1. No category

Manual Supplement: Rosemount 2140 - SIS Level Detector

Manual Supplement
00809-0200-4140, Rev AA
January 2017
Rosemount 2140:SIS Level Detector
Functional Safety Manual
Manual Supplement
Contents
00809-0200-4140, Rev AA
January 2017
Contents
1Section 1: Introduction
1.1 Scope and purpose of the safety manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 Terms and definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Skill level requirement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.5 Documentation and standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2Section 2: Product Description
2.1 Operation principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Level detector purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 Ordering information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.4 Ready for upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5 Safety Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3Section 3: Designing a Safety Function Using the Rosemount
2140:SIS
3.1 Safety function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 Environmental limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.3 Application limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.4 Design verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.5 Safety Instrumented System (SIS) certification . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.6 Safety certified identification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.7 Proof testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.7.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.7.2 Comprehensive proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.7.3 Partial proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.7.4 Proof-test interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.7.5 Tools required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.7.6 Data required. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.8 Connection of the level detector to the SIS logic solver . . . . . . . . . . . . . . . . . . . . 14
3.9 General requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.10SIS example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4Section 4: Installation and Commissioning
4.1 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Contents
iii
Manual Supplement
Contents
00809-0200-4140, Rev AA
January 2017
4.2 Physical location and placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 Electrical connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.4 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.4.1 Hardware configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.4.2 Software configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5Section 5: Operation and Maintenance
5.1 Proof-test requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.2 Repair and replacement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3 Notification of failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
AAppendix A: Specifications
A.1 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
A.2 Useful life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
A.3 Useful lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
BAppendix B: Proposed Full Proof-test Procedure
B.1 Suggested proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
B.2 Full Proof Test Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
B.3 Impact on SIF and process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
B.4 Duration of full proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
B.5 Personal safety concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
CAppendix C: Proposed Partial Proof-test Procedure
C.1 Suggested proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
C.2 Full Proof Test Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
C.3 Impact on SIF and process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
C.4 Duration of full proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
C.5 Personal safety concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
DAppendix D: PFDAVG Calculation
D.1 Average probability of failure on demand (PFDAVG) . . . . . . . . . . . . . . . . . . . . . . 33
EAppendix E: PFH Calculation
E.1 Probability of dangerous failure per hour (PFH) . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
FAppendix F: Diagnostic Intervals
F.1 Diagnostic checks and intervals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
iv
Contents
Manual Supplement
Introduction
00809-0200-4140, Rev AA
Section 1
1.1
January 2017
Introduction
Scope and purpose of the safety manual
This safety manual contains the information to design, install, verify and maintain a Safety Instrumented
Function (SIF) utilizing the Rosemount 2140:SIS Level Detector (“level detector”).
The manual provides the necessary requirements to enable the integration of the level detector when
showing compliance with the IEC 61508 or IEC 61511 functional safety standards. It indicates all
assumptions that have been made on the usage of the level detector. If these assumptions cannot be
met by the application, the SIL capability of the level detector may be adversely affected.
Note
For product support, use the contact details on the back page.
1.2
Safety messages
Procedures and instructions in this section may require special precautions to ensure the safety of the
personnel performing the operation. Information that raises potential safety issues is indicated by a
warning symbol ( ). Refer to the following safety messages before performing an operation preceded
by this symbol.
Failure to follow these guidelines could result in death or serious injury.

Make sure only qualified personnel perform the installation.
Explosions could result in death or serious injury.
Verify that the operating environment of the level detector is consistent with the
appropriate hazardous locations certifications.

Before connecting a Field Communicator in an explosive atmosphere, make sure the
instruments in the loop are installed in accordance with intrinsically safe or non-incendive
field wiring practices.

Do not remove the level detector covers in explosive atmospheres when the circuit is
alive.

Both level detector covers must be fully engaged to meet explosion-proof requirements.
Electrical shock can result in death or serious injury.



