I have an application where I want to use a safety relay in combination with a flame detector as the sensing element. The flame detector has relay contact outputs, so I'd like to use those in combination with a safety relay to complete the safety function. This is the only safety function on the system, and I would like to avoid using a safety PLC for cost and complexity reasons (chief amount them, the requirement around now needing lifecycle management around the safety PLC / safety application program - which can be onerous). This is considered a low-demand process application.
Internally we are following IEC 61511 (since this system is a process application) but this is not really an SIS, so we are falling somewhere in between machine safety and process safety.
However, most if not all safety relays I have seen are really geared toward machine safety, and all the application examples show E-Stops and Guard doors. So I get the feeling what I am trying to do may not be that common?
The dilemma I am running into is that we are targeting a SIL2 application.
Most safety relays are capable up to SIL3 or SIL2.
The sensor I am looking at can achieve SIL2 with the relay contact outputs., but these relays outputs are only single channel. So even if the individual devices themselves meet the overall failure rate / probability requirements for the safety loop, I am having trouble finding data the support the architectural constraint requirements.
All the application examples of safety-relays, using a single channel, can only achieve SIL1 due to the lack of diagnostic coverage - but these examples are all for things like Estops and Guard Switches. In my case, I have plenty of DC on the sensor. My gut tells me I am OK but I do need to document and prove the safety function can achieve the target level - just unsure how to do this given my example.
I've attached an image from a Phoenix Contact 2963763 relay datasheet (with my edits).
Long story short:
I am trying to set up a safety function for flame detection using safety relays instead of a safety PLC, and want to ensure I am not barking up the wrong tree.
Internally we are following IEC 61511 (since this system is a process application) but this is not really an SIS, so we are falling somewhere in between machine safety and process safety.
However, most if not all safety relays I have seen are really geared toward machine safety, and all the application examples show E-Stops and Guard doors. So I get the feeling what I am trying to do may not be that common?
The dilemma I am running into is that we are targeting a SIL2 application.
Most safety relays are capable up to SIL3 or SIL2.
The sensor I am looking at can achieve SIL2 with the relay contact outputs., but these relays outputs are only single channel. So even if the individual devices themselves meet the overall failure rate / probability requirements for the safety loop, I am having trouble finding data the support the architectural constraint requirements.
All the application examples of safety-relays, using a single channel, can only achieve SIL1 due to the lack of diagnostic coverage - but these examples are all for things like Estops and Guard Switches. In my case, I have plenty of DC on the sensor. My gut tells me I am OK but I do need to document and prove the safety function can achieve the target level - just unsure how to do this given my example.
I've attached an image from a Phoenix Contact 2963763 relay datasheet (with my edits).
Long story short:
I am trying to set up a safety function for flame detection using safety relays instead of a safety PLC, and want to ensure I am not barking up the wrong tree.