Most used Architectures

In the following table we show the most used architectures when designing Safety Instrumented Functions (SIF).

LogicChannelsHFT (S)HFT (A)ObjetivesUsed for
1oo1100 sensor, actuator
1oo2210More Safetysensor, actuator
2oo2201More Availabilitysensor, actuator
2oo3311Safety+Availabilitysensor, PLC
1oo2D210Safety with high diagnosticsPLC (DMR)
2oo4D421/2Safety+Availab. with high diagnosticsPLC (QMR)
2oo3D31/21/2Safety+Availab. with high diagnosticsPLC (TMR)

HFT(S)= Hardware Fault Tolerant for Safety

HFT(A)= Hardware Fault Tolerant for Availability

Recall that the logic of the sensor and actuator subsystems is programmed in the Logic Solver (Safety PLC). This logic can be simple (1oo1, 1oo2, 2oo3, 2oo2) or much more complex by combining several groups (for example, 2oo2 architecture with 2 1oo2 groups).

What does “MooN” mean?

The SIF has 3 subsystems, each one can have a different architecture. When we talk about a MooN architecture (M out of N) we have:

  • N channels (for example: N sensors, or N shut-off valves, or N microprocessors in the PLC, or N transistors in each PLC digital output, etc.)
  • There is a channel voting system (N channels), so that M channels must act for the architecture to perform its safety function correctly (for example, if I have 2 sensors with a 1oo2 architecture then it is sufficient to exceed the trip setpoint in 1 channel for the SIF to act on the final element).

What is the “Fault Tolerance” of an architecture?

The Hardware Fault Tolerance (HFT) indicates the maximum number of channels that can fail to remain protected, even if there has been a degradation of the architecture.
For example, if one of the 1oo2 channels fails (for example, one of the valves remains seized and cannot close) then the architecture degrades to 1oo1 because we still have 1 valve to close in case of Safety Function is demanded by the SIS.

The following graphic compares several architectures. On the vertical axis we have the PFDavg (average probability of failure on demand) and on the horizontal the value of MTTFS (“Mean Time To Fail Spuriously.” This parameter measures how often it is likely that a SIF safe failure will occur and therefore shutdown the process).

2oo3 architecture is the most used in critical systems where we need both safety and process availability.