Ovation SIS Accessories Safety Manual

SISREF_46

Version 2
July 2014
(SIL3 Certified March 2014)
Copyright Notice

Since the equipment explained in this document has a variety of uses, the user and those
responsible for applying this equipment must satisfy themselves as to the acceptability of each
application and use of the equipment. Under no circumstances will Emerson Process
Management be responsible or liable for any damage, including indirect or consequential losses
resulting from the use, misuse, or application of this equipment.

The text, illustrations, charts, and examples included in this manual are intended solely to explain
TM
the use and application of the Ovation Unit. Due to the many variables associated with specific
uses or applications, Emerson Process Management cannot assume responsibility or liability for
actual use based upon the data provided in this manual.

No patent liability is assumed by Emerson Process Management with respect to the use of
circuits, information, equipment, or software described in this manual.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any
form or by any means, including electronic, mechanical, photocopying, recording or otherwise
without the prior express written permission of Emerson Process Management.

The document is the property of and contains Proprietary Information owned by Emerson Process
Management and/or its subcontractors and suppliers. It is transmitted in confidence and trust, and
the user agrees to treat this document in strict accordance with the terms and conditions of the
agreement under which it was provided.

This manual is printed in the USA and is subject to change without notice.

Ovation is the mark of Emerson Process Management. Other marks are the property of their
respective holders.

Copyright © Emerson Process Management Power & Water Solutions, Inc. All rights reserved.
Emerson Process Management
Power & Water Solutions
200 Beta Drive
Pittsburgh, PA 15238
USA

E-Mail: Technical.Communications@EmersonProcess.com
Web site: https://www.ovationusers.com
Summar y of Change s

Ovation SIS Accessories Safety Manual

SISREF_46
July 2014

This version of Ovation SIS Accessories Safety Manual contains the following new information:
 Made miscellaneous changes and corrections to the manual.
 Contents

1 Ovation SIS Accessories Safety Manual 1

1.1 Ovation SIS Accessories Safety Manual Overview ....................................................1
1.2 Certification .........................................................................................................1
1.3 Management of Functional Safety ...........................................................................2
1.3.1 Competence of Persons - Engineering .........................................................2
1.3.2 Competence of Persons - Installation and Hardware Maintenance....................2
1.3.3 Competence of Persons - General...............................................................2
1.4 Considerations .....................................................................................................2
1.5 Engineering Practices ...........................................................................................3
1.6 Operations and Maintenance Practices ....................................................................3

2 Common Specifications 5
2.1 Failure Rate Data for SIL Verification.......................................................................5
2.2 Failure Rate Data for Availability .............................................................................7
2.3 Response Time Data ............................................................................................7
2.4 Limits - Product Life ..............................................................................................7
2.5 Limits - Environmental Specifications.......................................................................8

3 Required Practices 9
3.1 Installation and Site Acceptance Testing ..................................................................9
3.2 Functional Testing After the Initial Installation ...........................................................9
3.3 Functional Testing Changes to the Installation ..........................................................9
3.4 Proof Testing the SIS Relay and Voltage Monitor .................................................... 10
3.4.1 Proof Testing the SIS Relay ...................................................................... 10
3.4.2 Proof Testing the SIS Relay for AC Wiring .................................................. 10
3.4.3 Proof Testing the SIS Relay for DC Wiring .................................................. 11
3.4.4 Proof Testing the Voltage Monitor.............................................................. 12

4 Product Specific Instructions for the SIS Relay Module 13

4.1 SIS Relay module............................................................................................... 14

5 Product Specific Instructions for the Voltage Monitor 19

5.1 Voltage Monitor module....................................................................................... 20

Index 25

SISREF_46 i
S ECTION 1

Ovation SIS Accessories Safety Manual

IN T HIS SECTION

Ovation SIS Accessories Safety Manual Overview.................................................... 1

Certification ........................................................................................................ 1
Management of Functional Safety .......................................................................... 2
Considerations .................................................................................................... 2
Engineering Practices .......................................................................................... 3
Operations and Maintenance Practices ................................................................... 3

1. 1 Ov ation SIS Acce ssorie s Safe ty M anual Ov e rv ie w

This document contains important information on how the SIS Relay and Voltage Monitor are
used in a Safety Instrumented System (SIS) to place and/or maintain the equipment under control
in an appropriate state. The guidelines in this document must be followed when using the SIS
Relay or Voltage Monitor in a safety-critical application.

