Safety Manual Vers. 2.0 Rev. R1, Feb. 2012 - Draeger … · 4 Safety Manual Scope and purpose of safety manual 1 Scope and purpose of safety manual The purpose of this safety manual

Dräger Polytron 8000/8200/8700/8720

Safety ManualVers. 2.0 Rev. R1, Feb. 2012

i

Content

Content

1 Scope and purpose of safety manual . . . . . . . . . .4

2 Relevant standards . . . . . . . . . . . . . . . . . . . . . . . . .4

3 For your safety . . . . . . . . . . . . . . . . . . . . . . . . . . . .43.1 General safety statements . . . . . . . . . . . . . . . . . . . .43.2 Definition of alert icons . . . . . . . . . . . . . . . . . . . . . . .5

4 Field of application . . . . . . . . . . . . . . . . . . . . . . . . .5

5 Assumptions and restrictions for usage of the gas transmitter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

5.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85.2 Trainings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85.3 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85.4 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85.5 Calibration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85.6 Replacement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85.7 Hardware and/or SW Configuration . . . . . . . . . . . . .85.8 Use of Accessories . . . . . . . . . . . . . . . . . . . . . . . . . .85.9 Access Rights option . . . . . . . . . . . . . . . . . . . . . . . .8

6 Proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96.1 Proof Test Frequencies . . . . . . . . . . . . . . . . . . . . . . .96.2 Visual Inspection Proof Test . . . . . . . . . . . . . . . . . . .96.3 Gas Response Proof Test . . . . . . . . . . . . . . . . . . . . .96.4 Test of the 4 to 20 mA output . . . . . . . . . . . . . . . . .106.5 Test of the relay outputs . . . . . . . . . . . . . . . . . . . . .10

7 Safety relevant parameters . . . . . . . . . . . . . . . . .11

8 Conditions of use . . . . . . . . . . . . . . . . . . . . . . . . .138.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138.2 Access restrictions . . . . . . . . . . . . . . . . . . . . . . . . .138.3 SIL activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138.4 Proof tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138.5 Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138.6 Relays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138.7 4 to 20 mA output . . . . . . . . . . . . . . . . . . . . . . . . . .138.8 Polytron 8700 334/340 . . . . . . . . . . . . . . . . . . . . . .148.9 Polytron 8720 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148.10 Polytron 8200 DD . . . . . . . . . . . . . . . . . . . . . . . . . .148.11 Polytron 8000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

9 Safety functions . . . . . . . . . . . . . . . . . . . . . . . . . .159.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159.2 Safety integrity level . . . . . . . . . . . . . . . . . . . . . . . .159.3 Safety accuracy . . . . . . . . . . . . . . . . . . . . . . . . . . .159.4 Failure rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159.5 Polytron 8700 334/340 . . . . . . . . . . . . . . . . . . . . . .169.6 Polytron 8720 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189.7 Polytron 8200 DD . . . . . . . . . . . . . . . . . . . . . . . . . .209.8 Polytron 8000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

10 Reference documents . . . . . . . . . . . . . . . . . . . . .23

11 List of Abbreviations . . . . . . . . . . . . . . . . . . . . . .24

Safety Manual 3

Scope and purpose of safety manual

1 Scope and purpose of safety manual

The purpose of this safety manual is to document thenecessary information and assumptions that are required forthe integration of the assessed gas transmitters

Dräger Polytron 8000Dräger Polytron 8200 DD

Dräger Polytron 8700 334/340Dräger Polytron 8720

into a safety instrumented system (SIS) - in compliance withthe requirements of IEC 61508 standard.

The safety manual specifies the safety functions. This may beused to support the safety function of a safety instrumentedsystem (SIS).

The safety manual provides the assumptions that have beenmade on the usage of the gas transmitter. If those assumptionscannot be met by the application, the SIL (Safety IntegrityLevel) capability has to be evaluated considering theapplication-specific circumstances.

2 Relevant standards

3 For your safety

3.1 General safety statements

Safe connection of electrical devicesNever connect this instrument to other electrical devices asmentioned in the IFU before consulting the manufacturer oran expert.

