—

LW T S I L F U N C T I O N A L S A F E T Y G U I D E

LWT series
Guided wave transmitter
—
Disclaimer
This Guide and any accompanying software are copyrighted and
all rights are reserved by ABB Inc. This product, including software
and documentation, may not be copied, photocopied, reproduced,
translated, or reduced, in whole or in part, to any electronic medium
or machine-readable format without prior written consent from ABB.
This document contains product specifications and performance
statements that may be in conflict with other ABB published
literature, such as product fliers and catalogs. All specifications,
product characteristics, and performance statements included in
this document are given as indications only. In case of discrepancies
between specifications given in this document and specifications
given in the official ABB product catalogs, the latter takes
precedence.
ABB reserves the right to make changes to the specifications of all
equipment and software, and contents of this document, without
obligation to notify any person or organization of such changes. Every
effort has been made to ensure that the information contained in this
document is current and accurate. However, no guarantee is given
or implied that the document is error-free or that the information is
accurate.
ABB makes no representations or warranties with regard to the
product and instructional and reference materials, including, but not
limited to, all implied warranties of merchantability and fitness for a
particular purpose.
ABB does not warrant, guarantee, or make any representations
regarding the use, or the results of the use, of any software or written
materials in terms of correctness, accuracy, reliability, currentness, or
otherwise. ABB shall not be liable for errors or omissions contained in
its software or manuals, any interruptions of service, loss of business
or anticipatory profits and/or for incidental or consequential
damages in connection with the furnishing, performance or use of
these materials, even if ABB has been advised of the possibility of
such damages.
All equipment, software, and manuals are sold as is. The entire risk
as to the results and performance of the equipment and software is
assumed by the user.
The software or hardware described in this document is distributed
under a license and may be used, copied, or disclosed only in
accordance with the terms of such license.
© ABB, 2019
—
Table of Contents
1 Introduction Software updates...................................................23
Terms and abbreviations........................................5 Useful life...................................................................23
Acronyms.....................................................................6 ABB notification......................................................23
Support........................................................................7 6 Document status
Applicable documents............................................7
Change record........................................................ 25
Reference documents.............................................7
IEC-61508 certificate............................................ 25
2 Description
Instrument version.................................................10

3 Designing a SIF using the LWT

instrument
Safety function........................................................ 12
Alarm response and current output............ 12
Overall safety accuracy....................................14
Specific instrument modes and
parameters for safety operation..................14
Behavior for undetected faults.....................14
Environmental limits..............................................14
Applications limits..................................................14
Design verification.................................................14
SIL capabilities........................................................15
Systematic integrity.........................................15
Random integrity..............................................15
Safety parameters............................................15
General requirements...........................................16

4 Installation and commissioning

Installation................................................................ 17
Physical location and placement........................ 17
Electrical connection............................................. 17
Commissioning....................................................... 17
Checklist before safety operation...............18
Adding password protection........................18
Enabling/Disabling the write protection...18
Verify safety function......................................19

5 Operation and maintenance

Proof test.................................................................. 21
Testing the instrument.................................... 21
Possible error messages......................................23
Maintenance.............................................................23
Repair.........................................................................23
Page intentionally left blank
—
C h a p te r 1

Introduction
The purpose of this safety guide is to provide the information necessary to design, install, verify,
and maintain a Safety Instrumented Function (SIF) utilizing the LWT series. This guide provides the
necessary requirements for meeting the IEC 61508 functional safety standards.
This chapter defines terms, abbreviations and acronyms used in this document. It also exposes
reference documents and how to get product support.