To determine whether this document is the most recent revision applicable to a particular revision
of the products, compare the version information shown on the cover of this document with the
information given at the following website:

http://www.emersonprocess-powerwater.com/ovationsis/

1. 2 Ce rtification

The information in this document applies to the following hardware components of the SIS Relay
and the Voltage Monitor:

SIS Components

RATI N G S C O MP O N E N T

Safety Rated Ovation SIS Relay Module - KJ2231X1-EA1

Ovation SIS Voltage Monitor - KJ2231X1-EB1

SISREF_46 1
1.3 Management of Functional Safety

According to IEC 61508, Exida has certified that the SIS Relay and the Voltage Monitor hardware
are suitable for use in applications with a maximum Safety Integrity Level of three (3). The SIL3
certification applies to simplex applications of the SIS Relay and Voltage Monitor.

The SIS Relay and Voltage Monitor hardware is certified for use in both the low and high demand
modes of operation as defined by IEC 61508.

Note: All the Ovation SIS Accessories are classified as Type A devices according to IEC 61508.

Refer to Common Specifications (see page 5) for failure rate and other data. This helps you to
verify that the safety requirements are met and to determine the additional considerations for
using the SIS Relay or Voltage Monitor hardware in high demand mode.

1. 3 M anage me nt of Functional Safe ty

The SIS Relay and Voltage Monitor are intended to be used in accordance with a defined safety
life cycle, such as the safety life cycle described in IEC 61511. Emerson Process Management
recommends the additional functional safety management requirements, which are described in
this section.

1.3.1 Co mp etence o f Pe rsons - En gineering

All persons involved in the initial implementation or modification of the application software should
have appropriate training. Opportunities for training include reading this manual, reading Ovation
SIS product manuals, and attending a training class taught by certified personnel.

1.3.2 Co mp etence o f Pe rsons - In stallation and Har dware Maintenance

All persons involved in installation and hardware maintenance activities should have appropriate
training. Opportunities for training include reading this manual, reading Ovation SIS product
manuals, and attending a training class taught by certified personnel.

1.3.3 Co mp etence o f Pe rsons - General

All persons involved in any aspect of SIS Relay or Voltage Monitor use, including engineers,
operators, supervisors, and maintenance personnel should have training in the importance of
Safety Instrumented Systems. All persons should have specific training in the procedures for
which they are responsible.

1. 4 Conside rations

The practices required in the use of the Voltage Monitor and SIS Relay are summarized below.
Each topic is discussed in greater detail in Required Practices (see page 9).
 Full functional test of the SIS Relay and Voltage Monitor hardware should be completed
before it is used to provide the protection function in a running process.
 SIS Relay and Voltage Monitor should be designed for a de-energized-to-trip operation such
that the tripped state for the process is achieved when the output channels are de-energized.

2 SISREF_46
 1.5 Engineering Practices

1. 5 Engine e ring Practice s

The SIS Relay and Voltage Monitor products must be used within the published specifications.

Refer to Common Specifications (see page 5) for more information on safety relevant
specifications for the SIS Relay and Voltage Monitor products.

1. 6 Ope rations and M ainte nance Practice s

You must conduct a periodic proof test of each SIS Relay and Voltage Monitor channel to reveal
potentially dangerous faults not detected by continuous runtime diagnostics in the Logic Solver.
The necessary frequency of the proof test is a function of the required probability of dangerous
failure for the safety instrumented function(s) associated with the SIS Relay or Voltage Monitor.
The proof test is conducted by manual proof test momentary contact switches.

