Safety Manual

VEGASWING 66
Relay (2 x SPDT)
With SIL qualification

Document ID: 45307

Contents

Contents
1 Document language................................................................................................................. 3

2 Scope......................................................................................................................................... 4
2.1 Instrument version............................................................................................................. 4
2.2 Area of application............................................................................................................ 4
2.3 SIL conformity................................................................................................................... 4
3 Planning..................................................................................................................................... 5
3.1 Safety function.................................................................................................................. 5
3.2 Safe state.......................................................................................................................... 5
3.3 Prerequisites for operation................................................................................................ 5
4 Safety-related characteristics................................................................................................. 6
4.1 Characteristics acc. to IEC 61508..................................................................................... 6
4.2 Characteristics acc. to ISO 13849-1.................................................................................. 6
4.3 Supplementary information............................................................................................... 7
5 Setup.......................................................................................................................................... 9
5.1 General information........................................................................................................... 9
5.2 Adjustment instructions..................................................................................................... 9
6 Diagnostics and servicing..................................................................................................... 10
6.1 Behaviour in case of failure............................................................................................. 10
6.2 Repair............................................................................................................................. 10
7 Proof test................................................................................................................................. 11
7.1 General information......................................................................................................... 11
7.2 Test 1: Without filling or dismounting the sensor.............................................................. 11
7.3 Test 2: With filling or dismounting of the sensor............................................................... 12
8 Appendix A: Test report.......................................................................................................... 13

9 Appendix B: Term definitions................................................................................................. 14

10 Supplement C: SIL conformity............................................................................................... 15

45307-EN-180717

Editing status: 2018-07-17

2 VEGASWING 66 • Relay (2 x SPDT)

 1 Document language

1 Document language
DE Das vorliegende Safety Manual für Funktionale Sicherheit ist verfügbar in den Sprachen
Deutsch, Englisch, Französisch und Russisch.
EN The current Safety Manual for Functional Safety is available in German, English, French and
Russian language.
FR Le présent Safety Manual de sécurité fonctionnelle est disponible dans les langues suivantes:
allemand, anglais, français et russe.
RU Данное руководство по функциональной безопасности Safety Manual имеется на
немецком, английском, французском и русском языках.
45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 3

2 Scope

2 Scope
2.1 Instrument version
This safety manual applies to point level sensors
VEGASWING 66 - Relay (2 x SPDT) with SIL qualification
Electronics module:
• SG60HT-S
Valid versions:
• from HW Ver 1.0.0
• from SW Ver 1.1.0

2.2 Area of application

The instrument can be used for level detection of liquids in a safety-
related system according to IEC 61508 in the modes low demand
mode or high demand mode.
Due to the systematic capability SC3 this is possible up to:
• SIL2 in a single-channel architecture
• SIL3 in a multiple channel architecture
The following interface can be used to output the measured value:
• Relay (2 x SPDT)
Both NO contact must be connected in series!1)

2.3 SIL conformity

The SIL conformity was independently judged and certified by the
TÜV Rheinland according to IEC 61508:2010 (Ed.2).2)
The certificate is valid for the entire service life of all instruments that
were sold before the certificate expired!

45307-EN-180717

1)
NO = Normal Open
2)
Verification documents see appendix

4 VEGASWING 66 • Relay (2 x SPDT)

 3 Planning

3 Planning
3.1 Safety function
Safety function To monitor a limit level, the sensor detects via the conditions "Vibrat-
ing element uncovered" or "Vibrating element covered" a limiting
value defined by the mounting location.
The detected status is signalled on the output with "Relay contact
open" or "Relay contact closed".

3.2 Safe state

Safe state The safe state of the output signal is independent of the mode ad-
justed on the sensor.
For the safety function, only the NO contact may be used (idle current
principle)!
Both NO contact must be connected in series!

