Functional safety manual

Proline Promass 80/83

with 4...20 mA output signal
Coriolis Mass Flow Measuring System

Application Your benefits

Monitoring of maximum and/or minimum flow for all
• For flow monitoring up to SIL 2:
types of fluids to satisfy particular safety system
– Independently assessed (Functional
requirements as per IEC 61508/IEC 61511-1.
Assessment) by exida.com as per
The measuring device fulfills the requirements IEC 61508/IEC 61511-1
concerning: • Permanent self-monitoring
• Continuous measurement
• Functional safety as per IEC 61508/IEC 61511-1
• Measurement is independent of product properties
• Explosion protection (depending on the version)
• Easy commissioning
• Electromagnetic compatibility as per EN 61326 / A1
(IEC 1326) and NAMUR recommendation NE 21.
Relevant safety aspects:
• Monitoring takes place via the current output of the
device.

SD077D/06/en/05.06
71027168
 Proline Promass 80/83

Table of contents

SIL Declaration of Conformity . . . . . . . . . . . . . . . . . . . 3

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Depiction of a safety system (protection function) . . . . . . . . . . . . . 4

Measuring system layout with Promass 80/83 . . . . . . 4

Mass flow measuring system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Safety function data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Supplementary device documentation . . . . . . . . . . . . . . . . . . . . . . 5

Settings and installation instructions . . . . . . . . . . . . . . 5

Installation instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Settings instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Monitoring of max./min. flow . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Setting instructions for evaluation unit . . . . . . . . . . . . . . . . . . . . . 7
Response in operation and failure . . . . . . . . . . . . . . . . . . . . . . . . . 7
Recurrent functional test of the measuring system . . . . . . . . . . . . . 7

Appendix (safety-related characteristic values) . . . . . . 8

Introductory comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Category No. 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Category No. 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Category No. 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Category No. 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Category No. 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Category No. 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Category No. 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Category No. 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Category No. 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Category No. 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Exida Management Summary . . . . . . . . . . . . . . . . . . 20

2 Endress+Hauser
Proline Promass 80/83

SIL Declaration of Conformity

SIL2-80-83-Conformity-en-06

Endress+Hauser 3

Depiction of a safety system
(protection function)
4 Endress+Hauser
Proline Promass 80/83
Introduction
The following tables define the achievable SIL or the requirements regarding the “Average Probability of a
Dangerous Failure on Demand” (PFDavg), the “Hardware Fault Tolerance” (HFT) and the “Safe Failure
Fraction” (SFF) of the safety system. The specific values for the Promass measuring system can be found in the
tables in the appendix. Permitted failure probability of the complete safety function dependent on the SIL for
systems which must react on demand, e.g. exceeding a defined max. flow (Source: IEC 61508, Part 1):
SIL PFDavg
4 ≥10–5 ... <10–4
3 ≥10–4 ... <10–3
2 ≥10–3 ... <10–2
1 ≥10–2 ... <10–1
The following table shows the achievable Safety Integrity Level (SIL) as a function of the probability of safety-
oriented failures and the hardware fault tolerance of the complete safety system for type B systems (complex
components, for definition see IEC 61508, Part 2):
SFF HFT
0 1 (0)1) 2 (1)1)
none < 60% not allowed SIL 1 SIL 2
low 60% ... < 90% SIL 1 SIL 2 SIL 3
medium 90% ... < 99% SIL 2 SIL 3
high ≥90% SIL 3
1) In accordance with IEC 61511-1 (chapter 11.4.4), the HFT can be reduced by one (values in brackets)
if the devices used fulfill the following conditions:
- the device is proven in use
- only process-relevant parameters can be changed at the device (e.g. measuring range, ... ),
- changing the process-relevant parameters is protected (e.g. password, jumper, ... ),
- the function requires less than SIL 4.
All conditions are met by the Promass 80/83.
A single Promass 80/83 can be used in safety relevant SIL 2 loop. In a safety relevant SIL 3 loop
Promass 80/83 must be used in addition with a different measuring principle. Two Promass in homogeneous
redundancy do not fulfill the SIL 3 requirements.
Additional information about functional safety can be found in the brochure from Endress+Hauser called
“Functional safety in the Process Industry – risk reduction with Safety Instrumented Systems” (CP002Z).
Proline Promass 80/83

