Automation, Software and Information Technology
2005-03-04
Automation, Software and Information Technology
Report of the type approval of
Safety Manager
Report-No.: 968/EZ 195.00/05
Date: 2005-03-04
Report-No.: 968/EZ 195.00/05
Page 1 of 13
2005-03-04
Report of the type approval of
Safety Manager
Report-No.:
968/EZ 195.00/05
Date
2005-03-04
Pages:
13
Test objects:
Safety Manager
(see list of devices within the report for details)
Customer/Manufacturer:
Honeywell Safety Management Systems
Rietveldenweg 32A
NL-5222 AR's-Hertogenbosch
The Netherlands
Order-No./Date:
Project 780031 dated 2004-04-06
Test Institute:
TÜV Industrie Service GmbH
Automation, Software and Information Technology
Competence Center Safeguards and Safety Components
Am Grauen Stein
D-51105 Köln
TÜV-Offer-No./Date:
968/230/03 dated 2003-12-16
TÜV-Order-No./Date:
9005888 dated 2004-03-04
Inspectors:
Dr. ir. M. J. Michel Houtermans
Dipl.-Ing. Andreas Hesse
Dipl.-Ing. Gernot Klaes
Test location:
see Test Institute and customer/manufacturer
Test duration:
March 2004 to March 2005
The test results are exclusively related to the test samples.
This report must not be copied in an abridged version without the written permission of the Test
Institute.
Report-No.: 968/EZ 195.00/05
Page 2 of 13
2005-03-04
Contents
Page
1.
Scope ..................................................................................................................................... 4
2.
Standards forming the basis for the requirements................................................................. 4
3.
Test object.............................................................................................................................. 5
3.1
History and test objects.......................................................................................................... 5
3.2
Product and test documents .................................................................................................. 5
3.3
Test samples .......................................................................................................................... 6
3.4
Previous test reports .............................................................................................................. 6
3.5
Description and result of the inspection of the safety structure ............................................. 6
4.
Protocol and results type approval......................................................................................... 8
4.1
Overview ................................................................................................................................ 8
4.2
Requirements in accordance with IEC 61508........................................................................ 8
4.2.1
General requirements ............................................................................................................. 8
4.2.2
Assessment of the management of functional safety ............................................................. 8
4.2.3
Documentation over the entire life cycle ................................................................................. 9
4.2.4
Assessment of the measures for controlling failures in hardware .......................................... 9
4.2.5
Assessment of the measures for failures avoidance in hardware/software............................ 9
4.2.6
Determination of PFD/PFH ..................................................................................................... 9
4.3
Requirements in accordance with EN 954-1.......................................................................... 9
4.4
Electrical safety .................................................................................................................... 10
4.5
Environmental tests.............................................................................................................. 10
4.6
Accompanying documents ................................................................................................... 10
4.7
Application specific considerations ...................................................................................... 10
4.7.1
Requirements according to EN 50156-1/2004...................................................................... 10
4.7.2
Requirements according to IEC 61511/2004 ........................................................................ 10
4.7.3
Requirements according to NFPA 72/2002........................................................................... 11
4.7.4
Requirements according to NFPA 85/2001........................................................................... 11
4.7.5
Requirements according to EN 54-2/2004............................................................................ 11
4.7.6
Requirements according to EN 54-4/2003............................................................................ 11
4.7.7
Requirements according to EN 298/2003 ............................................................................. 12
5.
Conclusion ........................................................................................................................... 13
Appendix 1
Report-No.: 968/EZ 195.00/05
Page 3 of 13
2005-03-04
1.
Scope
In the following report the results of the type approval of the Safety-Manager for safety
application are presented. The Safety Manager consists of Control-Processors-Chassis,
programming/configuration tool and an assortment of I/O devices.
This test report is to provide traceable evidence, that the test object complies with the
functional and safety-related requirements of the product specification, satisfies the
requirements of the relevant regulations, and thus can be used as component for emergency
shutdown, burner management, fire and gas applications.