Terms and abbreviations

Term Meaning
Basic Safety The equipment must be designed and manufactured such that it protects against risk of damage
to persons by electrical shock and other hazards, and against resulting fire and explosion. The
protection must be effective under all conditions of the nominal operation and under single fault
condition.
Continuous Mode Mode where the safety function retains the EUC in a safe state as part of normal operation.
Fail Annunciation Failure that does not cause a false trip or prevent safety function but does cause loss of an
Detected automatic diagnostic or false diagnostic indication.
Fail Annunciation Failure that does not cause a false trip or prevent the safety function but does cause loss of an
Undetected automatic diagnostic and is not detected by another diagnostic.
Fail Dangerous Failure that does not respond to a demand from the process (i.e. being unable to go to the
defined fail-safe state).
Fail Dangerous Failure that is dangerous but is detected by automatic stroke testing.
Detected
Fail Dangerous Failure that is dangerous and that is not being diagnosed by automatic stroke testing.
Undetected
Fail No Effect Failure of a component that is part of the safety function but that has no effect on the safety
function.
Fail-Safe State State where the output current is ≤3.6 mA (fail low) or ≥21 mA (fail high)
Fail Safe Failure that causes the current output to go to the defined fail-safe state without a demand from
the process.
Functional Safety The ability of a system to carry out the actions necessary to achieve or to maintain a defined safe
state for the equipment under control of the system.
High Demand Mode Mode, where the frequency of demands for operation made on a safety related system is more
than one per year.
Low Demand Mode Mode, where the frequency of demands for operation made on a safety related system is not
more than one per year.
Multidrop Multidrop Mode. In Multidrop Mode, multiple devices are connected in parallel to a single
wire pair. The analog current signal simply serves to supply power to the devices in two-wire
technology with a fixed current.
 Term Meaning
Safety Freedom from unacceptable risk of harm.
Safety function A specified function that is performed by a safety-related system with the goal, under
consideration of a defined hazardous incident, of achieving or maintaining a safe condition for
the plant.
Safety related system A safety related system performs the safety functions that are required to achieve or maintain a
safe condition.
Ullage The distance by which a container falls short of being full.

Acronyms
Acronym Definition
DC Diagnostic Coverage
DCS Distributed Control System. Control system used in industrial applications to monitor and
control decentralized units.
DTM Device Type Manager. A DTM is a software module that supports specific functions for accessing
device parameters, the setup and the operation of devices, and diagnostics. The DTM is not
executable software. It requires a FDT container program to be activated.
DUT Device Under Test
EDD Electronic Device Description
EUC Equipment Under Control
FDT Field Device Tool
FMEDA Failure Modes, Effects and Diagnostic Analysis
HART Highway Addressable Remote Transducer
HFT Hardware Fault Tolerance. Ability of a functional unit (hardware) to continue to perform a
required function when faults or errors are prevailing.
HMI Human Machine Interface. In this case, the HMI is a combined module consisting of an LCD
display with 4 buttons keypad.
LRV Lower Range Value. Device Configuration, LRV of the measurement range
MTBF Mean Time Between Failures
MTTR Mean Time To Restoration. Mean time between the occurrence of an error in a unit or in a system
and its repair.
PFD Probability of Failure on Demand
PFDAVG Average Probability of Failure on Demand
SFF Safe Failure Fraction. Proportion of non-hazardous failures; in other words, the proportion of
failures without the potential to put the safety-related system in a hazardous or impermissible
state.
SIF Safety Instrumented Function. A set of equipment intended to reduce the risk due to a specific
hazard.
SIL Safety Integrity Level. The international standard IEC 61508 defines four discrete Safety Integrity
Levels (SIL 1 to SIL 4). Each level corresponds to a range of probability for the failure of a safety
function. The higher the Safety Integrity Level of the safety-related systems, the lower the
probability that they will not perform the required safety function.
TI Proof Test Interval
URV Upper Range Value. Device Configuration, URV of the measurement range.

6 User Guide
Support
Additional documentation on LWT300/400 series is available for download free of charge at
https://new.abb.com/products/measurement-products/level/guided-wave-radar-level-transmitters/
LWT.
Product support can be obtained by contacting ABB by one of the means indicated on the back cover of
this guide.

Applicable documents
The following documentation must be available with the LWT instrument and shall be read in addition
to this safety guide.
AD1 3KXL001069U0100 LWT300 GWR Level
Transmitter User Guide
AD2 3KXL001114U0100 LWT400 HPHT GWR https://new.abb.com/products/measurement-
Level Transmitter User products/level/guided-wave-radar-level-transmitters/
Guide LWT
AD3 DS/LWT300-EN LWT300 Datasheet
AD4 DS/LWT400-EN LWT400 Datasheet

These documents include details about functional specifications of the analog output and how to
operate and configure the device.