Measuring system layout with Promass 80/83

Mass flow measuring system The measuring system’s devices are displayed in the following diagram (example):

Promass 80
Promass 83 Actuator
4...20 mA

Logic Unit

SIL2-80-83 system

The safety-related signal of the Promass 80/83 is the analog output signal 4...20 mA. All safety functions refer
to exclusively this output. In addition, the Promass 80/83 performs the communication via HART and contains
all HART features with additional diagnostics information.
An analog signal (4...20 mA) proportional to the flow is generated in the transmitter (Promass 80/83) and is
fed to a downstream logic unit (e.g. PLC, ... ).
The logic unit monitors the analog signal to ensure that it does not exceed the max. value and/or goes below
the min. value. For fault monitoring, the Logic Unit must detect both HI-alarms (≥ 21.5 mA) and LO-alarms
(≤ 3.8 mA).
The characteristic values determined (see appendix) apply only to the current output (4...20 mA) of the
following versions:
• Promass 80***–***********(*)
(*) = Order option for inputs/outputs: A / D / S / T / 8
• Promass 83***–***********(*)
(*) = Order option for inputs/outputs: A / B / C / D / E / L / M / R / S / T / U / W / 0 / 2 / 3 / 4 / 5 / 6

Safety function data The mandatory settings and safety function data emanate from the chapter “Settings and installation
instructions” and the appendix.
The measuring system’s reaction time is ≤5 s.

! Note!
MTTR is set at eight hours.

Supplementary device The following documentation must be available for the measuring system:
documentation

Device type Operating Instructions Description of the device functions

Promass 80 BA057D/06/en BA058D/06/en

Promass 83 BA059D/06/en BA060D/06/en

This document also includes information on application limits and ambient conditions as well as the functional
specifications of the current output.
For devices with an explosion protection approval, the corresponding Safety Instructions (XA) or Control
Drawings (ZD) must also be observed.