Use in areas subject to explosion hazardsInstruments or components for use in explosion-hazardareas which have been tested and approved according tonational, European or international Explosion ProtectionRegulations may only be used under the conditionsspecified in the approval and with consideration of therelevant legal regulations.The instruments or components may not be modified in anymanner. The use of faulty or incomplete parts is forbidden.The appropriate regulations must be observed at all timeswhen carrying out repairs on these instruments orcomponents.Before using this equipment, carefully read the Instructionsfor Use (IFU).Strictly follow the Instructions for Use. The user must fullyunderstand and strictly observe the instructions. Use theequipment only for the purposes and under the conditionsspecified in the Instructions for Use.Comply with all local and national laws, rules andregulations associated with this equipment.Only trained and competent personnel are permitted toinspect, repair and service the product as detailed in theInstructions for Use. Further maintenance work that is notdetailed in these Instructions for Use must only be carriedout by Dräger or personnel qualified by Dräger. Drägerrecommends a Dräger service contract for all maintenanceactivities.Use only genuine Dräger spare parts and accessories,otherwise the proper functioning of the equipment may beimpaired.The threads for the explosion proof enclosure do notconform to the minimum/maximum values in EN/IEC60079-1. The threads must not be reworked by the user.Do not dispose of the Safety Manual. Ensure that they areretained and appropriately used by the equipment user.The measuring function of the gas detection transmitter forexplosion protection, according to Annex II, clauses 1.5.5,1.5.6 and 1.5.7 of Directive 94/9/EC is currently notcovered.Substitution of components may impair intrinsic safety.Only if intrinsic safety is involved.

Safe connection of electrical devicesNever connect this instrument to other electrical devices asmentioned in the Instructions for Use before consulting themanufacturer or an expert.

EN 50402:2005 Electrical apparatus for the detection and measurement of combustible or toxic gases or vapours or of oxygen –requirements on the functional safety of fixed gas detection systems

IEC 61508:2010 Functional safety of electrical / electronic / programmable electronic safety-related systems

4 Safety Manual

Field of application

Using the product in areas subject to explosion hazards:Instruments or components for use in explosion-hazardareas which have been tested and approved according tonational, European or international Explosion ProtectionRegulations may only be used under the conditionsspecified in the approval and with consideration of therelevant legal regulations.The instruments or components may not be modified in anymanner. The use of faulty or incomplete parts is forbidden.The appropriate regulations must be observed at all timeswhen carrying out repairs on these instruments orcomponents.

3.2 Definition of alert iconsThe following alert icons are used in this document to provideand highlight areas of the associated text that require a greaterawareness by the user. A definition of the meaning of eachicon is as follows:

4 Field of applicationThis Safety Manual refers to the herein considered models ofthe product family Polytron 8XX0 gas transmitters forstationary, continuous monitoring of gases and vapours in asuitable atmosphere.The Polytron 8700 334/340 gas transmitter monitors theconcentration of combustible gases and vapours containinghydrocarbons.The Polytron 8720 gas transmitter monitors the concentrationof carbon dioxide.The Polytron 8200 DD gas transmitter monitors theconcentration of combustible gases and vapours containinghydrocarbons and /or H2.The Polytron 8000 gas transmitter monitors the concentrationof toxic gases and vapours or oxygen.

The gas transmitter uses microprocessor technology tomonitor the gas concentration and update the outputsaccordingly. Depending on the model, the outputs are

1. one 4 to 20 mA analogue signal output, where 4 mArepresents 0 % of configured range and 20 mA represents100 % of configured range.

2. two alarm relays and a fault relay output, additionally to theabove mentioned 4 to 20 mA output.

The gas transmitter is designed for one-man calibration andoffers a variety of diagnostics and self test features.Different measured gases are listed in an internal gases library(only Polytron 87X0). For all these gases, an individuallinearization of the output signal corresponding to themeasured gas concentration is provided.Configuration and calibration are menu guided and easy toperform, using a HART®1 handheld terminal or HMI of thePolytron 8XX0 product family.

The safety manual is referring to the following models of Poly-tron 8XX0 product family:

WARNINGIndicates a potentially hazardous situation which, if not avoided, could result in death or serious injury.

CAUTIONIndicates a potentially hazardous situation which, if not avoided, could result in physical injury, or damage to the product or environment. It may also be used to alert against unsafe practices.

NOTICEIndicates additional information on how to use the device.

!

!

ii

1 HART is a registered trademark of HCF, Austin, Texas, USA.

Model Software releaseDräger Polytron 8000 ≥ 1.2

Dräger Polytron 8700 Type 334 ≥ 1.1

Dräger Polytron 8700 Type 340 ≥ 1.1

Dräger Polytron 8720 ≥ 1.1

Dräger Polytron 8200 DD ≥ 1.1

Safety Manual 5

Field of application

Model Part No.

