Multi-turn actuators

SA(R) 07.2 – SA(R) 16.2/SA(R)Ex 07.2 – SA(R)Ex 16.2

SA(R) 25.1 – SA(R) 30.1/SA 35.1 – SA 40.1
SA(R)Ex 25.1 – SA(R)Ex 30.1/SAEx 35.1 – SAEx 40.1
AUMA NORM actuator (without controls)
WSH 10.2 – WSH 16.2/WSHEx 10.2 – WSHEx 16.2
SFC version

Manual Functional safety

 Multi-turn actuators
Table of contents AUMA NORM actuator (without controls)

NOTICE for use!

This document is only valid with the latest operation instructions attached to the device, the attached declaration
of incorporation as well as the respectively pertaining technical and electrical data sheets. They are understood
as reference documents.

Purpose of the document:

The present documents informs about the actions required for using the device in safety-related systems in
accordance with IEC 61508 or IEC 61511.

Reference documents:
●
exida report no. AUMA 10/03-053 R006 and AUMA 10/12-035 R005
●
Operation instructions (Assembly, operation, commissioning) for actuator
Reference documents are available on the Internet at: http://www.auma.com.

Table of contents Page

1. Terminology............................................................................................................................ 4
1.1. Abbreviations and concepts 4
2. Application and validity......................................................................................................... 6
2.1. Range of application 6
2.2. Standards 6
2.3. Valid device types 6
3. Architecture, configuration and applications...................................................................... 8
3.1. Architecture (actuator sizing) 8
3.2. Configuration (setting) 8
3.3. Protection against uncontrolled operation (self-locking/brake) 8
3.4. Operation mode (low/high demand mode) 9
3.5. Further notes and indications on architecture 10
3.6. Applications (environmental conditions) 10
4. Safety instrumented systems and safety functions........................................................... 11
5. Installation, commissioning and operation......................................................................... 12
5.1. Installation 12
5.2. Commissioning 12
5.3. Operation 12
5.4. Lifetime 12
5.5. Decommissioning 13
6. Tests and maintenance.......................................................................................................... 14
6.1. Safety equipment: check 14
6.2. Proof test (verification of safe actuator function) 14
6.2.1. Preliminary tests 14
6.2.2. Review and validation of the “Safe operation in direction OPEN/CLOSE” safety func- 14
tion
6.2.3. Review and validation of the “Safe end position signal” safety function 15
6.3. Diagnostics via Partial Valve Stroke Test (PVST) / Reaction Monitoring (RM) 15
6.4. Maintenance 16
7. Safety-related figures............................................................................................................. 17
7.1. Determination of the safety-related figures 17
7.2. Specific figures for actuators of SA.2 type ranges in SFC version 17

2
Multi-turn actuators
AUMA NORM actuator (without controls) Table of contents

8. SIL Declaration of Conformity (example)............................................................................. 19

Index........................................................................................................................................ 21
Addresses............................................................................................................................... 22

3
 Multi-turn actuators
Terminology AUMA NORM actuator (without controls)

1. Terminology
Information sources ● IEC 61508-4, Functional safety of electrical/electronic/programmable electronic
safety-related systems – Part 4: Definitions and abbreviations
● IEC 61511-1, Functional safety - Safety instrumented systems for the process
industry sector – Part 1: Framework, definitions, system, hardware and software
requirements
1.1. Abbreviations and concepts
To evaluate safety functions, the lambda values or the PFD value (Probability of
Dangerous Failure on Demand) and the SFF value (Safe Failure Fraction) are the
main requirements. Further figures are required to assess the individual components.
These figures are explained in the table below.

Table 1: Abbreviations of safety figures

Abbrevi- Full expression Description
ation
λS Lambda Safe Number of safe failures
λD Lambda Dangerous Number of dangerous failures
λDU Lambda Dangerous Undetected Number of undetected dangerous fail-
ures
λDD Lambda Dangerous Detected Number of detected dangerous failures
DC Diagnostic Coverage Diagnostic Coverage - ratio between
the failure rate of dangerous failures
detected by diagnostic tests and total
rate of dangerous failures of the com-
ponent or subsystem. The diagnostic
coverage does not include any failures
detected during proof tests.
MTBF Mean Time Between Failures Mean time between the occurence of
two subsequent failures
SFF Safe Failure Fraction Fraction of safe failures as well as of
detectable dangerous failures
PFDavg Average Probability of dangerous Fail- Average probability of dangerous fail-
ure on Demand ures on demand of a safety function.
HFT Hardware Failure Tolerance Ability of a functional unit to execute a
required function while faults or devi-
ations are present. HFT = n means that
the function can still be safely executed
for up to n faults occurring at the same
time.
Tproof Proof test interval Interval for proof test

SIL Safety Integrity Level

The international standard IEC 61508 defines 4 levels (SIL 1 through SIL 4).

Safety function Function to be implemented by a safety-related system for risk reduction with the
objective to achieve or maintain a safe state for the plant/equipment with respect to
a specific dangerous event.

Safety instrumented Function with specified safety integrity level (SIL) to achieve functional safety.
function (SIF)
Safety instrumented Safety instrumented system for executing a single or several safety instrumented
system (SIS) functions. An SIS consists of sensor(s), logic system and actuator(s).

Safety-related system A safety-related system includes all factors (hardware, software, human factors)
necessary to implement one or several safety functions. Consequently failures of
safety function would result in a significant increase in safety risks for people and/or
the environment.
A safety-related system can comprise stand-alone systems dedicated to perform a
particular safety function or can be integrated into a plant.