Besides several application standards, the Safety Manager has been subject to an
assessment in accordance with EN 954-1 category 4 and IEC 61508 Safety Integrity Level 3
(SIL 3).
This test report contains the essential safety engineering aspects, that were assessed during
the concept and test phases, and identifies the various test steps, that were performed to
provide evidence, that the test object complies with the safety-relevant requirements of the
product specification and the relevant regulations.
It is described, which tests were performed, who performed them and which results were
obtained.
2.
Standards forming the basis for the requirements
Functional Safety
[S1]
IEC 61508, parts 1 - 7:2000 Functional safety of electrical/electronic/programmable
electronic safety-related systems
[S2]
EN 954-1/1996 Safety of machinery, Safety related parts of control systems,
Part 1: General principles of design
Application specific
[S3]
EN 50156-1/2004 Electrical Equipment for Furnaces
[S4]
IEC 61511/2004 Safety Instrumented Systems for the process industry sector
[S6]
NFPA 72/2002 National Fire Alarm Code Handbook
[S7]
NFPA 85/2001 Boiler and Combustion Systems Hazards Code
[S8]
EN 54-2/1997 Fire Detection and Fire Alarm Systems
Control and indicating equipment
[S9]
EN 54-4/2003 Fire Detection and Fire Alarm Systems
[S10]
EN 298/2003 Automatic gas burner control systems for gas burners and gas
burning appliances with or without fans
Electrical safety and resistance against environmental conditions
[S5]
IEC 61131-2/2003 Programmable Controllers
[S11]
IEC 61010-1/2001 Safety requirements for electrical equipment for measurement,
control, and laboratory use
Report-No.: 968/EZ 195.00/05
Page 4 of 13
2005-03-04
Climate
[S5]
IEC 61131-2/2003 Programmable Controllers
IEC 60068-2-1 Test Ab and Ad: Cold
IEC 60068-2-2 Test Bb and Bd: Dry heat
IEC 60068-2-14 Test N: Change of temperature
IEC 60068-2-30 Test Db: Damp heat, cyclic
IEC 60068-2-32 Test Ed. Free fall
(part of EN61131-2)
(part of EN61131-2)
(part of EN61131-2)
(part of EN61131-2)
(part of EN61131-2)
Shock/Vibration
[S5]
IEC 61131-2/2003 Programmable Controllers
IEC 60068-2-6
Test Fc: Vibration
(part of EN61131-2)
IEC 60068-2-27
Test Ea: Shock
(part of EN61131-2)
EMC/EMI
[S5]
IEC 61131-2/2003 Programmable Controllers
EN 55011
(part of EN61131-2)
IEC61000-4-2, ESD
(part of EN61131-2)
EN 61000-4-3, RFI
(part of EN61131-2)
EN 61000-4-4, Burst
(part of EN61131-2)
EN 61000-4-5, Surge
(part of EN61131-2)
EN 61000-4-6, cond. RFI
(part of EN61131-2)
EN 61000-4-8, Magnetic
(part of EN61131-2)
3.
Test object
3.1
History and test objects
The object of testing is the Safety Manager, which is the successor of the FSC-System. The
FSC systems and its components have been previously approved by TÜV-Süddeutschland
(Z10 03 09 201600 008). The test objects of the Safety Manager are the Control-ProcessorChassis (CPC), which consist of two identical Control-Processors (CP), a Battery-KeyswitchModule (BKM) and a Power-Supply-Unit (PSU), the programming and configuration tool,
called “Safety-Builder”, and the assortment of I/O-components.
The I/O-components from the FSC-System are reused with the Safety Manager and are
identical, except for some minor changes that are not safety relevant (see [T3]).The I/O
components are not described in this report and the previous certification reports remain as
is and valid for these components [T5].
The relevant modules are listed in Appendix 1.
3.2
Product and test documents
The complete documentation was provided by the customer on four CD-ROMs. These CDs
are available to the inspectors and will not be listed here. They are stored in the Test
Institute. Only the documents which were discrete given to the inspectors are mentioned
here.
