The basis of the approval is the proofing of the safety functions. The developing process follows the process and guidelines described in the EN 50126 suite (EN 50128 and EN 50129).
The environmental standards EN 50125 is also fulfilled.
The Ammeter is delivered with a Generic Safety case.
This Safety case can be extended with an Application Safety case addendum for customized ammeters.
The Ammeter can be delivered at different Safety Levels (SIL0, SIL2 or SIL4).
Acceptance Criteria for SIL4
The ammeter shall be able to be a stand alone safety component when implemented in SIL4 safety systems.
The point of reference for a quantitative acceptance criterion is a general rule saying that 1000 Interlocking system running in 100 years must fail 1 time. This equals a failure rate of 10-9 [Failures pr. hour pr. Interlocking system] equal to the CSM criteria. Furthermore is assumed an average of 100 [Ammeters pr. Interlocking system].
This means an outer safety function in the ammeter may "lie" with a failure rate of 10-11 [Failures pr. Hour pr. Ammeter] ≈
λACCEPT = 10-7 [Failure pr. Year pr. Ammeter].
No comments:
Post a Comment