Table des Matières
Publicité
Les langues disponibles
Les langues disponibles
4.2. Features
The sounder described alone does not perform any protective function (partial system) but is concepted for installation
as an output device with diagnosis (output) in the loop of a protective function (SIF). The system (see
2) only ever shows a partial system of a technical safety system (SIS). It should be observed through the system inte-
grator that the entire 'loop', according to the use, has to meet the required safety integration level (SIL). The system
integrator must establish all measures in order to reach or maintain the safe condition in the SIS in the case of a fault.
The diagnosis system of the device diagnoses the acoustic warning signals of the failed release and function upon
request and reports this via an alarm relay to a superior control system.
This does not constitute an online diagnosis within the meaning of IEC61508 and, without further measures, has no
influence on the intermediary values PFH, PFD, SFF and HFT. The diagnosis can only be used for the following
uses/architectures:
•
Systems with small requirement rate of the safety function (low demand) which are regularly subject to a test
release. If the regular test is automated, then it can be evaluated so that the diagnosis coverage flows into
the calculation of the reliability data.
•
Systems in which the safety function can be tested before the existence of the dangerous condition, such as
starting alarms of machines, for example.
4.3. Qualification
Handling according to this operating manual and safety manual can only be carried out by trained electrical technical
personnel authorised by the plant operator.
The integration of this sounder in an application is to be carried out according to the rules of the functional safety ac-
cording to IEC 61508/IEC 61511.
Proof tests and their proof can only be carried out by authorised electrical technical personnel.
4.4. Evaluation
4.4.1. Use as a starting alarm of machines
For use as a starting alarm of machines, the function of the generation of the acoustic warning signal in the sounder
channel is to be assessed as a function of the machine. The safe condition is reached when the acoustic warning sys-
tem works reliably. The diagnosis channel tests and monitors this function and, upon failure, leads in the safe condi-
tion via a safety loop. This architecture is illustrated schematically in
Starting alarms and similar uses are architectures that can normally be attributed to the 'high demand mode'. Immedi-
ately before switching on the machine or entering the dangerous condition, an automatic function test must be carried
out by a superior control system, such as described in section 4.7. Only after a successful test can there be an ap-
proval. This automatic test ensures that the function of the monitoring channel is, in the figurative sense, clearly tested
more than it is required (T
fault messages must be in accordance with the functional safety according to IEC/EN61508.
The safety loop is composed of a diagnosis channel with detection (4), evaluation of the hazardous state (2) and
elements of the machine control system (5) for triggering the test function and for reaching the safe status. The
elements of the machine control system (2 and 5) were not considered in the analysis.
Warning signal
Action
(Mensch)
Fig. 5 Starting alarm
Datei/ file name:085501929j de-en-fr-it.docx
<<T
). Test functions in the superior control system and corresponding measures for
Test
required
3
Warning device
6
Diagnosis
Control
page 23 / 68
Fig.
5.
Requirement
1
Control
2
Diagnosis
4
channel
Safety relay
Fig. 1
and
Safety-
5
relay
Machine
7
start
Drwg-no.: 30007-008-12j
Fig.
Publicité
Chapitres
Table des Matières