No.
Document Title
Date
[K1]
Declaration of Commitment by Honeywell
2005-12-01
[K2]
Accreditation Certificate of KEMA Quality B.V., L022
valid till 2006-11-30
Report-No.: 968/EZ 195.00/05
Page 5 of 13
2005-03-04
No.
3.3
Document Title
Date
[D1]
Safety Manual, EP-SM.MAN.6283, 100.3
2005-01-25
[D2]
Installation and Upgrade Guide, EP-SM.MAN.6277, 100.3
2005-01-25
[D3]
TÜV Süddeutschland, AUDIT REPORT Honeywell SMS - SIL / reliability
calculations, Report Number: HS7008C, Revision 1.2,
2001-06-13
Test samples
Test samples are not present to the Test Institute, due to their size and complexity. Hence,
all tests were performed on customer side together with hardware and software engineers.
The test samples, which were used during the main approval review, are stored at customer
side. An adequate declaration of commitment is available from the customer, that the
samples are unaltered, safely guarded, and available at any time for the test institute [K1].
The final hardware and software revisions of the Safety Manager are:
-
-
Software Version:
Safety Processor (QPP)
1.31.139.1 (CRC $789B26C4)
Safety Builder
R100.3
Hardware Version: Quad Processor Pack
Power Supply
V1.3
V1.1
Furthermore the source-codes of the Safety Manager are available within the inspectors
documentation.
3.4
3.5
Previous test reports
[T1]
968/EL 280.00/04; Results of the concept approval review Safety Manager - Process
Knowledge Solution (SM-PPKS) dated 2004-04-20
[T2]
Meeting Minutes and Statements concerning the Safety Manager by Honeywell;
dated 2004-12-07
[T3]
Meeting Minutes concerning open items; dated 2005-03-01
[T4]
Kompetenznachweis - Prüflabor at Honeywell side; dated 2004-12-03
[T5]
TÜV Süddeutschland, Report to the Certificate, Certificate number Z10 03 09 20160 008,
Report No.: SH99495C Revision 6.021 of 01, October 2003
[T6]
RWTÜV, Certificate of Functional Safety Management System, Certificate-RegisterNo.: SAS0001/03, 2003-04-16
Description and result of the inspection of the safety structure
Each Control-Processor-Chassis (CPC) of the Safety Manager consist of up to two Control
Processor (CP). A CP is built up by a Power-Supply-Unit (PSU), Quad Processor Pack
(QPP), Universal Serial Interface (USI) and a Battery-Keyswitch-Module (BKM).
Several combinations between Control Processor and I/O-system lead to several system
architectures. A non-redundant system configuration shows figure 1 and a fully redundant
system configuration shows figure 2.
Report-No.: 968/EZ 195.00/05
Page 6 of 13
2005-03-04
Figure 1: Non-redundant controller with non-redundant I/O
Figure 2: Redundant controller with redundant I/O
As pictured above, the QPP consists of two processors: main and redundant processor.
Each processor has its own variable (RAM) and invariable (FLASH) memory. Both
processors are running absolutely synchronously to each other. The synchronous run of both
processors is checked by hardware comparators. The data bus of both systems is compared
by a data comparator and the lower 4 bit of both systems are also compared by an address
comparator. The correct function of both comparators are tested in the background by
Watchdog Board (WD). Each processor system has its own logical program sequence
monitoring. In conjunction with the temporal monitoring, which is done by the Watchdog
Board, both measures achieve a high diagnostic coverage.
The invariable memory (FLASH) contains the operating system and the application program.
A CRC 32 signature is applied to the FLASH memory to ensure the data integrity. The
variable memory (RAM) is checked high dynamically by the data and address bus
comparator unit. In addition, a transparent GALPAT is applied but lasts 2 years and a
read / write test which will be repeated cyclic every 2 hours.