Reference documents
RD1 IEC 61508 (2010) (Edition 2), Part 1 to 7 Functional safety of electrical/electronic/programmable
electronic safety-related systems. International standard
published by International Electro-technical Commission
(IEC).

Introduction 7
Page intentionally left blank
—
C hapter 2

Description
The LWT series is specifically made for industrial applications and harsh environments. It provides
continuous level measurement capabilities for process automation and inventory management in
industries. It provides precise measurement of any solid or liquid independently from the material
properties.
The LWT series of instruments are microprocessor-based level transmitters that use very low power
microwave energy to determine the level of the product being measured. A rod or cable “probe” is hung
into the vessel to act as a waveguide, i.e. microwave energy stays concentrated around the length of the
probe instead of being dispersed, as it would be if there was no probe.
Depending on the type of configuration, it can meet the demands of hazardous area locations, and
high pressure and high temperature applications. Ordering specifications are described in the LWT
data sheet (AD2). Refer to this datasheet to get exact measuring range, operating temperature and
accuracy specifications. The LWT is explosion-proof class 1, division 1.
Additional documentation on LWT series instruments is available for download at
https://new.abb.com/products/measurement-products/level/guided-wave-radar-level-transmitters/
LWT.
Instrument version
This safety manual applies to guided wave sensor LWT series, with the most up to date revision in this
table:

Safety Release Release Date Software Revision\ Release Notes

Number Hardware Revision
1 8 February 2019 1.00.02\19.02.08 Initial safety version

10 User Guide
—
C hapter 3

Designing a SIF using the LWT instrument

Figure 1 shows a safety function example with an LWT instrument. The vessel level is monitored by
the guided wave level transmitter. The LWT 4–20 mA output loop is proportional to the level, ullage or
volume of the vessel. Configuration of the LWT can be performed directly on its HMI or with the HART
communication protocol through a computer or handheld terminal. The LWT connects to the user logic
device to control one or multiple actuators for process control and SIF.
—
Figure 1 Safety function with LWT monitoring a vessel and user logic controlling it

Number Description

1 LWT instrument

2 Computer with FDT and LWT DTM

3 HART FSK modem

4 Handheld terminal

5 Automation system, Logic-unit, PLC or other logic device

6 Actuator
Safety function
The guided wave level transmitter produces an analog signal, between 4 and 20 mA, proportional to
the level, volume or ullage, as defined by the operator. The analog signal is fed to a downstream logics
unit such as a PLC or a limit signal generator, and monitored for exceeding a specified maximum or
minimum value. All safety functions refer exclusively to this analog output. The total valid range of the
output signal shall be configured to a minimum of 3.6 mA and a maximum of 20.5 mA (factory defaults).
The LWT provides the following Type-B safety functions:
• Computes a distance/level measurement.
• Outputs a 4–20 mA signal of the transformed measurement.
• Measurement transformations are user-defined (math functions). These functions can be either on
or off. Multiple parameters can be set related to:
–– Damping
–– Linearization function
–– Filtering
The safety related function of the transmitter is the safe monitoring of the level within an accuracy
of 2 % of span (2 % of 16 mA). The safe state output current can be configured to be ≤3.6 mA (low
alarm) or ≥21.0 mA (high alarm), with the exception of CPU faults, where the current output is in low
alarm mode (≤3.6 mA), and 4–20 mA output readback faults, where current output is set to low alarm
(≤3.6 mA) for lower than expected current and high alarm (≥21.0 mA) for higher than expected current.
There are other functionalities of the LWT that are not considered as part of the safety function:
• Digital input (optional, external)
• HART communication
• HMI (optional)
• Remote display (optional accessory)

Alarm response and current output

In case of detected critical faults, the configured alarm current will be produced and fed to a
subsequent logic unit, e.g., a DCS, and monitored for violation of a defined maximum value.

