January 2017 Rosemount 2140:SIS Level Detector...Fail dangerous Failure that does not respond to an...

Manual Supplement00809-0200-4140, Rev AA

January 2017

Rosemount 2140:SIS Level DetectorFunctional Safety Manual


ContentsJanuary 2017

Contents
1Section 1: Introduction
1.1 Scope and purpose of the safety manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Safety messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.3 Terms and definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.4 Skill level requirement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.5 Documentation and standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2Section 2: Product Description2.1 Operation principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.2 Level detector purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3 Ordering information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.4 Ready for upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.5 Safety Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3Section 3: Designing a Safety Function Using the Rosemount 2140:SIS

3.1 Safety function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 Environmental limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.3 Application limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.4 Design verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.5 Safety Instrumented System (SIS) certification . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.6 Safety certified identification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.7 Proof testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.7.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.7.2 Comprehensive proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.7.3 Partial proof test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.7.4 Proof-test interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.7.5 Tools required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.7.6 Data required. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.8 Connection of the level detector to the SIS logic solver . . . . . . . . . . . . . . . . . . . . 14

3.9 General requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.10SIS example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

4Section 4: Installation and Commissioning4.1 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

iiiContents

iv


ContentsJanuary 2017

4.2 Physical location and placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.3 Electrical connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.4 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4.4.1 Hardware configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4.4.2 Software configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

5Section 5: Operation and Maintenance5.1 Proof-test requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.2 Repair and replacement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.3 Notification of failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

AAppendix A: SpecificationsA.1 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

A.2 Useful life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

A.3 Useful lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

BAppendix B: Proposed Full Proof-test ProcedureB.1 Suggested proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

B.2 Full Proof Test Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

B.3 Impact on SIF and process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

B.4 Duration of full proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

B.5 Personal safety concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

CAppendix C: Proposed Partial Proof-test ProcedureC.1 Suggested proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

C.2 Full Proof Test Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

C.3 Impact on SIF and process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

C.4 Duration of full proof-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

C.5 Personal safety concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

DAppendix D: PFDAVG CalculationD.1 Average probability of failure on demand (PFDAVG) . . . . . . . . . . . . . . . . . . . . . . 33

EAppendix E: PFH CalculationE.1 Probability of dangerous failure per hour (PFH) . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

FAppendix F: Diagnostic IntervalsF.1 Diagnostic checks and intervals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Contents


IntroductionJanuary 2017

Section 1 Introduction

1.1 Scope and purpose of the safety manualThis safety manual contains the information to design, install, verify and maintain a Safety Instrumented Function (SIF) utilizing the Rosemount 2140:SIS Level Detector (“level detector”).

The manual provides the necessary requirements to enable the integration of the level detector when showing compliance with the IEC 61508 or IEC 61511 functional safety standards. It indicates all assumptions that have been made on the usage of the level detector. If these assumptions cannot be met by the application, the SIL capability of the level detector may be adversely affected.

NoteFor product support, use the contact details on the back page.

1.2 Safety messagesProcedures and instructions in this section may require special precautions to ensure the safety of the personnel performing the operation. Information that raises potential safety issues is indicated by a

warning symbol ( ). Refer to the following safety messages before performing an operation preceded by this symbol.

NoteCustomer must follow the “Application limits” on page 9.

Failure to follow these guidelines could result in death or serious injury.

Make sure only qualified personnel perform the installation.Explosions could result in death or serious injury.

Verify that the operating environment of the level detector is consistent with the appropriate hazardous locations certifications.

Before connecting a Field Communicator in an explosive atmosphere, make sure the instruments in the loop are installed in accordance with intrinsically safe or non-incendive field wiring practices.

Do not remove the level detector covers in explosive atmospheres when the circuit is alive.

Both level detector covers must be fully engaged to meet explosion-proof requirements.Electrical shock can result in death or serious injury.

Avoid contact with the leads and terminals. High voltage that may be present on leads can cause electrical shock.

Make sure the main power to the level detector is off, and the lines to any other external power source are disconnected or not powered while wiring the level detector.

1Introduction



1.3 Terms and definitionsTable 1-1. Terms and Definitions

Term Definition

BPCS Basic Process Control System

λDU Dangerous Undetected

λDD Dangerous Detected

λSU Safe Undetected

λSU Safe Detected

CPT Comprehensive Proof Test

Diagnostic Coverage [DC] Percentage of detectable faults to undetectable faults

Diagnostic Test Interval

Time during which all internal diagnostics are carried out at least once.

EFP Enhanced Features Package

Fail-safe state State where switch output is in the state corresponding to an alarm condition. In this condition the switch contacts will normally be open.

Fail dangerous Failure that does not respond to an input from the process (i.e. not switching to the fail-safe state).

FIT Failure In Time per billion hours

Fail Dangerous Detected

Failure that is dangerous but is detected.

Fail Dangerous Undetected

Failure that is dangerous and that is not detected.

Fail No Effect Failure of a component that is part of the safety function but that has no effect on the safetyfunction.

Fail Safe Failure that causes the switch to go to the defined fail-safe state without an input from the process.

FMEDA Failure Modes, Effects and Diagnostic Analysis

HART® Highway Addressable Remote Transducer

Functional Safety Part of the overall safety relating to the process and the BPCS which depends on the correct functioning of the SIS and other protection layers.

HFT Hardware Fault Tolerance as defined by 61508-2 7.4.4.1.1

High demand mode The safety function is only performed on demand, in order to transfer the EUC (Equipment Under Control) into a specified safe state, and where the frequency of demands is greater than one per year (IEC 61508-4).

Low demand mode The safety function is only performed on demand, in order to transfer the EUC into a specified safe state, and where the frequency of demands is no greater than one per year (IEC 61508-4).

Level detector response time

The time from a step change in the process until level detector output reaches 90% of its final steady state value (step response time as per IEC 61298-2).