Report-No.: 968/EZ 195.00/05
Page 7 of 13
2005-03-04
All data-, address-, stack-, control registers and all mnemonics of the microprocessors are
checked within the Diagnostic Test Interval (DTI).
The Watchdog Board (WD) has a separate time base and monitors the function of the
processor by a time-window. The function “watchdog “ exists twice on WD. This is due to test
the watchdog function and to prevent a shut down of the outputs during the test phase. The
voltage monitoring of the 24VDC and 5VDC are also located on the WD and are tested in
background. Another functionality of WD is the background test of the data- and address
comparators. In case of any detected fault, the outputs will be shut down by the Processor
Board or by the Watchdog Board. Beside the shut down in case of a malfunction, an input on
the WD allows the user to connect an external switch to shut down the safety related outputs
independent from the safety processor.
The communication between the Control Processor and all input-/output interfaces is done
by an I/O-bus driver board. This single channel communication is checked in background
within the Diagnostic Test Interval.
The internal cross communication between both Control Processors in redundant
applications is done by a dual channel communication path. In addition, the safety data are
embedded within a safety layer with CRC32 signature and time expectation.
4.
Protocol and results type approval
4.1
Overview
The testing has been carried out to show that at the basis the Safety Manager complies with
the requirements for Safety Integrity Level 3 (SIL 3) as per IEC 61508 and the general
requirements for fail-safe controls in accordance with EN 954-1 for safety category 4.
The devices used in the various tests are recorded in the inspectors' documentation.
4.2
Requirements in accordance with IEC 61508
4.2.1
General requirements
For the Safety Manager Safety Integrity Level 3 (SIL 3) is sought.
Due to the technology in the device and the intended application it is considered as a type B
subsystem in accordance with IEC 61508-2. It operates beside as a component for a
protective device in a "Low Demand Mode of Operation" also in "High Demand Mode of
Operation" applications.
Along with the probabilistic requirements IEC 61508 the following points have to be judged:
4.2.2
-
documentation
-
measures for the avoidance of failures (QM) as well as
-
measures for controlling failures in each case over the entire life cycle of the product
Assessment of the management of functional safety
Honeywell SMS has been certified by RWTÜV for their functional safety management
system according to IEC 61508. The certification addresses the design, manufacturing and
integration of microprocessor based safety systems including application software, design,
development and maintenance of embedded and configuration software.
Report-No.: 968/EZ 195.00/05
Page 8 of 13
2005-03-04
4.2.3
Documentation over the entire life cycle
The extensive documentation provided by Honeywell are listed in chapter 3.2. They have
been prepared to suit the individual phases of the life cycle and are available to the Test
Institute.
The test results and assessment of the documentation on the Safety Manager demonstrated,
that they satisfy to the requirements in accordance with IEC 61508.
4.2.4
Assessment of the measures for controlling failures in hardware
To achieve the level of failure detection required in accordance with SIL 3 and the safe
failure fraction measures for controlling failures must be taken for hardware failures given in
a defined failure model. The used failure model corresponds to the requirements in table A.1
in annex A of IEC 61508-2. The effectiveness of the taken measures has been analysed by
the manufacturer. They have been documented and verified by module- and system tests.
In addition the measures for the detection of failures and controlling failures were analysed in
joint reviews with the Test Institute. The effectiveness was partly verified based on selected
practical tests, which are documented in [T1], [T2].
Any detected fault will result in the configured fault reaction which by default is the
deactivation of the outputs by the Processor Board or by the Watchdog Board. All applied
measures have a high diagnostic coverage of at least 99%, which corresponds to the
requirements [S1].
The safety structure, diagnostics and the detection of failures comply to the requirements in
[S1].
4.2.5
Assessment of the measures for failures avoidance in hardware/software
The assessment of failure avoidance was part of the functional safety management (see
chapter 4.2.2 and 4.2.3). The applied measures were partly verified by the Test Institute
during several meetings on project level (see [T1] - [T4]).
