GM International D1014D, Instruction & Safety Manual

D1014 

- SIL 2 Repeater Power Supply Hart compatible 

G.M. International ISM0052-16 

6 

Functional Safety Manual and Application 

Application for D1014S or D1014D, with passive input (2 wires Tx)

Failure category

Failure rates (FIT)

λ

dd

 = Total Dangerous Detected failures 

158.64 

λ

du

 = Total Dangerous Undetected failures 

23.69 

λ

sd

 = Total Safe Detected failures 

0.00 

λ

su

 = Total Safe Undetected failures 

0.00 

λ

tot safe

 = Total Failure Rate (Safety Function) = 

λ

dd

 + 

λ

du

 + 

λ

sd

 + 

λ

su

182.33

MTBF (safety function, single channel) = (1 / 

λ

tot safe

) + MTTR (8 hours)

626 years

λ

no effect

 = “No effect” failures 

165.77 

λ

not part

 = “Not Part” failures 

15.90 

λ

tot device

 = Total Failure Rate (Device) = 

λ

tot safe

 + 

λ

no effect

 + 

λ

not part

364.00

MTBF (device, single channel) = (1 / 

λ

tot device

) + MTTR (8 hours)

313 years

λ

sd

λ

su

λ

dd

λ

du

SFF

0.00 FIT 

0.00 FIT 

158.64 FIT 

23.69 FIT 

87.01% 

DC

D

87.01% 

DC

S

0% 

T[Proof] = 1 year

T[Proof] = 9 years 

PFDavg = 1.05 E-04 - Valid for 

SIL 2

PFDavg = 9.47 E-04 - Valid for 

SIL 2

PFDavg vs T[Proof] table 

(assuming Proof Test coverage of 99%), ), with determination of SIL supposing module contributes >10% of total SIF dangerous failures: 

PFDavg vs T[Proof] table

 (assuming Proof Test coverage of 99%), with determination of SIL supposing module contributes 

≤

10%  of total SIF dangerous failures: 

Failure rates table according to IEC 61508:2010 Ed.2 : 

Failure rate table:

Safety Function and Failure behavior:

D1014 is considered to be operating in Low Demand mode, as a Type A module, having Hardware Fault Tolerance (HFT) = 0. 
The failure behaviour of the D1014 S and D1014D modules (when the output current range is 4 to 20 mA) is described by the following definitions: 

□

Fail-Safe State: it is defined as the output going to Fail Low or Fail High, considering that the Safety logic solver can convert the Low or High failures (dangerous detected failures) 
to the Fail-Safe state. 

□

Fail Safe: failure mode that causes the module / (sub)system to go to the defined fail-safe state without a demand from the process. 

□

Fail Dangerous: failure mode that does not respond to a demand from the process (i.e. being unable to go to the defined Fail-Safe state) or deviates the output current by more 
than 5% (0.8 mA) of full span. 

□

Fail High: failure mode that causes the output signal to go above the maximum output current (> 20 mA). Assuming that the application program in the Safety logic solver is config-
ured to detect High failures and does not automatically trip on these failures, this failure mode has been classified as a dangerous detected (DD) failure. 

□

Fail Low: failure mode that causes the output signal to go below the minimum output current (< 4 mA). Assuming that the application program in the Safety logic solver is config-
ured to detect Low failures and does not automatically trip on these failures, this failure mode has been classified as a dangerous detected (DD) failure. 

□

Fail “No Effect”: failure mode of a component that plays a part in implementing the Safety Function but that is neither a safe failure nor a dangerous failure. 
When calculating the SFF, this failure mode is not taken into account. 

□

Fail “Not part”: failure mode of a component which is not part of the safety function but part of the circuit diagram and is listed for completeness. 
When calculating the SFF this failure mode is not taken into account. 

The 2 channels of D1014D module could be used to increase the hardware fault tolerance, needed for a higher SIL of a certain Safety Function, as they are they are completely inde-
pendent each other, not containing common components. In fact, the analysis results got for D1014S (single channel) are also valid for each channel of D1014D (double channel). 
Failure rate date: taken from Siemens Standard SN29500.

Description: 

For this application, enable 4 - 20 mA source or sink mode for ch. 1 or ch. 2, setting the internal dip-switches in the following mode (see page 9-10 for more information): 

D1014S 

or 

D1014D 

Source/Sink I  

Channel 1 

Channel 2 

(only for D1014D)

Out 2 

5 +  

6 - 

Safety 

PLC 

Input 

1 + 

2 - 

Out 1 

Safety 

PLC 

Input 

The module is powered by connecting 12-24 Vdc power supply to Pins 3 (+ positive) - 4 (- negative) for Ch. 1 and Pins 7 (+ positive) - 8 (- negative) for Ch. 2.  
The green LEDs are lit in presence of each power supply line. 
The passive input signals from 2 wires Tx are applied to Pins 14-15 (In 1 - Ch.1) and Pins 10-11 (In 2 - Ch.2). 
The source or sink output currents are applied to Pins 1-2 (for Channel 1) and Pins 5-6 (for Channel 2). 

T[Proof] = 10 years

PFDavg = 1.05 E-03 - Valid for 

SIL 2

Supply  

12-24 Vdc 

3 / 7  + 

-  4 / 8 

+ 14 

 - 15 

In 1 

 + 10 

Source/Sink I  

Dip-switch position (D1014S) 

1 2 3 4 

4 - 20 mA Source mode 

ON ON OFF OFF 

4 - 20 mA Sink mode 

OFF OFF OFF  ON 

Dip-switch position (D1014D) 

1 2 3 4 5 6 7 8 

4 - 20 mA Source mode ch. 1  

ON ON OFF OFF ON ON OFF OFF 

4 - 20 mA Sink mode ch. 1 

OFF OFF OFF  ON  OFF OFF OFF  ON 

In 2 

2 wires Tx 

- 11 

Systematic capability SIL 3.

2 wires Tx 

? 

I 

? 

I