Selectable alarm current modes

There are two selectable modes for this alarm current:
• HIGH (max alarm current) which is the factory default setting;
or
• LOW (min alarm current).

DCS configuration
For safe fault monitoring, the following conditions must be fulfilled:
• The LOW ALARM must be configured with a value of ≤3.6 mA;
or
• The HIGH ALARM must be configured with a value ≥21.0 mA.
• The DCS must be capable of recognizing the selected configured high alarms or low alarms as a
malfunction detection.
12 User Guide
• For safe current output operation, the terminal voltage at the device must be between 15.5 V and
42 V, with a minimum of 21 V for HART functionality.
The DCS loop must provide the required voltage level even if the current output operates on the
configured HIGH alarm.
The DCS shall be able to latch a detected high or low alarm, as the LWT alarm state may not be
maintained after the alarm-triggering condition is not met anymore.

Power On behavior
On startup, the LWT current output will follow the following sequence:
1 Low alarm mode (≤3.6 mA) for approximately 1 s;
2 High alarm mode (≥21.0 mA) for a duration between 20 s and 40 s due to internal power
management constraints.
3 Transition to intermediate value for approximately 1 s:
–– For level mode, go to high alarm mode (≥21.0 mA)
–– For distance mode, go to lower range value (4.0 mA)
–– For ullage or level mode, go to lower alarm mode (≤3.6 mA).
If a CPU fault occurs at startup during the instrument self-test, the current output is in low alarm mode
(≤3.6 mA).

Power failure alarm behavior

As demonstrated through fault insertion testing, some internal hardware failures may cause the LWT to
undergo a perpetual reset loop behavior which will be similar to its power on behavior as described above:
1 Low alarm mode (≤3.6 mA) for approximately 1 s;
2 High alarm mode (≥21.0 mA) for approximately between 10 and 20 s.

Behavior of transition to alarm current

The 4–20 mA output transition from nominal measurement to alarm current is performed in the
following manner:
1 Nominal current output (e.g., 9.8 mA)
2 Transition to intermediate value for one measurement cycle, thus approximately 0.2 s:
–– 4.0 mA if primary value (PV) is set to Ullage or Distance
–– ≥21.0 mA if primary value (PV) is set to Level
3 Alarm current; high or low as described in “Selectable alarm current modes” on page 12.

Conditions when device is not safety-compliant

The device is not safety-compliant during the following conditions:
• During configuration
• When HART multidrop mode is activated
• During simulation
• During proof test of the safety function
The fraction of failures without the potential to put the device into a dangerous function status is given
by the SFF value shown in “Safety parameters” on page 15.

Designing a SIF using the LWT instrument 13

Overall safety accuracy
The defined value for the safety threshold of the safety function of this device is: 2 % of 4–20 mA span
(2 % of 16 mA).

Specific instrument modes and parameters for safety operation

For the proper operation in a Safety Instrumented System, parameters shall have the following values:
Parameter Value
Echo Lost Period [0, 600] s
Echo Lost Reaction Failure
Alarm Delay 0s
Blocking Distance 0

Behavior for undetected faults

If a LWT fault occurs and is not detected through its internal diagnostics, the safety function
may output a current between 4 and 20 mA, which exceeds its specified safety accuracy or is not
proportional to the level, volume or ullage as defined by the operator.

Environmental limits
The designer of a SIF must check that the product is rated for use within the expected environmental
limits. Refer to the user guide (AD1) or datasheet (AD2) for accurate information about environmental
limits. Some limits depend on the model and configuration installed on it.
LWT measurements can be affected by vapor in high-temperature and high-pressure applications. The
LWT series provides gas phase compensation algorithms for such applications. However, this results
in a differing specification for accuracy. Reference distance must be verified during the commissioning
phase. More information can be found in AD1 or AD2.
LWT measurements can be affected by high vibration levels which can lead to the instrument not
meeting the accuracy specification listed in AD3 or AD4.
The user shall perform verifications to ensure that proper measurements can be made in the target
application environment.

Applications limits
LWTs can have flanges made of various types of metal. It is important for the designer to check for
material compatibility considering on-site chemical contaminants and air supply conditions. If the LWT
is used outside of the application limits or with incompatible materials, the reliability data provided
could become invalid.