PFDAVG Average Probability of Failure on Demand

2 Introduction



PFH Probability of dangerous failure per hour.

PPT Partial Proof Test

Random Integrity The SIL limit imposed by the architectural constraints that must be met for each element.

Safety Demand Interval

The expected time between safety demands.

Systematic Capability A measure (expressed on a scale of SC 1 to SC 4) of the confidence that the systematic safety integrity of an element meets the requirements of the specified SIL, in respect of the specified element safety function, when the element is applied in accordance with the instructions specified in the compliant item safety manual for the element as per 61508-4

SFF Safe Failure Fraction

SIF Safety Instrumented Function

SIL Safety Integrity Level - a discrete level (one out of four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems. SIL 4 has the highest level of safety integrity, and SIL 1 has the lowest level.

SIS Safety Instrumented System (SIS) - an instrumented system used to implement one or more safety instrumented functions. An SIS is composed of any combination of sensors, logic solvers, and final elements.

Type B device Complex device using controllers or programmable logic, as defined by the standard IEC 61508.

Table 1-1. Terms and Definitions

3Introduction



1.4 Skill level requirementSystem design, installation and commissioning, and repair and maintenance shall be carried out by suitably qualified personnel.

1.5 Documentation and standardsThis section lists the documentation and standards referred to by this safety manual.

Table 1-2. Associated Documentation

Documents Purpose of documents

IEC 61508-2: 2010 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems

MOB 15-08-12 R001 V1R1 FMEDA 2140:SIS.pdf

FMEDA Report Version V1, Revision R1, or later, for the Rosemount 2140:SIS level detector

00813-0100-4140 Rosemount 2140:SIS Level Detector Product Data Sheet

00809-0100-4140 Rosemount 2140 Level Detector Reference Manual

Table 1-3. Associated Standards

Standards Purpose of standards

IEC 61508: 2010 Functional Safety of electrical/electronic/programmable electronic safety-related systems

IEC 61511(ANSI/ISA 84.00.01-2004)

Functional safety - Safety instrumented systems for the process industry sector

IEC 60664-1 Insulation coordination for equipment with low voltage systems

IEC 61984 Connectors - Safety requirements and test

HRD 5:1994 Handbook of Reliability Data for Components used in Telecommunication systems

4 Introduction


Product DescriptionJanuary 2017

Section 2 Product Description

2.1 Operation principle The Rosemount 2140:SIS Level Detector (“level detector”) consists of a tuned fork with a driver and receiver element, and integral interface electronics. The level detector is based on the principle that the resonant frequency of a tuned fork changes when it is immersed in a liquid. The frequency change is detected and used to switch an electronic output.

The device output is 4-20 mA.

NoteFor all product information and documentation downloads, visit Emerson.com/Rosemount.

2.2 Level detector purpose The Level switch indicates, by means of an electronic output, whether the level of a process liquid is above, or below, a certain point (the switching point).

Figure 2-1. Example Applications

High and low alarm Overfill protectionPump control

5Product Description

http://www.emerson.com/en-us/automation/rosemount



2.3 Ordering informationTypical Model Number: 2140 F H A 1 M S 1 NN B A 0000 1 NA Q4 Q8

The first option code after “2140” indicates the profile type:

F = Functional safety / SIS applications

A = Standard monitoring and control application

A level detector with profile type F has achieved a SIL rating. See Table 3-1 on page 11 for Safety Instrumented System (SIS) parameters.

The other option codes in the model number refer to materials, fittings, and other mechanical options which do not affect SIS parameters.

Models with the QS option code are supplied with a manufacturer’s prior-use certificate of FMEDA data.

Models with the QT option, if available, are supplied with a third party certificate of SIL capability.

NoteLevel detectors with profile type A, in combination with the EF1 product feature and the upgrade having been applied, have also achieved a SIL rating.

2.4 Ready for upgradeProducts originally purchased with the “ready for upgrade” model code as shown in Table 2-1 will be issued with a SIL certificate that certifies the product from the date of original manufacture only.

2.5 Safety certificationRosemount certifies that the Rosemount 2140 Vibrating Fork Liquid Level Switch with serial numbers listed above was manufactured to IEC61508 and has the following failure rates and probability of failure on demand values documented in the referenced report(s).

Certified to IEC 61508 (F, F EF2, A EF1) By Exida

See attached Exida certificate number MOB 1508012 C001.

NoteFor the “A EF1” model, the upgrade code must be applied.

Table 2-1. Rosemount 2140 Ready for Upgrade Code

Product features

EF1 Ready for upgrading to a Rosemount 2140:SIS with enhanced features enabled ★

6 Product Description



Failure rate dataFailure rate data was completed via Failure Mode Effect Diagnostic Analysis (FMEDA) with boundary of transmitter sensor to output electronics per IEC 61508 Type B device.

NoteFor the “A-EF1” model referred to in Table 2-2 and Table 2-3, the upgrade code must be applied.

Table 2-2. Rosemount 2140:SIS (F/F-EF1/F-EF2/A-EF1)

Failure categories λDU(1)

1. All λ figures are in FITs (1 x 10-9 Failures in Time)

λSU(1) λDD

(1) λDU(1) SFF

Dry = ON 0 12 522 18 96.7%

Wet = ON 0 14 525 13 97.6%

Table 2-3. Rosemount 2140:SIS (F/F-EF1/F-EF2/A-EF1), T1

Failure categories λDU(1)

1. All λ figures are in FITs (1 x 10-9 Failures in Time)

λSU(1) λDD

(1) λDU(1) SFF

Dry = ON 0 12 522 18 96.7%

Wet = ON 0 14 525 13 97.6%

7Product Description



8 Product Description


Designing a Safety Function Using the Rosemount 2140:SISJanuary 2017

Section 3 Designing a Safety Function Using the Rosemount 2140:SIS

3.1 Safety functionA change in liquid level through the switch point of the Rosemount 2140:SIS Level Detector (“level detector”) causes it to operate. It may be used in high level or low level safety related applications. It is important that the level detector is user-configured for the correct application.

