Auma Gs 50.3 User manual

Gearboxes

GS 50.3 –GS 250.3

GK 10.2 –GK 40.2

SFC version

Functional safetyManual

NOTICE for use!

This document is only valid with the latest operation instructions attached to the device, the attached declaration

of incorporation as well as the pertaining technical data sheets.They are understood as reference documents.

Purpose of the document:

The present document informs about the actions required for using the device in safety-related systems in

accordance with IEC 61508 or IEC 61511.

Reference documents:

●exida report no.AUMA 15/10-108 R014 and AUMA 12/02-079 R007

●Operation instructions (Assembly, commissioning) and Technical data for gearbox

Reference documents are available on the Internet at: http://www.auma.com.

Table of contents Page

31. Terminology............................................................................................................................ 31.1. Abbreviations and concepts

52. Application and validity......................................................................................................... 52.1. Range of application 52.2. Standards 52.3. Valid device types

63. Architecture, configuration and applications...................................................................... 63.1. Architecture (gearbox sizing) 63.2. Configuration (setting) 63.3. Protection against uncontrolled operation (self-locking/brake) 63.4. Operation mode (low/high demand mode) 63.5. Further notes and indications on architecture 63.6. Applications (environmental conditions)

84. Safety instrumented systems and safety functions........................................................... 84.1. Safety functions

95. Installation, commissioning and operation......................................................................... 95.1. Installation 95.2. Commissioning 95.3. Operation 95.4. Lifetime 95.5. Decommissioning

106. Tests and maintenance.......................................................................................................... 106.1. Safety equipment: check 106.2. Proof test (verification of safe gearbox function) 106.3. Maintenance

117. Safety-related figures............................................................................................................. 117.1. Determination of the safety-related figures

128. SIL Declaration of Conformity (example).............................................................................

16Index........................................................................................................................................

17Addresses...............................................................................................................................

Gearboxes

Table of contents

1. Terminology

Information sources ●IEC 61508-4, Functional safety of electrical/electronic/programmable electronic

safety-related systems –Part 4: Definitions and abbreviations

●IEC 61511-1, Functional safety - Safety instrumented systems for the process

industry sector –Part 1:Framework, definitions, system, hardware and software

requirements

1.1. Abbreviations and concepts

To evaluate safety functions, the lambda values or the PFD value (Probability of

Dangerous Failure on Demand) and the SFF value (Safe Failure Fraction) are the

main requirements.Further figures are required to assess the individual components.

These figures are explained in the table below.

Table 1:Abbreviations of safety figures

DescriptionFull expressionAbbrevi-

ation Number of safe failuresLambda SafeλSNumber of dangerous failuresLambda DangerousλDNumber of undetected dangerous fail-

ures

Lambda Dangerous UndetectedλDU

Number of detected dangerous failuresLambda Dangerous DetectedλDD Diagnostic Coverage - ratio between

the failure rate of dangerous failures

detected by diagnostic tests and total

rate of dangerous failures of the com-

ponent or subsystem.The diagnostic

coverage does not include any failures

detected during proof tests.

Diagnostic CoverageDC

Mean time between the occurence of

two subsequent failures

Mean Time Between FailuresMTBF

Fraction of safe failures as well as of

detectable dangerous failures

Safe Failure FractionSFF

Average probability of dangerous fail-

ures on demand of a safety function.

Average Probability of dangerous Fail-

ure on Demand

PFDavg

Ability of a functional unit to execute a

required function while faults or devi-

ations are present.HFT = n means that

the function can still be safely executed

for up to n faults occurring at the same

time.

Hardware Fault ToleranceHFT

Interval for proof testProof test intervalTproof

SIL Safety Integrity Level

The international standard IEC 61508 defines 4 levels (SIL 1 through SIL 4).

Safety function Function to be implemented by a safety-related system for risk reduction with the

objective to achieve or maintain a safe state for the plant/equipment with respect to

a specific dangerous event.