Avoid contact with the leads and terminals. High voltage that may be present on leads can
cause electrical shock.
Make sure the main power to the level detector is off, and the lines to any other external
power source are disconnected or not powered while wiring the level detector.
Note
Customer must follow the “Application limits” on page 9.
Introduction
1
Manual Supplement
Introduction
00809-0200-4140, Rev AA
January 2017
1.3
Terms and definitions
Table 1-1. Terms and Definitions
2
Term
Definition
BPCS
Basic Process Control System
λDU
Dangerous Undetected
λDD
Dangerous Detected
λSU
Safe Undetected
λSU
Safe Detected
CPT
Comprehensive Proof Test
Diagnostic Coverage
[DC] Percentage of detectable faults to undetectable faults
Diagnostic Test
Interval
Time during which all internal diagnostics are carried out at least once.
EFP
Enhanced Features Package
Fail-safe state
State where switch output is in the state corresponding to an alarm condition. In
this condition the switch contacts will normally be open.
Fail dangerous
Failure that does not respond to an input from the process (i.e. not switching to
the fail-safe state).
FIT
Failure In Time per billion hours
Fail Dangerous
Detected
Failure that is dangerous but is detected.
Fail Dangerous
Undetected
Failure that is dangerous and that is not detected.
Fail No Effect
Failure of a component that is part of the safety function but that has no effect on
the safety
function.
Fail Safe
Failure that causes the switch to go to the defined fail-safe state without an input
from the process.
FMEDA
Failure Modes, Effects and Diagnostic Analysis
HART®
Highway Addressable Remote Transducer
Functional Safety
Part of the overall safety relating to the process and the BPCS which depends on
the correct functioning of the SIS and other protection layers.
HFT
Hardware Fault Tolerance as defined by 61508-2 7.4.4.1.1
High demand mode
The safety function is only performed on demand, in order to transfer the EUC
(Equipment Under Control) into a specified safe state, and where the frequency
of demands is greater than one per year (IEC 61508-4).
Low demand mode
The safety function is only performed on demand, in order to transfer the EUC
into a specified safe state, and where the frequency of demands is no greater than
one per year (IEC 61508-4).
Level detector
response time
The time from a step change in the process until level detector output reaches
90% of its final steady state value (step response time as per IEC 61298-2).
PFDAVG
Average Probability of Failure on Demand
Introduction
Manual Supplement
Introduction
00809-0200-4140, Rev AA
January 2017
Table 1-1. Terms and Definitions
Introduction
PFH
Probability of dangerous failure per hour.
PPT
Partial Proof Test
Random Integrity
The SIL limit imposed by the architectural constraints that must be met for each
element.
Safety Demand
Interval
The expected time between safety demands.
Systematic Capability
A measure (expressed on a scale of SC 1 to SC 4) of the confidence that the
systematic safety integrity of an element meets the requirements of the specified
SIL, in respect of the specified element safety function, when the element is
applied in accordance with the instructions specified in the compliant item safety
manual for the element as per 61508-4
SFF
Safe Failure Fraction
SIF
Safety Instrumented Function
SIL
Safety Integrity Level - a discrete level (one out of four) for specifying the safety
integrity requirements of the safety instrumented functions to be allocated to
the safety instrumented systems. SIL 4 has the highest level of safety integrity,
and SIL 1 has the lowest level.
SIS
Safety Instrumented System (SIS) - an instrumented system used to implement
one or more safety instrumented functions. An SIS is composed of any
combination of sensors, logic solvers, and final elements.
Type B device
Complex device using controllers or programmable logic, as defined by the
standard IEC 61508.
3
Manual Supplement
Introduction
00809-0200-4140, Rev AA
January 2017
1.4
Skill level requirement
System design, installation and commissioning, and repair and maintenance shall be carried out by
suitably qualified personnel.
1.5
Documentation and standards
This section lists the documentation and standards referred to by this safety manual.
Table 1-2. Associated Documentation
Documents
Purpose of documents
IEC 61508-2: 2010
Functional Safety of Electrical/Electronic/Programmable Electronic
Safety-Related Systems
MOB 15-08-12 R001
V1R1 FMEDA
2140:SIS.pdf
FMEDA Report Version V1, Revision R1, or later, for the Rosemount
2140:SIS level detector
00813-0100-4140
Rosemount 2140:SIS Level Detector Product Data Sheet
00809-0100-4140
Rosemount 2140 Level Detector Reference Manual
Table 1-3. Associated Standards
Standards
4
Purpose of standards
IEC 61508: 2010
Functional Safety of electrical/electronic/programmable electronic
safety-related systems
IEC 61511
(ANSI/ISA 84.00.01-2004)
Functional safety - Safety instrumented systems for the process industry
sector
IEC 60664-1
Insulation coordination for equipment with low voltage systems
IEC 61984
Connectors - Safety requirements and test
HRD 5:1994
Handbook of Reliability Data for Components used in Telecommunication
systems
Introduction
Manual Supplement
Product Description
00809-0200-4140, Rev AA
Section 2
2.1
January 2017
Product Description
Operation principle
The Rosemount 2140:SIS Level Detector (“level detector”) consists of a tuned fork with a driver and
receiver element, and integral interface electronics. The level detector is based on the principle that the
resonant frequency of a tuned fork changes when it is immersed in a liquid. The frequency change is
detected and used to switch an electronic output.
The device output is 4-20 mA.
Note
For all product information and documentation downloads, visit Emerson.com/Rosemount.
2.2
Level detector purpose
The Level switch indicates, by means of an electronic output, whether the level of a process liquid is
above, or below, a certain point (the switching point).
Figure 2-1. Example Applications
Pump control
High and low alarm
Product Description
Overfill protection
5
Manual Supplement
Product Description
00809-0200-4140, Rev AA
January 2017
2.3
Ordering information
Typical Model Number: 2140 F H A 1 M S 1 NN B A 0000 1 NA Q4 Q8
The first option code after “2140” indicates the profile type:

F = Functional safety / SIS applications

A = Standard monitoring and control application
A level detector with profile type F has achieved a SIL rating. See Table 3-1 on page 11 for Safety
Instrumented System (SIS) parameters.
The other option codes in the model number refer to materials, fittings, and other mechanical options
which do not affect SIS parameters.
Models with the QS option code are supplied with a manufacturer’s prior-use certificate of FMEDA data.
Models with the QT option, if available, are supplied with a third party certificate of SIL capability.
Note
Level detectors with profile type A, in combination with the EF1 product feature and the upgrade having
been applied, have also achieved a SIL rating.
2.4
Ready for upgrade
Products originally purchased with the “ready for upgrade” model code as shown in Table 2-1 will be
issued with a SIL certificate that certifies the product from the date of original manufacture only.
Table 2-1. Rosemount 2140 Ready for Upgrade Code
Product features
EF1
2.5
Ready for upgrading to a Rosemount 2140:SIS with enhanced features enabled
★
Safety certification
Rosemount certifies that the Rosemount 2140 Vibrating Fork Liquid Level Switch with serial numbers
listed above was manufactured to IEC61508 and has the following failure rates and probability of failure
on demand values documented in the referenced report(s).
Certified to IEC 61508 (F, F EF2, A EF1) By Exida
See attached Exida certificate number MOB 1508012 C001.
Note
For the “A EF1” model, the upgrade code must be applied.
6
Product Description
Manual Supplement
Product Description
00809-0200-4140, Rev AA
January 2017
Failure rate data
Failure rate data was completed via Failure Mode Effect Diagnostic Analysis (FMEDA) with boundary of
transmitter sensor to output electronics per IEC 61508 Type B device.
Table 2-2. Rosemount 2140:SIS (F/F-EF1/F-EF2/A-EF1)
λDU(1)
λSU(1)
λDD(1)
λDU(1)
SFF
Dry = ON
0
12
522
18
96.7%
Wet = ON
0
14
525
13
97.6%
Failure categories
1.
All λ figures are in FITs (1 x 10-9 Failures in Time)
Table 2-3. Rosemount 2140:SIS (F/F-EF1/F-EF2/A-EF1), T1
λDU(1)
λSU(1)
λDD(1)
λDU(1)
SFF
Dry = ON
0
12
522
18
96.7%
Wet = ON
0
14
525
13
97.6%
Failure categories
1.
All λ figures are in FITs (1 x 10-9 Failures in Time)
Note
For the “A-EF1” model referred to in Table 2-2 and Table 2-3, the upgrade code must be applied.
Product Description
7
Product Description
January 2017
8
Manual Supplement
00809-0200-4140, Rev AA
Product Description
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
Section 3
3.1
January 2017
Designing a Safety Function Using
the Rosemount 2140:SIS
Safety function
A change in liquid level through the switch point of the Rosemount 2140:SIS Level Detector (“level
detector”) causes it to operate. It may be used in high level or low level safety related applications. It is
important that the level detector is user-configured for the correct application.
3.2
Environmental limits
The designer of the SIF (Safety Instrumented Function) must check that the level detector is rated for use
within the expected environmental limits. See the Rosemount 2140:SIS Level Detector Product Data
Sheet for environmental limits.
Note
For all product information and documentation downloads, see the on-line
Rosemount 2140:SIS web page at Emerson.com/Rosemount.
3.3
Application limits
Failure to comply with the following requirements will result in the invalidation of the
products safety certification.
 Check for risk of media build-up on the forks. Avoid situations where drying and coating
products may create excessive build-up (see Figure 3-1) or implement preventative
maintenance programs to ensure the media buildup is insufficient to impair performance.