3.2 Environmental limitsThe designer of the SIF (Safety Instrumented Function) must check that the level detector is rated for use within the expected environmental limits. See the Rosemount 2140:SIS Level Detector Product Data Sheet for environmental limits.

NoteFor all product information and documentation downloads, see the on-lineRosemount 2140:SIS web page at Emerson.com/Rosemount.

3.3 Application limits

It is very important that the SIF designer checks for material compatibility by considering process liquids and on-site chemical contaminants. If the level detector is used outside the application limits or with incompatible materials, the reliability data and predicted SIL capability becomes invalid.

The construction materials of a level detector are specified in the product data sheet and the product reference manual. Use the model code on the product label, and the ordering information table and specification in these product documents, to find out the construction materials.

Failure to comply with the following requirements will result in the invalidation of the products safety certification. Check for risk of media build-up on the forks. Avoid situations where drying and coating

products may create excessive build-up (see Figure 3-1) or implement preventative maintenance programs to ensure the media buildup is insufficient to impair performance.

Ensure there is no risk of ‘bridging’ the forks. Examples of products that create ‘bridging’of forks are dense paper slurries and bitumen.

9Designing a Safety Function Using the Rosemount 2140:SIS

http://www2.emersonprocess.com/en-US/brands/rosemount/Level/2100-Series-Level-Switches/2130-Level-Switches/Pages/index.aspx









Figure 3-1. Product Build-up

3.4 Design verificationA detailed Failure Modes, Effects and Diagnostics Analysis (FMEDA) report for the Rosemount 2140:SIS Level Detector is available from Emerson. This report details all failure rates and failure modes as well as expected lifetime.

NoteThe FMEDA report is available from the Rosemount 2140 Level Detector - Vibrating Fork web site page at Emerson.com/Rosemount. In the Documents section, there are SIL documents including the FMEDA report and this safety manual.

The achieved Safety Integrity Level (SIL) of an entire Safety Instrumented Function (SIF) design must be verified by the designer using a PFDAVG calculation considering the architecture, proof-test interval, proof-test effectiveness, any automatic diagnostics, average repair time, and the specific failures rates of all equipment included in the SIF.

Each subsystem must be checked to assure compliance with minimum Hardware Fault Tolerance (HFT) requirements. When using the level detector in a redundant configuration, a common cause factor of at least 5% should be included in the safety integrity calculations.

The failure rate data listed in the FMEDA report is only valid for the useful lifetime of the level detector. The failure rates increase after this useful lifetime period has expired. Reliability calculations based on the data listed in the FMEDA report for mission times beyond the lifetime may yield results that are too optimistic, i.e. the calculated SIL will not be achieved.

OK

10 Designing a Safety Function Using the Rosemount 2140:SIS


http://www2.emersonprocess.com/EN-US/BRANDS/ROSEMOUNT/SAFETY-PRODUCTS/EQUIPMENT-LIST/Pages/index.aspx



3.5 Safety Instrumented System (SIS) certificationFor safety instrumented systems usage, the 4/20 mA analog output is used as the primary safety variable. It is configured to activate the alarm function if an error occurs.

The measurement signal used by the logic solver must be the discrete current levels set at the instrument output used to indicate the sensor condition. The HART protocol can only be used for setup, calibration, and diagnostic purposes, not for safety critical operation.

The Rosemount 2140:SIS Level Detector is IEC 61508 certified accordingly:

Low and high demand: Type B element

SIL 2 for random integrity @ HFT=0

The Rosemount 2140:SIS has met manufacturer design process requirement of Safety Integrity Level (SIL) 2. These are Intended to achieve sufficient Integrity against systematic errors of design by the manufacturer.

A safety Instrumented Function (SIF) designed with this product must not be used at a SIL level higher than stated.

3.6 Safety certified identificationAll Rosemount 2140:SIS Level Detectors must be identified as safety certified before installing into SIS systems.

Verify that:

1. The model code starts with 2140F, or 2140A with option code EF1 and upgrade code applied.

2. A yellow tag is affixed to the outside of the level detector

3. A yellow stripe goes around the sensor module.

4. The software (SW) is V01.00.00 or later with the SIS configuration implemented.

Table 3-1. Assessed Values

Failure Rate (FIT)SFF (%) DC (%) CPT (%) PPT (%)

Model SD SU DD DU

2140:SIS T0

Dry ON0 12 522 18 96.7 94.5 62 31

2140:SIS T0

Wet ON0 14 525 13 97.6 95.1 58 24

2140:SIS T1 with EFP

Dry ON

0 23 526 18 96.8 92.7 59 37

2140:SIS T1 with EFP

Wet ON

0 24 529 13 97.7 93.4 41 10




Figure 3-2. Safety Certified Identification

Application examples Overfill prevention

Point level detection

Dry-run prevention

3.7 Proof testing

3.7.1 OverviewThe Rosemount 2140:SIS Level Detector (“level detector”) must be tested at regular intervals to detect any failures not detected by automatic on-line diagnostics i.e. dangerous failures, diagnostic failures, parametric failures such that the unit can be repaired and returned to an equivalent as new state.

It is the user's responsibility to choose the type of testing applied to the unit within their safety system.

If an error is found in the safety functionality, the detector shall be put out of operation and the process shall be kept in a safe state by other measures unit such time as a repaired or replacement unit can be installed and commissioned.

The level detector comes complete with two proof test options

Comprehensive “bucket” test

Partial proof test

3.7.2 Comprehensive proof testThe full proof-test performs a complete test of the system elements. The sensor, measuring electronics and output stage are all checked by virtue of changing of the sensor condition and observation of the output.