Safety instrumented

function (SIF) Function with specified safety integrity level (SIL) to achieve functional safety.

Safety instrumented

system (SIS) Safety instrumented system for executing a single or several safety instrumented

functions.An SIS consists of sensor(s), logic system and actuator(s).

Safety-related system A safety-related system includes all factors (hardware, software, human factors)

necessary to implement one or several safety functions. Consequently failures of

safety function would result in a significant increase in safety risks for people and/or

the environment.

A safety-related system can comprise stand-alone systems dedicated to perform a

particular safety function or can be integrated into a plant.

Gearboxes Terminology

Proof test Periodic test performed to detect dangerous hidden failures in a safety-related system

so that, if necessary, a repair can restore the system to an "as new" condition or as

close as practical to this condition.

MTTR (MeanTimeTo

Restoration) Mean time to restoration once a failure has occurred. Indicates the expected mean

time to achieve restoration of the system.It is therefore an important parameter for

system availability.The time for detecting the failure, planning tasks as well as

operating resources is also included.It should be reduced to a minimum.

Gearboxes

Terminology

2. Application and validity

2.1. Range of application

AUMA gearboxes with the safety functions mentioned in this manual are intended

for operation of industrial valves and are suitable for use in safety instrumented

systems in accordance with IEC 61508 or IEC 61511.

2.2. Standards

IEC 61508-2:2010 The safety figures of the devices described meet the requirements of IEC 61508 in

the respective SIL level with regard to failure rates and architecture requirements.

However, this does not imply that all further requirements of IEC 61508 are met.

2.3. Valid device types

The data on functional safety contained in this manual applies to the device types

indicated.

Table 2: Overview on suitable device types

Safety functionDuty classVersionGearboxes Safe operation in direction

OPEN/CLOSE

No indicationsIn SFC versionGK 10.2 –GK 40.2

Safe operation in direction

OPEN/CLOSE

Duty class 1In SFC versionGS 50.3 –GS 250.3

Gearboxes may not be modified without prior written consent by AUMA.Unauthorised

modifications may have a negative impact on both safety figures and SIL capability

of the products.

Information In applications with requirements on functional safety, only AUMA gearboxes in SFC

or SIL version may be used. SFC stands for “Safety Figure Calculated”.This desig-

nation identifies AUMA products for which safety figures were calculated on the basis

of FMEDA from field data and generic data (for detailed information refer to <Determ-

ination of the figures>).

AUMA gearboxes in SFC version can among others be identified from the letters

"SFC" following the type designation on the name plate.

Figure 1: Example of name plate with “SFC”marking

Gearboxes Application and validity

3. Architecture, configuration and applications

3.1. Architecture (gearbox sizing)

For gearbox architecture (gearbox sizing) the maximum torques, run torques,

reduction ratios and operating times are taken into consideration.

Incorrect gearbox architecture can lead to device damage within the safety-

related system!

Possible consequences: e.g. Damage at valve, gearbox or actuator.

→The gearbox technical data must imperatively be observed when selecting the

gearbox.

→Sufficient reserves have to be provided to ensure that gearboxes are capable

of reliably opening or closing the valve even in the event of an accident.

Information Gearboxes of GS type range may only be used in duty class 1. Extension flanges

may not be used. Only gearboxes with splash lubrication using greases F02, F13 or

F15 may be used.

3.2. Configuration (setting)

For GS type range, the end stop setting (if available) is performed in compliance

with the operation instructions.

3.3. Protection against uncontrolled operation (self-locking/brake)

For self-locking AUMA gearboxes, it can be assumed that a load up to maximum

torque will not result in uncontrolled operation from valve standstill due to valve torque

load.Consequently, in these cases, further protection against uncontrolled operation

is not imperatively required.However, certain applications may require active position

locking, for example by using a brake. Furthermore, you should bear in mind that

conditions may be different if a standstill is also to be achieved from the movement

of the valve.There are user-specific standards demanding a brake.Therefore, each

project must be subject to individual verification if any further protection is required.