4.2.6
Determination of PFD/PFH
Honeywell has a TÜV certified calculation method [D3] to determine the reliability
parameters according to [S1]. The new products are included in the existing calculation
method. The end-user must request Honeywell to perform the calculations for the desired
system configuration.
The calculation method is accepted by the Test Institute.
4.3
Requirements in accordance with EN 954-1
All single failures will be detected by appropriate diagnostic measures. The effectiveness of
these diagnostics were already assessed during [S1] assessment. A failure accumulation
need not to be considered due to the fact that each failure leads into the configured fault
reaction of the system.
The safety structure, diagnostics and the detection of failures comply to the requirements in
[S2].
Report-No.: 968/EZ 195.00/05
Page 9 of 13
2005-03-04
4.4
Electrical safety
The basis for the electrical safety evaluation is formed by [S11]. All 24VDC module ports
must be supplied by reinforced or double insulated power supply. The customer favoured AC
power supply units are listed in [D1] and [D2].
The actual clearance and creepage distances of the light shaded modules in chapter 3.1
meet the requirement of the above mentioned standard. A high voltage test is not necessary,
due to the fact, that the clearance and creepage requirements are met and no separation
according to double/reinforced insulation is necessary for protection against electric shock.
4.5
Environmental tests
The environmental tests temperature and climate are performed at Honeywell internal test
laboratories. This laboratory was inspected and judged by inspectors of TÜV Rheinland
(see [T4]).
All EMC/EMI tests are performed at KEMA laboratories. An accreditation certificate is
present to the Test Institute [K2]. The vibration- and shock tests are performed at accredited
test laboratory (DATECH), Reg.No. DAT-P-087/99.12).
The results are accepted by the Test Institute with some restrictions:
The present vibration results are not fully compliant with [S5] chapter 6.2.1 and long-term
vibration in [S8] chapter 15.15. These tests might be carried out additionally if required in an
application.
4.6
Accompanying documents
The Safety Manual [D1] and Installation and Upgrade Manual [D2] for Safety Manager has
been reviewed. It contains the necessary information for the correct installation and safe
operation.
The PFD/PFH results can be obtained in the sales phase as part of the quotation
documentation.
4.7
Application specific considerations
4.7.1
Requirements according to EN 50156-1/2004
The EN 50156-1 lists beside the application specific requirements also system specific
requirements which are in accordance with IEC 61508 and EN 954-1. Therefore, the system
specific requirements are fulfilled.
The user still needs to comply with all other requirements from the standard including
requirements that have an effect on the operation of the safety system. The end-user should
refer to the safety manual [D1].
4.7.2
Requirements according to IEC 61511/2004
The Safety Manager fulfils the requirements for safety integrity level 3 in accordance with
IEC 61508. Hence, the system can be used within the scope of IEC 61511.
The user still needs to comply with all other requirements from the standard including
requirements that have an effect on the operation of the safety system. The end-user should
refer to the safety manual [D1].
Report-No.: 968/EZ 195.00/05
Page 10 of 13
2005-03-04
4.7.3
Requirements according to NFPA 72/2002
The Safety Manager meets the additional requirements imposed by the application
standards NFPA 72 [S6].
The table below shows only those product requirements which have not yet performed by
the manufacturer. Requirements which can be reached by planning or projecting measures,
e.g. power supply, installation etc are not considered.
Clause
4.4.4.3
Requirement
Transient Protection
Results
Test not yet performed.
Induced transients are part of the EMC tests
of [S5]. But levels in terms of NFPA 70,
section 760.7, e.g. 15 kV for ESD, were not
tested.
The user still needs to comply with all other requirements from the standard including
requirements that have an effect on the operation of the safety system. The end-user should
refer to the specific sections of the safety manual [D1], especially chapter 9.
4.7.4
Requirements according to NFPA 85/2001
The Safety Manager meets the applicable requirements for logic solvers as defined by the
application standard NFPA 85 [S7]. The test results were positive and are documented in the
inspectors documentation.
The user still needs to comply with all other requirements from the standard including
requirements that have an effect on the operation of the safety system. The end-user should
refer to the safety manual [D1].