4
Multi-turn actuators
AUMA NORM actuator (without controls) Terminology

Proof test Periodic test performed to detect dangerous hidden failures in a safety-related system
so that, if necessary, a repair can restore the system to an "as new" condition or as
close as practical to this condition.

MTTR (Mean Time To Mean time to restoration once a failure has occurred. Indicates the expected mean
Restoration) time to achieve restoration of the system. It is therefore an important parameter for
system availability. The time for detecting the failure, planning tasks as well as
operating resources is also included. It should be reduced to a minimum.

MRT (Mean Repair Time) Mean repair time indicates the mean time required to repair a system. The MRT is
crucial when defining the reliability and availability of a system. The MRT should
preferably be small.
Device type (type A and Actuator controls can be regarded as type A devices if all of the following conditions
type B) are met for all components required to achieve the safety instrumented function:
● The failure modes for all constituent components involved are well defined
● The behaviour under fault conditions can be completely determined.
● There is sufficient dependable failure data from the field to show that the claimed
rates of failure are met (confidence level min. 70 %).
Actuator controls shall be regarded as type B devices if one or several of the following
conditions are met:
● The failure of at least one constituent component is not well defined.
● The fault behaviour is not completely known.
● There is insufficient dependable failure data to support claims for rates of failure
for detected and undetected dangerous failures.

PTC (Proof Test Cover- Proof test coverage describes the fraction of failures which can be detected by means
age) of a proof test.

5
 Multi-turn actuators
Application and validity AUMA NORM actuator (without controls)

2. Application and validity

2.1. Range of application
AUMA actuators and actuator controls with the safety functions mentioned in this
manual are intended for operation of industrial valves and are suitable for use in
safety instrumented systems in accordance with IEC 61508 or IEC 61511.
2.2. Standards
AUMA actuators and actuator controls meet the following requirements:
● For the safety functions “Safe operation in direction OPEN/CLOSE” with/without
PVST or Reaction Monitoring (RM) and “Safe Standstill”: IEC 61508-2:2000
The safety figures of the devices described meet the requirements of IEC 61508
in the respective SIL level with regard to failure rates and architecture require-
ments. However, this does not imply that all further requirements of IEC 61508
are met.
● For the safety function “Safe end position feedback”: IEC 61508-2:2010
The safety figures of the devices described meet the requirements of IEC 61508
in the respective SIL level with regard to failure rates and architecture require-
ments. However, this does not imply that all further requirements of IEC 61508
are met.
2.3. Valid device types
The data on functional safety contained in this manual applies to the device types
indicated.

Table 2: Overview on suitable device types

Type Type Motor Type of duty Control
Actuator Actuator controls power supply
SA 07.2 – SA 16.2 Without 3-phase AC S2 - 15 min “Safe operation in direction
SAR 07.2 – SAR 16.2 S2 - 30 min OPEN/CLOSE” with/without PVST
in SFC version S4 - 25 % or Reaction Monitoring (RM) and
S4 - 50 % “Safe Standstill”
Any option S2 - 15 min Safe end position feedback
S2 - 30 min
S4 - 25 %
S4 - 50 %
SA 25.1 – SA 40.1 Without Any option S2 - 15 min Safe end position feedback
SAR 25.1 – SAR 30.1 S2 - 30 min
in SFC version S4 - 25 %
S4 - 50 %
SAEx 07.2 – SAEx 16.2 Without 3-phase AC S2 - 15 min “Safe operation in direction
SAREx 07.2 – SAREx 16.2 S2 - 30 min OPEN/CLOSE” with/without PVST
in SFC version S4 - 25 % or Reaction Monitoring (RM) and
S4 - 50 % “Safe Standstill”
Any option S2 - 15 min Safe end position feedback
S2 - 30 min
S4 - 25 %
S4 - 50 %
SAEx 25.1 – SAEx 40.1 Without Any option S2 - 15 min Safe end position feedback
SAREx 25.1 – SAREx 30.1 S2 - 30 min
in SFC version S4 - 25 %
S4 - 50 %
WSH 10.2 – WSH 16.2 Without – – Safe end position feedback
WSHEx 10.2 – WSHEx 16.2 Without – – Safe end position feedback

Hardware, software and configuration of actuator and actuator controls must not be
modified without prior written consent by AUMA. Unauthorised modification may
have a negative impact on both safety figures and SIL capability of the products.

6
Multi-turn actuators
AUMA NORM actuator (without controls) Application and validity

Information In applications with requirements on functional safety, only AUMA actuator controls
and actuators in SFC or SIL version may be used. SFC stands for “Safety Figure
Calculated”. This designation identifies AUMA products for which safety figures were
calculated on the basis of FMEDA from field data and generic data (for detailed in-
formation refer to <Determination of the figures>).
AUMA actuator controls and actuators in SFC version can among others be identified
from the letters "SFC" following the type designation on the name plate.

Figure 1: Example of name plate with “SFC” marking

7
 Multi-turn actuators
Architecture, configuration and applications AUMA NORM actuator (without controls)

3. Architecture, configuration and applications

3.1. Architecture (actuator sizing)
For actuator architecture (actuator sizing) the maximum torques, run torques and
operating times are taken into consideration.

Incorrect actuator architecture can lead to device damage within the safety-
related system!
Possible consequences can be valve damage, motor overheating, contactor jamming,
defective thyristors, heating up or damage to cables.
→ The actuator technical data must imperatively be observed when selecting the
actuator.
→ Sufficient reserves have to be provided to ensure that actuators are capable of
reliably opening or closing the valve even in the event of an accident or under-
voltage.

