FMEA

IEC 61508
Data Declaration
DOCUMENT NO. MTL09FMEA4546Y/1

Declaration relating to: MTL4546Y and MTL5546Y

Manufactured and assessed by:

Measurement Technology Limited, Power Court, Luton, Bedfordshire, LU1 3JJ

This document is issued as a summary of the hardware failure data affecting the application of the
equipment as a sub-system being part of a Safety Function intended to conform with the requirements
of IEC61508 - Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related
Systems. The hardware has been subjected to a Failure Modes and Effects Analysis (FMEA) to
determine the specific failure modes and failure rates with the relevant results presented herein.

Product Description
The MTL4546Y and MTL5546Y accept 4/20mA floating signals from a safe-area controller to drive
a current/pressure converter (or any other load up to 800Ω) in a hazardous area. For smart valve
positioners, the module also permits bi-directional transmission of digital communication signals.
Process controllers with a readback facility can detect open circuits in the field wiring: if these occur,
the current taken into the terminals drops to a preset level. The MTL4546Y and MTL5546Y provide
open circuit detection only.

Product Failure Rates

The hardware assessment shows that MTL4546Y and MTL5546Y Isolating drivers

• Have a hardware fault tolerance of 0

• Are classified as Type A device

It is assumed that the module is powered from a nominal 24Vdc supply.

The definitions for product failure of the MTL4546Y and MTL5546Ywere determined as:-

Failure mode Failure rate (FIT)

Output current >21mA (upscale) 3
Output current <3.6mA (downscale) 276
Output current within range but >2% in error 58
Output current correct within ±2% 289

FMEA/DD4546Y/02/09 Page 1 of 2
 FMEA
IEC 61508
Example of use in a safety function
In this example, the application context is assumed to be:

• the safety function is to repeat current within ±2%

The failure modes shown above can then be defined as

Failure mode Category
Output current >21mA (upscale) Dangerous undetected, λdu
Output current <3.6mA (downscale) Dangerous undetected, λdu
Output current within range but >2% in error Dangerous undetected, λdu
Output current correct within ±2% Safe undetected, λsu
The failure rates for these categories are then (FITs)
Model λsd λsu λdd λdu
MTL4546Y and MTL5546Y 0 289 0 337

In this example, the safe failure fraction is 46% and so the devices meet the hardware architecture
constraints to be used as single devices in Safety Instrumented Functions up to SIL1.

Notes
• FITs means failures per 109 hours or failures per thousand million hours.
• Reliability data for this analysis is taken from IEC TR 62380:2004 Reliability Data
Handbook.
• Failure mode distributions are taken principally from IEC 62061:2005 Safety of Machinery.
• Proof testing must be carried out according to the application requirements, but it is
recommended that this be carried out at least once every three years.
• Consideration should be made of the normal lifetime for a device of this type which would be
in the region of ten years.
• There are no internal diagnostic elements of this product.
• The transmission of HART data is not considered as part of the safety function and is
excluded from this analysis.
• For all other product parameters related to its application (voltage range, environment, etc.)
please refer to the published MTL data sheet for this product, at www.mtl-inst.com.

Signed on behalf of MTL

Analyst Chief Technical Officer
Simon Ansell Jon Malins

Si d
Date: 10th Feb 2009 Date: 29th April 2009

FMEA/DD4546Y/02/09 Page 2 of 2