Refer to Required Practices (see page 9) for more information on proof testing. Required
Practices (see page 9) also contains additional topics on recommended operations and
maintenance practices for the SIS Relay and Voltage Monitor.

SISREF_46 3
S ECTION 2

Common Specifications

IN T HIS SECTION

Failure Rate Data for SIL Verification...................................................................... 5

Failure Rate Data for Availability ............................................................................ 7
Response Time Data............................................................................................ 7
Limits - Product Life ............................................................................................. 7
Limits - Environmental Specifications ...................................................................... 8

2. 1 Failure Rate Data for SIL Ve rification

To verify that a Safety Instrumented Function (SIF) meets the required Safety Integrity Level
(SIL), you must determine the probability of the SIF failing dangerously. The tables in this section
contain product specific failure rate data and formula for estimating the probability of the SIF's
Logic Solver subsystem failing dangerously. Third-party tools are available for estimating the
probability of failure associated with the SIS Relay and Voltage Monitor products.

Low Demand Mode of Operation

In the low demand mode of operation, the proof test frequency is at least twice the expected
demand rate. Stated another way, the periodic proof test occurs at regular intervals at least twice
during the expected time between demands.

SIL verification for the low demand mode uses the Average Probability of Failure on Demand
(PFDavg) for the SIF. You can use the failure rate data table below to estimate the PFDavg for
the Voltage Monitor and SIS Relay components for the SIF.

Instructions for the table below

The worksheet for approximating the SIS Relay and Voltage Monitor DU Failure Rate Contribution
for a SIF is used to estimate the total dangerous undetected (DU) failure rate of the logic solver
subsystem of the SIF. The DU failure rate is a function of the number of Voltage Monitors and SIS
Relays involved in the SIF. This calculation normally takes Dangerous Detected (DD) faults into
account. However, as stand-alone units, the Voltage Monitor and SIS Relay do not have the
capability to perform self-diagnosis. Therefore, this term becomes 0.

Worksheet for Approximating the SIS Relay and Voltage Monitor DU Failure Rate
Contribution for a SIF
Number of SIS Relays driving output 1.75E-11 (0.0175
X =
channels in this SIF. FITS)
Number of Voltage Monitor channels
X 7.2E-10 (0.72 FITS) =
driving input channels in this SIF.
Total DU failure rate (failures per hour)

SISREF_46 5
2.1 Failure Rate Data for SIL Verification

For approximating the SIS Relay and Voltage Monitor DU Failure Rate Contribution for a SIF,
perform the following steps:

1. Enter the number of SIS Relays that drive output channels in this SIF.
2. Multiply the number of SIS Relays by the DU failure rate (failures per hour) and enter the
result.
3. Enter the number of Voltage Monitors that are used as safety critical inputs in this SIF.
4. Multiply the number of Voltage Monitors by the DU failure rate (failures per hour) and enter
the result. Add the results to obtain the total DU failure rate contribution for this SIF from SIS
Relays and Voltage Monitors.
You can approximate the PFDavg contribution of the SIS Relay and Voltage Monitor subsystems
using the total failure rates in the table above, the proof test period for the SIS Relays and Voltage
Monitor channels in the SIF, and the maximum allowed repair time.

PFDavg (LS)= λDU * T / 2 + λDD * RT

where:
λDU = Total DU failure rate (calculated from the table above).
T = Proof test period in hours.
λDD = Total DD failure rate for each product (0.0 in this case).
RT = Allowed repair time in hours.

Calculate the PFDavg for the SIF by adding the PFDavg for the SIS Relay and Voltage Monitor
channels with the PFDavg for the Logic Solver subsystem add the sensor and final element
subsystems.

High Demand Mode of Operation

In the high demand mode, the periodic proof test does not occur at least twice during the
expected demand interval. However, the demand interval is sufficiently longer than the fault
detection and reaction time. SIL verification for the high demand mode uses the Probability of
Dangerous Failure per Hour (PFH).