Ensure there is no risk of ‘bridging’ the forks. Examples of products that create ‘bridging’of forks
are dense paper slurries and bitumen.
It is very important that the SIF designer checks for material compatibility by considering process liquids
and on-site chemical contaminants. If the level detector is used outside the application limits or with
incompatible materials, the reliability data and predicted SIL capability becomes invalid.
The construction materials of a level detector are specified in the product data sheet and the product
reference manual. Use the model code on the product label, and the ordering information table and
specification in these product documents, to find out the construction materials.
Designing a Safety Function Using the Rosemount 2140:SIS
9
Designing a Safety Function Using the Rosemount 2140:SIS
Manual Supplement
00809-0200-4140, Rev AA
January 2017
Figure 3-1. Product Build-up
OK
3.4
Design verification
A detailed Failure Modes, Effects and Diagnostics Analysis (FMEDA) report for the Rosemount
2140:SIS Level Detector is available from Emerson. This report details all failure rates and failure
modes as well as expected lifetime.
Note
The FMEDA report is available from the Rosemount 2140 Level Detector - Vibrating Fork web site
page at Emerson.com/Rosemount. In the Documents section, there are SIL documents including
the FMEDA report and this safety manual.
The achieved Safety Integrity Level (SIL) of an entire Safety Instrumented Function (SIF) design must
be verified by the designer using a PFDAVG calculation considering the architecture, proof-test
interval, proof-test effectiveness, any automatic diagnostics, average repair time, and the specific
failures rates of all equipment included in the SIF.
Each subsystem must be checked to assure compliance with minimum Hardware Fault Tolerance
(HFT) requirements. When using the level detector in a redundant configuration, a common cause
factor of at least 5% should be included in the safety integrity calculations.
The failure rate data listed in the FMEDA report is only valid for the useful lifetime of the level
detector. The failure rates increase after this useful lifetime period has expired. Reliability
calculations based on the data listed in the FMEDA report for mission times beyond the lifetime may
yield results that are too optimistic, i.e. the calculated SIL will not be achieved.
10
Designing a Safety Function Using the Rosemount 2140:SIS
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
3.5
January 2017
Safety Instrumented System (SIS) certification
For safety instrumented systems usage, the 4/20 mA analog output is used as the primary safety
variable. It is configured to activate the alarm function if an error occurs.
The measurement signal used by the logic solver must be the discrete current levels set at the instrument
output used to indicate the sensor condition. The HART protocol can only be used for setup, calibration,
and diagnostic purposes, not for safety critical operation.
The Rosemount 2140:SIS Level Detector is IEC 61508 certified accordingly:

Low and high demand: Type B element

SIL 2 for random integrity @ HFT=0
The Rosemount 2140:SIS has met manufacturer design process requirement of Safety Integrity Level
(SIL) 2. These are Intended to achieve sufficient Integrity against systematic errors of design by the
manufacturer.
A safety Instrumented Function (SIF) designed with this product must not be used at a SIL level higher
than stated.
Table 3-1. Assessed Values
Failure Rate (FIT)
Model
2140:SIS T0
Dry ON
2140:SIS T0
Wet ON
2140:SIS T1
with EFP
SFF (%)
DC (%)
18
96.7
94.5
62
31
525
13
97.6
95.1
58
24
23
526
18
96.8
92.7
59
37
24
529
13
97.7
93.4
41
10
SD
SU
DD
DU
0
12
522
0
14
0
0
CPT (%) PPT (%)
Dry ON
2140:SIS T1
with EFP
Wet ON
3.6
Safety certified identification
All Rosemount 2140:SIS Level Detectors must be identified as safety certified before installing into SIS
systems.
Verify that:
1.
The model code starts with 2140F, or 2140A with option code EF1 and upgrade code applied.
2.
A yellow tag is affixed to the outside of the level detector
3.
A yellow stripe goes around the sensor module.
4.
The software (SW) is V01.00.00 or later with the SIS configuration implemented.
Designing a Safety Function Using the Rosemount 2140:SIS
11
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
January 2017
Figure 3-2. Safety Certified Identification
HW XX . XX . XX
SW XX . XX . XX
SERIAL No. XXXXXXXXXXXX
MODEL: 2140FXXXXXXXXXX
Application examples

Overfill prevention

Point level detection

Dry-run prevention
3.7
Proof testing
3.7.1
Overview
The Rosemount 2140:SIS Level Detector (“level detector”) must be tested at regular intervals to detect
any failures not detected by automatic on-line diagnostics i.e. dangerous failures, diagnostic failures,
parametric failures such that the unit can be repaired and returned to an equivalent as new state.
It is the user's responsibility to choose the type of testing applied to the unit within their safety system.
If an error is found in the safety functionality, the detector shall be put out of operation and the process
shall be kept in a safe state by other measures unit such time as a repaired or replacement unit can be
installed and commissioned.
The level detector comes complete with two proof test options
3.7.2

Comprehensive “bucket” test

Partial proof test
Comprehensive proof test
The full proof-test performs a complete test of the system elements. The sensor, measuring electronics
and output stage are all checked by virtue of changing of the sensor condition and observation of the
output.
The suggested full proof test sequence for the 2140:SIS is described in Appendix B: Proposed Full
Proof-test Procedure and the proof test coverage values can be found In Table B-2
12
Designing a Safety Function Using the Rosemount 2140:SIS
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
3.7.3
January 2017
Partial proof test
The level detector has the ability of performing a partial proof test. This test has reduced diagnostic
coverage compared with the comprehensive test, in that it is limited to exercising the electronics and
verifying that there are no faults causing a higher output current than desired, or issues preventing the
device from driving to higher analog values.
The partial proof test presents the following benefits:

Provides a percentage of the comprehensive device coverage enabling the unit to be tested and its
effective PFD to be reduced by this percentage at the time of the test.