Information For the “Safe end position feedback” safety function, heed that signalling is made
via mechanical switches. Since these elements have an unavoidable hysteresis, the
actuator slightly leaves the end position before the end position signal is deleted.
Consequently, there is a marginal range of actuator positions to the safety position,
for which the end position is still signalled although the actuator has already left the
end position during operation from safety position. If the range in question is ap-
proached from the opposite direction, this limitation does not apply. In general this
range is relatively small. However, for unfavourable configurations (low number of
turns per stroke), this range can amount to more than 10 % of the total stroke.
Should, within the framework of unfavourable conditions, the effect described above
represent an unacceptable limitation for the safety function, we recommend evaluating
both limit and torque switches for the end position feedback.
Power supply

Information The plant operator is responsible for power supply.

3.2. Configuration (setting)

Configuration (setting) of the safety-related functions is performed as described in
the operation instructions or in the present manual (functional safety).

Information An exact setting of torque and end position switches for the end positions is imperat-
ively required to ensure correct function of “Safe end position feedback”. For setting
details related to the respective switches, please refer to operation instructions.

3.3. Protection against uncontrolled operation (self-locking/brake)

For self-locking AUMA actuators, it can be assumed that a load up to maximum
torque will not result in uncontrolled valve operation from standstill due to valve torque
load. Consequently, in these cases, further protection against uncontrolled operation
is not imperatively required. However, certain applications may require active position
locking, for example by using a brake. There are user-specific standards demanding
this type of protection.Therefore, each project must be subject to individual verification
if any further protection is required. In any case, this protection is required for
actuators without self-locking.

8
Multi-turn actuators
AUMA NORM actuator (without controls) Architecture, configuration and applications

Table 3: Overview self-locking for AUMA actuators (at the time of printing of this document)
Type Output speed Self-locking
50 Hz 60 Hz
SA 07.2 – SA 16.2 ≤  90 rpm ≤ 108 rpm Self-locking
SAR 07.2 – SAR 16.2 ≥ 125 rpm ≥ 150 rpm NOT self-locking
SAEx 07.2 – SAEx 16.2
SAREx 07.2 – SAREx 16.2
SA 25.1 – SA 30.1 ≤ 90 rpm ≤ 108 rpm Self-locking
SAR 25.1 – SAR 30.1 ≥ 125 rpm ≥ 150 rpm NOT self-locking
SAEx 25.1 – SAEx 30.1
SAREx 25.1 – SAREx 30.1
SA 35.1 ≤ 22 rpm ≤ 26 rpm Self-locking
SAEx 35.1 ≥ 32 rpm ≥ 38 rpm NOT self-locking
SA 40.1 ≤ 22 rpm ≤ 26 rpm Self-locking
SAEx 40.1 ≥ 32 rpm ≥ 38 rpm NOT self-locking

Information Limit switching devices WSH 10.2 – WSH 16.1/WSHEx 10.2 – WSHEx 16.2 are
NOT self-locking.

3.4. Operation mode (low/high demand mode)

The safety functions of the actuators supplied by AUMA are suitable for the low
demand mode and may only be used in this operation mode. If a non-safety
instrumented function of basic process control system is executed via the same
actuator in addition to the safety function, note that while considering the sum of
non-safety instrumented function, required tests and safety function, the defined
number of maximum permissible cycles1) for the respective actuator as well as the
maximum number of starts2) may not be exceeded during deployment of the actuator
within a safety instrumented system.
Only the “safe end position feedback” safety function can be operated beyond
the limitations mentioned above under certain conditions even in operation mode
with high demand rate, provided the following requirements and limitations are
heeded:
● When considering the sum consisting of non-safety instrumented function, re-
quired tests and safety function, the number of maximum cycles of the actuator
end position switches as well as the maximum number of starts during actuator
deployment are not exceeded in a safety instrumented system.
● When considering the sum consisting of non-safety instrumented function, re-
quired tests and safety function, the number of maximum cycles for the respect-
ive actuator as well as the maximum number of permissible cycles1) or starts2)
are not exceeded, if appropriate scaling rules are applied.
● Lubrication is checked at regular intervals and the lubricant changed if required,
however, at least every 10 years.
● Every 20,000 cycles1) or starts2) (whatever occurs earlier), the crown wheel and
the worm wheel are checked for wear and replaced if required.
● The end user makes sure that a test rate (PVST) is achieved for the “Safe end
position feedback” safety function, complying with the demand rate to be expec-
ted according to the applicable standards for the respective application.
● All requirements in accordance with the “Technical data for switches” (Y004.619)
data sheet are respected. In particular, the permissible minimum and maximum
currents and voltages.
● The number of cycles1) as well as the number of cycles of each limit and torque
switch do not exceed the values stipulated in the table below:

1) Definition of “cycles” according to EN 15714-2:2010

2) Definition of “starts” according to DIN EN 15714-2:2010

9
 Multi-turn actuators
Architecture, configuration and applications AUMA NORM actuator (without controls)

Table 4:
Classes A and B Class C (Modulation)
Contact material Silver Gold Silver Silver Gold Gold
Maximum electrical load 30 V/30 mA 250 V AC/5 A 30 V/30 mA 50 V/400 mA
Number of permissible cycles of end position < 20,000 < 20,000 < 100,000 < 20,000 < 100,000 < 20,000
switch as well as cycles according to EN 15714-
2:2010

3.5. Further notes and indications on architecture

HFT is 0.
Only flanges of F07 or FA 07 sizes or larger may be used for valve attachment.
If the actuator is equipped with a position transmitter like MWG, RWG or EWG, they
may not be integrated within the safety instrumented system. The only evaluated
feedback signal within a safety instrumented system is the “Safe end position
feedback”. For this, only switches with designations terminating on “S” may be wired
directly to the customer output (e.g. 8-S, 8.2-S, 6-S, …).
For “safe end position feedback”, the actuator can be considered as type A device.
The operating time for the complete stroke must exceed 4 seconds should a blinker
transmitter be used for the reaction monitoring. CAUTION: Any modification of the
nominal stroke results in operating time change.
Safety figures

The safety figures relevant for the product supplied as well as potential further
restrictions are indicated on the declaration of incorporation. The declaration of
incorporation is specific for each order and directly supplied with the order.
3.6. Applications (environmental conditions)
When specifying and using the actuators within safety instrumented systems, make
sure that the permissible service conditions and the EMC requirements by the
peripheral devices are met. Service conditions are indicated in the technical data
sheets:
● Enclosure protection
● Corrosion protection
● Ambient temperature
● Vibration resistance
If the actual ambient temperatures exceed an average of +40 °C, the lambda values
have to be incremented by a safety factor.

10
Multi-turn actuators
AUMA NORM actuator (without controls) Safety instrumented systems and safety functions

4. Safety instrumented systems and safety functions

To determine the SIL figures, the safety function of the device (function which has
to be performed in case of an emergency to operate the plant into a safe state) has
to be considered.
In calculating the safety actuator figures, the following safety functions are taken into
account:
● Safe operation in direction OPEN/CLOSE
When applying a rotary field to the provided terminals of the 3-phase current
connection, the actuator operates in the direction according to the rotary field
applied.
● Safe standstill
When disconnecting the power supply from the 3-phase input, the actuator
does no longer drive the output drive. If sufficient self-locking is available and/or
an additional and fault-free brake is installed (not part of the scope of delivery),
the actuator will come to a standstill following a plant-specific overrun.
● Safe end position feedback
An end position signal directly wired to the actuator is available. The safety
function is the correct signal whether the actuator is in the requested actuator3)
end position or not. Only the signal via this signal communication path is safety
related.
The order-specific declaration of incorporation specifies which of the previously
mentioned safety functions are implemented in the product.

3) Please note that safety figures only include the components of the actuator or the limit switching.
Further components (e.g. integrity of external controls, gearboxes, valve shaft, other valve compon-
ents....) are not considered with the AUMA safety figures related to this product

11
 Multi-turn actuators
Installation, commissioning and operation AUMA NORM actuator (without controls)

5. Installation, commissioning and operation

Information Installation and commissioning have to be documented by means of an assembly

report and an inspection certificate. Installation and commissioning may only be
performed by authorised personnel who have been trained on functional safety.

5.1. Installation
General installation tasks (assembly, electrical connection) have to be performed
according to the operation instructions pertaining to the device and the enclosed
order-specific wiring diagram.
Figure 2: Example of wiring diagram with torque and limit switches

[1] 3-phase AC current connection:

Relevant for safety functions “Safe operation in direction OPEN/CLOSE”
with/without PVST or Reaction Monitoring (RM) and “Safe Standstill”
[2] Torque/limit switches for safe end position feedback
Installation and commissioning must be recorded and a final installation and
commissioning report must be issued.
AUMA NORM actuators require suitable motor controls for operation. These motor
controls are neither part of the scope of the supply nor of this safety manual. However,
they must be considered for the evaluation of the overall safety instrumented system.

Information Valve position indication is made via potentiometer or 4 – 20 mA signals. However,

this is not part of the determination of safety figures.

5.2. Commissioning
The operation instructions pertaining to the device must be observed for general
commissioning.
After commissioning, the safe actuator function must be verified.
5.3. Operation
Regular maintenance and device checks in the Tproof intervals as defined by the
plant operator are the basis for safe operation.
The operation instructions pertaining to the device must be observed for operation.
5.4. Lifetime
Actuator lifetime is described in the technical data sheets or the operation instructions.
Safety-related figures are valid for the cycles or modulating steps defined in the
technical data specifications and for typical periods of up to 10 years (the criterion
achieved first is valid). After this period, the probability of failure increases.
Extending this period is basically feasible in many cases “provided both manufacturer
and operator introduce respective actions” in compliance with footnote N3 of NOTE
3 of the German version of IEC 61508-2:2010 7.4.9.5 b). This is the responsibility
of the operator who will have to take appropriate and suitable measures. Please
contact us if you need support in identifying suitable measures.

12
Multi-turn actuators
AUMA NORM actuator (without controls) Installation, commissioning and operation

5.5. Decommissioning
When decommissioning an actuator with safety functions, the following must be
observed:
● Impact of decommissioning on relevant devices, equipment or other work must
be evaluated.
● Safety and warning instructions contained in the actuator operation instructions
must be met.
● Decommissioning must be carried out exclusively by suitably qualified personnel.
● Decommissioning must be recorded in compliance with regular requirements.

13
 Multi-turn actuators
Tests and maintenance AUMA NORM actuator (without controls)

6. Tests and maintenance

Test and maintenance tasks may only be performed by authorised personnel who
have been trained on functional safety.
Test and maintenance equipment has to be calibrated.

Information Any test/maintenance must be recorded in a test/maintenance report.

Impact of testing/maintenance on relevant devices, equipment or other work must

be evaluated.
6.1. Safety equipment: check

All safety functions within a safety equipment must be checked for perfect functionality
and safety at appropriate intervals. The intervals for safety equipment checks are to
be defined by the plant operator.
6.2. Proof test (verification of safe actuator function)
The proof test serves the purpose to verify the safety-related functions of the actuator
and actuator controls.
Proof tests shall reveal dangerous faults which might remain undetected until a safety
function is started and consequently result in a potential danger.
The 3-phase current input is appropriately assigned to check the safety-related
function. This means that the output of safe end position feedback is appropriately
checked. As a consequence, the actuator must perform the safety function without
fault.
Information All installed and used safety functions within the actuator must be checked and all
test steps performed in compliance with the pertaining checklists.