There are several additional considerations when operating in the high demand mode. Generally
it is easy to avoid operating in high demand mode by reducing the proof test interval on the SIS
Relay and Voltage Monitor. However, if there is a practical constraint in the proof testing
frequency of another subsystem of the SIF that causes the SIF to operate in the high demand
mode, the additional considerations of the high demand mode apply.

The SIS Relay and Voltage Monitor are simple products without any online diagnostics.
Therefore, the limitations on the use of high demand mode are most likely determined by the logic
solver, sensor, and final element subsystems.

The PFH for the SIS Relay or Voltage Monitor subsystems of the SIF is the total DU failure rate
from the table above.
PFH (SIS Relay and Voltage Monitor Channels) = λDU
where:
λDU = Total DU failure rate (calculated from the table above).

6 SISREF_46
 2.2 Failure Rate Data for Availability

Calculate the PFDavg for the SIF by adding the PFH for the SIS Relay and Voltage Monitor
channels with the PFH for the Logic Solver subsystem and the sensor and final element
subsystems.

2. 2 Failure Rate Data for Av ailabil it y

The Mean Time to Failure Spurious (MTTFS) is a measure of the time between failures that result
in a process shutdown. It takes into account safe failures that can cause outputs to de-energize
and the dangerous detected failures that cause the Logic Solver to de-energize its outputs.

MTTFS

SIS Relay = > 3000 years

Voltage Monitor = > 1600 years

Not all safe failures result in a process shutdown. A safe failure on a Voltage Monitor input
channel or SIS Relay output does not necessarily cause a trip (for example, if it is part of a 2 out
of 3 voting arrangement).

MTTFS for a SIF due to the SIS Relay or Voltage Monitor is a function of the number and type of
channels involved. You can estimate MTTFS of a SIF due to these subsystems by dividing the
number of years by the number of SIS Relays and Voltage Monitors involved in the SIF.

2. 3 Re sponse T ime Data

The response time for a SIF must be less than the process safety time. In addition to the
contributions from the SIS Relays and Voltage Monitors, the SIF has a response time associated
with the sensor, logic solver, and final element subsystems. The sum of the response times must
be less than the process safety time. The response time of the SIS Relay or Voltage Monitor
subsystem is the combination of the following:
 The time between any change on a SIF input to one of these devices that should result in a
trip.
 The time that the output channel or channels change to the tripped state.
The time is measured from one screw terminal to another screw terminal.

The response time for each individual component is listed in the specification tables in Product
Specific Instructions for the SIS Relay Module (see page 13) and Product Specific Instructions for
the Voltage Monitor (see page 19).

2. 4 Limits - Product Life

The approximate lifetime limit of the Voltage Monitor and SIS Relay is 20 years based on the
worst case scenario

SISREF_46 7
2.5 Limits - Environmental Specifications

2. 5 Limits - Env ironme ntal Spe cifications

The environmental specifications for normal operation of the Voltage Monitor and SIS Relay are:
 Operating temperature: -40°C to 70°C (-40°F to 158°F)
 Storage temperature: -40°C to 85°C (-40°F to 185°F)
 Relative humidity: 5% to 95% non-condensing
 Shock: 10 g ½-sine wave for 11 ms
 Vibration: 1 mm peak-to-peak from 5 to 16 Hz; 0.5g from 16 to 150 Hz
 Airborne contaminants: Severity level G3
 IP 20 rating
 Electromagnetic compatibility: Per EN61326 (Class A Emissions; Annexure A Immunity for
Essential Operation) and Namur NE21

8 SISREF_46
S ECTION 3

Required Practices

IN T HIS SECTION

Installation and Site Acceptance Testing ................................................................. 9

Functional Testing After the Initial Installation........................................................... 9
Functional Testing Changes to the Installation ......................................................... 9
Proof Testing the SIS Relay and Voltage Monitor ....................................................10

3. 1 Installation and Site Acce ptance T e sting

Installation of the Voltage Monitor and SIS Relay must conform to the guidelines in Product
Specific Instructions for the SIS Relay Module (see page 13) and Product Specific Instructions for
the Voltage Monitor (see page 19) of this document. For convenience, the installation instructions
are repeated in the Ovation SIS User Guide.

