Safety Manual (Rev I) - ABB 2600T Series Operating Instructions Manual

8 Safety manual (Rev. I)
Additional instruction for IEC61508 certified device
(ONLY for digits 8 or T under "output" options)
8.1 Safety philosophy
The 266 Pressure Transmitters are field devices designed according to
the requirements of the standard IEC61508 for the Safety Related
Systems. Standard currently used focus on individual parts of all the
safe instrumentation used to implement a safety function. The
IEC61508 defines requirements related to all the system that normally
comprises initiating devices, logic solver and final elements. It also
introduces the concept of Safety lifecycle defining the sequence of
activities involved in the implementation of the safety instrumented
system from conception through decommissioning. For a single
component it is not correct to define a SIL level. The term SIL (Safety
Integrity Level) refers to the complete safety loop therefore the single
device shall be designed in order to be suitable to achieve the desired
SIL level in the entire Safety Loop.
8.2 Application
The 266 Pressure Transmitters are intended to be applied for safety
relevant application in the process industry. They are suitable to be
used in SIL2 applications when applied as single channel and in SIL3
applications when applied with a double channel with architecture
1oo2. Special attention has to be given to the separation of safety and
non safety relevant use.
8.3 Physical environment
The transmitters are designed for use in industrial field environments
and must be operated within the specified environmental limits as
indicated in the Transmitter Data Sheet.
8.4 Role and responsibilities
All the people, departments and organizations involved in the life-cycle
phases which are responsible for carrying out and reviewing the
applicable overall, E/E/PES (Electrical/Electronic/ Programmable
Electronic System) or software safety lifecycle phases of a Safety
Instrumented System shall be identified. All those specified as
responsible for management of functional safety activities shall be
informed of the responsibilities assigned. All persons involved in any
overall, E/E/PES or software safety lifecycle activity, including
management activities, should have the appropriate training, technical
knowledge, experience and qualifications relevant to the specific
duties they have to perform.
8.5 Management of functional safety
For each application the installer or the owner of a safety system must
prepare a Safety Planning which must be updated throughout the
Safety Life-cycle of the Safety Instrumented System. The safety
planning shall include the Safety instrumentation management. The
requirements for the management of functional safety shall run in
parallel with the overall safety lifecycle phases.
Safety Planning.
The Safety Planning shall consider:
− policies and strategies for achieving safety;
− safety life-cycle activities to be applied, including names of
responsible persons and departments;
− procedures relevant to the various life-cycle phases;
− audits and procedures for follow up.
8.6 Information requirements (to be made available by
the plant owner)
The information shall comprehensively describe the system installation
and its use in order that all phases of the overall safety lifecycles, the
management of functional safety, verification and the functional safety
assessment can be effectively performed.
8.7 Overall safety life-cycle information
The overall safety lifecycle shall be used as the basis for claiming
conformance to the standard IEC61508. The lifecycle phases consider
all the activities related to the Safety Instrumented System (SIS) from
the initial concept through design, implementation, operation and
maintenance to decommissioning.
8.8 Applicable laws and standards
All applicable general Laws and Standards related to the allowed
operations of the equipment, as EU-Directives shall be collected. The
plant owner shall produce a Regulatory Requirements List document.
8.9 System safety requirement assignment I/O system
response time
The total system response time is determined by the following
elements:
— Sensor detection time,
— Logic solver time;
— Actuator response time;
The total system response time must be less than the process safety
time. To ensure a safe operation of the system, the scan rate of each
section of the logic solver multiplied by the number of channels shall
be taken into account together with the safety time of actuator and
sensor response time.
8.10 System structure
System configuration drawings shall be available to describe the
equipment and interfaces required for a complete operational system.
The system must be fully operational before start-up.
8.11 Safety requirement allocation
Each safety function, with its associated safety integrity requirement,
shall be allocated to the designated safety related systems taking into
account the risk reductions achieved by the other technology safety-
related systems and external risk reduction facilities, so the necessary
risk reduction for that safety function is achieved. The allocation
indicated shall be done in such a way that all safety functions are
allocated and the safety integrity requirements are met for each safety
function.
8.12 Safety routines
Safety additional requirements may be defined in order to ensure the
correct functionality of sequences in the Safety Instrumented System.
8.13 Commissioning
8.13.1 Overall system functionality
The activity to validate the required safety functionality of the system
together with the pressure transmitter according to the Safety
Requirement Specification is the Pre-Startup Acceptance test.
2600T Series Pressure transmitters | SOI/266-XC Rev. I 21
8 Safety manual (Rev. I)