4.7.5
Requirements according to EN 54-2/2004
The Safety Manager meets the additional requirements imposed by the application
standards EN 54-2 [S8].
The table below shows only those product requirements which have not yet performed by
the manufacturer. Requirements which can be reached by planning or projecting measures,
e.g. power supply, installation etc are not considered. Only the following test has not been
carried out and is still pending.
Clause
15.15
Requirement
Vibration, sinusoidal (endurance)
Results
Not yet performed
The user still needs to comply with all other requirements from the standard including
requirements that have an effect on the operation of the safety system. The end-user should
refer to the specific sections of the safety manual [D1], especially chapter 9.
4.7.6
Requirements according to EN 54-4/2003
The EN 54-4 lists the requirements for power supply equipment in fire detection and fire
alarm system applications. The present type approval of the Safety Manager was not directly
within the scope of EN 54-4 due to the fact that the used power supply units only converts
the primary 24VDC into a isolated 5VDC voltage.
Report-No.: 968/EZ 195.00/05
Page 11 of 13
2005-03-04
The Safety Manager, especially with redundant controller (figure 2), is suited for application
with two external power supply units which are in the scope of EN 54-4 clause 4.2.
The external power supply units were not in the scope of this type approval. Therefore, for
full compliance the following conditions must be observed:
4.7.7
The user is responsible to select external power supplies that are compliant with the
standard.
Requirements according to EN 298/2003
The Safety Manager meets the additional requirements imposed by the application standard
EN 298 [S10].
The table below shows only those product requirements which have not yet performed by
the manufacturer. Requirements which can be reached by planning or projecting measures,
e.g. power supply, installation etc are not considered.
Clause
6.5.2.2.1
6.5.2.2.2
6.5.2.3
7.6
7.6.1
7.6.2
7.6.3
8.
8.1
8.2
8.2.1
8.3
8.4
8.5.2
8.6.2
8.7.1
8.7.2
8.8.2
Requirement
Thermal stress test
Vibration test
EN 60068-2-6:1995, test Fc
Long term performance test
Performance tests
At ambient temperature
At low temperature (0°C)
At high temperature (60°C)
Protection against environmental
influences
Temperature range
Supply voltage variations
For voltage variations between 85 %
and 110 % of the rated voltage or of
the voltage range declared by the
manufacturer, the system shall meet
the requirements of this standard
Supply voltage dips, short
interruptions and voltage variations
immunity
Supply frequency variations
Surge immunity test (table 3)
Electrical fast transient/burst
immunity test (table 4)
Immunity to conducted
disturbances, induced by radiofrequency fields (table 5)
Immunity to radiated disturbances,
induced by radiated fields (table 6)
Electrostatic discharge immunity test
(table 7)
Report-No.: 968/EZ 195.00/05
Results
not carried out in terms of this standard
not carried out in terms of this standard
must carried out by the manufacturer
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
not applicable, due to DC voltage supply
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
not carried out in terms of this standard
Page 12 of 13
2005-03-04
For full compliance with EN 298 and a striven DIN - DVGW approval the following conditions
must be observed:
The user still needs to comply with all other requirements from the standard including
requirements that have an effect on the operation of the safety system. The end-user should
refer to the safety manual [D1].
5.
Conclusion
During the correctly performed test no infringement of the functional and safety-related
requirements in the applied standards could be found. Observance must be given to the
installation conditions and application notes defined in the Operating and Instruction
Manuals.
The additional application specific requirements as listed in the related chapters above must
be taken into consideration.
It was demonstrated, that the Safety Manager complies with the requirements of IEC 61508
for SIL 3 and EN 954-1 Cat. 4. The safety related parameters are specified within the Safety
Manual /D1/ or will be given by the manufacturer on request. The electrical safety is given.
The resistance against the specified environment conditions are mostly given, exceptions
are mentioned in chapter 4.5 and 4.7.