Your site acceptance procedures should include functional testing of the application programs
using the SIS Relay or Voltage Monitor.

3. 2 Functional T e sting Afte r the Initial Installation

WARNING! You must complete a full functional test of the SIS Relay and Voltage Monitor
before it is allowed to provide the protection function in a running process.

After an initial installation of a SIS Relay or Voltage Monitor, you must ensure that all the output
channels respond appropriately:
 By manipulating the value of input channels on the Logic Solver.
 By making safety relevant changes to external conditions monitored as part of a SIF.
The functional test is required even if the same logic has already been tested in an identical
configuration.

3. 3 Functional T e sting Change s to the Installation

If any changes are made to the SIS Relay or Voltage Monitor installation you must complete a full
functional test of the SIS Relay and Voltage Monitor before it is allowed to provide the protection
function in a running process.

SISREF_46 9
3.4 Proof Testing the SIS Relay and Voltage Monitor

3. 4 Proof T e sting the SIS Re lay and Voltage M onitor

The SIS Relay and Voltage Monitor have built-in proof test capability to support guidelines set out
in the IEC 61511 standard. Both the SIS Relay and Voltage Monitor contain internal fault
tolerance circuits. Therefore, it is important to use the built-in proof test capability to ensure full
proof test coverage of all potential faults, which may result in dangerous or degraded safety
performance.

Online proof testing of the SIS Relay or Voltage Monitor may result in a false trip of the associated
SIF. If online proof testing is performed, it is your responsibility to implement measures sufficient
to maintain safety and to prevent a false trip during the testing operation. You could also first take
the equipment under control to a safe state prior to performing the proof test.

Note: To support the safety life cycle, it is your responsibility to document that a periodic
inspection or proof test has been completed. The results of the test must be recorded and
saved.

3.4.1 Pr o o f Te sting the SIS Relay

The SIS Relay must be proof tested periodically to ensure there are no dangerous faults present
that are not detected by normal operation. A manual proof test for a SIS Relay is to be performed
by personnel in direct proximity of the SIS Relay module.

Immediately following a successful power-up testing, there are no known dangerous faults
present. Choose the proof test interval for a SIS Relay for a particular SIF to achieve the required
probability of dangerous failure for the SIF.

Note: You can claim a proof test coverage of 100% by following the proof test sequence
documented below.

Refer to SIS Relay Module (see page 14) for a SIS Relay Terminal details and Connection details
diagrams.

It is important that you proof test all three relays individually. A circuit that does not open when the
switch is toggled indicates a stuck contact. If this occurs, replace the module.

It is your responsibility to by-pass the field circuit during the proof testing, if required.

3.4.2 Pr o o f Te sting the SIS Relay fo r AC Wir in g

Proof test sequence:

Perform the following steps for proof testing the SIS relay for AC wiring:
1. Measure the voltage at the AC field device's positive and negative connections (screw
terminals 9 and 11). The voltage at these points must match the input voltage.
2. Slide the switch labeled Test 1 down to toggle it and then measure the voltage at the AC field
device's positive and negative connections (screw terminals 9 and 11). The voltage at these
points should be 0 when toggled. Release the toggle and re-measure the voltage.
3. Slide the switch labeled Test 2 down to toggle it and then measure the voltage at the AC field
device's positive and negative connections (screw terminals 9 and 11). The voltage at these
points should be 0 when toggled. Release the toggle and re-measure the voltage.

10 SISREF_46
 3.4 Proof Testing the SIS Relay and Voltage Monitor

4. Slide the switch labeled Test 3 down to toggle it and then measure the voltage at the AC field
device's positive and negative connections (screw terminals 9 and 11). The voltage at these
points should be 0 when toggled. Release the toggle and re-measure the voltage.