In any case, this protection is required for gearboxes without self-locking.

Information Under normal operation conditions, gearboxes of GS type range are self-locking at

standstill. Gearboxes of the GK type range are NOT self-locking.

3.4. Operation mode (low/high demand mode)

The safety functions of the gearboxes supplied by AUMA are suitable for the low

demand mode and may only be used in this operation mode.If a non-safety

instrumented function of the basic process control system is executed in addition to

the safety functions via the same gearbox, note that while considering the sum of

operational function, required tests and safety function, the maximum permissible

lifetime and cycle time within a safety instrumented system specified for gearboxes

may not be exceeded.

3.5. Further notes and indications on architecture

HFT is 0.This is a type A component.

Safety figures

Safety figures vary depending on the gearbox type.The safety figures relevant for

the product supplied as well as any potential further restrictions must be indicated

on the declaration of incorporation.The declaration of incorporation is specific for

each order and directly supplied with the order.

3.6. Applications (environmental conditions)

Whenspecifying and using thegearboxes within safetyinstrumented systems, make

sure that the permissible service conditions are met.Service conditions are indicated

in the technical data sheet.

Gearboxes

Architecture, configuration and applications

●Enclosure protection

●Corrosion protection

●Ambient temperature

●Vibration resistance

If the actual ambient temperatures exceed an average of +40 °C, the lambda values

have to be incremented by a safety factor.

Gearboxes Architecture, configuration and applications

4. Safety instrumented systems and safety functions

4.1. Safety functions

To determine the SIL figures, the safety function of the device (function which has

to be performed in case of an emergency to operate the plant into a safe state) has

to be considered.

AUMA gearboxes are assessed for the “safe operation in directions OPEN/CLOSE”

safety function:The gearbox transmits the rotary or swivel movement from the

gearbox input to the gearbox output and vice versa.

Information Please note that safety figures only include the gearbox.Further components (e.g.

integrity of external controls, actuators, valves ....) are not considered with the AUMA

safety figures related to this product.

Gearboxes

Safety instrumented systems and safety functions

5. Installation, commissioning and operation

Information Installation and commissioning have to be documented by means of an assembly

report and an inspection certificate. Installation and commissioning may only be

performed by authorised personnel who have been trained on functional safety.

5.1. Installation

General installation tasks (assembly) have to be performed according to the operation

instructions pertaining to the device.

5.2. Commissioning

The operation instructions pertaining to the device must be observed for general

commissioning.

After commissioning, the safe gearbox function must be verified.

5.3. Operation

Regular maintenance and device checks in the Tproof intervals as defined by the

plant operator are the basis for safe operation.

The operation instructions pertaining to the device must be observed for operation.

5.4. Lifetime

Gearbox lifetime is specified in the technical data sheets or the operation instructions.

Safety-related figures are valid for the cycles or modulating steps defined in the

technical data specifications and for typical periods of up to 10 years (the criterion

achieved first is valid). After this period, the probability of failure increases.

Exceeding this period is basically feasible in many cases according to national

footnote NOTE 3 on IEC 61508-2:2010 7.4.9.5 b).This is the responsibility of the

operator who will have to take appropriate measures.Please contact us if you need

support in identifying suitable measures.

5.5. Decommissioning

When decommissioning the gearbox with safety functions, the following must be

observed:

●Impact of decommissioning on relevant devices, equipment or other work must

be evaluated.

●Safety and warning instructions contained in the gearbox operation instructions

must be met.

●Decommissioning must be carried out exclusively by suitably qualified personnel.

●Decommissioning must be recorded in compliance with technical requirements.

Gearboxes Installation, commissioning and operation

6. Tests and maintenance

Test and maintenance tasks may only be performed by authorised personnel who

have been trained on functional safety.

Test and maintenance equipment has to be calibrated.

Information Any test/maintenance must be recorded in a test/maintenance report.