The suggested full proof test sequence for the 2140:SIS is described in Appendix B: Proposed Full Proof-test Procedure and the proof test coverage values can be found In Table B-2

SERIAL No. XXXXXXXXXXXX

HW XX . XX . XXSW XX . XX . XX

MODEL: 2140FXXXXXXXXXX




3.7.3 Partial proof testThe level detector has the ability of performing a partial proof test. This test has reduced diagnostic coverage compared with the comprehensive test, in that it is limited to exercising the electronics and verifying that there are no faults causing a higher output current than desired, or issues preventing the device from driving to higher analog values.

The partial proof test presents the following benefits:

Provides a percentage of the comprehensive device coverage enabling the unit to be tested and its effective PFD to be reduced by this percentage at the time of the test.

For an example of benefits on system PFD calculations of partial proof, testing see Figure 3-4.

Can be performed remotely using a HART® Host or AMS™ Device Manager

Remote activation results in a safer environment for those carrying out the test.

No additional hardware required; eliminate risk of testing the wrong device, or pressing wrong button by accident.

Output cycles through fault, wet, and dry conditions then return to actual state.

Device alerts if it finds a problem.

Test can be performed “in-process” and takes less than 1minute to complete - process continually monitored and any challenge to the device state reported immediately upon test completion.

Provides capability to extend comprehensive testing to align with standard plant maintenance schedules.

May give the user the flexibility to schedule the comprehensive proof testing Interval to fit with his site's scheduled plan.

Locally initiated using integrated push buttons or LOI if required

A suggested partial proof test scheme can be found In Appendix C: Proposed Partial Proof-test Procedure

3.7.4 Proof-test intervalThe time intervals for proof-testing are defined by the SIL verification calculation (subject to the PFDAVG). The proof-tests must be performed more frequently than or as frequently as specified in the SIL verification calculation in order to maintain the required safety integrity of the overall SIF.

Results from periodic proof-tests shall be recorded and periodically reviewed. For the specification of customer requirements required to fulfil this SIS requirement, please see 61511.

NoteFor a valid result, always perform the proof-test on the product media and media conditions that will be stored in the tank while the device is in operation.

3.7.5 Tools required HART host/ or Field Communicator

mA meter

Safety logic solver

3.7.6 Data requiredThe date, time and name of the operator that performed, or system that triggered, the proof-test, the response time and result of the proof-test will be documented for maintaining the proof-test history of the device for PFDAVG calculations.




3.8 Connection of the level detector to the SIS logic solverThe Rosemount 2140:SIS Level Detector should be connected to the safety-rated logic solver which is actively performing the safety function as well as automatic diagnostics (if any) designed to diagnose potentially dangerous failures within the level detector. In some cases, it may also be connected directly to the final element.

The Rosemount 2140:SIS Level Detector Reference Manual gives full installation details for the level detector. The logic solver trip levels must be compatible with (higher than) the sensor alarm levels given in the specifications section of this manual.

NoteFor all product information and documentation downloads, see the on-lineRosemount 2140:SIS web page at Emerson.com/Rosemount.

3.9 General requirements The system and function response time shall be less than the process safety time.

The level detector will change to its defined safe state in less than this time with relation to the specific hazard scenario.

All SIS components, including the level detector must be operational before process start-up.

The user shall verify that the level detector is suitable for use in safety applications by confirming the level detector nameplate and model number are properly marked.

Personnel performing maintenance and testing on the level detector shall first be assessed as being competent to do so.

Results from periodic proof tests shall be recorded and periodically reviewed.

The level detector shall not be operated beyond the useful lifetime as listed in the specification section of the product reference manual without undergoing overhaul or replacement.

NoteFor all product information and documentation downloads, see the on-line Rosemount 2140 web page at Emerson.com/Rosemount.










3.10 SIS exampleThe following figures illustrate the indicative benefits of using a combination of comprehensive and partial proof test to manage the level of risk associated with a particular SIS Installation.

Figure 3-3 shows a typical 1oo1 safety system configuration. Illustrates the benefit of implementing a combination of comprehensive and partial proof tests on the system's PFD.

NoteIt is assumed that the level detector typically contributes ~30% to the systems SIL 2 PFD budget, with the logic solver and actuator the remaining ~70%.

Figure 3-3. Single Use 1oo1 (1 out of 1) for SIL 2 Low Demand (SIL 2@HFT=0)

Sensor(Rosemount 2140)

LogicSolver

Actuator




Figure 3-4. System PFD

PFD

Mission time (years)

PFD

0 2 4 6 8 10

PFDAVG

PFD and PFD average of system when no proof-testing applied

PFD PFD + CPT


PFD

0 2 4 6 8 10

PFDAVG

Unit subjected to either no proof-test or a comprehensive proof-test every 5 years

PFDAVG + PPT + CPT


PFD

0 2 4 6 8 10

PFDAVG

Unit subjected to a partial proof-test every year and a comprehensive proof-test every 3 years

PFDAVG + PPT + CPT


PFD

0 2 4 6 8 10

PFDAVG

Unit subjected to a partial proof-test every year and a comprehensive proof-test every 5 years



Installation and CommissioningJanuary 2017

Section 4 Installation and Commissioning

NoteFor all product information and documentation downloads, see the on-line Rosemount 2140 web page at Emerson.com/Rosemount.

4.1 InstallationThe Rosemount 2140:SIS Level Detector (“level detector”) must be installed as described in the installation section of the product reference manual. Check that environmental conditions do not exceed the ratings in the specification section.

The level detector must be accessible for physical inspection.

4.2 Physical location and placementThe level detector shall be accessible with sufficient room for cover removal and electrical connections, and allow for manual proof-testing to take place.

The switch point is determined by the location of the level detector, and consideration must be given to allow the safe proof-testing of the level detector by forcing liquid to put the switch into its Fail-safe state.

4.3 Electrical connectionsWiring should be adequately rated and not be susceptible to mechanical damage. Electrical conduit is commonly used to protect wiring. The wiring to this device must maintain creepage(1) and clearance distances. Therefore, the conductors stripping length should be no greater than 6 mm and be free from stray strands.