For an example of benefits on system PFD calculations of partial proof, testing see Figure 3-4.

Can be performed remotely using a HART® Host or AMS™ Device Manager

Remote activation results in a safer environment for those carrying out the test.

No additional hardware required; eliminate risk of testing the wrong device, or pressing wrong button
by accident.

Output cycles through fault, wet, and dry conditions then return to actual state.

Device alerts if it finds a problem.

Test can be performed “in-process” and takes less than 1minute to complete - process continually
monitored and any challenge to the device state reported immediately upon test completion.

Provides capability to extend comprehensive testing to align with standard plant maintenance
schedules.

May give the user the flexibility to schedule the comprehensive proof testing Interval to fit with his
site's scheduled plan.

Locally initiated using integrated push buttons or LOI if required
A suggested partial proof test scheme can be found In Appendix C: Proposed Partial Proof-test Procedure
3.7.4
Proof-test interval
The time intervals for proof-testing are defined by the SIL verification calculation (subject to the
PFDAVG). The proof-tests must be performed more frequently than or as frequently as specified in the
SIL verification calculation in order to maintain the required safety integrity of the overall SIF.
Results from periodic proof-tests shall be recorded and periodically reviewed. For the specification of
customer requirements required to fulfil this SIS requirement, please see 61511.
Note
For a valid result, always perform the proof-test on the product media and media conditions that will be
stored in the tank while the device is in operation.
3.7.5
3.7.6
Tools required

HART host/ or Field Communicator

mA meter

Safety logic solver
Data required
The date, time and name of the operator that performed, or system that triggered, the proof-test, the
response time and result of the proof-test will be documented for maintaining the proof-test history of
the device for PFDAVG calculations.
Designing a Safety Function Using the Rosemount 2140:SIS
13
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
January 2017
3.8
Connection of the level detector to the SIS logic solver
The Rosemount 2140:SIS Level Detector should be connected to the safety-rated logic solver which is
actively performing the safety function as well as automatic diagnostics (if any) designed to diagnose
potentially dangerous failures within the level detector. In some cases, it may also be connected directly
to the final element.
The Rosemount 2140:SIS Level Detector Reference Manual gives full installation details for the level
detector. The logic solver trip levels must be compatible with (higher than) the sensor alarm levels given
in the specifications section of this manual.
Note
For all product information and documentation downloads, see the on-line
Rosemount 2140:SIS web page at Emerson.com/Rosemount.
3.9
General requirements

The system and function response time shall be less than the process safety time.

The level detector will change to its defined safe state in less than this time with relation to the specific
hazard scenario.

All SIS components, including the level detector must be operational before process start-up.

The user shall verify that the level detector is suitable for use in safety applications by confirming the
level detector nameplate and model number are properly marked.

Personnel performing maintenance and testing on the level detector shall first be assessed as being
competent to do so.


