring the device.
2. Open the cover.
3. Configure the device for the required safety function via the DIP switches, see chapter 3.3.
4. Close the cover.
5. Secure the DIP switches to prevent unintentional adjustments.
6. Connect the device again.
Note
2021-06
16
Operation
5 Operation
Danger!
Danger to life from missing safety function
If the safety loop is put out of service, the safety function is no longer guaranteed.
• Do not deactivate the device.
• Do not bypass the safety function.
• Do not repair, modify, or manipulate the device.
Operating the device
1. Observe the safety instructions in the instruction manual.

2. Observe the information in the manual.
3. Use the device only with devices that are suitable for this safety application.
4. Correct any occurring safe failures within 8 hours. Take measures to maintain
the safety function while the device is being repaired.
5.1 Proof Test

This section describes a possible proof test procedure. The user is not obliged to use
this proposal. The user may consider different concepts with an individual determination
of the respective effectiveness, e. g. concepts according to NA106:2018.
According to IEC/EN 61508-2 a recurring proof test shall be undertaken to reveal
potential dangerous failures that are not detected otherwise.
Check the function of the subsystem at periodic intervals depending on the applied PFDavg
in accordance with the characteristic safety values. See chapter 3.4.
It is under the responsibility of the plant operator to define the type of proof test and the interval
time period.
Check the settings after the configuration by suitable tests.
2021-06
17
Operation
5.1.1 Procedure for Manual Proof Test

Equipment required:
• Digital multimeter with an accuracy of 0.1 %
Use for the proof test of the intrinsic safety side of the device a special digital multimeter
for intrinsically safe circuits.
If intrinsically safe circuits are operated with non-intrinsically safe circuits, they must
no longer be used as intrinsically safe circuits.
• Power supply set to nominal voltage of 24 V DC
• Simulate the sensor state by a potentiometer of 4.7 k (threshold for normal operation),
by a resistor of 220  (short circuit detection) and by a resistor of 150 k
(lead breakage detection).
Proof Test Procedure
1. Put out of service the entire safety loop. Protect the application by means of other measures.
2. Prepare a test set-up, see figures below.
3. Simulate the sensor state by connecting a potentiometer, a resistor for short circuit detection
or by a resistor for lead breakage detection.
Test each input channel individually.
4. Connect a potentiometer of 4.7 k (threshold for normal operation) to the input.
The threshold must be between 1.4 mA and 1.9 mA, the hysteresis must be between
170 µA and 250 µA.
• If the input current is above the threshold the relay must be activated for normal mode
of operation. The yellow LED lights up.
• If the input current is below the threshold the relay must be activated for inverted mode
of operation. The yellow LED lights up.
5. Connect a resistor RSC (220 ) or a resistor RLB (150 k) to the input.
The device must detect an external fault. This state is indicated by red LED and the relay
of the corresponding output must be de-activated.
6. Test all relay outputs with a specific current, e. g. 100 mA. To avoid electric shock,
use a test voltage of 24 V DC. Check that the relay contacts are open.
The relays must be de-activated. The relay contacts must definitely open.
7. Set back the device to the original settings for the current application after the test.
8. Check the correct behavior of the safety loop. Is the configuration correct?
9. Secure the DIP switches to prevent unintentional adjustments.
2021-06
18
Operation
Multimeter KFD2-SR2-Ex1.W
(mA)
240 :/2.5 W
1+ 7
RSC RLB 8 24 V DC
2+ 9
3- Multimeter
(mA)
Multimeter
(mA)
14+ 24 V DC
Zone 0, 1, 2 I supply Power Zone 2
Supply
Div. 1, 2 supply Div. 2
15-
Figure 5.1 Proof test set-up for KFD2-SR2-Ex1.W
Multimeter KFD2-SR2-Ex1.W.LB
(mA)
240 :/2.5 W
1+ 7
RSC RLB 8 24 V DC
2+ 9
3- Multimeter
(mA)
240 :/2.5 W
10
11 24 V DC
12
Multimeter
(mA)
Multimeter
(mA)
14+ 24 V DC
Supply
15-
Figure 5.2 Proof test set-up for KFD2-SR2-Ex1.W.LB

2021-06
19
Operation
Multimeter KFD2-SR2-Ex2.W
(mA)
240 :/2.5 W
1+ 7
RSC RLB 8 24 V DC
2+ 9
3- Multimeter
(mA)
Multimeter
(mA)
240 :/2.5 W
4+ 10
RSC RLB 11 24 V DC
5+ 12
6- Multimeter
(mA)
Multimeter
(mA)
14+ 24 V DC
Supply
15-
Figure 5.3 Proof test set-up for KFD2-SR2-Ex2.W
5.1.2 Procedure for In-Loop Proof Test