Use shielded twisted pairs to yield best results. To ensure proper communication, use 24 AWG, to a maximum of 14 AWG, and do not exceed 5000 feet (1500 meters). Cable length is limited by the selection of monitoring resistance and wire gauge.

All power to the transmitter is supplied over the signal wiring. Signal wiring need not be shielded, but use twisted pairs for best results. Do not run unshielded signal wiring in conduit or open trays with power wiring, or near heavy electrical equipment. For high EMI/RFI environments, shielded twisted pair cable should be used.

1. Creepage distance is a measurement that is commonly used in determining the conducting path of the flow of electricity.

17Installation and Commissioning





Figure 4-1. Load Limitation

4.4 Configuration

4.4.1 Hardware configurationThe following are physical configuration options.

Alarm level switchUnder alarm conditions, the Current Output is set by the device to either a predefined High or Low level, beyond the standard 4 to 20mA operating range. The Alarm Level switch is set to either the 'H' or 'L' position to determine whether the Current Output is set to the High or Low alarm current.

Read-only switchThe Read-Only switch is set to the Locked position to prevent changes to the device configuration via the LOI or HART interfaces.

Figure 4-2 the location of the Alarm Level and Read-Only switches.

Figure 4-2. Alarm Level and Read-Only Switch Positions

A. Alarm Level switchB. Read-only switch

Load

(Ws)

0

500

1000

1387

10.5 20 30

42.4

Maximum Loop Resistance = 43.5 * (External Power Supply Voltage – 10.5)

A

B

18 Installation and Commissioning



4.4.2 Software configurationThe following are achieved via software configuration.

Media Density Selection

The 2140:SIS is capable of operating with fluids with density from 400 to 1000kg/m3. The Media Density Selection parameter is used to select the process medium density range, which ensures the point at which a Wet indication is given is consistent. Possible settings are shown inTable 4-1.

High and low alarm levelsThese settings are used to specify the current level that will be set at the current output in event of alarm conditions. In event of "Custom" Alarm Levels being selected, values must be specified for the current level that will be set at the current output in event of alarm conditions. These are configured via the High and Low Alarm Current parameters.

These settings work in conjunction with the setting of the Alarm level switch described in Table 4-2 to determine which current to apply. Allowable currents are shown in Table 4-2.

Current output operating modeThe Current Output Operating Mode parameter is used to determine the state of the output (either On or Off) depending on the condition of the sensor.

The condition of the sensor, when immersed in a media, is termed Wet. Conversely, when not immersed in a media, the sensor condition is termed Dry.

The fundamental operating modes of the system are termed Wet On and Dry On. This is when the user configures the system to switch its output on (the higher of two discrete current levels) when the sensor is in the Wet condition or in the Dry condition Figure 4-3 shows an application where high and low level alarms are annunciated by the appropriate transmitter switching its output off.

Table 4-1. Media Density Selection settings

Media Density Selection setting Media Density Selection range (kg/m3)

0.4 – 0.6 SG 400-600

0.5 – 0.9 SG 500-900

0.8 – 1.3 SG 800-1000

Table 4-2. Alarm Current Levels

Alarm and Saturation type Low alarm level (mA)

High alarm level (mA)

NAMUR <= 3.6 >= 22.5

Rosemount <= 3.75 >= 21.75

Custom 3.6 – 3.8 20.2 - 23




Figure 4-3. High and Low Level Alarms with Wet On and Dry On Configuration Use

A. Configured in Dry On Mode. When the media rises above this point, the system output is switched off.B. Configured is Wet On mode. When the media falls below this point, the system output is switched off.

Figure 4-4 shows an application where either a high level alarm or low level alarm can be annunciated by the output being switched off, depending on whether the system is configured for Wet On or Dry On mode.

Figure 4-4. High or low alarm depending on Wet On or Dry On Setting

A. When configured in Wet On mode, the output switches off when the media falls below this point. When configured in Dry On mode, the output switches off when the media ris

Sensor Operating ModeSensor operating mode can be configured to give either a Dry (Enhanced fault = Dry) or Wet (Enhanced fault = Wet) indication in event of invalid sensor frequency values. In addition, a sensor alarm is annunciated in this case.

A

B

A




Current Output TypeThe Current Output can be configured to switch between standard instrument levels 8 and 16mA and 4 and 20mA. In addition, a Custom mode is provided, where the user can define, between 4 and 20mA, custom current levels via the Custom On Current and Custom Off Current parameters to indicate Wet and Dry conditions, dependent on the setting of the Current Output Operating Mode.

8 and 16mA, 4 and 20mA and Custom settings

This section details further the effects of combinations of the setting of the Alarm Level switch, in addition to the Alarm Levels, High and Low Alarm, Current Output Operating Mode, Sensor Operating Mode and Current Output Type parameters.

Figure 4-5 shows the effects on the current output when the Current Output Type is set to 4 and 20mA. Note to achieve the output behavior shown, the Current Output Operating Mode is set to 'Dry On', Alarm Levels is set to 'Custom', Low Alarm Current is set to 3.6mA and the Alarm Level Switch is set to 'L'.

Figure 4-5. Current Output Type Set to 4 and 20mA

4

8

Dry FaultWetSwitch state

16

20

24

3.6




Figure 4-6 shows the effects on the product output when the Current Output Type is set to 8 and 16mA. Note that to achieve this behaviour, the Current Output Operating Mode is set to 'Wet On', Alarm Levels is set to 'Custom', High Alarm Current is set to 23mA and the Alarm Level switch is set to 'H'.

Figure 4-6. Current Output Type Set to 8 and 16mA

Figure 4-7 shows the effects on the product output when the Current Output Type is set to 'Custom'. To achieve this behaviour, the Current Output Operating Mode is set to 'Wet On', the Custom Off Current is set to 5mA, the Custom On Current is set to 15mA, Alarm Levels is set to 'Rosemount' and the Alarm Level switch is set to 'H'.