Results from periodic proof tests shall be recorded and periodically reviewed.
The level detector shall not be operated beyond the useful lifetime as listed in the specification section
of the product reference manual without undergoing overhaul or replacement.
Note
For all product information and documentation downloads, see the on-line Rosemount 2140 web page
at Emerson.com/Rosemount.
14
Designing a Safety Function Using the Rosemount 2140:SIS
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
3.10
January 2017
SIS example
The following figures illustrate the indicative benefits of using a combination of comprehensive and
partial proof test to manage the level of risk associated with a particular SIS Installation.
Figure 3-3 shows a typical 1oo1 safety system configuration. Illustrates the benefit of implementing a
combination of comprehensive and partial proof tests on the system's PFD.
Note
It is assumed that the level detector typically contributes ~30% to the systems SIL 2 PFD budget, with the
logic solver and actuator the remaining ~70%.
Figure 3-3. Single Use 1oo1 (1 out of 1) for SIL 2 Low Demand (SIL 2@HFT=0)
Sensor
(Rosemount 2140)
Designing a Safety Function Using the Rosemount 2140:SIS
Logic
Solver
Actuator
15
Manual Supplement
Designing a Safety Function Using the Rosemount 2140:SIS
00809-0200-4140, Rev AA
January 2017
Figure 3-4. System PFD
PFD and PFD average of system when
no proof-testing applied
PFD
PFD
Unit subjected to either no proof-test or a
comprehensive proof-test every 5 years
0
2
4
6
8
10
0
2
Mission time (years)
8
PFDAVG
PFD
10
PFD + CPT
Unit subjected to a partial proof-test every year
and a comprehensive proof-test every 5 years
PFD
PFD
Unit subjected to a partial proof-test every year
and a comprehensive proof-test every 3 years
0
2
4
6
8
10
PFDAVG + PPT + CPT
0
2
4
6
8
10
Mission time (years)
Mission time (years)
16
6
Mission time (years)
PFDAVG
PFD
4
PFDAVG
PFDAVG + PPT + CPT
PFDAVG
Designing a Safety Function Using the Rosemount 2140:SIS
Manual Supplement
Installation and Commissioning
00809-0200-4140, Rev AA
Section 4
January 2017
Installation and Commissioning
Note
For all product information and documentation downloads, see the on-line Rosemount 2140 web page
at Emerson.com/Rosemount.
4.1
Installation
The Rosemount 2140:SIS Level Detector (“level detector”) must be installed as described in the
installation section of the product reference manual. Check that environmental conditions do not
exceed the ratings in the specification section.
The level detector must be accessible for physical inspection.
4.2
Physical location and placement
The level detector shall be accessible with sufficient room for cover removal and electrical connections,
and allow for manual proof-testing to take place.
The switch point is determined by the location of the level detector, and consideration must be given to
allow the safe proof-testing of the level detector by forcing liquid to put the switch into its Fail-safe state.
4.3
Electrical connections
Wiring should be adequately rated and not be susceptible to mechanical damage. Electrical conduit is
commonly used to protect wiring. The wiring to this device must maintain creepage(1) and clearance
distances. Therefore, the conductors stripping length should be no greater than 6 mm and be free from
stray strands.
Use shielded twisted pairs to yield best results. To ensure proper communication, use 24 AWG, to a
maximum of 14 AWG, and do not exceed 5000 feet (1500 meters). Cable length is limited by the
selection of monitoring resistance and wire gauge.
All power to the transmitter is supplied over the signal wiring. Signal wiring need not be shielded, but use
twisted pairs for best results. Do not run unshielded signal wiring in conduit or open trays with power
wiring, or near heavy electrical equipment. For high EMI/RFI environments, shielded twisted pair cable
should be used.
1.
Creepage distance is a measurement that is commonly used in determining the conducting path of the flow of electricity.
Installation and Commissioning
17
Manual Supplement
Installation and Commissioning
00809-0200-4140, Rev AA
January 2017
Load (Ws)
Figure 4-1. Load Limitation
1387
1000
500
0
10.5
20
30
42.4
Maximum Loop Resistance = 43.5 * (External Power Supply Voltage – 10.5)
4.4
Configuration
4.4.1
Hardware configuration
The following are physical configuration options.
Alarm level switch
Under alarm conditions, the Current Output is set by the device to either a predefined High or Low level,
beyond the standard 4 to 20mA operating range. The Alarm Level switch is set to either the 'H' or 'L'
position to determine whether the Current Output is set to the High or Low alarm current.
Read-only switch
The Read-Only switch is set to the Locked position to prevent changes to the device configuration via the
LOI or HART interfaces.
Figure 4-2 the location of the Alarm Level and Read-Only switches.
Figure 4-2. Alarm Level and Read-Only Switch Positions
A
B
A. Alarm Level switch
B. Read-only switch
18
Installation and Commissioning
Manual Supplement
Installation and Commissioning
00809-0200-4140, Rev AA
4.4.2
January 2017
Software configuration
The following are achieved via software configuration.
Media Density Selection
The 2140:SIS is capable of operating with fluids with density from 400 to 1000kg/m3. The Media Density
Selection parameter is used to select the process medium density range, which ensures the point at
which a Wet indication is given is consistent. Possible settings are shown inTable 4-1.
Table 4-1. Media Density Selection settings
Media Density Selection setting
Media Density Selection range (kg/m3)
0.4 – 0.6 SG
400-600
0.5 – 0.9 SG
500-900
0.8 – 1.3 SG
800-1000
High and low alarm levels
These settings are used to specify the current level that will be set at the current output in event of alarm
conditions. In event of "Custom" Alarm Levels being selected, values must be specified for the current
level that will be set at the current output in event of alarm conditions. These are configured via the High
and Low Alarm Current parameters.
These settings work in conjunction with the setting of the Alarm level switch described in Table 4-2 to
determine which current to apply. Allowable currents are shown in Table 4-2.
Table 4-2. Alarm Current Levels
Alarm and Saturation
type
Low alarm level (mA)
High alarm level
(mA)
NAMUR
<= 3.6
>= 22.5
Rosemount
<= 3.75
>= 21.75
Custom
3.6 – 3.8
20.2 - 23
Current output operating mode
The Current Output Operating Mode parameter is used to determine the state of the output (either On
or Off) depending on the condition of the sensor.
The condition of the sensor, when immersed in a media, is termed Wet. Conversely, when not immersed
in a media, the sensor condition is termed Dry.
The fundamental operating modes of the system are termed Wet On and Dry On. This is when the user
configures the system to switch its output on (the higher of two discrete current levels) when the sensor
is in the Wet condition or in the Dry condition Figure 4-3 shows an application where high and low level
alarms are annunciated by the appropriate transmitter switching its output off.
Installation and Commissioning
19
Manual Supplement
Installation and Commissioning
00809-0200-4140, Rev AA
January 2017
Figure 4-3. High and Low Level Alarms with Wet On and Dry On Configuration Use
A
B
A. Configured in Dry On Mode. When the media rises above this point, the system output is switched off.