Dräger Polytron 8000Dräger Polytron 8000 d A 4-20/HART 4544403Dräger Polytron 8000 d A 4-20/HART relay 4544404

Dräger Polytron 8000 d S 4-20/HART 4544412Dräger Polytron 8000 d S 4-20/HART relay 4544413

Dräger Polytron 8000 de A 4-20/HART 4544421Dräger Polytron 8000 de A 4-20/HART relay 4544422

Dräger Polytron 8000 de S 4-20/HART 4544430Dräger Polytron 8000 de S 4-20/HART relay 4544431

Dräger Polytron 8700 334Dräger Polytron 8700 334 d A 4-20/HART 4544601Dräger Polytron 8700 334 d A 4-20/HART relay 4544602

Dräger Polytron 8700 334 d S 4-20/HART 4544610Dräger Polytron 8700 334 d S 4-20/HART relay 4544611

Dräger Polytron 8700 334 e A 4-20/HART 4544619Dräger Polytron 8700 334 e A 4-20/HART relay 4544620Dräger Polytron 8700 334 e S 4-20/HART 4544628Dräger Polytron 8700 334 e S 4-20/HART relay 4544629

Dräger Polytron 8700 Re 334 e A 4-20/HART 4544673Dräger Polytron 8700 Re 334 e A 4-20/HART relay

4544674

Dräger Polytron 8700 Re 334 e S 4-20/HART 4544682Dräger Polytron 8700 Re 334 e S 4-20/HART relay

4544683

Dräger Polytron 8700 340Dräger Polytron 8700 340 d A 4-20/HART 4544637Dräger Polytron 8700 340 d A 4-20/HART relay 4544638

Dräger Polytron 8700 340 d S 4-20/HART 4544646Dräger Polytron 8700 340 d S 4-20/HART relay 4544647

Dräger Polytron 8700 340 e A 4-20/HART 4544655Dräger Polytron 8700 340 e A 4-20/HART relay 4544656

Dräger Polytron 8700 340 e S 4-20/HART 4544664Dräger Polytron 8700 340 e S 4-20/HART relay 4544665Dräger Polytron 8700 Re 340 e A 4-20/HART 4544691Dräger Polytron 8700 Re 340 e A 4-20/HART relay

4544692

Dräger Polytron 8700 Re 340 e S 4-20/HART 4544700Dräger Polytron 8700 Re 340 e S 4-20/HART relay

4544701

Dräger Polytron 8720Dräger Polytron 8720 d A 4-20/HART 4544709Dräger Polytron 8720 d A 4-20/HART relay 4544710

Dräger Polytron 8720 d S 4-20/HART 4544718Dräger Polytron 8720 d S 4-20/HART relay 4544719

Dräger Polytron 8720 e A 4-20/HART 4544727Dräger Polytron 8720 e A 4-20/HART relay 4544728

Dräger Polytron 8720 e S 4-20/HART 4544736Dräger Polytron 8720 e S 4-20/HART relay 4544737

Dräger Polytron 8720 Re e A 4-20/HART 4544745Dräger Polytron 8720 Re e A 4-20/HART relay 4544746

Dräger Polytron 8720 Re e S 4-20/HART 4544754Dräger Polytron 8720 Re e S 4-20/HART relay 4544755

Dräger Polytron 8200 DDDräger Polytron 8200 DD d A 4-20/HART 4544439Dräger Polytron 8200 DD d A 4-20/HART relay 4544440

Dräger Polytron 8200 DD d S 4-20/HART 4544448Dräger Polytron 8200 DD d S 4-20/HART relay 4544449

Dräger Polytron 8200 DD e A 4-20/HART 4544457Dräger Polytron 8200 DD e A 4-20/HART relay 4544458

Dräger Polytron 8200 DD e S 4-20/HART 4544466Dräger Polytron 8200 DD e S 4-20/HART relay 4544467

Dräger Polytron 8200 Re DD e A 4-20/HART 4544511Dräger Polytron 8200 Re DD e A 4-20/HART relay

4544512

Dräger Polytron 8200 Re DD e S 4-20/HART 4544520Dräger Polytron 8200 Re DD e S 4-20/HART relay

4544521

Model Part No.

6 Safety Manual

Assumptions and restrictions for usage of the gas transmitter

5 Assumptions and restrictions for usage of the gas transmitter

5.1 GeneralFor proper installation, operation, maintenance and calibrationof the gas transmitter and its accessories strictly follow theInstructions for Use as well as the Assembly Instructions forAccessories.

5.2 TrainingsFor available trainings contact DrägerService® 1

5.3 InstallationThe parameterisation of the gas transmitter must be checkedafter installation. Also a calibration and a proof test (seeSection 6 on Page 8) have to be executed. The user has toensure that the requirements regarding supply voltage andpower consumption, as well as the 4 to 20 mA looprequirements are within the specified range.The accuracy of gas measurement is dependent upon ambientparameters. See Instructions for Use for details and measuringperformance.

5.4 MaintenanceThe reason for repeated maintenance of the gas transmitter isto ensure the safety function of the instrument. Therefore thefunctionality, the calibration and the parameterisation of thegas transmitter has to be checked at regular intervals takinginto account the application requirements.

5.5 CalibrationFor calibration ensure that only approved and certifiedcalibration gas is used in accordance with the internalparameterisation of the gas transmitter.If the deviation of the calibration result is outside thecorresponding limits listed in the Instructions for Use, thefollowing actions are recommended to be performed:

Check if the optical surface areas have not beencontaminated (only Polytron 87X0).Check the leak tightness of the calibration equipment.Check filters and/or chemical convertersEnsure proper calibration gas flow.Rerun the calibration.