Figure 4-7. Current Output Type Set to Custom

4

8

16

20

28

3.6


4

8

16

20

24

3.6





Output DelayThe Output Delay is used to enforce a delay in seconds between a demand for an output change and the output change occurring. When a demand occurs, the sensor state causing the demand must be consistent for the duration of the Output Delay. If the state changes to a state other than that which will cause the output state change, the Output Delay time is restarted.

Fault DelayThe Fault Delay is used to enforce a delay in seconds between a sensor fault being detected, and the fault action being taken (alarm annunciation). When the sensor fault occurs, it must persist for the duration of the Fault Delay before the fault action is performed. When in the fault mode, the Fault Delay is not applied for transitions to valid sensor states, with the fault action being reset immediately.






Operation and MaintenanceJanuary 2017

Section 5 Operation and Maintenance

5.1 Proof-test requirementDuring operation, a low-demand mode SIF must be proof-tested. The objective of proof-testing is to detect failures within the equipment in the SIF that are not detected by any automatic diagnostics of the system. Undetected failures that prevent the SIF from performing its function are the main concern.

Periodic proof-tests shall take place at the frequency (or interval) defined by the SIL verification calculation. The proof-tests must be performed more frequently than or as frequently as specified in the SIL verification calculation in order to maintain the required safety integrity of the overall SIF.

A sample procedure is provided in Appendix B: Proposed Full Proof-test Procedure.

Results from periodic proof tests shall be recorded and periodically reviewed.

5.2 Repair and replacementRepair procedures in the Rosemount 2140 Level Detector reference manual must be followed.

5.3 Notification of failuresIn case of malfunction of the system or SIF, the Rosemount 2140:SIS Level Detector shall be put out of operation and the process shall be kept in a safe state by other measures.

Emerson must be informed when the Rosemount 2140:SIS is required to be replaced due to failure. The occurred failure shall be documented and reported to Emerson using the contact details on the back page of this functional safety manual. This is an important part of Emerson SIS management process.

25Operation and Maintenance


Operation and MaintenanceJanuary 2017

26 Operation and Maintenance

SpecificationsJanuary 2017


Appendix A Specifications

A.1 GeneralIn Table A-1, the safety response time for all output types is the greater of 10 seconds or the selected seconds delay using the switch output delay setting.

NoteSee “Output Delay” on page 23 for the switch output delay setting feature.

Table A-1. General Specifications

A.2 Useful lifeBased on general field failure data and manufactures component data, a useful life period of approximately 89 years is expected for the Rosemount 2140:SIS Level Detector at an ambient temperature of 55 °C. This decreases by a factor of two for every increase of 10 °C, and increases by a factor of two for every decrease of 10 °C.

A.3 Useful lifetimeAccording to the standard IEC 61508-2, a useful lifetime based on experience should be assumed.

Although a constant failure rate is assumed by the probabilistic estimation method (see FMEDA report), this only applies provided that the useful lifetime(1) of components is not exceeded. Beyond their useful lifetime, the result of the probabilistic calculation method is therefore meaningless as the probability of failure significantly increases with time.

The useful lifetime is highly dependent on the subsystem itself and its operating conditions. Specifically, the equipment contains electrolytic capacitors which have a useful life which is highly dependent on ambient temperature (see Safety Data in the FMEDA report).

This assumption of a constant failure rate is based on the bath-tub curve. Therefore, it is obvious that the PFDAVG calculation is only valid for components that have this constant domain and that the validity of the calculation is limited to the useful lifetime of each component.

Output Type Supply voltage

Safety Alarm Levels

(leakage currents)(1)

1. Logic solver trip levels should be set higher than these values in order to ensure reliable trips.

Safety Response

time(2)

2. The safety response time is the greater of 10 seconds, or the configured seconds delay of the Output Delay setting. See “Output Delay” on page 23 for details of this setting.

Switch Point– Water(3)

3. Operating (Switch) Point measured from lowest point of fork when liquid is water.

Switch Point– Other Liquid(4)

4. Operating (Switch) Point measured from lowest point of fork when liquid is not water.

4/20 mA 10.5 to 42.4 Vdc 3.6 mA10 s

minimum11 to 15 mm 0 to 30 mm

1. Useful lifetime is a reliability engineering term that describes the operational time interval where the failure rate of a device is rela- tively constant. It is not a term which covers product obsolescence, warranty, or other commercial issues.

Specifications27

SpecificationsJanuary 2017


It is the responsibility of the end-user to maintain and operate the Rosemount 2140:SIS Level Detector according to the manufacturer's instructions. Furthermore, regular inspection should show that all components are clean and free from damage.

Specifications and Reference Data 28

Proposed Full Proof-test ProcedureJanuary 2017


Appendix B Proposed Full Proof-test Procedure

B.1 Suggested proof-testAccording to Section 7.4.5.2 (f) of the standard IEC 61508-2, proof-tests shall be undertaken to reveal dangerous faults which are undetected by diagnostic tests. This means that it is necessary to specify how dangerous undetected faults which have been noted during the Failure Modes, Effects, and Diagnostic Analysis can be detected during proof-testing.

The suggested proof test for the Rosemount 2140:SIS Level Detector is in Table . Refer to Table for the proof test coverage.

The suggested proof test consists of setting the output to a maximum and minimum, and a calibration check.

B.2 Full Proof Test CoverageFull proof test coverage figures are contained in the table below.

Table B-1. Suggested Full Proof-test

Step Action

1 Bypass the safety function and take appropriate action to avoid a false trip.

2 Use HART communications to retrieve any diagnostics and take appropriate action.

3Send a HART command to the transmitter to go to the high alarm current output and verify that the analog current reaches that value.

4Send a HART command to the transmitter to go to the low alarm current output and verify that the analog current reaches that value.