B. Configured is Wet On mode. When the media falls below this point, the system output is switched off.
Figure 4-4 shows an application where either a high level alarm or low level alarm can be annunciated by
the output being switched off, depending on whether the system is configured for Wet On or Dry On
mode.
Figure 4-4. High or low alarm depending on Wet On or Dry On Setting
A
A. When configured in Wet On mode, the output switches off when the media falls below this point. When configured in Dry On
mode, the output switches off when the media ris
Sensor Operating Mode
Sensor operating mode can be configured to give either a Dry (Enhanced fault = Dry) or Wet (Enhanced
fault = Wet) indication in event of invalid sensor frequency values. In addition, a sensor alarm is
annunciated in this case.
20
Installation and Commissioning
Manual Supplement
Installation and Commissioning
00809-0200-4140, Rev AA
January 2017
Current Output Type
The Current Output can be configured to switch between standard instrument levels 8 and 16mA and 4
and 20mA. In addition, a Custom mode is provided, where the user can define, between 4 and 20mA,
custom current levels via the Custom On Current and Custom Off Current parameters to indicate Wet
and Dry conditions, dependent on the setting of the Current Output Operating Mode.
8 and 16mA, 4 and 20mA and Custom settings
This section details further the effects of combinations of the setting of the Alarm Level switch, in
addition to the Alarm Levels, High and Low Alarm, Current Output Operating Mode, Sensor Operating
Mode and Current Output Type parameters.
Figure 4-5 shows the effects on the current output when the Current Output Type is set to 4 and 20mA.
Note to achieve the output behavior shown, the Current Output Operating Mode is set to 'Dry On', Alarm
Levels is set to 'Custom', Low Alarm Current is set to 3.6mA and the Alarm Level Switch is set to 'L'.
Figure 4-5. Current Output Type Set to 4 and 20mA
24
20
16
8
4
3.6
Dry
Installation and Commissioning
Wet
Switch state
Fault
21
Manual Supplement
Installation and Commissioning
00809-0200-4140, Rev AA
January 2017
Figure 4-6 shows the effects on the product output when the Current Output Type is set to 8 and 16mA.
Note that to achieve this behaviour, the Current Output Operating Mode is set to 'Wet On', Alarm Levels
is set to 'Custom', High Alarm Current is set to 23mA and the Alarm Level switch is set to 'H'.
Figure 4-6. Current Output Type Set to 8 and 16mA
28
20
16
8
4
3.6
Dry
Wet
Switch state
Fault
Figure 4-7 shows the effects on the product output when the Current Output Type is set to 'Custom'. To
achieve this behaviour, the Current Output Operating Mode is set to 'Wet On', the Custom Off Current is
set to 5mA, the Custom On Current is set to 15mA, Alarm Levels is set to 'Rosemount' and the Alarm
Level switch is set to 'H'.
Figure 4-7. Current Output Type Set to Custom
24
20
16
8
4
3.6
Dry
22
Wet
Switch state
Fault
Installation and Commissioning
Manual Supplement
00809-0200-4140, Rev AA
Installation and Commissioning
January 2017
Output Delay
The Output Delay is used to enforce a delay in seconds between a demand for an output change and the
output change occurring. When a demand occurs, the sensor state causing the demand must be
consistent for the duration of the Output Delay. If the state changes to a state other than that which will
cause the output state change, the Output Delay time is restarted.
Fault Delay
The Fault Delay is used to enforce a delay in seconds between a sensor fault being detected, and the fault
action being taken (alarm annunciation). When the sensor fault occurs, it must persist for the duration of
the Fault Delay before the fault action is performed. When in the fault mode, the Fault Delay is not
applied for transitions to valid sensor states, with the fault action being reset immediately.
Installation and Commissioning
23
Installation and Commissioning
January 2017
24
Manual Supplement
00809-0200-4140, Rev AA
Installation and Commissioning
Manual Supplement
Operation and Maintenance
00809-0200-4140, Rev AA
Section 5
5.1
January 2017
Operation and Maintenance
Proof-test requirement
During operation, a low-demand mode SIF must be proof-tested. The objective of proof-testing is to
detect failures within the equipment in the SIF that are not detected by any automatic diagnostics of the
system. Undetected failures that prevent the SIF from performing its function are the main concern.
Periodic proof-tests shall take place at the frequency (or interval) defined by the SIL verification
calculation. The proof-tests must be performed more frequently than or as frequently as specified in the
SIL verification calculation in order to maintain the required safety integrity of the overall SIF.
A sample procedure is provided in Appendix B: Proposed Full Proof-test Procedure.
Results from periodic proof tests shall be recorded and periodically reviewed.
5.2
Repair and replacement
Repair procedures in the Rosemount 2140 Level Detector reference manual must be followed.
5.3
Notification of failures
In case of malfunction of the system or SIF, the Rosemount 2140:SIS Level Detector shall be put out of
operation and the process shall be kept in a safe state by other measures.
Emerson must be informed when the Rosemount 2140:SIS is required to be replaced due to failure. The
occurred failure shall be documented and reported to Emerson using the contact details on the back
page of this functional safety manual. This is an important part of Emerson SIS management process.
Operation and Maintenance
25
Operation and Maintenance
January 2017
26
Manual Supplement
00809-0200-4140, Rev AA
Operation and Maintenance
Specifications
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Appendix A
A.1
Specifications
General
In Table A-1, the safety response time for all output types is the greater of 10 seconds or the selected
seconds delay using the switch output delay setting.
Note
See “Output Delay” on page 23 for the switch output delay setting feature.
Table A-1. General Specifications
Output Type
Supply voltage
Safety Alarm
Levels
(leakage
currents)(1)
4/20 mA
10.5 to 42.4 Vdc
3.6 mA
1.
2.
3.
4.
A.2
Safety
Response
time(2)
10 s
minimum
Switch Point Switch Point
– Water(3)
– Other
Liquid(4)
11 to 15 mm
0 to 30 mm
Logic solver trip levels should be set higher than these values in order to ensure reliable trips.
The safety response time is the greater of 10 seconds, or the configured seconds delay of the Output Delay setting. See “Output
Delay” on page 23 for details of this setting.
Operating (Switch) Point measured from lowest point of fork when liquid is water.
Operating (Switch) Point measured from lowest point of fork when liquid is not water.
Useful life
Based on general field failure data and manufactures component data, a useful life period of
approximately 89 years is expected for the Rosemount 2140:SIS Level Detector at an ambient
temperature of 55 °C. This decreases by a factor of two for every increase of 10 °C, and increases by a
factor of two for every decrease of 10 °C.
A.3
Useful lifetime
According to the standard IEC 61508-2, a useful lifetime based on experience should be assumed.
Although a constant failure rate is assumed by the probabilistic estimation method (see FMEDA report),
this only applies provided that the useful lifetime(1) of components is not exceeded. Beyond their useful