See Instruction for Use for calibration procedure.

5.6 ReplacementIf a gas transmitter needs to be replaced (for repair orexchange), the parameterisation of the replacing gastransmitter must be checked. A calibration and a proof testhave to be executed. The time assumed for replacement iseight hours.

5.7 Hardware and/or SW ConfigurationThe gas transmitter is configurable over a wide range ofsettings. If any setting is changed the parameters must beconfirmed by the authorized personal. Check all parameterslisted on the confirmation screen.

5.8 Use of AccessoriesUse only original Polytron 8700 334/340, Polytron 8720, andPolytron 8200 DD and Polytron 8000 accessories. Forinstallation information, Part No. and description, seeInstructions for Use.

5.9 Access Rights optionThree levels of access rights and related user groups ofdifferent qualification are distinguished.

Operator – Shall not know any password to unlock thePolytron 8XX0 for calibration or modification of parameters.Calibration personnel – Knows the password for calibrationto unlock the Polytron 8XX0 for calibration purposes and tolock it again after successful calibration. Additionally hecan see some parameters but he cannot change anysafety-related parameters.Parameterization personnel – Knows the password tounlock the Polytron 8XX0 for modification andparameterization of safety-related parameters. Additionallyhe/she can see and modify all the other parameters tooand can make a calibration.

NOTICESee Instructions for Use for information about assembly and functional description, operating conditions and interface specification.

1 DrägerService is a registered trademark from Dräger.

ii

CAUTIONCheck if the replacing gas transmitter SIL option has been activated, if not activate it.

CAUTIONThe usage of HART signal and the usage of the serial output signal is not allowed in safety-related applications, only the following outputs may be used in SIL 2 applications:

a. 4 to 20 mA b. Relays

!

!

Safety Manual 7

Proof test

6 Proof testAll safety-related data are based on repeated proof testsperformed at regular intervals, provided that the proof testshave been successful.Proof testing is an essential part of functional safety becausethis is the only way to reveal dangerous undetected failures.The compliance with these proof test intervals is under theresponsibility of the user of the safety equipment.During the proof test the functional safety is affected and mustbe ensured by other measures, also organisational measures,or the safety instrumented system needs to be forced andmaintained in a safe state.

The proof test consists of the following steps, as described inthe following chapters.

6.1 Proof Test FrequenciesSuitable intervals for inspection and maintenance have to bedefined according to the desired application and the SILcapability. It has to be taken into account that the calibrationintervals may be part of the characterization of the SILcapability.

6.2 Visual Inspection Proof TestVisual inspection of the Polytron 8XX0 gas detector shall beconducted weekly to confirm that no external blockage of gas/vapor path into the sensing chamber exists, eg. debris, trash,snow, mud, external equipment, etc. Corrective action shallinclude removal of such impediments should they exist. All gasdetectors must be inspected to ensure that they are capable ofproviding expected performance and protection. Applicationdependent, shorter proof test interval may be necessary.

6.3 Gas Response Proof Test

6.3.1 Gas response test 1Gas response test 1 consists of the following steps, asdescribed in Table 1 Gas response test 1.

Table 1 Gas response test 1

This test will detect approximately 50% of possible “dangerousundetected (du)” failures in the transmitter.

6.3.2 Gas response test 2Gas response test 2 consists of the following steps, asdescribed in Table 2 Gas response test 2.

Table 2 Gas response test 2

This test will detect more than 90 % of possible “du” failures inthe transmitter.

NOTICENot only the gas transmitter needs to be tested, but the safety function of the whole safety instrumented system

Test Frequency per week Frequency per yearVisual Inspection Proof Test

11

1 EN 50402, 5.2.4, SIL2 application: Must not be exceeded if the transmitter contains filter or chemical converters.

521

Gas Response Proof Test

Shall be determined application dependent.

Test of the 4 to 20 mA output

1

Test of the relay outputs

Shall be determined application dependent.

Step Action

1 If necessary remove protective equipment (splashguard, etc.).Check if external blockage of gas/vapor path into the sensing chamber exists, eg. debris, trash, snow, mud, external equipment, etc.

2 Remove such impediments should they exist.

ii

3 Check the status LEDs/Display

Step Action

1 Bypass the safety PLC or take other appropriate action to avoid a false trip ( i.e inhibit alarms)

2 Apply an adequate gas concentration to reach the desired alarm value(s) (A1, A2), in order to verify that: Configuration 4 to 20 mA: The analog output current is equal to applied gas concentration within an acceptable, application-specific tolerance. Configuration Relay: The corresponding Alarm relay will be de-energized.Configuration Profisafe: The measured value is equal to applied gas concentration within an acceptable, application-specific tolerance.This tests for compliance voltage problems such as a low loop power supply voltage or increased wiring resistance. This also tests for other possible failures.

NOTICEThe relay reaction is configuration-dependent. Alarm acknowledgment could be required after the gas concentration has reached a “non alarm” concentration to reset the alarm state.

3 Repeat step 2 for every alarm value.

4 Restore the loop to full operation

5 Remove the bypass from the safety PLC or otherwise restore normal operation

Step Action

1 Bypass the safety PLC or take other appropriate action to avoid a false trip

2 Perform a two-point calibration of the transmitter ( Zero and Span calibration )

3 Perform Proof Test 1



Step Action

ii

8 Safety Manual

Proof test

6.4 Test of the 4 to 20 mA outputTest of the 4 to 20 mA output will check the correct setting ofthe 4 to 20 mA output.

6.5 Test of the relay outputsTest of the relay output will check the correct function of therelay outputs.

Step Action


2 Send a command to the transmitter to set the output current above the desired alarm value to verify that the analog current reaches that value.

3 Send a command to the transmitter to go above the low alarm current output and verify that the analog current reaches that value.



Step Action


2 Check the “A1” relay by using the test function.

3 Check the “A2” relay by using the test function.

4 Check the “Fault” relay by using the test function.



Safety Manual 9

Safety relevant parameters

7 Safety relevant parameters

Parameter ConfirmationScreen

Gas settingsMeasured gas

Gas Selected measured gas (e.g. “Methane”)

LEL category Category Three categories available 1: NIOSH, 2: “IEC”, 3: “PTB”

Measured gas unit

Unit Selected gas unit (e.g. “%LEL”)

Range Range Measurement value which leads to an output 20 mA signal.

LEL of measured gas

LEL Gas Gas concentration in Vol.-% where the Lower Explosion Limit (LEL) is 100 % depending on national or regional regulations.

LEL gas de-fault

Default gas concentration in Vol.-% where the Lower Explosion Limit (LEL) is 100 % depending on national or regional regulations.

Capture limits

Negative cap-turePositive cap-ture

Clamping of measurements in range of the capture offset value + positive/negative capture for both display and current output.

Capture value

Capture off-set

Concentration, where the capture value is active. Smoothing of measurements close to the capture offset value for both display and current output.

Calibration gas

Calibration gas

Selected calibration gas (e.g. “Methane”).

Calibration unit

Selected unit for calibration gas concentration (e.g. “Vol.-%” ).

LEL cal. gas Calibration gas LEL conversion factor.

Calibration gas concent-ration

Not listed Concentration of calibration gas. The user has to check the parameter against labelling of the calibration gas cylinder.

Sensor test Enables and disables the sensor selftest of the electrochemical sensor. Must be activated for SIL applications.

Sensorlock Sensor lock If Sensor lock activated, the Polytron 8000 checks a replaced sensor against the previous installed sensor. For Polytron 8000 a different sensor part number will be rejected.For Polytron 8700 a PIR 7000 transmitter with a different wavelength will be rejected if Sensor lock is activated.

RelaysAlarm enable/disable

Alarms When Alarms are set to disabled, the alarm logic is disabled.

Alarm con-centration

A1 alarmA2 alarm

Gas concentration in configured unit, where the alarm will be activated.

Hysteresis A1 hysteresisA2 hysteresis

Concentration bandwidth, where the alarm is valid after it has been activated.

Alarm mode A1 latchingA2 latching

A1 directionA2 direction

A1 acknow-ledgeA2 acknow-ledge

A1 relayA2 relay

Latching – not latching: In non-latching mode, the alarm status clears if the gas concentration does not meet the alarm condition anymore.

Rising – falling: Configuring whether the alarm should be triggered by a rising or falling gas concentration.

Acknowledgeable – not acknowledgeable: In Acknowledgeable configuration, the alarm relay can be reset, before alarm conditions clear.

Normally energized – energized:“Normally energized” means, the relay coil is energized if the alarm condition is not met. Due to this, a power fail will lead to an alarm.

Parameter ConfirmationScreen

10 Safety Manual

Safety relevant parameters

WARNINGThe end user must ensure that the capture value is below the alarm value.

CAUTIONCorrect parameterization must be checked by a gas proof test.

NOTICEDefault configuration parameter are device and sensor dependent. Refer to the Instruction for Use and sensor datasheet for further information.

!

!

ii

Safety Manual 11

Conditions of use

8 Conditions of use

8.1 GeneralTo ensure overall system performance and effectiveness, theselection of an installation site for the transmitter is the mostimportant factor. Considerable thought must be given to everydetail of installation, particularly:

The local, state, federal codes and requirements thatgovern the installation of gas monitoring equipment.The electrical codes that govern the routing and connectionof electrical power and signal cables to gas monitoringequipment.For non-conduit installations, an approved cable gland(See Section 8.1, Approvals) must be used (e.g. HawkeA501/421/A/¾”NPT or equivalent). It might be necessary toconnect the shield of the cable to the cable gland and to thecontroller in order to improve RFI immunity.The full range of environmental conditions to which thetransmitters will be exposed to.The physical data of the gas or vapor to be detected.The specifics of the application (e.g. possible leaks, airmovement/draft, etc.).The degree of accessibility required for maintenancepurposes.The types of optional and accessory equipment that will beused with the system.Any other limiting factors or regulations that would affectsystem performance or installations.Only properly trained personnel may use and service thisequipment. For available trainings contact DrägerService.

8.2 Access restrictions

8.3 SIL activation

8.4 Proof tests

8.5 FiltersFilters and chemical converters required for the safety functionshall be checked frequently. The test interval depends on theapplication and the environmental conditions.

8.6 Relays

8.7 4 to 20 mA output

CAUTIONThe end user must ensure, that only personnel qualified for calibration may know the password to unlock the Polytron 8XX0 for calibration

The end user must ensure that only personnel qualified for parameterization know the password to unlock the device for parameterization.

CAUTIONSIL activation of the Polytron 8XX0 must be set to enabled for use in safety applications.

!

!

CAUTIONProof tests shall be performed at regular intervals. The proof test interval shall be determined with respect to the application.

WARNINGInstallation of filters and chemical converters may affect sensitivity, gas response time and/or cross sensitivity.

Filters may increase the gas response time and therefore the time to alarm.

Filters have a limited capacity and must be exchanged. The exchange interval is application-dependent.

NOTICEFor EN5042 compliance, the test interval must not exceed 1 week

CAUTIONThe relays must be externally fused with a 3 A fuse and operated normally energized.

NOTICEFor combustible applications, an alarm set point ≤40 %LEL is recommended.

The fault relay indicates the special state fault only. Other special states should be monitored via the 4 to 20 mA output.

CAUTIONThe user must ensure that the special states are configured below 2 mA.

NOTICEThe analog offset correction of the 4 to 20 mA output is limited ±0.1 mA, if SIL is activated.

!

!

ii

!

ii

!

ii

12 Safety Manual

Conditions of use

8.8 Polytron 8700 334/340

8.9 Polytron 8720

8.10 Polytron 8200 DD

8.10.1 Poisoning substancesCertain substances in the atmosphere to be monitored canimpair the sensitivity of the catalytic bead sensor.The following are known at present:1. Polymerizing substances such as ethylene oxide,

acrylonitrile, butadiene, styrene.2. Catalyst poisons such as sulphur and phosphorous

compounds, halogenated hydrocarbons, siliconcompounds and metal vapours.

8.10.2 Required O2 concentrationCatalytic bead sensors require a minimum oxygenconcentration to work properly.

8.11 Polytron 8000

NOTICEThe PIR 7000 may not be configured standalone.

NOTICEThe PIR 7200 may not be configured standalone.

WARNINGThe end user must ensure that no poisoning substances in the application exist.

WARNING An O2 concentration ≥12 Vol.-% is required.

ii

ii

!

!

WARNING

Refer to the applicable sensor datasheet for detailedinformation and constraints in safety relatedapplications.

Contact Dräger to ensure suitability of the electroche-mical sensor in your specific safety related application.

CAUTIONDongle with functionality sensor test must be installed.

Sensor test must be enabled.

Sensor lock must be enabled.

Configured range must be ≥ sensor default range.

Exchange of sensor must be done via menu “changesensor”.

Toxic substancesCertain substances in the atmosphere to be monitoredcan impair the sensitivity of the EC sensor.

!

!

Safety Manual 13

Safety functions

9 Safety functions

9.1 GeneralThe gas detector Polytron 8XX0 shall monitor gasconcentrations of combustible or toxic gases and vapors orCO2 or O2 in the ambient air by using different sensortechnologies and set the outputs based on this monitoring.The outputs consists of 1 A 4 to 20 mA output that reflects the gas concentration

where 4 mA represents 0 % of range 20 mA represents 100 % of range2 2 alarm relays with configurable alarms. The relay will be

switched when gas concentration exceeds the configured threshold value.1 fault relay

9.2 Safety integrity level

9.3 Safety accuracy

Definition Fail Dangerous: Failure that does not respond to ademand from the process (i.e. being unable to go to thedefined fail-safe state) or deviates the output measurementvalue more than 20 % of full scale.The deviation between measured value and true concentrationcan exceed above errors, depending on application conditions.

9.4 Failure rates

9.4.1 AssumptionsThe following assumptions have been made during the FailureModes, Effects, and Diagnostic Analysis (FMEDA) of the gastransmitters Polytron 8700 334/340, Polytron 8720, Polytron8200 DD and Polytron 8000.

Failure rates are constant, wear out mechanisms are notincluded.Propagation of failures is not relevant.Failures during parameterization are not considered.Sufficient tests are performed prior to shipment to verify theabsence of vendor and/or manufacturing defects thatprevent proper operation of specified functionality toproduct specifications or cause operation different from thedesign analyzed.Materials are compatible with process conditions.The instrument is locked against unintended operation/modification.External power supply failure rates are not included.The mean time to restoration (MTTR) after a safe failure is8 hours.The test time of a connected safety PLC to react on adangerous detected failure and bring the process to thesafe state is 1 hour.

The 4 to 20 mA output signal is fed to a SIL 2 compliantanalogue input board of a safety PLC.The listed failure rates are valid for operating stressconditions typical of an industrial environment similar toIEC 60654-1 class C (sheltered location) with temperaturelimits within the manufacturer’s rating and an averagetemperature over a long period of time of 40 °C (25 °Cambient temperature plus internal self heating). For ahigher average temperature of 60 °C, the failure ratesshould be multiplied with an experience-based factor of2.5. A similar multiplier should be used if frequenttemperature fluctuation (daily fluctuation of > 15 °C) mustbe assumed. Humidity levels are assumed withinmanufacturer’s rating.Only the described versions are used for safetyapplications.The application program in the safety logic solver isconfigured according to NAMUR NE43 to detect under-range and over-range failures and does not automaticallytrip on these failures; therefore these failures have beenclassified as dangerous detected failures.General necessary gas detection tests have successfullybeen passed.

9.4.2 Useful lifetimeAlthough a constant failure rate is assumed by the probabilisticestimation method, this only applies provided that the usefullifetime of components is not exceeded. Beyond their usefullifetime the result of the probabilistic calculation method istherefore meaningless, as the probability of failure significantlyincreases with time. The useful lifetime varies and is highlydependent on the component itself and other factors, includingbut not limited to its operating frequency and conditions –temperature in particular.This assumption of a constant failure rate is based on the“bathtub curve”, which shows the typical behaviour for theelectronic components. Therefore it is obvious that thePFDAVG calculation is only valid for components which havethis constant domain and that the validity of the calculation islimited to the useful lifetime of each component. Theexperience-based useful lifetime is usually between 8 and12 years.

Fail-Safe State 4 to 20 mA configuration: The fail safe state is defined as the analog output will be in the failure information range according to Namur NE43.

Fail Safe State Relay: The fail safe state is defined as setting the Fault relay to the de-energized state. The fault relay must be normally energized.

14 Safety Manual

Safety functions

9.5 Polytron 8700 334/340

9.5.1 4 to 20 mA current outputThe entire valid measurement range for the output signal isbetween min. 3.8 mA and max. 20.5 mA. Fault, maintenance and beam block warning signal may beconfigured as follows.

Parameters related to the above safety function

Operation in current source mode

Operation in current sink operation

9.5.2 Relay outputThe relay output consists of a Fault, an A1 and an A2 relay.A device error will be indicated by switching the fault relay.The Alarm relays may be configured application dependent.


Current[mA]

Meaning Configurable(0.7 … 3.6 mA)

< 1.2 Fault Yes

3.4 Maintenance signal Yes

2 Beam block warning Yes

> 21 Defect in analogue interface

---

NOTICEFor detailed information see Instruction for Use.

Diagnostic test interval 24 h

Hardware Fault Tolerance (HFT) 0

Component type Type B

SIL capability SIL 2

Description of the safe state Configured alarm≤ 3,6 mA

Architecture 1oo1

MTBF 56 years

Useful lifetime (maximum, see 9.4.2) 10 years

Failure category Failure rates (in FIT)λSD Fail safe detected 0

λSU Fail safe undetected1

1 λSU has been added λDD because of fail low behaviour in current sink or current source mode operation.

0

λDD Fail dangerous detected 1137

λDU Fail dangerous undetected 65

λAU Fail annunciation undetected 17

Safe failure fraction (SFF) 94.6 %

DCD 94.6 %

PFDAVG (T[Proof] = 1 year) 5.70E-04

ii




0





DCD 94.7 %


Default Meaning ConfigurableFault A fault has been

detected.No

A1 Configured A1 alarm conditions have been detected.

Yes

A2 Configured A2 alarm conditions are detected.

Yes

NOTICEFor detailed information see chapter 7, 8.6 and Instruction for Use.


Hardware Fault Tolerance (HFT) 0




Architecture 1oo1

MTBF 53 years

Useful lifetime (maximum, see 9.4.2) 10 years

ii

Safety Manual 15

Safety functions

Failure rate


λSU Fail safe undetected 242





DCD 90.1 %


16 Safety Manual

Safety functions

9.6 Polytron 8720





9.6.2 Relay outputThe relay output consists of a Fault, an A1 and an A2 relay. Adevice error will be indicated by switching the fault relay. TheAlarm relays may be configured application dependent.