Design verification
A failure mode, effects and diagnostics analysis (FMEDA) summary report is available from ABB Inc.
This report details all the failure rates and failure modes as well as the expected lifetime of the LWT
instrument.

14 User Guide
The achieved SIL of an entire SIF design must be verified by the designer via a calculation of PFDAVG
considering architecture, proof test interval, proof test effectiveness, any automatic diagnostics,
average repair time and the specific failure rates of all products included in the SIF. Each subsystem
must be checked to ensure compliance with minimum hardware fault tolerance requirements.
The safety parameters used for SIL calculation of the SIF are shown in “Safety parameters” below.

SIL capabilities
Systematic integrity
The product meets systematic integrity requirements for SIL 3. A SIF designed with this product must
not be used at a SIL level higher than the statement without prior-use justification by the end user or
diverse technology redundancy in the design.

Random integrity
The LWT is a type B device. Therefore, based on the SFF ≥90 %, when the LWT is used as the only
component in a final element subassembly, a design can meet SIL 2 at HFT=0. When the final element
assembly consists of many components, the SIL must be verified for the entire assembly using failure
rates from all components. This analysis must account for any hardware fault tolerance and architecture
constraints.

Safety parameters
The table below shows the failure rate information obtained from the FMEDA and other useful
information.
—
Table 1 Characteristics as per IEC 61508

Parameter Value
Type of assessment By design
Safety Integrity Level 2
Systematic capability 3
HFT 0
Component type B
Measuring mode Low demand mode, High demand mode
SFF 94.1 %
MTTR 24 h
MTBF 76 years
Diagnostic coverage λdd / (λdd+ λdu) ≈ 91.7 %
Diagnostic test interval <15 min
Reaction time to process change <1 s (with no damping or filtering)
Measurement time interval <1 s
Proof test effectiveness 80.9 %

Designing a SIF using the LWT instrument 15

—
Table 2 Failure rates

λs λdd λdu PFH

320.7 FIT 727.8 FIT 65.9 FIT 0.066 × 10-6 failures/hr

—
Table 3 PFDAVG

TI (years) 1 2 3 4 5
PFDAVG 0.8 × 10–3 1.0 × 10–3 1.3 × 10–3 1.5 × 10–3 1.7 × 10–3
TI (years) 6 7 8 9 10
PFDAVG 2.0 × 10–3 2.2 × 10–3 2.4 × 10–3 2.7 × 10–3 2.9 × 10–3

All safety related parameters are calculated using the Siemens SN29500 Component Reliability Handbook for a temperature of 25 °C.

Considerations for High demand mode

In high demand mode, the end user shall comply with IEC61508-2 sections 7.4.5.3 and 7.4.5.4 for the
failure rates to be applicable.
If compliance to these specified sections is not met, the end user shall contact ABB (see back cover of
this document) to calculate appropriate failure rates.

General requirements
The user shall verify that the LWT is suitable for use in safety applications by confirming that the
instrument has a metallic tag installed on it and that this tag shows the information illustrated below:

The figure below provides an example of this metallic ID tag installed on a LWT instrument.

Personnel performing maintenance and testing on the LWT shall be competent to do so.
Results from proof tests shall be recorded and reviewed periodically.
16 User Guide
—
C h a p te r 4

Installation and commissioning

Only qualified and authorized specialists should be charged with the installation, electrical connection,
commissioning, operation, and maintenance of LWT instruments.

Installation
The guided wave level transmitter must be installed with standard practices outlined in the user guide
(AD1 or AD2). Environmental parameters such as temperature and pressure, to name a few, must be
checked to verify that they do not exceed the LWT ratings . As far as possible, the measuring setup
should be free from critical ambient conditions such as vibrations, shocks, and large variations in
temperature.

Physical location and placement

The LWT shall be accessible with sufficient room for electrical connection and shall allow manual proof
testing, as described in “Proof test” on page 21.

