FMEA

IEC 61508
Data Declaration
DOCUMENT NO. MTL09FMEA4546Y/1

Declaration relating to: MTL4546Y and MTL5546Y

Manufactured and assessed by:

Measurement Technology Limited, Power Court, Luton, Bedfordshire, LU1 3JJ

This document is issued as a summary of the hardware failure data affecting the application of the
equipment as a sub-system being part of a Safety Function intended to conform with the requirements
of IEC61508 - Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related
Systems. The hardware has been subjected to a Failure Modes and Effects Analysis (FMEA) to
determine the specific failure modes and failure rates with the relevant results presented herein.

Product Description
The MTL4546Y and MTL5546Y accept 4/20mA floating signals from a safe-area controller to drive
a current/pressure converter (or any other load up to 800) in a hazardous area. For smart valve
positioners, the module also permits bi-directional transmission of digital communication signals.
Process controllers with a readback facility can detect open circuits in the field wiring: if these occur,
the current taken into the terminals drops to a preset level. The MTL4546Y and MTL5546Y provide
open circuit detection only.

Product Failure Rates

The hardware assessment shows that MTL4546Y and MTL5546Y Isolating drivers

Have a hardware fault tolerance of 0

Are classified as Type A device

It is assumed that the module is powered from a nominal 24Vdc supply.

The definitions for product failure of the MTL4546Y and MTL5546Ywere determined as:-

Failure mode Failure rate (FIT)

Output current >21mA (upscale) 3
Output current <3.6mA (downscale) 276
Output current within range but >2% in error 58
Output current correct within 2% 289

FMEA/DD4546Y/02/09 Page 1 of 2
 FMEA
IEC 61508
Example of use in a safety function
In this example, the application context is assumed to be:

the safety function is to repeat current within 2%

The failure modes shown above can then be defined as

Failure mode Category
Output current >21mA (upscale) Dangerous undetected, du
Output current <3.6mA (downscale) Dangerous undetected, du
Output current within range but >2% in error Dangerous undetected, du
Output current correct within 2% Safe undetected, su
The failure rates for these categories are then (FITs)
Model sd su dd du
MTL4546Y and MTL5546Y 0 289 0 337

In this example, the safe failure fraction is 46% and so the devices meet the hardware architecture
constraints to be used as single devices in Safety Instrumented Functions up to SIL1.

Notes
FITs means failures per 109 hours or failures per thousand million hours.
Reliability data for this analysis is taken from IEC TR 62380:2004 Reliability Data
Handbook.
Failure mode distributions are taken principally from IEC 62061:2005 Safety of Machinery.
Proof testing must be carried out according to the application requirements, but it is
recommended that this be carried out at least once every three years.
Consideration should be made of the normal lifetime for a device of this type which would be
in the region of ten years.
There are no internal diagnostic elements of this product.
The transmission of HART data is not considered as part of the safety function and is
excluded from this analysis.
For all other product parameters related to its application (voltage range, environment, etc.)
please refer to the published MTL data sheet for this product, at www.mtl-inst.com.

Signed on behalf of MTL

Analyst Chief Technical Officer
Simon Ansell Jon Malins

Si d
Date: 10th Feb 2009 Date: 29th April 2009

FMEA/DD4546Y/02/09 Page 2 of 2