lifetime, the result of the probabilistic calculation method is therefore meaningless as the probability of
failure significantly increases with time.
The useful lifetime is highly dependent on the subsystem itself and its operating conditions. Specifically,
the equipment contains electrolytic capacitors which have a useful life which is highly dependent on
ambient temperature (see Safety Data in the FMEDA report).
This assumption of a constant failure rate is based on the bath-tub curve. Therefore, it is obvious that the
PFDAVG calculation is only valid for components that have this constant domain and that the validity of
the calculation is limited to the useful lifetime of each component.
1.
27
Useful lifetime is a reliability engineering term that describes the operational time interval where the failure rate of a device is rela- tively constant. It is not a term which covers
product obsolescence, warranty, or other commercial issues.
Specifications
Manual Supplement
00809-0200-4140, Rev AA
Specifications
January 2017
It is the responsibility of the end-user to maintain and operate the Rosemount 2140:SIS Level Detector
according to the manufacturer's instructions. Furthermore, regular inspection should show that all
components are clean and free from damage.
Specifications and Reference Data
28
Proposed Full Proof-test Procedure
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Appendix B
B.1
Proposed Full Proof-test Procedure
Suggested proof-test
According to Section 7.4.5.2 (f) of the standard IEC 61508-2, proof-tests shall be undertaken to reveal
dangerous faults which are undetected by diagnostic tests. This means that it is necessary to specify how
dangerous undetected faults which have been noted during the Failure Modes, Effects, and Diagnostic
Analysis can be detected during proof-testing.
The suggested proof test for the Rosemount 2140:SIS Level Detector is in Table . Refer to Table for the
proof test coverage.
The suggested proof test consists of setting the output to a maximum and minimum, and a calibration
check.
Table B-1. Suggested Full Proof-test
Step
B.2
Action
1
Bypass the safety function and take appropriate action to avoid a false trip.
2
Use HART communications to retrieve any diagnostics and take appropriate action.
3
Send a HART command to the transmitter to go to the high alarm current output and verify that
the analog current reaches that value.
4
Send a HART command to the transmitter to go to the low alarm current output and verify that
the analog current reaches that value.
5
Inspect the transmitter for any leaks, visible damage or contamination.
6
Perform a two-point calibration of the transmitter over the full working range.
7
Remove the bypass and otherwise restore normal operation.
Full Proof Test Coverage
Full proof test coverage figures are contained in the table below.
Table B-2. Full Proof-Test Coverage
29
Device
DUPT (FIT)
Proof Test Coverage
2140:SIS T0 Wet On
6
58%
2140:SIS T0 Dry On
5
62%
2140:SIS T1 Wet On
8
41%
2140:SIS T1Dry On
8
59%
Proposed Full Proof-test Procedure
Manual Supplement
Proposed Full Proof-test Procedure
00809-0200-4140, Rev AA
B.3
January 2017
Impact on SIF and process
In order to achieve the product safe state, the sensor must be either removed from or immersed in the
process medium, depending on the operating mode. The process cannot be allowed to operate whilst
the Proof Test is being performed.
B.4
Duration of full proof-test
The full proof test takes several hours to perform with all safety measures being followed.
B.5
Personal safety concerns
As stated in the section Impact on SIF and process , the process must not be allowed to run during the
proof-test procedure.
Proposed Full Proof-test Procedure
30
Proposed Partial Proof-test Procedure
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Appendix C
C.1
Proposed Partial Proof-test
Procedure
Suggested proof-test
The suggested partial proof test for the Rosemount 2140:SIS Level Detector (“level detector”) is
decribed in Table . Refer to the Table for the proof test coverage.
The partial proof test exercises the signal processing and output, but does not test the sensor.
Table C-1. Suggested Partial Proof-test
Step
C.2
Action
1
Inspect the accessible parts of the level detector for any leaks or damage.
2
Bypass the safety function and take appropriate action to avoid a false trip.
3
Send a HART command to the transmitter to go to the high alarm current output and verify
that the analog current reaches that value.
4
Send a HART command to the transmitter to go to the low alarm current output and verify that
the analog current reaches that the value.
5
Trigger the devices Proof Test using either the appropriate HART command or LOI.
6
Verify that the analog output current reaches the configured off, on and alarm levels and is
maintained at the level for the duration of the Proof Test Duration parameter.
6
Remove the bypass and otherwise restore normal operation.
Full Proof Test Coverage
Full proof test coverage figures are contained in the table below.
Table C-2. Full Proof-Test Coverage
C.3
Device
DUPT (FIT)
Proof Test Coverage
2140:SIS T0 Wet On
6
58%
2140:SIS T0 Dry On
5
62%
2140:SIS T1 Wet On
8
41%
2140:SIS T1Dry On
8
59%
Impact on SIF and process
In order to achieve the product safe state, the sensor must be either removed from or immersed in the
process medium, depending on the operating mode. The process cannot be allowed to operate whilst
the Proof Test is being performed.
31
Proposed Partial Proof-test Procedure
Manual Supplement
Proposed Partial Proof-test Procedure
00809-0200-4140, Rev AA
C.4
January 2017
Duration of full proof-test
The full proof test takes several hours to perform with all safety measures being followed.
C.5
Personal safety concerns
As stated in the section Impact on SIF and process , the process must not be allowed to run during the
proof-test procedure.
Proposed Partial Proof-test Procedure
32
PFDAVG Calculation
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Appendix D
D.1
PFDAVG Calculation
Average probability of failure on demand (PFDAVG)
The Average probability of failure on demand (PFDAVG) calculations for a single (1oo1)
Rosemount 2140:SIS Level Detector are shown in this appendix.
The failure rate data used in this calculation is available in the product FMEDA report. A mission time of
10 years has been assumed with a Mean Time To Restoration of 24 hours.
PFDAVG figures can only be used for Low Demand applications. For High Demand applications, refer to
Appendix E: PFH Calculation.
33
PFDAVG Calculation
Manual Supplement
00809-0200-4140, Rev AA
PFDAVG Calculation
PFDAVG Calculation
January 2017
34
PFH Calculation
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Appendix E
E.1
PFH Calculation
Probability of dangerous failure per hour (PFH)
For High Demand applications, product PFH values must be used to determine the suitability of a
product within a SIF.
For a SIF where the safety demand interval is greater than 100(1) times the diagnostic interval, the SIF PFH
value is calculated with the following equation:
PFH = ΣλDU
With all equipment that is part of the safety system contributing to the final PFH value. As the safety
demand interval approaches the diagnostic test rate, on-line diagnostics become increasingly less useful
for detecting dangerous failures. In this case, dangerous detected failures are not included in the PFH
calculation.
In event of the safety demand interval being less than 100(1) times the diagnostic interval, the SIF PFH