Intervals:
A proof test interval describes the time between two proof tests. Functionality must
be checked at appropriate intervals. The intervals are to be defined by the plant
operator.
In any case, the safety-related functions must be checked after commissioning and
following any maintenance work or repair as well as during the Tproof intervals defined
in safety assessment.

6.2.1. Preliminary tests

The actuator system has to be subjected to a visual inspection first. The system
should be checked for outside damage and corrosion. Furthermore, the electrical
and mechanical connections should be checked and the actuator inspected for
unusual noises while operating the actuator at least a complete travel from CLOSED
to OPEN and back.

6.2.2. Review and validation of the “Safe operation in direction OPEN/CLOSE” safety function

Test sequence (check- 1. Operate actuator in mid position and stop.

list) 2. Apply 3-phase current to 3-phase current input according to operation command
OPEN – Does the actuator operate into direction OPEN?
3. Disconnect 3-phase current input – Does the actuator stop after appropriate
overrun?
4. Apply 3-phase current to 3-phase current input according to operation command
CLOSE – does the actuator operate into direction CLOSE?
5. Disconnect 3-phase current input – Does the actuator stop after appropriate
overrun?

14
Multi-turn actuators
AUMA NORM actuator (without controls) Tests and maintenance

Information Fault detection of proof test is improved if a complete travel from end position OPEN
to end position CLOSED and vice versa is checked. Since detection of reaching end
positions including automatic seating is not part of the safety function but has to be
taken over by external controls, the test can only be performed when checking the
host system.

6.2.3. Review and validation of the “Safe end position signal” safety function

Test sequence (check- 1. Operate actuator to end position OPEN – Is the end position OPEN signalled
list) via Safe end position signal?
2. Unseat actuator out of end position OPEN – Is the safe end position signal
OPEN cancelled?
3. Operate actuator again to end position OPEN – Is the end position OPEN sig-
nalled again via Safe end position signal?
4. Operate actuator to end position CLOSED – Is the end position CLOSED sig-
nalled via Safe end position signal?
5. Unseat actuator out of end position CLOSED – Is the safe end position signal
CLOSED cancelled?
6. Operate actuator again to end position CLOSED – Is the end position CLOSED
signalled again via Safe end position signal?
6.3. Diagnostics via Partial Valve Stroke Test (PVST) / Reaction Monitoring (RM)
Regular actuator diagnostics is required using diagnostics facilities. Diagnostics
should be performed at least 10 times more often than the proof test. This diagnostic
comprises a specific actuator movement relating to an appropriate travel and
subsequent evaluation whether the actuator reacts as expected. The individual safety
functions are described in more detail below.
The actuator movement required for diagnostics can be initiated on purpose (PVST).
If the actuator is operated regularly by conventional process control, this movement
can be used for the purpose of diagnostics (RM). In any case, it is required that
monitoring and assessment of RM or PVST is performed by the logic unit of the
safety instrumented system.
Safety function Safe operation in direction OPEN/CLOSE:
● The assessment whether an operation was successful must be performed using
one of the following diagnostic elements:
- Direct wiring of blinker transmitter to customer connection
- Direct wiring of end position switch to customer connection
- Direct wiring of potentiometer to customer connection
RWG and EWG are not permitted as diagnostic elements.
● For diagnostics via blinker transmitter, the test run can start at any actuator
position. The test run must last for at least 4 seconds to ensure safe reaction
of blinker transmitter.
● Diagnostics via end position switches requires the actuator
- To be either positioned in one of both end positions prior to starting the
test run. The test run is then started out of the end position.
- Or to be at a sufficient distance from both end positions prior to starting
the test run. The test run is then started towards the end position.
In both cases, the travel distance must sufficient to allow for full tripping of the
end position switch. It must be checked whether the end position switch signals
the expected position both at the beginning, during and at the end of the test.
● For diagnostics via potentiometer, the test run can start in any actuator position.
When selecting the travel distance for the test run, ensure that a change in
potentiometer resistance is generated. While considering in particular plant
specific interference, this change must exceed at least by factor 4 the expected
uncertainty level of the measurement.
● Assessment of the reaction monitoring must always be dynamic (signal change
corresponds to the expected value).

15
 Multi-turn actuators
Tests and maintenance AUMA NORM actuator (without controls)

Safety function Safe end position feedback:

● Actuator movement can be requested via any input.
● Assessment whether the safety function signals as desired has to be performed
at the end position switches wired directly to the customer connection.
● The actuator is required
- To be either positioned in one of both end positions prior to starting the
test run. The test run is performed out of the end position and back to this
end position.
- Or to be at a sufficient distance from both end positions prior to starting
the test run. The test run is performed into an end position and out of this
end position.
In both cases, the travel distance must sufficient to allow for full tripping of the end
position switch. It must be checked whether the end position switch signals the
expected position both at the beginning, during and at the end of the test.
● Furthermore, test run monitoring must be dynamic. This means a dynamic test
whether the signal change corresponds to the expected value.
Monitoring and assessment of PVST must be ensured by the logic unit of the safety
instrumented system.

Information If PVST is performed out of or into one of both end positions, only the contact of this
end position is checked for correct operation. If both end position switches
(OPEN/CLOSE) are safety relevant, a full stroke test can be performed, for example.

6.4. Maintenance
Maintenance and service tasks may only be performed by authorised personnel who
have been trained on functional safety (refer to chapter 5).
Once maintenance and service tasks have been finished, the functional test must
be completed by a validating process of the safety function including at least the
tests described in the <Safety equipment: check> and <Proof test (verification of
safe actuator function)> chapters.
In case a fault is detected during maintenance, this must be reported to AUMA Riester
GmbH & Co. KG.