3.4.3 Pr o o f Te sting the SIS Relay fo r DC Wir ing

WARNING! Proof testing of the SIS Relay tests both DC switched DC outputs at the same
time so that testing of either channel will result in a trip of the other channel unless specific
actions are taken to prevent it. If online testing is performed, it is your responsibility to
implement measures sufficient to maintain safety and prevent a false trip for the duration of the
proof testing operation or first take the equipment under control to a safe state prior to the
proof test being performed.

Proof test sequence:

Perform the following steps for proof testing the SIS relay for DC wiring:

1. Measure the voltage at the first DC field device's positive and negative connections (screw
terminals 9 and 10). The voltage at these points must match the input voltage.
2. Slide the switch labeled Test 1 down to toggle it and then measure the voltage at the DC field
device's positive and negative connections (screw terminals 9 and 10). The voltage at these
points should be 0 when toggled. Release the toggle and re-measure the voltage.
3. Slide the switch labeled Test 2 down to toggle it and then measure the voltage at the DC field
device's positive and negative connections (screw terminals 9 and 10). The voltage at these
points should be 0 when toggled. Release the toggle and re-measure the voltage.
4. Slide the switch labeled Test 3 down to toggle it and then measure the voltage at the DC field
device's positive and negative connections (screw terminals 9 and 10). The voltage at these
points should be 0 when toggled. Release the toggle and re-measure the voltage.
If you have a second DC field device, perform the Steps 1 to 4 by measuring the voltage at pins
11 and 12.

SISREF_46 11
3.4 Proof Testing the SIS Relay and Voltage Monitor

3.4.4 Pr o o f Te sting the Vo ltage M onitor

The Voltage Monitor must be proof tested periodically to ensure there are no dangerous faults
present that are not detected by normal operation. A manual proof test for a Voltage Monitor
channel is to be performed by personnel in direct proximity to the Voltage Monitor.

Immediately following a successful power-up testing, there are no known dangerous faults
present. Choose the proof test interval for a Voltage Monitor channel for a particular SIF to
achieve the required probability of dangerous failure for the SIF.

Note: You can claim a proof test coverage of 100% by following the proof test sequence
documented below.

The output to the Logic Solver Discrete Input channels can be proof tested. A circuit that does not
open when the switch is toggled indicates a stuck contact. If this occurs, replace the Voltage
Monitor.

Refer to Voltage Monitor Module (see page 20) for a Voltage Monitor Terminal details and
Connection details diagrams.

Proof test sequence:

Perform the following steps for every Voltage Monitor channel used in the associated SIF being
proof tested:

1. Measure the voltage at SLS Discrete Input Channel 1 (screw terminals 9 and 10). The voltage
should be approximately 7 VDC.
2. Slide the switch labeled CHAN 1 to the Test A position and then measure the voltage at SLS
Discrete Input Channel 1 (screw terminals 9 and 10). The voltage should increase to
approximately 11 VDC.
3. Move the CHAN1 switch to its original position.
4. Slide the switch labeled CHAN 1 to the Test B position and then measure the voltage at SLS
Discrete Input Channel 1 (screw terminals 9 and 10). The voltage should increase to
approximately 11 VDC.
5. Measure the voltage at SLS Discrete Input Channel 2 (screw terminals 13 and 14). The
voltage should be approximately 7 VDC.
6. Slide the switch labeled CHAN 2 to the Test A position and then measure the voltage at SLS
Discrete Input Channel 1 (screw terminals 13 and 14). The voltage should increase to
approximately 11 VDC.
7. Move the CHAN 2 switch to its original position.
8. Slide the switch labeled CHAN 2 to the Test B position and then measure the voltage at SLS
Discrete Input Channel 1 (screw terminals 13 and 14). The voltage should increase to
approximately 11 VDC.