If you check the safety function within an application, 90 % of the dangerous undetected
failures are revealed.
You can also use documented switching actions for verification within the framework of regular
proof test intervals. The calculated values correspond to the values in the
"Characteristic Safety Values" table, see chapter 3.4
2021-06
20
Maintenance and Repair
6 Maintenance and Repair

Danger!
Danger to life from missing safety function
Changes to the device or a defect of the device can lead to device malfunction.
The function of the device and the safety function is no longer guaranteed.
Do not repair, modify, or manipulate the device.
Maintaining, Repairing or Replacing the Device

In case of maintenance, repair or replacement of the device, proceed as follows:
1. Implement appropriate maintenance procedures for regular maintenance of the safety loop.
2. While the device is maintained, repaired or replaced, the safety function does not work.
Take appropriate measures to protect personnel and equipment while the safety function
is not available.
Secure the application against accidental restart.
3. Do not repair a defective device. A defective device must only be repaired by the manufacturer.
4. If there is a defect, always replace the device with an original device.
2021-06
21
List of Abbreviations
7 List of Abbreviations
DC Diagnostic Coverage of dangerous faults
FIT Failure In Time in 10-9 1/h
FMEDA Failure Mode, Effects, and Diagnostics Analysis
s Probability of safe failure
dd Probability of dangerous detected failure
du Probability of dangerous undetected failure
no effect Probability of failures of components in the safety loop that have
no effect on the safety function.
not part Probability of failure of components that are not in the safety loop
total (safety function) Probability of failure of components that are in the safety loop
HFT Hardware Fault Tolerance
MTBF Mean Time Between Failures
MTTFD Mean Time To dangerous Failure
MTTR Mean Time To Restoration
PCS Process Control System
PFDavg Average Probability of dangerous Failure on Demand
PFH Average frequency of dangerous failure per hour
PL Performance Level
PLC Programmable Logic Controller
PTC Proof Test Coverage
SC Systematic Capability
SFF Safe Failure Fraction
SIF Safety Instrumented Function
SIL Safety Integrity Level
SIS Safety Instrumented System
T1 Proof Test Interval
FLT Fault
LB Lead Breakage
LFD Line Fault Detection
SC Short Circuit
Tservice Time from start of operation to putting the device out of service
2021-06
22
Notes
2021-06
23
Pepperl+Fuchs Quality
Download our latest policy here:
www.pepperl-fuchs.com/quality
www.pepperl-fuchs.com
© Pepperl+Fuchs · Subject to modifications
Printed in Germany / DOCT-6656B

Functional Safety Switch Amplifier KFD2-SR2-Ex .W (.LB) : Manual

Uploaded by

Copyright:

Available Formats

Functional Safety Switch Amplifier KFD2-SR2-Ex .W (.LB) : Manual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Functional Safety Switch Amplifier KFD2-SR2-Ex .W (.LB) : Manual

Uploaded by

Copyright:

Available Formats

Functional Safety

4 Mounting and Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6 Maintenance and Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.1 Content of this Document

The documentation consists of the following parts:

1.2 Safety Information

1.3 Symbols Used

KFD2-SR2-Ex1.W, KFD2-SR2-Ex2.W, KFD2-SR2-Ex1.W.LB Up to SIL 2

2.5 Standards and Directives for Functional Safety

System-specific standards and directives

3.1 System Structure

3.1.1 Low Demand Mode of Operation

3.1.2 High Demand or Continuous Mode of Operation

3.1.3 Safe Failure Fraction

SILCL and PL Application

3.3 Safety Function and Safe State

Safety Function for 1-channel Devices

Safety Function for 2-channel Devices

3.4 Characteristic Safety Values

3.5 Useful Lifetime

Maximum Switching Power of Output Contacts

4 Mounting and Installation

1. Observe the safety instructions in the instruction manual.

Operating the device

1. Observe the safety instructions in the instruction manual.

5.1 Proof Test

5.1.1 Procedure for Manual Proof Test

Figure 5.1 Proof test set-up for KFD2-SR2-Ex1.W

Figure 5.2 Proof test set-up for KFD2-SR2-Ex1.W.LB

Figure 5.3 Proof test set-up for KFD2-SR2-Ex2.W

5.1.2 Procedure for In-Loop Proof Test

6 Maintenance and Repair

Maintaining, Repairing or Replacing the Device

You might also like