Electrical connection
See the user guide (AD1 or AD2) for electrical connection instructions. Connection details like wire
gauges and maximum lengths of cable are described in this guide. Make sure that the LWT is grounded
according to national and local electrical codes. Outside installations or installations exposed directly or
indirectly to lightning discharges should have a secondary lightning protection module.
Do NOT make electrical connections unless the electrical code designation stamped on the LWT data
plate matches the classification of the area in which you want to install the LWT.

Commissioning
The LWT needs to be configured before first use, since it comes with a factory default configuration.
This instrument can be configured with the local HMI, with the DTM via the HART interface or with a
handheld terminal. Configuring the device with the local HMI is documented in the user guide. During
configuration, safe operation of the device shall not be assumed.
Checklist before safety operation
The following items must be checked before safety operation:
• After each startup (power on) of the device, as a part of a safety function, check that the device and
its configuration fulfill the safety function of the system.
• Check that the right device is installed on the right measuring point.
• Make sure that the vessel empty (LRV) and vessel full (URV) parameters correspond to real values
with appropriate units.
• After every change to the device, as a part of a safety function, such as a change to the installation
position of the device, process type change or configuration of safety parameters, the safety
function of the device shall be verified (see “Verify safety function” on page 19).
• After the safety function has been checked, device operation must be locked because a change to
the measuring system or parameters can compromise the safety function. The write protection
shall be enabled before powering up when it is desired to go into safe operation.

Adding password protection

To allow only authorized personnel to modify the LWT configuration, and therefore the safety function
behavior, password protection must be added:
1 From the Device Setup menu, select Access Control > Advanced Password.
2 In the password edit screen, edit each password character.
3 Press OK.
4 Repeat steps 1 to 3 for Standard Password instead of Advanced Password.

Enabling/Disabling the write protection

The device shall be write-protected for the safety operation. This could be performed through the
following steps:
1 Remove the nameplate by releasing the holding screw lying on the bottom left corner.
2 Use a suitable screwdriver to press the switch down fully.
3 Turn the switch clockwise by 90°.

18 User Guide
To deactivate the switch and remove the write protection, push it down slightly and turn 90°
counterclockwise.

Verify safety function

1 Verify and record the conditions as they are found prior to checking the safety function: write
protection is on/off, instrument parameters.
2 Disable write protection before power up.
3 Check the current out precision by simulating current out and measure it with a multimeter. This
could be performed by using an EDD/DTM interface or the HMI. The current out test shall test at
least 4 mA and 20 mA.
4 Enable write protection and power down. If no alarm is issued after system startup, then the safety
function is ensured during run-time.

Installation and commissioning 19

Page intentionally left blank
—
C hapter 5

Operation and maintenance

Proof test
In accordance with IEC 61508, the safety function of the measuring device must be checked at
appropriate time intervals. The operator must determine the proof test interval and take this into
account when determining the PFDAVG value of the guided wave level transmitter. The test must be
carried out in such a way that it verifies correct operation of the device.
Testing of fixed output current, HIGH and LOW alarm output current and measuring accuracy are
covered in the proof test. Testing of the device can be performed by following the steps described
below.

Testing the instrument

To check the safety function of the device, proceed as follows:
1 Verify and record the conditions found prior to checking the safety function: write protection is on/
off, instrument parameters, warning messages and error messages.
2 Bridge the safety DCS or take other appropriate measures to prevent inadvertent triggering of
alarms.
3 Remove the instrument from its installation flange. Perform a visual inspection and record any visible
defects or wear outs.
4 Deactivate write protection (see “Enabling/Disabling the write protection” on page 18).
5 Performing the proof test requires the specified voltage input (see “Alarm response and current
output” on page 12) in series with an ammeter (see Figure 2).
—
Figure 2 LWT current measurement

