FMEA

IEC 61508
Data Declaration
DOCUMENT NO. MTL08FMEA4546/1

Declaration relating to: MTL4546 and MTL5546

Manufactured and assessed by:

Measurement Technology Limited, Power Court, Luton, Bedfordshire, LU1 3JJ

This document is issued as a summary of the hardware failure data affecting the application of the
equipment as a sub-system being part of a Safety Function intended to conform with the
requirements of IEC61508 - Functional Safety of Electrical/Electronic/Programmable Electronic
Safety-Related Systems. The hardware has been subjected to a Failure Modes and Effects Analysis
(FMEA) to determine the specific failure modes and failure rates with the relevant results presented
herein.

Product Description
The MTL4546 and MTL5546 accept a 4/20mA floating signal from a safe-area controller to drive a
current/pressure converter (or any other load up to 800Ω) in a hazardous area. For smart valve
positioners, the modules also permit bi-directional transmission of digital communication signals.
Process controllers with a readback facility can detect open and short circuits in the field wiring: if
these occur, the current taken into the terminals drops to a preset level.

Product Failure Rates

The hardware assessment shows that the MTL4546 and MTL5546 Isolating drivers

• Have a hardware fault tolerance of 0

• Are classified as a Type A device

It is assumed that the module is powered from a nominal 24Vdc supply.

The definitions for product failure of the MTL4546 and MTL5546 were determined as:-

Failure mode Failure rate (FIT)

Output current >21mA (upscale) 3
Output current <3.6mA (downscale) 277
Output current within range but >2% in error 57
Output current correct within ±2% 288

FMEA/DD4546/06/08 Page 1 of 2
 FMEA
IEC 61508
Example of use in a safety function
In this example, the application context is assumed to be:

• the safety function is to repeat current within ±2%

The failure modes shown above can then be defined as

Failure mode Category
Output current >21mA (upscale) Dangerous undetected, λdu
Output current <3.6mA (downscale) Dangerous undetected, λdu
Output current within range but >2% in error Dangerous undetected, λdu
Output current correct within ±2% Safe undetected, λsu
The failure rates for these categories are then (FITs)
Model λsd λsu λdd λdu
MTL4546 or MTL5546 0 288 0 337

In this example, the safe failure fraction is 46% and so the devices meet the hardware architecture
constraints to be used as single devices in Safety Instrumented Functions at SIL1.

Notes
• FITs means failures per 109 hours or failures per thousand million hours.
• Reliability data for this analysis is taken from IEC TR 62380:2004 Reliability Data
Handbook.
• Failure mode distributions are taken principally from IEC 62061:2005 Safety of Machinery.
• Proof testing must be carried out according to the application requirements, but it is
recommended that this be carried out at least once every three years.
• Consideration should be made of the normal lifetime for a device of this type which would
be in the region of ten years.
• There are no internal diagnostic elements of this product.
• The transmission of HART data is not considered as part of the safety function and is
excluded from this analysis.
• For all other product parameters related to its application (voltage range, environment, etc.)
please refer to the published MTL data sheet for this product, at www.mtl-inst.com.

Signed on behalf of MTL

Analyst Chief Technical Officer
Simon Ansell Jon Malins
Signed:

Date: 1st July 2008 Date: 18th July 2008

FMEA/DD4546/06/08 Page 2 of 2