FMEA

IEC 61508
Data Declaration
DOCUMENT NO. MTL08FMEA4549 Issue 1

Declaration relating to: MTL4549, MTL5549, MTL4549C, MTL4549Y and MTL5549Y

Manufactured and assessed by:

Measurement Technology Limited, Power Court, Luton, Bedfordshire, LU1 3JJ

This document is issued as a summary of the hardware failure data affecting the application of the
equipment as a sub-system being part of a Safety Function intended to conform with the requirements
of IEC61508 - Functional Safety of Electrical/Electronic/Programmable Electronic Safety Systems.
The hardware has been subjected to a Failure Modes and Effects Analysis (FMEA) to determine the
specific failure modes and failure rates with the relevant results presented herein.

Product Description
The MTL4549, MTL4549C, MTL4549Y, MTL5549 and MTL4549Y accept two 4/20mA signals from
safe-area controllers to drive two current/pressure converters (or any other load up to 800Ω) in a
hazardous area. For smart valve positioners, the module also permits bi-directional transmission of
digital communication signals. The MTL4549 and MTL5549 communicate open and short circuits in
field wiring by reducing the current taken into the terminals to a preset level. The MTL4549C,
MTL4549Y and MTL5549Y communicate open circuits only in the field wiring by reducing the
current taken into the terminals to a preset level.

Product Failure Rates

The hardware assessment shows that the Isolating Drivers

• have a hardware fault tolerance of 0

• are classified as Type A devices

It is assumed that the module is powered from a nominal 24Vdc supply and operating with a
Hazardous/Field side load resistance of 250Ω.
The definitions for product failure of these modules were determined as:-

Failure mode Failure rate (FIT)

Output current >21mA (upscale) 3
Output current <3.6mA (downscale) 329
Output current within range but >2% in error 58
Output current correct within ±2% 289

The failure rates apply to either channel 1 or channel 2 used in a safety function. Both channels should
not be used in the same safety function. Failures may affect both channels simultaneously.

FMEA/DD4549/09/08 Page 1 of 2
 FMEA
IEC 61508
Example of use in a safety function
In this example, the application context is assumed to be:

• the safety function is to repeat current within ±2%

The failure modes shown above can then be defined as

Failure mode Category

Output current >21mA (upscale) Dangerous detected, λdd
Output current <3.6mA (downscale) Dangerous detected, λdd
Output current within range but >2% in error Dangerous undetected, λdu
Output current correct within ±2% Safe undetected, λsu
The failure rates for these categories are then (FITs)
Model λsd λsu λdd λdu
MTL4549, MTL5549, MTL4549C,
0 288 0 390
MTL4549Yand MTL5549Y

In this example, the safe failure fraction is 43% and so the device meets the hardware architecture
constraints to be used as single devices in Safety Instrumented Functions at SIL1.

Notes
• FITs means failures per 109 hours or failures per thousand million hours.
• Reliability data for this analysis is taken from IEC TR 62380:2004 Reliability Data Handbook.
• Failure mode distributions are taken principally from IEC 62061:2005 Safety of Machinery.
• Proof testing must be carried out according to the application requirements, but it is
recommended that this be carried out at least once every three years.
• Consideration should be made of the normal lifetime for a device of this type which would be
in the region of ten years.
• There are no internal diagnostic elements of this product.
• The transmission of HART data is not considered as part of the safety function and is excluded
from this analysis.
• For all other product parameters related to its application (voltage range, environment, etc.)
please refer to the published MTL data sheet for this product, available at www.mtl-inst.com.

Signed on behalf of MTL

Analyst Chief Technical Officer

Simon Ansell Jon Malins

Date: 15th September 2008

Date 17th Nov 2008

FMEA/DD4549/09/08 Page 2 of 2