Impact of testing/maintenance on relevant devices, equipment or other work must

be evaluated.

6.1. Safety equipment: check

All safety functions within a safety equipment must be checked for perfect functionality

and safety at appropriate intervals.The intervals for safety equipment checks are to

be defined by the plant operator.

6.2. Proof test (verification of safe gearbox function)

The proof test serves the purpose to verify the safety-relevant functions of the

gearbox.

Proof tests shall reveal dangerous failures which might remain undetected until a

safety function is started and consequently result in a potential danger.

The gearbox input (or output) is rotated to test the safety-related function.It is tested

whether the initiated rotary movement is completely and directly applied at the input

(or output) of the gearbox.Within the framework of the proof test, the gearbox shall

be additionally checked for unusual running noise, unusually high backlash, excessive

heating up during operation as well as excessive friction losses.

Intervals:

A proof test interval describes the time between two proof tests. Functionality must

be checked at appropriate intervals.The intervals are to be defined by the plant

operator.

In any case, the safety-relevant functions must be checked after commissioning and

following any maintenance work or repair as well as during theTproof intervals defined

in the safety assessment.

6.3. Maintenance

Maintenance and service tasks may only be performed by authorised personnel who

have been trained on functional safety.

After maintenance and service tasks, the validation of the safety function must be

performed in addition to the functional test.This validation must include at least the

tests referred to in chapters <Safety equipment:check> and <Proof test (verification

of safe gearbox function>.

In case a fault is detected during maintenance, this must be reported to AUMA Riester

GmbH & Co. KG.

Gearboxes

Tests and maintenance

7. Safety-related figures

7.1. Determination of the safety-related figures

The calculation of the safety-related figures is based on the indicated safety functions.

Experience data and data taken from the exida database for mechanical components

were used for hardware assessment.

The PFD calculation should always be performed individually for each system using

the parameters and conditions applicable for the respective system.The λDU and

λDD values should be used as input.When observing the proof test procedures

indicated in this safety manual, we recommend calculation using proof test coverage

(PTC) of 90 %.

The plant operator is responsible for eliminating faults within the MTTR, otherwise

the data of the quantitative results is no longer valid.

The safety figures mentioned in this safety manual and in the declarations of

incorporation are only valid if all the conditions stipulated in this safety

manual and in the declarations of incorporation and the mentioned activities

are respected and performed. At the same time, the restrictions regarding the

validity and standard conformity stipulated in the declarations of incorporation

must be heeded.

Gearboxes Safety-related figures

8. SIL Declaration of Conformity (example)

Gearboxes

SIL Declaration of Conformity (example)

Gearboxes SIL Declaration of Conformity (example)

Gearboxes

Index

Ambient conditions 6

Architecture 6

Brake 6

Commissioning 9

Configuration 6

DC 3

Declaration of Conformity 12

Decommissioning 9

Device types 5

Diagnostic coverage (DC) 3

Figures, safety-related 11

Gearbox sizing 6

HFT 3

Installation 9

Interval for proof test 3

Lambda values 3

Lifetime 9

Low demand mode 11

Maintenance 10

MeanTime Between Failures

(MTBF) 3

MTBF 3

MTTR(MeanTimeToRestor-

ation) 4

Operation 9

PFD 3

PFD for actuator 11

Probability of failure 3, 9

Proof test 4, 10, 10

Range of application 5

Safe failure fraction (SFF) 3

Safety function 3

Safety functions 8

Safety instrumented function

(SIF) 3

Safety instrumented system

(SIS) 3

Safety-related system 3

Self-locking 6

Service conditions 6

Setting 6

SFF 3

SIL 3

Standards 5

Tests 10

T proof 3

Type of duty 6

Gearboxes

Index

Europe

AUMA Riester GmbH & Co. KG

Location Muellheim

DE 79373 Muellheim

Tel +49 7631 809 - 0

AUMA GS 50.3 User manual

Popular Industrial Equipment manuals by other brands