Industrial Compliance Summer 2024

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

IC-SUM24-PG14-16_Layout 1 05/06/2024 11:02 Page 16

WORKPLACE SAFETY

control (DPC), and internal reference along with numerous on-chip diagnostics. Figure 4 shows the block diagram.

DIAGNOSTICS/SAFETY MEASURES ON THE ADFS5758

Main on-chip diagnostic is an ADC; as stated previously, IEC 61508 Revision 3 plans to clarify that the use of on-chip diagnostics to detect on-chip failures is not generally allowed unless the IC was developed in compliance to IEC 61508

Checks for valid read/write address ECC correction Watchdog timer

The ability to lock configuration registers Internal bias voltage monitors Temperature monitor

Designed to meet the requirements of: Industrial factory automation Process control applications

High density small form factor PLC Analogue I/O cards

SAFETY FUNCTION: Takes a digital input code and produces an output current to within ±2.5 per cent full-scale range (FSR).

Developed to IEC 61508: SIL 2 in terms of hardware metrics SIL 3 in terms of systematic requirements

Figure 5 shows the ADFS5758 being used in a typical safety application. For a system to meet SIL requirements, then both the hardware metrics (also known as architectural constraints) and the SC must meet the SIL target.

Figure 8. Using diverse elements increases SC. ARCHITECTURAL CONSTRAINTS

Placing two SIL 2 elements (identical or diverse) in parallel allows a customer to achieve a higher SIL 3 level from a hardware metrics perspective. See Figure 6.

SYSTEMATIC CAPABILITY

Redundancy can be achieved by using either diverse (different) elements or identical elements.

IDENTICAL ELEMENTS

Using identical elements with the same SC does not improve the overall SC as they are both prone to the same CCF-like temperature spikes or voltage drops and the same fault could bring

Figure 9. Example using identical redundancy to achieve SIL 3.

down both elements. See Figure 7. DIVERSE ELEMENTS

Using diverse elements in a redundant configuration increases the overall system capability. See Figure 8.

The reason for this is that since the two 16 SUMMER 2024 | INDUSTRIAL COMPLIANCE

Figure 6. Using two SIL 2 elements to achieve a SIL 3 solution for hardware metrics.

Figure 5. Typical application using the ADFS5758.

elements are diverse or different, the same fault is unlikely to take both elements down at the same time.

The problem with this method is that it can be costly to use diverse elements in a safety system as the workload to design in and test increases significantly.

Ideally what is required here is a way to use two identical elements to meet both the SC and random or hardware metrics for the functional safety requirements.

Figure 4. ADFS5758 block diagram.

IMPORTANCE OF DEVELOPING SC ONE LEVEL HIGHER THAN SIL: IDENTICAL REDUNDANCY

If an element could be employed in the system that was developed to a system capability one level higher than the SIL of the element, then two identical elements can be used in a safety system to provide redundancy along with increasing the overall system capability. See Figure 9 for an example.

Since the ADFS5758 was developed to an SC one level higher than the hardware metrics, it can be used to design a SIL3 Analogue output module even though it is only certified to SIL 2 for hardware metrics or random faults.

CONCLUSION

When using the certified ADFS5758 within a safety system, there are numerous advantages:

Less risk: What will TÜV say

Can use on-chip diagnostics (ADC and distributed diagnostics)

Smaller solution size/more channels in a given space (due to using integrated ADC)

Minimising external component count (higher reliability)

Figure 7. Using identical elements does not increase SC.

Targeted diagnostics (lower detection time and higher coverage)

Key numbers available for the system-level engineer (FMEDA)

Less overhead on system software (fewer diagnostics in software)

Reliability analysis for an assumed environment is available

Shorter development times for customers

Relevant documentation available (safety manual and TÜV assessment report) IEC 61508 Revision 3 future proof

Along with the above advantages, the ADFS5758 allows for the use of SIL 2 components to design a SIL 3 solution using identical redundancy.

Analog Devices www.analog.com

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48