value is calculated with the following equation:
PFH = Σ(λDU+ λDD)
Again, with all equipment that is part of the safety system contributing to the final PFH value, but in this
case dangerous detected failure figures are allowed to contribute to the final PFH value.
1.
35
The figure of 100 is used here for illustrative purposes only, and is variable depending on user experience and available knowledge of the SIF.
PFH Calculation
Manual Supplement
00809-0200-4140, Rev AA
PFH Calculation
PFH Calculation
January 2017
36
Diagnostic Intervals
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Appendix F
F.1
Diagnostic Intervals
Diagnostic checks and intervals
The following diagnostic checks are performed by the system software at the following intervals. Note
that all diagnostic checks complete to entirety within one hour.
Table F-1. Diagnostic Checks and Intervals
Diagnostic name
Diagnostic function
Response time
Fault reaction
HART status bit
ALU Fault
Detects anomalies within the
CPU core.
Within 5 minutes.
Alarm current.
Board Failure.
Current Output
Non-Volatile
Non-Correctable Failure
Indicates corruption of current
output non-volatile data that
cannot be re-written by the user.
At start-up,
before system
operation starts.
Highest alarm current
possible, dependent
upon setting of Alarm
Level switch.
Board Failure.
Current Output
Non-Volatile
Correctable Failure
Indicates corruption of current
output non-volatile data that can
be rewritten by the user.
At start-up,
before system
operation starts.
Alarm current.
Board Failure.
Electronics
Temperature Alert (1)
Detects when the electronics
temperature has exceeded user
defined limits.
Within 1 s.
Diagnostic indication
only.
Electronics
Temperature Alert.
Electronics
Temperature Out Of
Limits
The electronics temperature has
exceeded the specified product
limits.
Within 2 s.
Diagnostic indication
only.
Electronics
Temperature Out Of
Limits.
Non-Volatile
Correctable Failure
Indicates corruption of
safety-critical non-volatile data
that can be re-written by the user.
At start-up,
before system
operation starts.
Alarm current.
Non-Volatile
Correctable Failure.
Non-Volatile
Non-Correctable Failure
Indicates corruption of
safety-critical non-volatile data
that cannot be re-written by the
user.
At start-up,
before system
operation starts.
Alarm current.
Non-Volatile
Non-Correctable
Failure.
Non-Volatile
Correctable Warning
Indicates corruption of
non-safety critical non-volatile
data that can be rewritten by the
user.
At start-up,
before system
operation starts.
Diagnostic indication
only.
Non-Volatile
Correctable
Warning.
Non-Volatile
Non-Correctable
Warning
Indicates corruption of
non-safety critical data that
cannot be rewritten by the user.
At start-up,
before system
operation starts.
Diagnostic indication
only.
Non-Volatile
Non-Correctable
Warning.
Non-Volatile Write
Failure
Detects errors in writing to
on-board non-volatile memory.
On demand,
whenever writing
of data fails.
Alarm current.
Non-Volatile Write
Failure.
Output State Alert(1)
Detects when the Output State
device variable has exceeded user
defined limits.
Within 1 s.
Diagnostic indication
only.
Output State Alert.
Power Advisory
Diagnostic(1)
Instability in the product power
supply has been detected.
Within 10 s.
Diagnostic indication
only.
Power Advisory
Diagnostic.
Power Consumption
Diagnostic Failure
Used to detect excessive
electronics current draw.
Within 10 s.
High alarm current.
Board Failure.
Quiescent Current Too
Low
Part of the Power Consumption
Diagnostic, indicates the
electronics are not drawing
enough current.
Within 10 s.
High alarm current.
Board Failure.
37
Diagnostic Intervals
Diagnostic Intervals
Manual Supplement
January 2017
00809-0200-4140, Rev AA
Table F-1. Diagnostic Checks and Intervals
Diagnostic name
Diagnostic function
Response time
Fault reaction
HART status bit
ROM Fault
Detects corruption of the
Microcontroller flash memory.
Within 5 minutes.
Alarm current.
ROM Failure.
Safe RAM Check
Detects corruption of safety
critical parameters held in system
RAM.
On demand.
Device reset.
RAM Failure.
Sensor Failure
Indicates the sensor frequency
has exceeded safe limits
Determined by
the setting of
Fault Delay.
Alarm current.
Sensor Malfunction.
Sensor Frequency
Alert(1)
Detects when the sensor
frequency has exceeded user
defined limits.
Within 1 s.
Diagnostic indication
only.
Sensor Frequency
Alert.
Sensor Frequency
Frozen(1)
Detects when the sensor
frequency has not changed by
more than a user defined limit
within a user defined duration.
Within 600 s.
Diagnostic indication
only
Sensor Frequency
Frozen.
Sensor Frequency
Unstable(1)
Detects when a change in the
sensor frequency has exceeded a
user defined limit for a user
defined duration.
Within 600 s.
Diagnostic indication
only.
Sensor Frequency
Unstable.
Stuck Key
Detects when a Local Operator
Interface (LOI) or external
pushbutton is stuck.
Within 10 s.
Diagnostic indication
only.
Stuck Key.
Supply Voltage Low(1)
Detects when the product power
supply falls below the minimum
specified level.
Within 10 s.
Diagnostic indication
only.
Supply Voltage Low.
Task Execution Failure
Detects when the product
software has either not executed
a critical aspect or when a critical
aspect has not completed within
a defined time limit.
Within 60 s.
Device reset.
None.
Terminal Voltage
Alert(1)
Detects when the product power
supply voltage has exceeded user
specified limits.
Within 1 s.
Diagnostic indication
only.
Terminal Voltage
Alert.
Uncalibrated Sensor
Checks whether the sensor has
been calibrated for the
transmitter electronics.
Every 100 ms.
Diagnostic indication
only.
Uncalibrated sensor.
1.
Only available for Rosemount 2140:SIS with the Extended Features Package enabled.
Diagnostic Intervals
38
Manual Supplement
00809-200-4140, RevAA
January 2017
Global Headquarters
Emerson Automation Solutions
6021 Innovation Blvd.
Shakopee, MN 55379, USA
+1 800 999 9307 or +1 952 906 8888
+1 952 949 7001
[email protected]
North America Regional Office
Emerson Automation Solutions
8200 Market Blvd.
Chanhassen, MN 55317, USA
+1 800 999 9307 or +1 952 906 8888
+1 952 949 7001
[email protected]
Latin America Regional Office
Emerson Automation Solutions
1300 Concord Terrace, Suite 400
Sunrise, FL 33323, USA
+1 954 846 5030
+1 954 846 5121
[email protected]
Europe Regional Office
Emerson Automation Solutions Europe GmbH
Neuhofstrasse 19a P.O. Box 1046
CH 6340 Baar
Switzerland
+41 (0) 41 768 6111
+41 (0) 41 768 6300
[email protected]
Linkedin.com/company/Emerson-Automation-Solutions
Asia Pacific Regional Office
Twitter.com/Rosemount_News
Emerson Automation Solutions Asia Pacific Pte Ltd
1 Pandan Crescent
Singapore 128461
+65 6777 8211
+65 6777 0947
[email protected]
Facebook.com/Rosemount
Youtube.com/user/RosemountMeasurement
Middle East and Africa Regional Office
Emerson Automation Solutions
Emerson FZE P.O. Box 17033
Jebel Ali Free Zone - South 2
Dubai, United Arab Emirates
+971 4 8118100
+971 4 8865465
[email protected]
Google.com/+RosemountMeasurement
Standard Terms and Conditions of Sale can be found on the Terms and Conditions of
Sale page.
The Emerson logo is a trademark and service mark of Emerson Electric Co.
Rosemount and Rosemount logotype are trademarks of Emerson.
All other marks are the property of their respective owners.
© 2017 Emerson. All rights reserved.

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz