Assessment of Functional Safety

The design features and the techniques/measures used to prevent systematic faults are suitable for the use of

the MTLx546 and MTLx549 modules in safety functions up to SIL2 in a simplex architecture.

The hardware assessment shows that MTLx54x analogue output modules:

•  have a hardware fault tolerance of 0

•  are classified as Type A devices (“Non-complex” component with well-defined failure modes)

•  have no internal diagnostic elements

It should be recognised that the systematic capability of the products limits their application to SIL2 loops.

It is important that the effect of electromagnetic interference on the operation of any safety function is reduced

where possible. For this reason it is recommended that the cable connections from the logic solver to the isolator

modules be a maximum of 30 metres and are not exposed to possible induced surges, keeping them inside a

protected environment.

Similarly, operation of the equipment outside of its environmental ratings induces component stress and

temperature above the normal ambient of 60°C is to be avoided to ensure required performance.