Endress+Hauser 5

Installation instructions
Settings instructions
Monitoring of max./min. flow
6 Endress+Hauser
Proline Promass 80/83
Settings and installation instructions
Instructions for correct installation of the Promass 80/83 can be found in the corresponding Operating
Instructions (BA) (see “Supplementary device documentation”).
The suitability of the Promass 80/83 for the specific application must be checked by the operator. Further
information is available at the Endress+Hauser Sales Centers.
The Promass 80/83 measuring devices can be configured in safety relevant circuits in a number of different
ways:
• Via on-site operation (LCD display)
• Via HART handheld terminal DXR 375
• Via PC (remote operation) using service and configuration software (e.g. “ToF Tool - Fieldtool Package”)
The tools mentioned can also be used to retrieve information on the software and hardware revision of the
device.
Further instructions on settings can be found in the corresponding Operating Instructions (BA) → see
“Supplementary device documentation” (page 5).
The following table shows the settings which are necessary for the use of Promass 80/83 in a safety function.
The possible applications are:
• Monitoring of maximum flow
• Monitoring of minimum flow
• Monitoring of flow range (maximum and minimum flow)
The settings refer to the flow value corresponding to the 4...20 mA current output value.
Group Name of function in the group Allowed setting when Promass is used for a
safety function
CURRENT OUTPUT ASSIGN CURRENT OUTPUT – Mass flow
– Volume flow
CURRENT OUTPUT CURRENT SPAN – 4...20 mA (..........):
All settings with a current output configuration
to 4...20 mA.
– 0...20 mA:
Setting is not allowed.
Promass 80
A setting 4...20 mA with HART communication is
not allowed.
Promass 83
A setting 4...20 mA with HART communication is
allowed if the HART write protection is activated
(see “Locking”)
CURRENT OUTPUT FAILSAFE MODE – Min. current
– Max. current
CURRENT OUTPUT SIMULATION CURRENT OFF
SYSTEM PARAMETER POSITIVE ZERO RETURN OFF
SUPERVISION ASSIGN SYSTEM ERROR OFF (the assignment of information messages and
fault messages may not be changed)
SUPERVISION ALARM DELAY 0...20 s
SIMULATION SYSTEM SIMULATION FAILSAFE MODE OFF
SIMULATION SYSTEM SIMULATION MEASURAND OFF
A detailed description of the functions of the device can be found in the appropriate “Description of Device
Functions” → see “Supplementary device documentation” (page 5).
Proline Promass 80/83
Locking
Setting instructions for
evaluation unit
Response in operation and
failure
! Note!
Recurrent functional test of
the measuring system
Endress+Hauser
In order to protect the process relevant parameters against change, the software has to be locked. This is done
via a code set by the customer.
Software lock for local programming
Function Freely choosable code number (except for 0)
DEFINE PRIVATE CODE
Promass 83:
When using a HART interface, the HART write protection must be activated. This can be done via a jumper on
the I/O board. Please refer to the appropriate Operating Instructions for the correct procedure to activate the
HART write protection → see “Supplementary device documentation” (page 5).
The determined limit value (mA value corresponding to chosen max. and/or min. flow) must be entered at the
subsequent limit contactor (Logic Unit). For all adjustment and setting procedures, refer to the relevant
Operating Instructions.
The response in operation and failures is described in the “Operating Instructions” of the device
→ see “Supplementary device documentation” (page 5).
• Any repair to the device must be carried out by the manufacturer only.
• Device failures must be reported to the manufacturer. The user provides a detailed statement to the
manufacturer describing the failures and any possible effects. There is also an information flow as to whether
this is a dangerous failure or a failure which cannot be detected directly.
• In accordance with IEC 61508-2, Section 7.4.7.4, Note 3, experience shows that the useful service life of
electrical components lies between 8 and 12 years.
• In the event of failure of a SIL-labeled Endress+Hauser device, which has been operated in a safety relevant
circuit, the “Declaration of Contamination and Cleaning” with the corresponding note “Used in SIL safety
relevant circuit” must be enclosed when the defective device is returned.
The operativeness of the safety function must be checked at appropriate time intervals (see appendix
→ page 8). We recommend completing a check at least once a year. It is the responsibility of the user to select
the type of check and the intervals in the specified time frame. The check must be carried out in such a way
that it is proven that the safety function works perfectly in interaction with all components. This can be
guaranteed by approaching the flow limit values or comparing the totalizer with a balancing option (e.g. filling
a tank) once per maintenance period. In this way, a “Diagnostic Coverage” of 100% is achieved in both
instances. If the operativeness of the flow sensor/transmitter can be determined otherwise (exclusion of errors
that impair function), the check can also be completed by simulating the corresponding output signal.
7
 Proline Promass 80/83

Appendix (safety-related characteristic values)

Introductory comments Depending on the product structure, the Promass 80/83 flow measuring systems are supplied with different
signal inputs and outputs (= electronics modules) for hazardous and non-hazardous areas. For the purposes of
clarity, similar types of electronics modules are grouped into “categories”.

! Note!
• The safety-related characteristic values are described separately for each of these “categories” → see sections
“Category 1 – 10”. The tables and graphics provided in these category sections contain all the important
characteristic values for the Promass 80 and/or Promass 83 measuring systems.
The values apply to all possible applications:
– Monitoring maximum flow
– Monitoring minimum flow
– Monitoring flow range (maximum and minimum flow)
• The failure rates indicated refer to the failure rates of SN29500 at an ambient temperature of +40 °C.
The values were obtained by examining devices with software version 2.01.00.

Measuring system / Ex Outputs and inputs Category Page

electronics
Product structure

Promass 80

80 *** – ***********A – Curr. outp. / freq. outp. 1 P. 10

80 *** – ***********D – Curr. outp. / freq. outp. / status outp. / status inp. 1 P. 10

80 *** – ***********8 – Curr. outp. / curr. outp. 2 / freq. outp. / status inp. 5 P. 14

80 *** – ***********A Ex Curr. outp. / freq. outp. 2 P. 11

80 *** – ***********D Ex Curr. outp. / freq. outp. / status outp. / status inp. 2 P. 11

80 *** – ***********S Ex Curr. outp. (Ex i) / freq. outp. (Ex i) 7 P. 16

80 *** – ***********T Ex Curr. outp. (Ex i) / freq. outp. (Ex i) 8 P. 17

80 *** – ***********8 Ex Curr. outp. / curr. outp. 2 / freq. outp. / status inp. 6 P. 15