Information AUMA actuators prioritise motor operation to manual operation. This means that the
actuator automatically switches to motor operation if requested. However, we recom-
mend activating motor operation after any maintenance and service interventions.

16
Multi-turn actuators
AUMA NORM actuator (without controls) Safety-related figures

7. Safety-related figures
7.1. Determination of the safety-related figures
● The calculation of the safety figures is based on the indicated safety functions.
Hardware assessments are based on Failure Modes, Effects and Diagnostic
Analysis (FMEDA). FMEDA is a step to assess functional device safety in
compliance with IEC 61508. On the basis of FMEDA, the failure rates and the
fraction of safe failures of a device are determined.
● Experience data and data taken from the exida database for mechanical com-
ponents is used to calculate mechanical failure rates. The electronic failure
rates as base failure rates are taken from the SIEMENS Standard SN 29500.
● In compliance with table 2 of IEC 61508-1, the average target PFD values for
systems with low demand mode are:
-2 -1
- SIL 1 safety functions: ≥ 10 to < 10
-3 -2
- SIL 2 safety functions: ≥ 10 to < 10
-4 -3
- SIL 3 safety functions: ≥ 10 to < 10
Since actuators only represent a part of the overall safety function, the actuator
PFD value should not account for more than approx. 25 % of the permissible
total value (PFDavg) of a safety function. This results in the following values:
- Actuator PFD for SIL 1 applications: ≲ 2.50E-02
- Actuator PFD for SIL 2 applications: ≲ 2.50E-03
● Electric actuators are classified as type A components with a hardware fault
tolerance of 0. The SFF for the type A subsystem should be <60 % according
to table 2 of IEC 61508-2 for SIL 1 (subsystems with a hardware fault tolerance
of 0). The SFF for the type A subsystem should be between 60 % and <90 %
according to table 2 of IEC 61508-2 for SIL 2 (subsystems with a hardware fault
tolerance of 0).
The PFD values specified in the declarations of incorporation and in this safety
manual are only examples and subject to certain assumptions e.g. on Tproof, MTTR,
… The PFD calculation should always be performed individually for each system
using the parameters and conditions applicable for the respective system. The λDU
and λDD values should be used as input. When observing the proof test procedures
indicated in this safety manual, we recommend calculation using proof test coverage
(PTC) of 90 %.4).
As previously mentioned in the architecture section, safeguarding power supply and
resulting calculations are the responsibility of the plant operator.
The plant operator is responsible for eliminating faults within the MTTR, otherwise
the data of the quantitative results is no longer valid.

The safety figures mentioned in this safety manual and in the declarations of
incorporation are only valid if all the conditions stipulated in this safety
manual and in the declarations of incorporation and the mentioned activities
are respected. At the same time, the restrictions regarding the validity and
standard conformity stipulated in the declarations of incorporation must be
heeded.

7.2. Specific figures for actuators of SA.2 type ranges in SFC version
The following parameter tables provide an example of safety figures for one version.
For the relevant figures, refer to the pertaining Declaration of Incorporation.

4) For the example calculations within this manual and the declarations of incorporation, different
PTC values were sometimes used as calculation basis.

17
 Multi-turn actuators
Safety-related figures AUMA NORM actuator (without controls)

Table 5: Example
FMEDA
Safety function Safe driving (op- Safe driving (opera- Safe Standstill
eration) tion) [F3]
OPEN/CLOSE OPEN/CLOSE with
[1] PVST [F2]
λsafe5) 367 FIT 367 FIT 189 FIT
λDD5) 0 FIT 162 FIT 0 FIT
λDU5) 203 FIT 41 FIT 11 FIT
DCD6) 0% 80 % –
MTBF - Mean Time Between 200 years 200 years –
Failures
SFF - Safe Failure Fraction 64 % 92 %
PFDavg7) with T[Proof] = 1 year 1.05E-03 4.96E-04 –
7)
PFDavg with T[Proof] = 2 years 1.92E-03 6.55E-04 –
PFDavg7) with T[Proof] = 5 years 4.53E-03 1.13E-03 –

5) FIT = Failure in Time, Number of failures per 109 h

6) DCD = Diagnostic Coverage (dangerous)
7) PFDavg = Probability of a failure on demand (avergae)

18
Multi-turn actuators
AUMA NORM actuator (without controls) SIL Declaration of Conformity (example)

8. SIL Declaration of Conformity (example)

19
 Multi-turn actuators
SIL Declaration of Conformity (example) AUMA NORM actuator (without controls)

20
Multi-turn actuators
AUMA NORM actuator (without controls) Index

S
Index Safe failure fraction (SFF) 4, 17
Safety function 4
A Safety functions 11
Actuator sizing 8 Safety instrumented function 4
Ambient conditions 10 (SIF)
Architecture 8 Safety instrumented system 4
B (SIS)
Brake 8 Safety-related system 4
Self-locking 8
C Service conditions 10
Commissioning 12 Setting 8
Configuration 8 SFF 4
SIL 4
D Standards 6
DC 4
Declaration of Conformity 19 T
Decommissioning 13 Tests 14
Device types 6 T proof 4
Diagnostic coverage (DC) 4
Diagnostics 15

F
Figures, safety-related 17

H
HFT 4

I
Installation 12
Interval for proof test 4

L
Lambda values 4, 17
Lifetime 12
Low Demand Mode 17

M
Maintenance 16
Mean Time Between Failures 4
(MTBF)
MRT (Mean Repair Time) 5
MTBF 4
MTTR (Mean Time To Restor- 5
ation)

O
Operation 12
Operation mode 9

P
Partial Valve Stroke Test 15
(PVST)
PFD 4
PFD for actuator 17
Power supply 8
Probability of failure 4, 12
Proof test 5, 14, 14

R
Range of application 6
Reaction Monitoring (RM) 15

21
 AUMA worldwide

Europe AUMA Finland Oy AUMA-LUSA Representative Office, Lda.