5 Inspect the transmitter for any leaks, visible damage or contamination.

6 Perform a two-point calibration of the transmitter over the full working range.

7 Remove the bypass and otherwise restore normal operation.

Table B-2. Full Proof-Test Coverage

Device DUPT (FIT) Proof Test Coverage

2140:SIS T0 Wet On 6 58%

2140:SIS T0 Dry On 5 62%

2140:SIS T1 Wet On 8 41%

2140:SIS T1Dry On 8 59%

Proposed Full Proof-test Procedure29

Proposed Full Proof-test ProcedureJanuary 2017


B.3 Impact on SIF and processIn order to achieve the product safe state, the sensor must be either removed from or immersed in the process medium, depending on the operating mode. The process cannot be allowed to operate whilst the Proof Test is being performed.

B.4 Duration of full proof-testThe full proof test takes several hours to perform with all safety measures being followed.

B.5 Personal safety concernsAs stated in the section Impact on SIF and process , the process must not be allowed to run during the proof-test procedure.

Proposed Full Proof-test Procedure 30

Proposed Partial Proof-test ProcedureJanuary 2017


Appendix C Proposed Partial Proof-test Procedure

C.1 Suggested proof-testThe suggested partial proof test for the Rosemount 2140:SIS Level Detector (“level detector”) is decribed in Table . Refer to the Table for the proof test coverage.

The partial proof test exercises the signal processing and output, but does not test the sensor.

C.2 Full Proof Test CoverageFull proof test coverage figures are contained in the table below.

C.3 Impact on SIF and processIn order to achieve the product safe state, the sensor must be either removed from or immersed in the process medium, depending on the operating mode. The process cannot be allowed to operate whilst the Proof Test is being performed.

Table C-1. Suggested Partial Proof-test

Step Action

1 Inspect the accessible parts of the level detector for any leaks or damage.

2 Bypass the safety function and take appropriate action to avoid a false trip.

3 Send a HART command to the transmitter to go to the high alarm current output and verify that the analog current reaches that value.

4 Send a HART command to the transmitter to go to the low alarm current output and verify that the analog current reaches that the value.

5 Trigger the devices Proof Test using either the appropriate HART command or LOI.

6 Verify that the analog output current reaches the configured off, on and alarm levels and is maintained at the level for the duration of the Proof Test Duration parameter.

6 Remove the bypass and otherwise restore normal operation.

Table C-2. Full Proof-Test Coverage

Device DUPT (FIT) Proof Test Coverage

2140:SIS T0 Wet On 6 58%

2140:SIS T0 Dry On 5 62%

2140:SIS T1 Wet On 8 41%

2140:SIS T1Dry On 8 59%

Proposed Partial Proof-test Procedure31

Proposed Partial Proof-test ProcedureJanuary 2017


C.4 Duration of full proof-testThe full proof test takes several hours to perform with all safety measures being followed.

C.5 Personal safety concernsAs stated in the section Impact on SIF and process , the process must not be allowed to run during the proof-test procedure.

Proposed Partial Proof-test Procedure 32

PFDAVG CalculationJanuary 2017


Appendix D PFDAVG Calculation

D.1 Average probability of failure on demand (PFDAVG)The Average probability of failure on demand (PFDAVG) calculations for a single (1oo1) Rosemount 2140:SIS Level Detector are shown in this appendix.

The failure rate data used in this calculation is available in the product FMEDA report. A mission time of 10 years has been assumed with a Mean Time To Restoration of 24 hours.

PFDAVG figures can only be used for Low Demand applications. For High Demand applications, refer to Appendix E: PFH Calculation.

PFDAVG Calculation33

PFDAVG CalculationJanuary 2017


PFDAVG Calculation 34

PFH CalculationJanuary 2017


Appendix E PFH Calculation

E.1 Probability of dangerous failure per hour (PFH)For High Demand applications, product PFH values must be used to determine the suitability of a product within a SIF.

For a SIF where the safety demand interval is greater than 100(1) times the diagnostic interval, the SIF PFH value is calculated with the following equation:

PFH = ΣλDU

With all equipment that is part of the safety system contributing to the final PFH value. As the safety demand interval approaches the diagnostic test rate, on-line diagnostics become increasingly less useful for detecting dangerous failures. In this case, dangerous detected failures are not included in the PFH calculation.

In event of the safety demand interval being less than 100(1) times the diagnostic interval, the SIF PFH value is calculated with the following equation:

PFH = Σ(λDU+ λDD)

Again, with all equipment that is part of the safety system contributing to the final PFH value, but in this case dangerous detected failure figures are allowed to contribute to the final PFH value.

1. The figure of 100 is used here for illustrative purposes only, and is variable depending on user experience and available knowledge of the SIF.

PFH Calculation35

PFH CalculationJanuary 2017


PFH Calculation 36

Diagnostic IntervalsJanuary 2017


Appendix F Diagnostic Intervals

F.1 Diagnostic checks and intervalsThe following diagnostic checks are performed by the system software at the following intervals. Note that all diagnostic checks complete to entirety within one hour.

Table F-1. Diagnostic Checks and Intervals

Diagnostic name Diagnostic function Response time Fault reaction HART status bit

ALU Fault Detects anomalies within the CPU core.

Within 5 minutes. Alarm current. Board Failure.

Current Output Non-Volatile Non-Correctable Failure

Indicates corruption of current output non-volatile data that cannot be re-written by the user.

At start-up, before system operation starts.

Highest alarm current possible, dependent upon setting of Alarm Level switch.

Board Failure.

Current Output Non-Volatile Correctable Failure

Indicates corruption of current output non-volatile data that can be rewritten by the user.


Alarm current. Board Failure.

Electronics Temperature Alert (1)

Detects when the electronics temperature has exceeded user defined limits.

Within 1 s. Diagnostic indication only.

Electronics Temperature Alert.