Mode Overflow protection Dry run protection

Mode max. Mode min.
Vibrating element covered uncovered
NO contact open NO contact open
Relay
(currentless) (currentless)

Fault signals in case of Relay outputs:

malfunction
• NO contacts open

3.3 Prerequisites for operation

Instructions and restric- • The measuring system should be used appropriately taking pres-
tions sure, temperature, density and chemical properties of the medium
into account. The application-specific limits must be observed.
• The specifications according to the operating instructions manual,
particularly the current load on the output circuits, must be kept
within the specified limits
• To avoid a fusing of the relay contacts, these must be protected by
an external fuse that triggers at 60 % of the max. contact current
load.
• When used as dry run protection, buildup on the vibrating system
should be avoided (probably shorter proof test intervals will be
necessary)
• The instructions in chapter "Safety-related characteristics", para-
graph "Supplementary information" must be noted
• All parts of the measuring chain must correspond to the planned
"Safety Integrity Level (SIL)"
45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 5

4 Safety-related characteristics

4 Safety-related characteristics
4.1 Characteristics acc. to IEC 61508
Parameter Value
Safety Integrity Level SIL2 in single-channel architecture
SIL3 in multiple channel architecture3)
Hardware fault tolerance HFT = 0
Instrument type Type B
Mode Low demand mode, High demand mode
SFF > 90 %
MTTR 8 h
MTBF = MTTF + MTTR 4)
1.01 x 106 h (116 years)
Diagnostic test interval 5)
< 120 s
Fault reaction time6) < 2 s

Failure rates
λS λDD λDU λH λL λAD
329 FIT 186 FIT 36 FIT 0 FIT 0 FIT 11 FIT

PFDAVG 0.030 x 10-2 (T1 = 1 year)

PFDAVG 0.044 x 10-2 (T1 = 2 years)
PFDAVG 0.087 x 10-2 (T1 = 5 years)
PFH 0.036 x 10 1/h
-6

Proof Test Coverag (PTC)

Remaining failure rate of danger-
Test type7) PTC
ous undetected failures
Test 1 11 FIT 68 %
Test 2 2 FIT 96 %

4.2 Characteristics acc. to ISO 13849-1

Derived from the safety-related characteristics, the following figures
result according to ISO 13849-1 machine safety):8)
Parameter Value
MTTFd 489 years
DC 85 %
45307-EN-180717

3)
Homogeneous redundancy possible.
4)
Including errors outside the safety function.
5)
Time during which all internal diagnoses are carried out at least once.
6)
Time between the occurrence of the event and the output of a fault signal.
7)
See section "Proof test".
8)
ISO 13849-1 was not part of the certification of the instrument.

6 VEGASWING 66 • Relay (2 x SPDT)

 4 Safety-related characteristics

Parameter Value
Performance Level 3.60 x 10-8 1/h

4.3 Supplementary information

Determination of the The failure rates of the instruments were determined by an FMEDA
failure rates according to IEC 61508. The calculations are based on failure rates of
the components according to SN 29500:
All figures refer to an average ambient temperature of 40 °C (104 °F)
during the operating time. For higher temperatures, the values should
be corrected:
• Continuous application temperature > 50 °C (122 °F) by factor 1.3
• Continuous application temperature > 60 °C (140 °F) by factor 2.5
Similar factors apply if frequent temperature fluctations are expected.
Assumptions of the • The failure rates are constant. Take note of the useful service life of
FMEDA the components according to IEC 61508-2.
• Multiple failures are not taken into account
• Wear on mechanical parts is not taken into account
• Failure rates of external power supplies are not taken into account
• The environmental conditions correspond to an average industrial
environment
• To avoid a fusing of the relay contacts, these must be protected by
an external fuse

Calculation of PFDAVG The values for PFDAVG specified above were calculated as follows for a
1oo1 architecture:
PTC × λ DU × T1 (1 – PTC) × λ DU × LT
PFDAVG = + λ DD x MTTR +
2 2
Parameters used:
• T1 = Proof Test Interval
• PTC = 90 %
• LT = 10 years
• MTTR = 8 h

Configuration of the pro- A connected control and processing unit must have the following
cessing unit properties:
• The failure signals of the measuring system are judged according
to the idle current principle
• "fail low" and "fail high" signals are interpreted as a failure, where-
upon the safe state must be taken on
If this is not the case, the respective percentages of the failure rates
must be assigned to the dangerous failures and the values stated in
chapter Safety-related characteristics“ redetermined!
45307-EN-180717

Multiple channel archi- Due to the systematic capability SC3, this instrument can also be
tecture used in multiple channel systems up to SIL3, also with a homogene-
ously redundant configuration.