FI 02230 Espoo PT 2730-033 Barcarena
AUMA Riester GmbH & Co. KG Tel +358 9 5840 22 Tel +351 211 307 100
auma@auma.fi geral@aumalusa.pt
Location Muellheim www.auma.fi
DE 79373 Muellheim SAUTECH
Tel +49 7631 809 - 0 AUMA France S.A.R.L. RO 011783 Bucuresti
info@auma.com FR 95157 Taverny Cedex Tel +40 372 303982
www.auma.com Tel +33 1 39327272 office@sautech.ro
info@auma.fr
Location Ostfildern-Nellingen www.auma.fr OOO PRIWODY AUMA
DE 73747 Ostfildern RU 141402 Khimki, Moscow region
Tel +49 711 34803 - 0 AUMA ACTUATORS Ltd. Tel +7 495 221 64 28
riester@auma.com GB Clevedon, North Somerset BS21 6TH aumarussia@auma.ru
Tel +44 1275 871141 www.auma.ru
Service-Center Bayern mail@auma.co.uk
DE 85386 Eching www.auma.co.uk OOO PRIWODY AUMA
Tel +49 81 65 9017- 0 RU 125362 Moscow
Service.SCB@auma.com D. G. Bellos & Co. O.E. Tel +7 495 787 78 21
GR 13673 Acharnai, Athens aumarussia@auma.ru
Service-Center Köln Tel +30 210 2409485 www.auma.ru
DE 50858 Köln info@dgbellos.gr
Tel +49 2234 2037 - 900 AUMA Scandinavia AB
Service@sck.auma.com APIS CENTAR d. o. o. SE 20039 Malmö
HR 10437 Bestovje Tel +46 40 311550
Service Center Magdeburg Tel +385 1 6531 485 info.scandinavia@auma.com
DE 39167 Niederndodeleben auma@apis-centar.com www.auma.se
Tel +49 39204 759 - 0 www.apis-centar.com
Service@scm.auma.com ELSO-b, s.r.o.
Fabo Kereskedelmi és Szolgáltató Kft. SK 94901 Nitra
AUMA-Armaturenantriebe Ges.m.b.H. HU 8800 Nagykanizsa Tel +421 905/336-926
AT 2512 Tribuswinkel Tel +36 93/324-666 office@elsob.sk
Tel +43 2252 82540 auma@fabo.hu www.elsob.sk
office@auma.at www.fabo.hu
www.auma.at Auma Endüstri Kontrol Sistemleri Limited
Falkinn HF Sirketi
AUMA BENELUX B.V. B. A. IS 108 Reykjavik TR 06810 Ankara
BE 8800 Roeselare Tel +00354 540 7000 Tel +90 312 217 32 88
Tel +32 51 24 24 80 os@falkinn.is info@auma.com.tr
office@auma.be www.falkinn.is
www.auma.nl AUMA Technology Automations Ltd
AUMA ITALIANA S.r.l. a socio unico UA 02099 Kiev
ProStream Group Ltd. IT 20023 Cerro Maggiore (MI) Tel +38 044 586-53-03
BG 1632 Sofia Tel +39 0331 51351 auma-tech@aumatech.com.ua
Tel +359 2 9179-337 info@auma.it
valtchev@prostream.bg www.auma.it Africa
www.prostream.bg
AUMA BENELUX B.V. Solution Technique Contrôle Commande
OOO “Dunkan-Privod” LU Leiden (NL) DZ Bir Mourad Rais, Algiers
BY 220004 Minsk Tel +31 71 581 40 40 Tel +213 21 56 42 09/18
Tel +375 29 6945574 office@auma.nl stcco@wissal.dz
belarus@auma.ru
www.zatvor.by NB Engineering Services A.T.E.C.
MT ZBR 08 Zabbar EG Cairo
AUMA (Schweiz) AG Tel + 356 2169 2647 Tel +20 2 23599680 - 23590861
CH 8965 Berikon nikibel@onvol.net contactus@atec-eg.com
Tel +41 566 400945
RettichP.ch@auma.com AUMA BENELUX B.V. SAMIREG
NL 2314 XT Leiden MA 203000 Casablanca
AUMA Servopohony spol. s.r.o. Tel +31 71 581 40 40 Tel +212 5 22 40 09 65
CZ 250 01 Brandýs n.L.-St.Boleslav office@auma.nl samireg@menara.ma
Tel +420 326 396 993 www.auma.nl
auma-s@auma.cz MANZ INCORPORATED LTD.
www.auma.cz SIGUM A. S. NG Port Harcourt
NO 1338 Sandvika Tel +234-84-462741
IBEROPLAN S.A. Tel +47 67572600 mail@manzincorporated.com
ES 28027 Madrid post@sifag.no www.manzincorporated.com
Tel +34 91 3717130
iberoplan@iberoplan.com AUMA Polska Sp. z o.o. AUMA South Africa (Pty) Ltd.
PL 41-219 Sosnowiec ZA 1560 Springs
Tel +48 32 783 52 00 Tel +27 11 3632880
biuro@auma.com.pl aumasa@mweb.co.za
www.auma.com.pl