Electronics Temperature Out Of Limits

The electronics temperature has exceeded the specified product limits.


Electronics Temperature Out Of Limits.

Non-Volatile Correctable Failure

Indicates corruption of safety-critical non-volatile data that can be re-written by the user.


Alarm current. Non-Volatile Correctable Failure.

Non-Volatile Non-Correctable Failure

Indicates corruption of safety-critical non-volatile data that cannot be re-written by the user.


Alarm current. Non-Volatile Non-Correctable Failure.

Non-Volatile Correctable Warning

Indicates corruption of non-safety critical non-volatile data that can be rewritten by the user.


Diagnostic indication only.

Non-Volatile Correctable Warning.

Non-Volatile Non-Correctable Warning

Indicates corruption of non-safety critical data that cannot be rewritten by the user.


Diagnostic indication only.

Non-Volatile Non-Correctable Warning.

Non-Volatile Write Failure

Detects errors in writing to on-board non-volatile memory.

On demand, whenever writing of data fails.

Alarm current. Non-Volatile Write Failure.

Output State Alert(1) Detects when the Output State device variable has exceeded user defined limits.


Output State Alert.

Power Advisory Diagnostic(1)

Instability in the product power supply has been detected.


Power Advisory Diagnostic.

Power Consumption Diagnostic Failure

Used to detect excessive electronics current draw.

Within 10 s. High alarm current. Board Failure.

Quiescent Current Too Low

Part of the Power Consumption Diagnostic, indicates the electronics are not drawing enough current.

Within 10 s. High alarm current. Board Failure.

Diagnostic Intervals37

Diagnostic IntervalsJanuary 2017


ROM Fault Detects corruption of the Microcontroller flash memory.

Within 5 minutes. Alarm current. ROM Failure.

Safe RAM Check Detects corruption of safety critical parameters held in system RAM.

On demand. Device reset. RAM Failure.

Sensor Failure Indicates the sensor frequency has exceeded safe limits

Determined by the setting of Fault Delay.

Alarm current. Sensor Malfunction.

Sensor Frequency Alert(1)

Detects when the sensor frequency has exceeded user defined limits.


Sensor Frequency Alert.

Sensor Frequency Frozen(1)

Detects when the sensor frequency has not changed by more than a user defined limit within a user defined duration.

Within 600 s. Diagnostic indication only

Sensor Frequency Frozen.

Sensor Frequency Unstable(1)

Detects when a change in the sensor frequency has exceeded a user defined limit for a user defined duration.


Sensor Frequency Unstable.

Stuck Key Detects when a Local Operator Interface (LOI) or external pushbutton is stuck.


Stuck Key.

Supply Voltage Low(1) Detects when the product power supply falls below the minimum specified level.


Supply Voltage Low.

Task Execution Failure Detects when the product software has either not executed a critical aspect or when a critical aspect has not completed within a defined time limit.

Within 60 s. Device reset. None.

Terminal Voltage Alert(1)

Detects when the product power supply voltage has exceeded user specified limits.


Terminal Voltage Alert.

Uncalibrated Sensor Checks whether the sensor has been calibrated for the transmitter electronics.

Every 100 ms. Diagnostic indication only.

Uncalibrated sensor.

1. Only available for Rosemount 2140:SIS with the Extended Features Package enabled.

Table F-1. Diagnostic Checks and Intervals

Diagnostic name Diagnostic function Response time Fault reaction HART status bit

Diagnostic Intervals 38

Manual Supplement00809-200-4140, RevAA

January 2017

Global Headquarters
Emerson Automation Solutions 6021 Innovation Blvd.Shakopee, MN 55379, USA
+1 800 999 9307 or +1 952 906 8888+1 952 949 7001 [email protected]

North America Regional OfficeEmerson Automation Solutions8200 Market Blvd.Chanhassen, MN 55317, USA

+1 800 999 9307 or +1 952 906 8888+1 952 949 7001 [email protected]

Latin America Regional OfficeEmerson Automation Solutions1300 Concord Terrace, Suite 400Sunrise, FL 33323, USA

+1 954 846 5030+1 954 846 [email protected]

Europe Regional OfficeEmerson Automation Solutions Europe GmbHNeuhofstrasse 19a P.O. Box 1046CH 6340 BaarSwitzerland

+41 (0) 41 768 6111+41 (0) 41 768 6300 [email protected]

Asia Pacific Regional OfficeEmerson Automation Solutions Asia Pacific Pte Ltd

Linkedin.com/company/Emerson-Automation-Solutions

Twitter.com/Rosemount_News

1 Pandan CrescentSingapore 128461

+65 6777 8211+65 6777 0947 [email protected]

Middle East and Africa Regional OfficeEmerson Automation SolutionsEmerson FZE P.O. Box 17033Jebel Ali Free Zone - South 2Dubai, United Arab Emirates

+971 4 8118100+971 4 8865465 [email protected]

Facebook.com/Rosemount

Youtube.com/user/RosemountMeasurement

Google.com/+RosemountMeasurement

Standard Terms and Conditions of Sale can be found on the Terms and Conditions of Sale page.The Emerson logo is a trademark and service mark of Emerson Electric Co.Rosemount and Rosemount logotype are trademarks of Emerson.All other marks are the property of their respective owners.© 2017 Emerson. All rights reserved.

https://www.linkedin.com/company/emerson-automation-solutions

https://twitter.com/Rosemount_News

https://www.facebook.com/Rosemount?_rdr=p

https://www.youtube.com/user/RosemountMeasurement/

https://plus.google.com/+RosemountMeasurement

http://www2.emersonprocess.com/en-US/brands/rosemount/Documentation-and-Drawings/Terms-and-conditions-of-sale/Pages/index.aspx

http://www2.emersonprocess.com/en-US/brands/rosemount/Documentation-and-Drawings/Terms-and-conditions-of-sale/Pages/index.aspx

Date post:	02-Apr-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times