VEGASWING 66 • Relay (2 x SPDT) 7

4 Safety-related characteristics

The safety-related characteristics must be calculated especially for

the selected structure of the measuring chain using the stated failure
rates. In doing this, a suitable Common Cause Factor (CCF) must be
considered (see IEC 61508-6, appendix D).

45307-EN-180717

8 VEGASWING 66 • Relay (2 x SPDT)

 5 Setup

5 Setup
5.1 General information
Mounting and installation Take note of the mounting and installation instructions in the operating
instructions manual.
Setup must be carried out under process conditions.

5.2 Adjustment instructions

Adjustment elements The adjustment elements must be set according to the specified
safety function:
• Slide switch for changeover of the mode (min./max.)
• Slide switch for changeover of the sensitivity
The function of the adjustment elements is described in the operating
instructions manual.
Please note! During adjustment process, the safety function must be considered
as unreliable!
If necessary, you must take other measures to maintain the safety
function.
With regard to the switch on/swich off delay it must be ensured that
the sum of all switching delays from the transducer to the actuator is
adapted to the process safety time!
The instrument must be protected against inadvertent or unauthorized
adjustment!
45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 9

6 Diagnostics and servicing

6 Diagnostics and servicing

6.1 Behaviour in case of failure
Internal diagnosis The instrument is permanently monitored by an internal diagnostic
system. If a malfunction is detected, the respective output signals
change to the safe status (see section "Safe status").
This condition is maintained for at least 1 second. If an error is no
longer detected, the safety function is performed correctly again.
The diagnosis interval is specified in chapter "Safety-related charac-
teristics".
If failures are detected, the entire measuring system must be shut
down and the process held in a safe state by other measures.
The manufacturer must be informed of the occurrence of a dangerous
undetected failure (incl. fault description).

6.2 Repair
Electronics exchange The procedure is described in the operating instructions manual. Note
the instructions for setup.

45307-EN-180717

10 VEGASWING 66 • Relay (2 x SPDT)

 7 Proof test

7 Proof test
7.1 General information
Objective To identify possible dangerous, undetected failures, the safety func-
tion must be checked by a proof test at adequate intervals. It is the
user's responsibility to choose the type of testing. The time intervals
are determined by the selected PFDAVG (see chapter "Safety-related
characteristics").
For documentation of these tests, the test protocol in the appendix
can be used.
If one of the tests proves negative, the entire measuring system must
be switched out of service and the process held in a safe state by
means of other measures.
In a multiple channel architecture this applies separately to each
channel.
Preparation • Determine safety function (mode, switching points)
• If necessary, remove the instruments from the safety chain and
maintain the safety function by other means

Unsafe device Warning:

status During the function test, the safety function must be treated as unreli-
able. Take into account that the function test influences downstream
connected devices.
If necessary, you must take other measures to maintain the safety
function.
After the function test, the status specified for the safety function must
be restored.