22

America
AUMA Argentina Rep.Office
AR Buenos Aires
Tel +54 11 4737 9026
contacto@aumaargentina.com.ar
AUMA Automação do Brazil ltda.
BR Sao Paulo
Tel +55 11 4612-3477
contato@auma-br.com
TROY-ONTOR Inc.
CA L4N 8X1 Barrie, Ontario
Tel +1 705 721-8246
troy-ontor@troy-ontor.ca
AUMA Chile Representative Office
CL 7870163 Santiago
Tel +56 2 2821 4108
claudio.bizama@auma.com
B & C Biosciences Ltda.
CO Bogotá D.C.
Tel +57 1 349 0475
proyectos@bycenlinea.com
www.bycenlinea.com
AUMA Región Andina & Centroamérica
EC Quito
Tel +593 2 245 4614
auma@auma-ac.com
www.auma.com
Corsusa International S.A.C.
PE Miraflores - Lima
Tel +511444-1200 / 0044 / 2321
corsusa@corsusa.com
www.corsusa.com
Control Technologies Limited
TT Marabella, Trinidad, W.I.
Tel + 1 868 658 1744/5011
www.ctltech.com
AUMA ACTUATORS INC.
US PA 15317 Canonsburg
Tel +1 724-743-2862
mailbox@auma-usa.com
www.auma-usa.com
Suplibarca
VE Maracaibo, Estado, Zulia
Tel +58 261 7 555 667
suplibarca@intercable.net.ve
Asia
AUMA Actuators UAE Support Office
AE 287 Abu Dhabi
Tel +971 26338688
Nagaraj.Shetty@auma.com
AUMA Actuators Middle East
BH 152 68 Salmabad
Tel +97 3 17896585
salesme@auma.com
Mikuni (B) Sdn. Bhd.
BN KA1189 Kuala Belait
Tel + 673 3331269 / 3331272
mikuni@brunet.bn
AUMA worldwide
AUMA Actuators (China) Co., Ltd. FLOWTORK TECHNOLOGIES
CN 215499 Taicang CORPORATION
Tel +86 512 3302 6900 PH 1550 Mandaluyong City
mailbox@auma-china.com Tel +63 2 532 4058
www.auma-china.com flowtork@pldtdsl.net
PERFECT CONTROLS Ltd. M & C Group of Companies
HK Tsuen Wan, Kowloon PK 54000 Cavalry Ground, Lahore Cantt
Tel +852 2493 7726 Tel +92 42 3665 0542, +92 42 3668 0118
joeip@perfectcontrols.com.hk sales@mcss.com.pk
www.mcss.com.pk
PT. Carakamas Inti Alam
ID 11460 Jakarta Petrogulf W.L.L
Tel +62 215607952-55 QA Doha
auma-jkt@indo.net.id Tel +974 44350151
pgulf@qatar.net.qa
AUMA INDIA PRIVATE LIMITED.
IN 560 058 Bangalore AUMA Saudi Arabia Support Office
Tel +91 80 2839 4656 SA 31952 Al Khobar
info@auma.co.in Tel + 966 5 5359 6025
www.auma.co.in Vinod.Fernandes@auma.com
ITG - Iranians Torque Generator AUMA ACTUATORS (Singapore) Pte Ltd.
IR 13998-34411 Teheran SG 569551 Singapore
+982144545654 Tel +65 6 4818750
info@itg-co.ir sales@auma.com.sg
www.auma.com.sg
Trans-Jordan Electro Mechanical Supplies
JO 11133 Amman NETWORK ENGINEERING
Tel +962 - 6 - 5332020 SY Homs
Info@transjordan.net +963 31 231 571
eyad3@scs-net.org
AUMA JAPAN Co., Ltd.
JP 211-0016 Kawasaki-shi, Kanagawa Sunny Valves and Intertrade Corp. Ltd.
Tel +81-(0)44-863-8371 TH 10120 Yannawa, Bangkok
mailbox@auma.co.jp Tel +66 2 2400656
www.auma.co.jp mainbox@sunnyvalves.co.th
www.sunnyvalves.co.th
DW Controls Co., Ltd.
KR 153-702 Gasan-dong, GeumChun-Gu,, Top Advance Enterprises Ltd.
Seoul TW Jhonghe City, Taipei Hsien (235)
Tel +82 2 2624 3400 Tel +886 2 2225 1718
import@actuatorbank.com support@auma-taiwan.com.tw
www.actuatorbank.com www.auma-taiwan.com.tw
Al-Arfaj Engineering Co WLL AUMA Vietnam Hanoi RO
KW 22004 Salmiyah VN Hanoi
Tel +965-24817448 +84 4 37822115
info@arfajengg.com chiennguyen@auma.com.vn
www.arfajengg.com
Australia
TOO “Armaturny Center”
KZ 060005 Atyrau BARRON GJM Pty. Ltd.
Tel +7 7122 454 602 AU NSW 1570 Artarmon
armacentre@bk.ru Tel +61 2 8437 4300
info@barron.com.au
Network Engineering www.barron.com.au
LB 4501 7401 JBEIL, Beirut
Tel +961 9 944080
nabil.ibrahim@networkenglb.com
www.networkenglb.com
AUMA Malaysia Office
MY 70300 Seremban, Negeri Sembilan
Tel +606 633 1988
sales@auma.com.my
Mustafa Sultan Science & Industry Co LLC
OM Ruwi
Tel +968 24 636036
r-negi@mustafasultan.com
23
AUMA Riester GmbH & Co. KG
P.O. Box 1362
DE 79373 Muellheim
Tel +49 7631 809 - 0
Fax +49 7631 809 - 1250
info@auma.com
www.auma.com

Y008.096/003/en/1.19

For detailed information on AUMA products, refer to the Internet: www.auma.com