12 SISREF_46
S ECTION 4

Product Specific Instructions for the SIS Relay

Module

IN T HIS SECTION

SIS Relay module...............................................................................................14

SISREF_46 13
4.1 SIS Relay module

4. 1 SIS Re lay module

The SIS Relay module is suitable for use in both high-demand and low-demand de-energize-to-
trip safety critical applications. This module can extend the voltage and current capability of the
Ovation SIS Logic Solver or any other safety PLC 24VDC digital output without compromising
safety integrity. It is capable of switching up to 2.5A at 250 VAC or 2.5A at 24 VDC for safety
applications following the de-energize-to-trip conventions by disconnecting field power when de-
energized.

Two sets of output switches that are controlled by one common input are provided. The DC mode
of operation is configured to provide two independent sets of DC input power while the AC mode
of operation is configured to switch both sides of the AC input power.

The SIS Relay module contains three relays from different manufacturers. A relay coil is
energized for all three relays in normal operation. If a demand occurs, the Logic Solver removes
the power from the coil for all three relays at the same time. Each relay can be proof tested in the
field. Refer to the Proof Testing the SIS Relay for AC Wiring (see page 10) for AC input source
and Proof Testing the SIS Relay for DC Wiring (see page 11) for DC input source.

AC Field Wiring

Refer to the following figure for AC field wiring connections for the SIS Relay module:

Figure 1: SIS Relay AC Field Wiring Connection

14 SISREF_46
 4.1 SIS Relay module

 Two-pin digital input connection for input from a Logic Solver or generic safety PLC 24VDC
Digital Output channel.
 Two-pin connection for input from an AC power source.
 Two-pin connection for the switched AC output to an AC field device.
DC Field Wiring

Refer to the following figure for DC field wiring connections for the SIS Relay module:

Figure 2: SIS Relay DC Field Wiring Connection

SISREF_46 15
4.1 SIS Relay module

 Two-pin digital input connection for input from a Logic Solver or generic safety PLC 24VDC
Digital Output channel.
 Four-pin connection for input from two DC power sources.
 Four-pin connection for the switched outputs to two DC field devices.
The SIS Relay module's LED shows the state of the relay coil if the digital input is correctly
connected to the Logic Solver output. The LED is illuminated when the relays are energized and
supplying power through the switched power outputs.

Refer to the following figures for the SIS Relay Terminal details and the SIS Relay Connection
details:

Figure 3: SIS Relay Terminal Details

16 SISREF_46
 4.1 SIS Relay module

Figure 4: SIS Relay Connection Details

The following table shows the specifications for the SIS Relay module:

SIS Relay Module Specifications

I TE M S P E C I F I C ATI O N S

Input for energized relay > 18VDC

Input for de-energized relay < 6VDC
Input current at 24 VDC < 70 mA ±- 20%
Relay current rating for AC operation 2.5A @ 250 VAC

Relay current rating for DC operation (when 2.5A @ 30 VDC

used in switched applications where transients
and current are limited)
Maximum AC Source 280 VAC

SISREF_46 17
4.1 SIS Relay module

I TE M S P E C I F I C ATI O N S

Maximum DC Source 30 VDC

Output series impedance (energized state) < 0.5 Ω
Output series impedance (de-energized state) > 1 MΩ
Maximum DC source 1 to source 2 potential 100 V
Input to Output isolation rating 300 VAC
Input to output delay (de-energize) 10 msec
Input to output delay (energize) 12 msec
Mounting configuration Horizontal DIN rail
Lifetime limitation on number of relay cycles >30,000 cycles or 20 years

The dimensions for the SIS Relay module are similar to the Voltage Monitor Module (see page
20).

18 SISREF_46
S ECTION 5

Product Specific Instructions for the Voltage Monitor

IN T HIS SECTION

Voltage Monitor module.......................................................................................20

SISREF_46 19
5.1 Voltage Monitor module

5. 1 Voltage M onitor module

The Voltage Monitor provides two independent sets of voltage monitoring circuitry in a single
device. Each circuit is suitable for use in both high and low de-energize-to-trip applications. As a
result, this helps to extend the voltage input monitoring capability of the Ovation SIS Logic Solver
or any other safety PLC digital input compatible with its specified output states. The Voltage
Monitor also supplies a secondary output for non-safety critical monitoring for each input. Refer to
Proof Testing the Voltage Monitor (see page 12) for information on proof testing the Voltage
Monitor.