Promass 83

83 *** – ***********A – Curr. outp. / freq. outp. 3 P. 12

83 *** – ***********B – Curr. outp. / freq. outp. / relay / relay 2 3 P. 12

83 *** – ***********C – Curr. outp. / freq. outp. / relay / relay 2 5 P. 14

83 *** – ***********D – Curr. outp. / freq. outp. / relay / status inp. 5 P. 14

83 *** – ***********E – Curr. outp. / curr. outp. 2 / relay / status inp. 5 P. 14

83 *** – ***********L – Curr. outp. / relay / relay 2 / status inp. 5 P. 14

83 *** – ***********M – Curr. outp. / freq. outp. / freq. outp. 2 / status inp. 5 P. 14

83 *** – ***********W – Curr. outp. / curr. outp. 2 / curr. outp. 3 / relay 5 P. 14

83 *** – ***********0 – Curr. outp. / curr. outp. 2 / curr. outp. 3 / status inp. 5 P. 14
83 *** – ***********2 – Curr. outp. / curr. outp. 2 / freq. outp. / relay 5 P. 14

83 *** – ***********3 – Curr. outp. / curr. outp. 2 / relay / curr. inp. 5 P. 14

83 *** – ***********4 – Curr. outp. / freq. outp. / relay / curr. inp. 5 P. 14

83 *** – ***********5 – Curr. outp. / freq. outp. / curr. inp. / status inp. 5 P. 14

83 *** – ***********6 – Curr. outp. / curr. outp. 2 / curr. inp. / status inp. 5 P. 14

83 *** – ***********A Ex Curr. outp. / freq. outp. 4 P. 13

83 *** – ***********B Ex Curr. outp. / freq. outp. / relay / relay 2 4 P. 13

83 *** – ***********C Ex Curr. outp. / freq. outp. / relay / relay 2 6 P. 15

8 Endress+Hauser
Proline Promass 80/83

Measuring system / Ex Outputs and inputs Category Page

electronics
Product structure

83 *** – ***********D Ex Curr. outp. / freq. outp. / relay / status inp. 6 P. 15

83 *** – ***********E Ex Curr. outp. / curr. outp. 2 / relay / status inp. 6 P. 15

83 *** – ***********L Ex Curr. outp. / relay / relay 2 / status inp. 6 P. 15

83 *** – ***********M Ex Curr. outp. / freq. outp. / freq. outp. 2 / status inp. 6 P. 15

83 *** – ***********R Ex Curr. outp. (Ex i) / curr. outp. 2 (Ex i) 9 P. 18

83 *** – ***********S Ex Curr. outp. (Ex i) / freq. outp. (Ex i) 7 P. 16

83 *** – ***********T Ex Curr. outp. (Ex i) / freq. outp. (Ex i) 8 P. 17

83 *** – ***********U Ex Curr. outp. (Ex i) / curr. outp. 2 (Ex i) 10 P. 19

83 *** – ***********W Ex Curr. outp. / curr. outp. 2 / curr. outp. 3 / relay 6 P. 15

83 *** – ***********0 Ex Curr. outp. / curr. outp. 2 / curr. outp. 3 / status inp. 6 P. 15

83 *** – ***********2 Ex Curr. outp. / curr. outp. 2 / freq. outp. / relay 6 P. 15

83 *** – ***********3 Ex Curr. outp. / curr. outp. 2 / relay / curr. inp. 6 P. 15

83 *** – ***********4 Ex Curr. outp. / freq. outp. / relay / curr. inp. 6 P. 15

83 *** – ***********5 Ex Curr. outp. / freq. outp. / curr. inp. / status inp. 6 P. 15

83 *** – ***********6 Ex Curr. outp. / curr. outp. 2 / curr. inp. / status inp. 6 P. 15

Comments on the term “dangerous failure”