7.2 Test 1: Without filling or dismounting the

sensor
Conditions • Instrument in installed condition
• Output signal corresponds to the level (covered or uncovered
vibrating element)
• The NO contacts of the two relays connected in series must
be checked separately!
Procedure 1. Carry out a restart (switch the instrument off and then on again)
2. Push the min./max. switch

Expected result to 1: Output signal corresponds to the level

to 2: Output signal changes status

Proof Test Coverage See Safety-related characteristics

45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 11

7 Proof test

7.3 Test 2: With filling or dismounting of the

sensor
Conditions • Alternative 1: the instrument remains mounted; the condition
"Vibrating element uncovered"/"Vibrating element covered" can be
changed by filling or emptying to the switching point.
• Alternative 2: the instrument is dismounted; the condition "Vibrat-
ing element uncovered"/"Vibrating element covered" can be
changed by dipping the instrument into the original medium
• Output signal corresponds to the level (covered or uncovered
vibrating element)
• The NO contacts of the two relays connected in series must
be checked separately!
Procedure 1. Push the min./max. switch
2. Filling or emptying up to the switching point or immersion into the
original medium

Expected result to 1: Output signal changes status

to 2: Output signal corresponds to the modified level

Proof Test Coverage See Safety-related characteristics

45307-EN-180717

12 VEGASWING 66 • Relay (2 x SPDT)

 8 Appendix A: Test report

8 Appendix A: Test report

Identification
Company/Tester
Plant/Instrument TAG
Meas. loop TAG
Instrument type/Order code
Instrument serial number
Date, setup
Date, last function test

Test reason Test scope

(…) Setup (…) without filling or dismounting the sensor
(…) Proof test (…) with filling or dismounting the sensor

Mode Sensitivity
(…) Overflow protection (…) ≥ 0.7 g/cm³ (0.025 lbs/in³)
(…) Dry run protection (…) ≥ 0.5 g/cm³ (0.018 lbs/in³)

Test result
Test step Level Expected measured Real value Test result
value

Confirmation

Date: Signature:
45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 13

9 Appendix B: Term definitions

9 Appendix B: Term definitions

Abbreviations
SIL Safety Integrity Level (SIL1, SIL2, SIL3, SIL4)
SC Systematic Capability (SC1, SC2, SC3, SC4)
HFT Hardware Fault Tolerance
SFF Safe Failure Fraction
PFDAVG Average Probability of dangerous Failure on Demand
PFH Average frequency of a dangerous failure per hour (Ed.2)
FMEDA Failure Mode, Effects and Diagnostics Analysis
FIT Failure In Time (1 FIT = 1 failure/109 h)
λSD Rate for safe detected failure
λSU Rate for safe undetected failure
λS λS = λSD + λSU
λDD Rate for dangerous detected failure
λDU Rate for dangerous undetected failure
λH Rate for failure, who causes a high output current (> 21 mA)
λL Rate for failure, who causes a low output current (≤ 3.6 mA)
λAD Rate for diagnostic failure (detected)
λAU Rate for diagnostic failure (undetected)
DC Diagnostic Coverage
PTC Proof Test Coverage (Diagnostic coverage for manual proof tests)
T1 Proof Test Interval
LT Useful Life Time
MTBF Mean Time Between Failure = MTTF + MTTR
MTTF Mean Time To Failure
MTTR IEC 61508, Ed1: Mean Time To Repair
IEC 61508, Ed2: Mean Time To Restoration
MTTFd Mean Time To dangerous Failure (ISO 13849-1)
PL Performance Level (ISO 13849-1)
45307-EN-180717

14 VEGASWING 66 • Relay (2 x SPDT)

 10 Supplement C: SIL conformity

10 Supplement C: SIL conformity

45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 15

10 Supplement C: SIL conformity

45307-EN-180717

16 VEGASWING 66 • Relay (2 x SPDT)

 Notes
45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 17

Notes

45307-EN-180717

18 VEGASWING 66 • Relay (2 x SPDT)

 Notes
45307-EN-180717

VEGASWING 66 • Relay (2 x SPDT) 19

 Printing date:

45307-EN-180717

All statements concerning scope of delivery, application, practical use and operat-
ing conditions of the sensors and processing systems correspond to the information
available at the time of printing.
Subject to change without prior notice

© VEGA Grieshaber KG, Schiltach/Germany 2018

VEGA Grieshaber KG Phone +49 7836 50-0

Am Hohenstein 113 Fax +49 7836 50-201
77761 Schiltach E-mail: [email protected]
Germany www.vega.com