Foreword
EP7211-0034 - STO Function 7Version: 1.0.0
1.4 Explanation of terms
Name Explanation
B10DMean number of cycles after 10% of the components have dangerously failed
CCF Failures with a common cause
dop Mean operating time in days per year
DCavg Average diagnostic coverage
hop Mean operating time in hours per day
MTTFDMean time to dangerous failure
nop Mean number of annual actuations
PFHDProbability of a dangerous failure per hour
PL Performance level
PLrRequired Performance Level
Tcycle Mean time between two successive cycles of the system (given in minutes in the following
examples, but can also be given in seconds)
T1 Lifetime of the device (typically 20 years for TwinSAFE devices)
λDDangerous failure rate given in FIT (failure rate in 109 component hours)
T10D Operating time - maximum operating time for electromechanical components, for example
TwinSAFE SC The TwinSAFE SC technology (SC - Single Channel) enables a signal from a standard
terminal to be packaged in a FSoE telegram and transmitted via the standard fieldbus to the
TwinSAFE Logic. As a result, falsifications on the transmission path can be excluded. Within
the TwinSAFE Logic, this signal is checked with a further independent signal. This
comparison result typically yields an analog value corresponding to a category3 and PLd.
This technology does not support digital input signals and cannot be used in a single-
channel structure (only one TwinSAFE SC channel).
1.5 Operator's obligation to exercise diligence
The operator must ensure that
• the TwinSAFE products are only used as intended (see chapter Product description);
• the TwinSAFE products are only operated in sound condition and in working order.
• the TwinSAFE products are operated only by suitably qualified and authorized personnel.
• the personnel is instructed regularly about relevant occupational safety and environmental protection
aspects, and is familiar with the operating instructions and in particular the safety instructions contained
herein.
• the operating instructions are in good condition and complete, and always available for reference at the
location where the TwinSAFE products are used.
• none of the safety and warning notes attached to the TwinSAFE products are removed, and all notes
remain legible.
NOTE
Qualified personnel
For the use of the TwinSAFE components, the personnel must be qualified and take part regularly in train-
ing courses.
Training courses on functional safety can be taken at the corresponding certifying bodies such as the TÜV
or at the responsible employer's liability insurance associations.
Product training courses for the TwinSAFE components can be booked with the Beckhoff Training Depart-
ment.