6 Set the transmitter output to a HIGH ALARM value by means of the HMI push buttons, HART
communication by using a DTM in combination with HART software, or with the Field Information
Manager (FIM-Tool) using simulation function (menu: Diagnostics>Simulation Mode>Current Out).
7 Check whether the current output signal reaches the value set for high alarm value.
8 Set the output of the transmitter to a LOW-ALARM value by means of the push buttons of the HMI,
HART communication by using the LWT DTM or with the Field Information Manager tool (FIM-Tool)
using simulation function (menu: Diagnostics>Simulation Mode>Current Out).
9 Check whether the current output signal reaches this value.
10 Terminate the simulation mode once the output simulation is finished.
11 Activate the write protection (see “Enabling/Disabling the write protection” on page 18) and wait
for 10 seconds.
12 Restart the device by powering it off and back on.
13 Check the measured distance or ullage against a secondary standard on an installed device which
could be a calibrated reference device, a mobile calibration rig or on a factory calibration rig. The
measured values of the secondary standard and the device under test (DUT) must be compared. The
amount of deviation between the measured distance, ullage and the set point must not exceed the
measured error specified for the safety function (±0.32 mA).
14 Remove the bridging of the safety DCS or restore normal operation in another way.
15 After the test has been performed, the results must be documented and stored in a suitable manner.
By using this test method at least 80.9 % (PTC = 0.809) of dangerous, undetected failures are detected.
The influence of systematic errors (e.g., medium properties, operating conditions, build-up or corrosion
on the safety function) is not fully covered by the test.
If one of the test criteria from the test procedure described above is not fulfilled, the device may no
longer be used as part of a safety instrumented system.
22 User Guide
Possible error messages
If the LWT is malfunctioning in any way, the LCD displays specific error messages destined to help
you identify and solve the problem. The chapter “Maintenance and Troubleshooting” of the user guide
explains where the error summary appears and how to access the full details of the error.
CPU internal faults will result in the LOW alarm independent from the configured alarm current.
Readback faults for the 4–20 mA output will result in the LOW alarm for lower than expected current
and HIGH alarm for higher than expected current, independently from the configured alarm current.
Other failures will be immediately signaled within the LOW or HIGH alarm range in line with the
configured alarm current.

Maintenance
The LWT should have its coupler and probe inspected and cleaned when the proof test is performed (as
described in “Proof test” on page 21). No other maintenance is planned.

Repair
To maintain safety operation, repairs must be performed by ABB after the instrument is taken out
of service. Replacing modular components by original ABB spare parts is permitted if personnel was
trained by ABB for this purpose.
Before sending the unit to ABB, it must be cleaned and decontaminated. ABB must be contacted to
obtain the Contamination Data Sheet. After filling out and sending the contamination datasheet to
ABB, an RMA number will be issued; after those steps the unit can be sent to ABB for repair.
Refer to the user guide for further details.

Software updates
Software updates, if applicable and recommended by ABB, must be performed by ABB-trained
personnel after the instrument is taken out of service.

Useful life
The applied failure rates of the components are valid within the usable service life (8 to 12 years)
according to IEC 61508-2 section 7.4.9.5, note 3, and start increasing after this period.

ABB notification
All detected failures that compromise functional safety shall be reported to ABB. Contact ABB customer
service as described in “Support” on page 7.

Operation and maintenance 23

Page intentionally left blank
—
C hapter 6

Document status

Change record
Version Date Change Description
A 01 March 2019 Initial release
B 27 August 2019 Modification to alarm delay values

IEC-61508 certificate
Page intentionally left blank
—
ABB Inc.
Measurement & Analytics
3400, rue Pierre-Ardouin
Québec (Québec) G1P 0B2
Canada
Phone:
North America: 1 800 858 3847
Worldwide: +1 418 877 2944
Fax:
+1 418 877-2834
E-mail:
[email protected]
Web:
https://new.abb.com/products/measurement-products/level/guided-wave-radar-level-transmitters/LWT

—
P/N 3KXL001071U0100 Rev B

We reserve the right to make technical changes or modify the contents of

this document without prior notice. With regard to purchase orders, the
agreed particulars shall prevail. ABB does not accept any responsibility
whatsoever for potential errors or possible lack of information in this
document.
We reserve all rights in this document and in the subject matter and
illustrations contained therein. Any reproduction, disclosure to third
parties or utilization of its contents—in whole or in parts—is forbidden
without prior written consent from ABB.
© ABB, 2019