A “dangerous failure” is a failure that does not respond to a demand from the process (i.e. the Promass
measuring device does not go to the predefined failsafe mode).
The following assumptions are made here:
• The failure rates are constant, wear out mechanisms are not included.
• Failure propagation is not relevant.
• The HART protocol is only used for programming, calibration and diagnostics purposes but not during
normal operation.
• The recovery time after a safe failure is 8 hours.
• The test time of the logic unit to react to a detected failure is one hour.
• All modules are operated in the “low demand mode”.
• Only the current output is used for safety-related applications.
• Failure rates of the external power supply are not included.
• The stress levels are average values for an industrial environment and can be compared to the “Ground
Fixed” classification of MIL-HDBK-217F. Alternatively, the presumed environment is similar to
IEC 60654-1, Class C (protected mounting location) with temperature limits within the manufacturer's
specifications and an average temperature of 40 °C for the transmitter over an extended period.
Humidity is assumed within the manufacturer's specification.
• Only the versions described are used for safety applications.
• As the optional display does not constitute a part of the safety function, the failure rate of the display is not
taken into account in the calculations.
• The application program in the safety logic unit is designed in such a way that “fail high” and “fail low”
failures are detected by the safety function regardless of the effect (safe or dangerous).

Endress+Hauser 9
 Proline Promass 80/83

Category No. 1 Specific values

Without Ex approval or with ATEX II3G or

Promass 80
FM Cl. I Div. 2 / CSA Cl. I Div. 2
SIL SIL 2
HFT 0
SFF >74%
PFDavg ≤2.86 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config1-3-5-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 115 461 1340 656 74.49%

λlow = λdd λhigh= λsd 1340 461 115 656 74.49%

λlow = λsd λhigh= λsd 1455 461 0 656 74.49%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1437 461 18 656 74.49%

λlow = λdd λhigh= λsd 18 461 1437 656 74.49%

λlow = λsd λhigh= λsd 1455 461 0 656 74.49%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

10 Endress+Hauser
Proline Promass 80/83

Category No. 2 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 80
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >76%
PFDavg ≤2.68 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config2-4-6-8-9-10-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 138 509 1381 614 76.75%

λlow = λdd λhigh= λsd 1381 509 138 614 76.75%

λlow = λsd λhigh= λsd 1519 509 0 614 76.75%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1501 509 18 614 76.75%

λlow = λdd λhigh= λsd 18 509 1501 614 76.75%

λlow = λsd λhigh= λsd 1519 509 0 614 76.75%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

Endress+Hauser 11
 Proline Promass 80/83

Category No. 3 Specific values

Without Ex approval or with ATEX II3G or

Promass 83
FM Cl. I Div. 2 / CSA Cl. I Div. 2
SIL SIL 2
HFT 0
SFF >74%
PFDavg ≤2.86 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config1-3-5-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 117 468 1345 656 74.63%

λlow = λdd λhigh= λsd 1345 468 117 656 74.63%

λlow = λsd λhigh= λsd 1462 468 0 656 74.63%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1440 468 22 656 74.63%

λlow = λdd λhigh= λsd 22 468 1440 656 74.63%

λlow = λsd λhigh= λsd 1462 468 0 656 74.63%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

12 Endress+Hauser
Proline Promass 80/83

Category No. 4 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 83
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >76%
PFDavg ≤2.68 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config2-4-6-8-9-10-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 140 515 1386 614 76.87%

λlow = λdd λhigh= λsd 1386 515 140 614 76.87%

λlow = λsd λhigh= λsd 1526 515 0 614 76.87%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1504 515 22 614 76.87%

λlow = λdd λhigh= λsd 22 515 1504 614 76.87%

λlow = λsd λhigh= λsd 1526 515 0 614 76.87%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

Endress+Hauser 13
 Proline Promass 80/83

Category No. 5 Specific values

Without Ex approval or with ATEX II3G or

Promass 80 / Promass 83
FM Cl. I Div. 2 / CSA Cl. I Div. 2
SIL SIL 2
HFT 0
SFF >75%
PFDavg ≤2.87 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config1-3-5-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 215 474 1328 657 75.45%

λlow = λdd λhigh= λsd 1328 474 215 657 75.45%

λlow = λsd λhigh= λsd 1543 474 0 657 75.45%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1527 474 16 657 75.45%

λlow = λdd λhigh= λsd 16 474 1527 657 75.45%

λlow = λsd λhigh= λsd 1543 474 0 657 75.45%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

14 Endress+Hauser
Proline Promass 80/83

Category No. 6 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 80 / Promass 83
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >77%
PFDavg ≤2.69 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config2-4-6-8-9-10-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 239 522 1371 615 77.60%