The state of both outputs for an associated input is controlled by the voltage level of the input with
the outputs going to the de-energized state when the input goes below a specified value.

The Voltage Monitor is designed to be used with the Ovation SIS Logic Solver to drive the Logic
Solver's Digital Input channel or an Ovation Digital Input channel (auxiliary) based on the output of
the SIS Relay module. Refer to the following figures:

Figure 5: Voltage Monitor Top View and Dimensions

20 SISREF_46
 5.1 Voltage Monitor module

Figure 6: Voltage Monitor Bottom View

SISREF_46 21
5.1 Voltage Monitor module

 Two four-pin connection blocks, one for each voltage monitoring channel for connection to DC
or AC power source being monitored.
 Two four-pin connection blocks, one for each voltage monitoring channel for connecting the
output to a Logic Solver or other safety PLC monitored Digital Input (DI) channel and an
Ovation Digital Input channel (auxiliary).
Refer to the following figure for the Voltage Monitor Terminal details and the Voltage Monitor
Connection details:

Figure 7: Voltage Monitor Terminal Details

22 SISREF_46
 5.1 Voltage Monitor module

Figure 8: Voltage Monitor Connection Details

The following table shows the specifications for the Voltage Monitor module:

Voltage Monitor Specifications

I TE M S P E C I F I C ATI O N S

Input for energized output >18 VDC or > 80 VAC

Input for de-energized output <3 VDC or <3 VAC
Maximum input voltage rating 250 VAC
Input current at 24 VDC < 6 mA ± 20%
Input current at 120 VAC <12mA
Input current at 230 VAC <15 mA

SISREF_46 23
5.1 Voltage Monitor module

I TE M S P E C I F I C ATI O N S

Output impedance (energized state) < 3.5 KΩ

Output impedance (de-energized state) >8.5 KΩ
Maximum output voltage rating 30 VDC
Input to output isolation rating 250 VAC
Safety output to auxiliary isolation rating 30 VAC
Channel-to-channel isolation rating 250 VAC
Input to output delay (de-energize) 30 msec
Input to output delay (energize) 5 msec
Mounting configuration Horizontal DIN rail
Lifetime limitations 30,000 cycles or 20 years

24 SISREF_46
Index

Proof Testing the SIS Relay for DC Wiring •

C 11
Certification • 1 Proof Testing the Voltage Monitor • 12
Common Specifications • 5 R
Competence of Persons - Engineering • 2
Competence of Persons - General • 2 Required Practices • 9
Competence of Persons - Installation and Response Time Data • 7
Hardware Maintenance • 2
Considerations • 2 S
Copyright Notice • 2 SIS Relay module • 14
E Summary of Changes • 3

Engineering Practices • 3 V
F Voltage Monitor module • 20

Failure Rate Data for Availability • 7

Failure Rate Data for SIL Verification • 5
Functional Testing After the Initial
Installation • 9
Functional Testing Changes to the
Installation • 9
I
Installation and Site Acceptance Testing • 9
L
Limits - Environmental Specifications • 8
Limits - Product Life • 7
M
Management of Functional Safety • 2
O
Operations and Maintenance Practices • 3
Ovation SIS Accessories Safety Manual • 1
Ovation SIS Accessories Safety Manual
Overview • 1
P
Product Specific Instructions for the SIS
Relay Module • 13
Product Specific Instructions for the Voltage
Monitor • 19
Proof Testing the SIS Relay • 10
Proof Testing the SIS Relay and Voltage
Monitor • 10
Proof Testing the SIS Relay for AC Wiring •
10

SISREF_46 25