Therefore the Safety Manager-System can be used in up to and including SIL 3/Cat. 4
applications.
The certificate no. 968/EZ 195.00/05 dated 2005-03-04 is an integral part of this test report.
Actual information about the certification status of the Safety Manager and actual releases of
HW and SW components can be obtained from the homepage of the Test Institute. Please
refer to the “List of type approved PES” published on: http://www.tuvasi.com/.
Cologne, 2005-03-04
TIS/ASI/Kst. 968 he-kg-nie
The inspectors
Dipl.-Ing. Andreas Hesse
Report-No.: 968/EZ 195.00/05
Dipl.-Ing. Gernot Klaes
Page 13 of 13
Appendix 1
Revision Release List:
SIL3 compliant HW Components:
Catalog Number
Description
Part
Number
Rev.
FS-CPCHAS0001
Chassis for Control Processor
3402000
-
FS-CPB-0001
Control processor backplane, part of FS-CPCHAS-0001
3410431
-
FS-TERM-0001
Bus terminator for non-redundant IO
3402007
-
FS-TERM-0002
Bus terminator for redundant IO
3402008
-
Chassis for redundant I/O modules
3402050
-
Chassis for non-redundant I/O modules
3402051
-
3410432
-
3410434
-
3410433
-
3410435
-
FS-IOCHAS0001R
FS-IOCHAS0001S
I/O backplane for non-redundant I/O, part of FS-IOCHAS0001S
I/O backplane for redundant I/O, part of FS-IOCHASFS-IOB-0001R
0001R
Horizontal non-redundant I/O bus backplane, part of FSFS-IOBUS-HBS
IOCHAS-0001S
Horizontal redundant I/O bus backplane, part of FSFS-IOBUS-HBR
IOCHAS-0001R
FS-IOB-0001S
FS-IO-0001
I/O extender module part of the FS-IOCHAS-0001x
3402500
V1.0
FS-QPP-0001
Quad Processor Pack
3402001
V1.1
FS-QPP-0001
Quad Processor Pack
3402009
V1.2
FS-QPP-0001
Quad Processor Pack
3402013
V1.3
FS-BKM-0001
Battery and Key switch Module
3402003
V1.0
FS-PSU-240516 Power Supply Unit 24/5 Vdc, 16A
3402002
V1.0
FS-PSU-240516 Power Supply Unit 24/5 Vdc, 16A
3402011
V1.1
FS-SDI-1624
Safe digital input module (24 Vdc, 16 channels)
3402100
V1.0
FS-SAI-0410
Safe analog input module (4 channels)
Safe high-density analog input module (24 Vdc, 16
channels)
Safe line-monitored digital input module with earth fault
monitor (16 channels)
3402102
V1.0
3402103
V1.0
3402104
V1.0
3402202
V1.0
FS-SAO-0220m Safe analog output module (0(4)-20 mA, 2 channels)
3402203
V1.0
FS-SDO-0424
Safe digital output module (24 Vdc, 2 A, 4 channels)
3402207
V1.0
FS-SDOL-0424
Safe loop-monitored digital output module (24 Vdc, 1 A, 4
ch.)
3402208
V1.0
3410741
-
FS-SAI-1620m
FS-SDIL-1608
FS-SDO-0824
Safe digital output module (24 Vdc, 0.55 A, 8 channels)
FS-TSDI-16UNI Safe Digital Input FTA(24/48Vdc, NAMUR 16 channels)
Appendix 1 to Report-No.: 968/EZ 195.00/05
Page A1-1
Appendix 1
Part
Number
Rev.
FS-TSDI-1624C Current-limited digital input FTA (24 Vdc, 16 channels)
3410742
-
FS-TSDI-16115
Safe active/passive digital input FTA (115 Vac/dc, 16 ch.)