λlow = λdd λhigh= λsd 1374 522 239 615 77.60%

λlow = λsd λhigh= λsd 1610 522 0 615 77.60%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1594 522 16 615 77.60%

λlow = λdd λhigh= λsd 16 522 1594 615 77.60%

λlow = λsd λhigh= λsd 1610 522 0 615 77.60%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

Endress+Hauser 15
 Proline Promass 80/83

Category No. 7 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 80 / Promass 83
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >78%
PFDavg ≤2.72 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config7-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 239 627 1372 623 78.23%

λlow = λdd λhigh= λsd 1372 627 239 623 78.23%

λlow = λsd λhigh= λsd 1611 627 0 623 78.23%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1588 627 23 623 78.23%

λlow = λdd λhigh= λsd 23 627 1588 623 78.23%

λlow = λsd λhigh= λsd 1611 627 0 623 78.23%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

16 Endress+Hauser
Proline Promass 80/83

Category No. 8 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 80 / Promass 83
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >77%
PFDavg ≤2.69 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config2-4-6-8-9-10-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 239 544 1366 615 77.74%

λlow = λdd λhigh= λsd 1366 544 239 615 77.74%

λlow = λsd λhigh= λsd 1605 544 0 615 77.74%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1582 544 23 615 77.74%

λlow = λdd λhigh= λsd 23 544 1582 615 77.74%

λlow = λsd λhigh= λsd 1605 544 0 615 77.74%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

Endress+Hauser 17
 Proline Promass 80/83

Category No. 9 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 83
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >78%
PFDavg ≤2.68 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config2-4-6-8-9-10-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 248 605 1365 614 78.31%

λlow = λdd λhigh= λsd 1365 605 248 614 78.31%

λlow = λsd λhigh= λsd 1613 605 0 614 78.31%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1590 605 23 614 78.31%

λlow = λdd λhigh= λsd 23 605 1590 614 78.31%

λlow = λsd λhigh= λsd 1613 605 0 614 78.31%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

18 Endress+Hauser
Proline Promass 80/83

Category No. 10 Specific values

With Ex approval: ATEX II2G, ATEX II1/2G or

Promass 83
FM Cl. I Div. 1 / CSA Cl. I Div. 1 or TIIS
SIL SIL 2
HFT 0
SFF >77%
PFDavg ≤2.68 x 10–3
Complete function test, e.g. by approaching the flow limits annual

1001D structure

3,50E–02
Probability

3,00E–02

2,50E–02

2,00E–02

1,50E–02

1,00E–02

5,00E–03

0,00E+00
0,0 2,0 4,0 6,0 8,0 10,0
PFD avg Years

SIL2-80-83-Config2-4-6-8-9-10-en

Information on failure rates

Transmitter configured fail-safe state = “fail high”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 237 543 1366 614 77.75%

λlow = λdd λhigh= λsd 1366 543 237 614 77.75%

λlow = λsd λhigh= λsd 1603 543 0 614 77.75%

Transmitter configured fail-safe state = “fail low”

Failure categories λsd [FIT] λsu [FIT] λdd [FIT] λdu [FIT] SFF

λlow = λsd λhigh= λdd 1580 543 23 614 77.75%

λlow = λdd λhigh= λsd 23 543 1580 614 77.75%

λlow = λsd λhigh= λsd 1603 543 0 614 77.75%

! Note!
Detailed information on the term “dangerous failure” is provided on page 9.

Endress+Hauser 19
 Proline Promass 80/83

Exida Management Summary

SIL2-80-83-Manag-Summary-Page1-06

20 Endress+Hauser
Proline Promass 80/83

SIL2-80-83-Manag-Summary-Page2-06

Endress+Hauser 21
 Proline Promass 80/83

SIL2-80-83-Manag-Summary-Page3-06

22 Endress+Hauser
Proline Promass 80/83

SIL2-80-83-Manag-Summary-Page4-06

Endress+Hauser 23
 Proline Promass 80/83

International Headquarters

Endress+Hauser
GmbH+Co. KG
Instruments International
Colmarer Str. 6
79576 Weil am Rhein
Deutschland

Tel. +49 76 21 9 75 02
Fax +49 76 21 9 75 34 5
www.endress.com
info@ii.endress.com

SD077D/06/en/05.06
71027168
FM+SGML 6.0 ProMoDo