Current[mA]


< 1.2 Fault Yes


2 Beam block warning

Yes


---



Hardware Fault Tolerance (HFT)

0




Architecture 1oo1

MTBF 61 years

Useful lifetime (maximum, see 9.4.2

10 years




0





DCD 94.6 %


ii




0





DCD 94.7 %


Relay Meaning Configurable

Fault A fault has been detected.

No


Yes


Yes




0




Architecture 1oo1

MTBF 53 years

Useful lifetime (maximum, see 9.4.2)

10 years

ii

Safety Manual 17

Safety functions

Failure rate







DCD 90.1 %


18 Safety Manual

Safety functions

9.7 Polytron 8200 DD





9.7.2 Relay outputThe relay output consists of a Fault, an A1 and an A2 relay. Adevice error will be indicated by switching the fault relay. TheAlarm relays may be configured application dependent.


Current[mA]


< 1.2 Fault Yes



---



Hardware Fault Tolerance (HFT

0




Architecture 1oo1

MTBF 29 years


10 years




0





DCD 94.0 %


ii




0





DCD 94.0 %


Default Meaning Configurable


No


Yes


Yes




0




Architecture 1oo1

MTBF 28 years


10 years

ii

Safety Manual 19

Safety functions

Failure rate







DCD 91.0 %


20 Safety Manual

Safety functions

9.8 Polytron 8000

9.8.1 4 to 20 mA current outputThe entire valid measurement range for the output signal isbetween min. 3.8 mA and max. 20.5 mA. Fault, maintenance, and Beamblock warning signal may beconfigured as follows.




9.8.2 Relay outputThe relay output consists of a Fault, an A1 and an A2 relay.A device error will be indicated by switching the fault relay.The Alarm relays may be configured application dependent.


Current[mA]


< 1.2 Fault Yes



---




0




Architecture 1oo1

MTBF 53 years


10 years




0





DCD 93.3 %


ii




0





DCD 93.4 %


Default Meaning Configurable


No


Yes


Yes




0




Architecture 1oo1

MTBF 50 years


10 years

ii

Safety Manual 21

Reference documents

Failure rate 10 Reference documents







DCD 88.0 %


Document Order no

Instructions for Use (en)Dräger Polytron 8700/8720

90 33 303

Instructions for Use (en)Dräger Polytron 8200/8310

90 33 302

Instructions for Use (en)Dräger Polytron 8000

90 33 301

22 Safety Manual

List of Abbreviations

11 List of Abbreviations

AU, Annunciation undetected (failure)

An annunciation failure (AU) is defined as a failure that does not directly impact safety but does impact the ability to detect a future fault (such as a fault in a diagnostic circuit). For the calculation of the SFF it is treated as no effect failure and has not been taken into account.

DCD Diagnostic Coverage of dangerous failures DCD = λDD / (λDD + λDU)

DU Dangerous Undetected (failure)

FMEDA Failure Modes, Effects, and Diagnostic Analysis

HART Highway Addressable Remote Transducer

HFT Hardware Fault Tolerance

IR Infrared

Low demand mode Mode, where the frequency of demands for operation made on a safety-related system is no greater than one per year and no greater than twice the proof test frequency.

MTBF Mean time Between Failure

MTTR Mean time To Restoration

PFD Probability of Failure on Demand

PFH Probability of dangerous Failure per HourThe term “Probability” is misleading, as IEC 61508 defines a Rate.

PLC Programmable Logic Controller

SFF Safe Failure Fraction; summarises the fraction of failures, which lead to a safe state and the fraction of failures which will be detected by diagnostic measures and lead to a defined safety action. SFF = (λS + λDD )/ (λS + λD)λS = λSD + λSUλD = λDD + λDU

SIL Safety Integrity Level

SIS Safety Instrumented System

Type B component “Complex” component (using micro controllers or programmable logic); for details see 7.4.3.1.3 of IEC 61508-2

T[Proof] Proof test interval

Safety Manual 23


24 Safety Manual


Safety Manual 25


26 Safety Manual

Dräger Safety AG & Co. KGaARevalstraße 123560 Lübeck, GermanyTel +49 451 882 0Fax +49 451 882 20 80www.draeger.com

Manufacturing Location:Draeger Safety, Inc.101 Technology DrivePittsburgh, PA 15275-1057, USAPhone +1 412 7 87 - 83 83Fax +1 412 7 87 - 22 07

90 33 307 - TM 4683.605© Dräger Safety AG & Co. KGaAEdition 02 - February 2012 (Edition 01 - September 2011) Subject to alteration

Safety Manual Vers. 2.0 Rev. R1, Feb. 2012 - Draeger … · 4 Safety Manual Scope and purpose of safety manual 1 Scope and purpose of safety manual The purpose of this safety manual

Documents