3410743
-
FS-TSAI-0410
Safe analog input FTA (4 channels)
3410745
-
FS-TSAI-1620m Safe 0(4)-20 mA analog input FTA (16 channels)
3410746
-
FS-TSHART1620m
3410747
-
3410748
-
3410763
V1.1
3410752
-
FS-TSAO-0220m Safe 0(4)-20 mA analog input FTA (2 channels)
3410753
-
FS-TSDO-0424
3410755
-
FS-TSDO-04UNI Safe digital output FTA (24/48/110 Vdc, 4 channels)
3410756
-
FS-TSDO-0824
FC-TSDO-0824C
FC-TSDOL0424C
3410757
3410758
-
3410759
-
3410761
-
3410764
V1.0
4220135
-
4220136
-
Catalog Number
Description
Safe 0(4)-20 mA analog input FTA (16 channels) with
HART interface
Safe Gas -Flame detector input FTA (0 - 20 mA, 16
FS-TSGAS-1624
channels)
Safe Fire detector input FTA with Line Mon. (24 Vdc, 16
FS-TSFIRE-1624
ch.)
FS-TPSU-2430 24 Vdc to 30 Vdc/1 A converter
FS-TSRO-0824
Safe digital output FTA (24 Vdc, 4 channels)
Safe digital output FTA (24 Vdc, 8 channels)
Safe digital output FTA current limited (24 Vdc, 8 channels)
Safe digital output FTA, current limited (24 Vdc, 4
channels)
Digital output (relay) FTA for AK5/6 applications (8
channels)
Safe digital input FTA (24 Vdc, 16 channels)
FS-TSDI-1624
1200 S 24 P067
1200 S PSU 115VAC/24VDC Complete Mounted 45 A
V115 CM
1200 S 24 P067
1200 S PSU 230VAC/24VDC Complete Mounted 45 A
V230 CM
5.1.1.1
Further HW Components suitable for use to build up safety loops up to SIL3 with the Safety
Manager:
Catalog
Number
Description
Part
Number
Rev.
FS-USI-0001
Universal Safety Interface
3402004
V1.0
FS-USI-0001
Universal Safety Interface
3402012
V1.1
Communication interface FTA for RS232 and RS485
3402300
V1.0
Communication interface FTA for RS232 and RS485
3402304
V2.0
High speed ethernet switch, make: Hirschman, type RS2TX
4600065
-
3402301
-
4600072
-
FS-DCOM232/485
FS-DCOM232/485
FS-UCOM-HSE
FS-PDB-HSE24 Power Distribution board to power 2x FS-UCOM-HSE
FS-UCOM-SDW
High speed ethernet switch, make: Westermo, type SDW550-EC
Appendix 1 to Report-No.: 968/EZ 195.00/05
Page A1-2
Appendix 1
Further interference free HW Components suitable for use with the Safety Manager:
Catalog
Number
Description
Part
Number
Rev.
FS-DO-1224
Digital output module (24 Vdc, 0.55 A, 12 channels)
3402204
V1.0
FS-RO-1024
Relay output module (contacts, 36 Vdc, 2 A, 10
channels)
3402205
V1.0
FS-DO-1624
Digital output module (24 Vdc, 0.1 A, 16 channels)
3402206
V1.0
FS-TIDI-1624
FS-TDO-1624
Isolated passive digital input FTA (16 channels)
Digital output FTA (24 Vdc, 16 channels)
3410744
3410754
-
FS-TRO-0824
Digital output (relay contact) FTA (8 channels, NO/NC)
3410761
-
FS-TRO-1024
Digital output (relay contact) FTA (10 channels)
3410762
-
SIL3 compliant SW Components:
Catalog
Number
FS-QPP-0001
Description
Quad Processor Pack
Part
Number
Rev.
3402013
1.31.139.1
(CRC
$789B26C4)
5.1.1.2 Further SW Components suitable for use to build up safety loops up to SIL3 with Safety
Manager:
Catalog
Number
FS-SMSB-ST100
Description
Safety Builder R100.3 Software Basic Windows
2000/XP
Appendix 1 to Report-No.: 968/EZ 195.00/05
Part
Number
Rev.
3402900
-
Page A1-3
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement