KROHNE H250 M40 Series User guide

Variable area flowmeter

Safety manual

H250 M40

H250 M40H250 M40

H250 M40 Supplementary instructions

Supplementary instructionsSupplementary instructions

Supplementary instructions

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 1 Monday, April 29, 2013 8:31 AM

CONTENTS

2 www.krohne.com 04/2013 - 4000904202 MA H250 M40 SIL R02 en

H250 M40

1 Introduction 3

1.1 Field of application ........................................................................................................... 3

1.2 User benefits .................................................................................................................... 3

1.3 Relevant standards / Literature....................................................................................... 3

2 Terms and definitions 4

2.1 Description of the considered profiles............................................................................. 4

3 Description 5

3.1 Functional principle.......................................................................................................... 5

3.2 Description of the subsystem........................................................................................... 6

4 Specification of the safety function 7

4.1 Description of the failure categories ............................................................................... 7

5 Project planning 8

5.1 Applicable device documentation .................................................................................... 8

5.2 Project planning, behaviour during operation and malfunction...................................... 8

6 Life time / Proof tests 9

6.1 Life time............................................................................................................................ 9

6.2 Proof tests ...................................................................................................................... 10

7 Safety-related characteristics 11

7.1 Assumptions ................................................................................................................... 11

7.2 Specific safety-related characteristics .......................................................................... 12

8 Annex 16

8.1 Annex 1 ........................................................................................................................... 16

8.2 Annex 2 ........................................................................................................................... 17

9 Notes 18

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 2 Monday, April 29, 2013 8:31 AM

INTRODUCTION 1

H250 M40

www.krohne.com04/2013 - 4000904202 MA H250 M40 SIL R02 en

Introduction

1.1 Field of application

Measurement of volume flow rate of liquids, gases and vapours that shall meet the special safety

requirements according to IEC 61508.

The measuring device meets the requirements regarding

•Functional safety in accordance with IEC 61508-2:2010 (Edition 2)

•EMC directive 2004/108/EC and NAMUR recommandation NE21

•ATEX directive 94/9/EC

•PED directive 97/23/EC

For further information please refer to the H250 M40 Declaration of Conformity at the

Downloadcenter of the KROHNE-Website www.krohne.com.

1.2 User benefits

Use for

•Volume flow monitoring

•Continuous flow measurement and local analog indication

•Easy commissioning

•Excellent price-performance ratio

1.3 Relevant standards / Literature

[N1] IEC 61508-2:2010 - Functional Safety of Electrical/Electronic/Programmable Electronic

Safety-Related Systems

[N2] Electrical & Mechanical Component Reliability Handbook, 2nd Edition 2008, exida L.L.C.

ISBN 978-0-9727234-6-6

[N3] IEC 60654-1:1993-02 2nd edition, Industrial process measurement and control

equipment - Operating conditions - Part 1: Climatic conditions

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 3 Monday, April 29, 2013 8:31 AM

2TERMS AND DEFINITIONS

H250 M40

www.krohne.com 04/2013 - 4000904202 MA H250 M40 SIL R02 en

Terms and definitions

2.1 Description of the considered profiles

Mechanical database

Electronic database

DCDDiagnostic Coverage of dangerous failures

FIT Failure In Time (1x10-9 failures per hour)

FMEDA Failure Modes, Effects and Diagnostic Analysis

HFT Hardware Fault Tolerance

Low demand mode Mode, where the frequency of demand for operation made on a safety-related

system is not greater than one per year and not greater than twice in the proof test

frequency.

PFDAVG Average Probability of Failure on Demand

SFF Safe Failure Fraction summarizes the fraction of failure, which lead to a safe state

and the fraction of failures which will be detected by diagnostic measures and lead

to a defined safety action.

SIF Safety Instrumented Function

SIL Safety Integrity Level

Type A component "Non-complex" subsystem (all failure modes are well defined); for details see

7.4.3.1.2 of IEC 61508-2.

Type B component "Complex" subsystem (all failure modes are well defined); for details see 7.4.3.1.2

of IEC 61508-2.

T[Proof] Proof Test Interval

Profile Profile according to

IEC 60654-1

Ambient temperature [°C] Temperature cycle

[°C / 365 days]

Average (external) Mean (inside box)

2C3 25 30 25

4D1 25 30 35

Profile 2 (low stress): Mechanical field products with minimal self heating, subject to daily

temperature swings.

Profile 4 (high stress): Unprotected mechanical field products with minimal self heating,

subject to daily temperature swings and rain or condensation.

Profile Profile according to

IEC 60654-1

Ambient temperature [°C] Temperature cycle

[°C / 365 days]

Average (external) Mean (inside box)

2C3 25 30 25

Profile 2 Low power electrical (2-wire) field products have minimal self heating and are

subjected to daily temperature swings.

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 4 Monday, April 29, 2013 8:31 AM

DESCRIPTION 3

H250 M40

www.krohne.com04/2013 - 4000904202 MA H250 M40 SIL R02 en

Description

3.1 Functional principle

The flowmeter operates in accordance with the float measuring principle.

A metal cone is installed in the measuring unit H250, in which a suitably shaped float can move

freely up and down.

The flowmeter is inserted into a vertical pipeline and the medium flows through it from bottom to

top.

The guided float adjusts itself so that the buoyancy force A acting on it, the form drag W and

weight G are in equilibrium (G = A + W).

An annular gap results which width depends on the current flow rate.

The height of the float in the measuring unit, which depends on the float, is transmitted by a

magnetic coupling and displayed on a scale.

Strong deflecting magnetic fields can lead to deviations in the measured value.

Figure 3-1: Functional principle

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 5 Monday, April 29, 2013 8:31 AM

3DESCRIPTION

H250 M40

www.krohne.com 04/2013 - 4000904202 MA H250 M40 SIL R02 en

3.2 Description of the subsystem

H250 M40 - versions

1 Standard version

2 HT version

H250 M40 with electrical built ins

1 Version with K1/K2

2 Version with ESK4

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 6 Monday, April 29, 2013 8:31 AM

SPECIFICATION OF THE SAFETY FUNCTION 4

H250 M40

www.krohne.com04/2013 - 4000904202 MA H250 M40 SIL R02 en

Specification of the safety function

4.1 Description of the failure categories

In order to judge the failure behaviour of the variable area flowmeters H250 M40, the following

definitions for the failure of the flowmeter were considered:

H250 M40 with inductive limit switch output

H250 M40 with 4…20mA output

In IEC 61508 edition 1 the “No Effect”failures were defined as safe undetected failures, even

though they would not cause the safety function to go to a safe state.

With edition 2 (IEC 61508:2010) the no effect failures are no longer considered as safe

undetected failures and must not contribute to the SFF calculation. Therefore the SFF values

have changed.

The PFD values remain as before.

The demand response time of H250 M40 is < 2s.

Fail - Safe Failure that causes the subsystem to go to the defined fail-safe state

without a demand from process.

Fail Dangerous Undetected Failure that is dangerous and that is not being diagnosed by internal

diagnostics.

Fail Dangerous Detected Failure that is dangerous but is detected by internal diagnostics (These

failures may be converted to the selected fail-safe state)

Fail No Effect Failure of a component that is part of the safety function but is neither a

safe failure nor a dangerous failure and has no effect on the safety

function.

Not part Failures of a component which is not part of the safety function but part of

the circuit diagram and is listed for completeness. When calculating the

SFF this failure mode is not taken into account. It is also not part of the

total failure rate.

Fail-Safe State The fail-safe state is defined as the output beeing de-energized

Fail Dangerous Failure that does not respond to a demand from the process (i.e. being

unable to go to the defined fail-safe state)

Fail-Safe State The fail-safe state is defined as the output exceeding the user defined

threshold

Fail Dangerous Failure that does not respond to a demand from the process (i.e. being

unable to go to the defined fail-safe state) or that deviates the output

current by more than 2.5% of full span.

Fail High Failure that causes the output signal to go to the maximum output current

(>21mA) according NAMUR NE43.

Fail Low Failure that causes the output signal to go to the minimum output current

(< 3.6 mA) according NAMUR NE43.

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 7 Monday, April 29, 2013 8:31 AM

5PROJECT PLANNING

H250 M40

www.krohne.com 04/2013 - 4000904202 MA H250 M40 SIL R02 en

Project planning

5.1 Applicable device documentation

5.2 Project planning, behaviour during operation and malfunction

•The stress levels shall be average for an industrial outdoor environment and shall be similar

to exida Profile 2 or Profile 4 with temperature limits within the manufacture’s rating. Other

environmental characteristics are assumed to be within the manufacturer’s ratings.

•Under normal conditions the maximum operating time will be 10 years.

•Requirements made in the operating manual have to be kept.

•Repair and inspection intervals have to be based on the safety calculations.

•Follow the repair instructions of the manufacturer in the printed manual.

•Modifications made without specific authorisation of the manufacturer are strictly prohibited.

•Follow the installation and operating instructions.

•The application program in the safety logic solver is configured to detect under-range and

over-range failures and does not automatically trip on these failures; therefore these failures

have been classified as dangerous detected failures. The failure rates of the safety logic

solver are not included in the listed failures rates.

•The parameters given by the FMEDA are considered as planning support. The end user is

responsible for the overall functional safety of the application.

•For help to find the correct order text see annex 1.

[D1] TD H250/M40-Rxx-en

Technical datasheet H250/M40 –Variable area flowmeter

[D2] MA H250/M40-Rxx-en

Handbook including installation and operating instructions

[D3] exida FMEDA report: KROHNE 10/10020361 R010 Version 2

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 8 Monday, April 29, 2013 8:31 AM

LIFE TIME / PROOF TESTS 6

H250 M40

www.krohne.com04/2013 - 4000904202 MA H250 M40 SIL R02 en

Life time / Proof tests

6.1 Life time

Although a constant failure rate is assumed by the probabilistic estimation method this only

applies provided that the useful lifetime of components is not exceeded.

Beyond their useful lifetime, the result of the probabilistic calculation method is meaningless, as

the probability of failure significantly increases with time.

The useful lifetime is highly dependent on the component itself and its operating conditions –

temperature in particular (for example, electrolyte capacitors can be very sensitive).

This assumption of a constant failure rate is based on the bathtub curve, which shows the typical

behaviour for electronic components. Therefore it is obvious that the PFDAVG calculation is only

valid for components which have this constant domain and that the validity of the calculation is

limited to the useful lifetime of each component.

It is assumed that early failures are detected to a huge percentage during the installation period

and therefore the assumption of a constant failure rate during the useful lifetime is valid.

According to section 7.4.9.5 of IEC 61508-2, a useful lifetime, based on experience, should be

assumed.

According to section 7.4.9.5 note 3 of IEC 61508-2 experience has shown that the useful lifetime

often lies within a range of 8 to 12 years.

KROHNE recommends an operational life time for variable area flowmeters no longer than 10

years in SIL rated applications. However, if the user is monitoring the instruments over their life

time demonstrating the required results (e.g. constant failure rate), this can allow safety

capability exceeding this period on the user’s own responsibility.

For the required cyclic proof test refer to

Proof tests

on page 10.

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 9 Monday, April 29, 2013 8:31 AM

6LIFE TIME / PROOF TESTS

H250 M40

www.krohne.com 04/2013 - 4000904202 MA H250 M40 SIL R02 en

6.2 Proof tests

Possible proof tests to detect dangerous undetected faults

Possible proof tests to detect dangerous undetected faultsPossible proof tests to detect dangerous undetected faults

Possible proof tests to detect dangerous undetected faults

Proof test for H250/M40/K* with inductive limit switches

1. Take appropriate action to avoid a false trip.

2. Inspect the device for any visible damage, corrosion or contamination.

3. Force the variable area flowmeter H250 M40 to reach a defined “MAX”threshold value and verify

that the inductive limit switch goes into the safe state.

4. Force the variable area flowmeter H250 M40 to reach a defined “MIN”threshold value

and verify that the inductive limit switch goes into the safe state.

5. Restore the loop to full operation.

6. Restore normal operation

It is assumed that the test will detect approximately 99% of possible dangerous undetected

failures.

Proof test for H250/M40/ESK with 4…20mA output

1. Bypass the safety PLC or take other appropiate action to avoid a false trip.

2. Perform 5-point calibration verification of the variable area flowmeter H250 M40.

3. Force the variable area flowmeter H250 M40 to go to the high alarm current output and verify

that the analog current reaches that value.

4. Force the variable area flowmeter H250 M40 to go to the low alarm current output and verify

that the analog current reaches that value.

5. Restore the loop to full operation.

6. Remove the bypass from the safety PLC or otherwise restore normal operation.

It is assumed that the test will detect approximately 99% of possible dangerous undetected

failures.

INFORMATION!

It is necessary to open the casing of the device in order to do the electrical connection and to set

the limit switch set points.

Special attention is required when the casing is open. Avoid a deformation of the precision

Avoid a deformation of the precisionAvoid a deformation of the precision

Avoid a deformation of the precision

mechanics indicator system.

mechanics indicator system.mechanics indicator system.

mechanics indicator system. By deforming the pointer or the balance vane the ease-of-

movement can be influenced leading to a wrong measurement.

By performing the mandatory proof-test after installation and closing the casing the ease-of-

movement has to be verified

MA_H250_M40_SIL2_R02_en_904202_PRT.book Page 10 Monday, April 29, 2013 8:31 AM

Other manuals for H250 M40 Series

Table of contents

Other KROHNE Measuring Instrument manuals

KROHNE

KROHNE H250H User manual

KROHNE

KROHNE BM 26 BASIC Wiring diagram

KROHNE

KROHNE BM 70 M Series User manual

KROHNE

KROHNE OPTIFLEX 1300 C User manual

KROHNE

KROHNE OPTIFLUX 7300 User manual

KROHNE

KROHNE OPTIMASS / 400 Wiring diagram

KROHNE

KROHNE WATERFLUX 3070 User manual

KROHNE

KROHNE OPTIWAVE 7300 C User manual

KROHNE

KROHNE AF-E 400 User manual

KROHNE

KROHNE IFC100 User manual

KROHNE

KROHNE VA40 Wiring diagram

KROHNE

KROHNE OPTISWIRL 4200 User manual

KROHNE

KROHNE OPTIFLUX 4040 C Series Wiring diagram

KROHNE

KROHNE H250 M9 Wiring diagram

KROHNE

KROHNE OPTISONIC 3400 User manual

KROHNE

KROHNE OPTIWAVE 6300 C User manual

KROHNE

KROHNE BM 700 User manual

KROHNE

KROHNE VA40 Wiring diagram

KROHNE

KROHNE OPTIBAR LC 1010 Wiring diagram

KROHNE

KROHNE WATERFLUX 3070 User manual

KROHNE

KROHNE BATCHFLUX 5015 K Series User manual

KROHNE

KROHNE Optisonic 6300 P User manual

KROHNE

KROHNE Optisonic 6300 P User manual

KROHNE

KROHNE DK32 Series Wiring diagram

Popular Measuring Instrument manuals by other brands

Suaoki

Suaoki D40 user manual

Elster

Elster BK-G1.6 operating instructions

Endress+Hauser

Endress+Hauser Deltabar FMD71 technical information

Duratool

Duratool D03128 manual

Vega

Vega VEGAPULS 65 Quick setup guide

Tonghui

Tonghui TH2618B Operation manual

Tenmars

Tenmars TM-801 user manual

MSR

MSR 145 user manual

TPS

TPS WP-82 manual

PCB Piezotronics

PCB Piezotronics 003C30 Installation and operating manual

Tenma

Tenma 72-10465 manual

Endress+Hauser

Endress+Hauser Proline Promag 50 Brief operating instructions

Siemens

Siemens SITRANS F Coriolis FCT030 Function manual

KLINGER

KLINGER CMF V Series instruction manual

Keysight

Keysight M8290A Getting started guide

Acterna

Acterna MS1400 Operation manual

R&S

R&S ZPH manual

Datacolor

Datacolor ColorReader DC10-2 user guide