Key Parameters to calculate PFDavg of a Safety Instrumented Function

Key Parameters

As previously seen, to design the SIS (“Safety Instrumented System”) according to IEC 61511, several requirements must be met throughout its life cycle. Compliance with the SIL level assigned to each SIF (“Safety Instrumented Function”) is one of these requirements, and is performed by calculating the Average Probability of Failure on demand (PFDavg for Low Demand Mode) or the Probability of Failure per hour ( PFH for high demand mode). Let’s see below what the 6 most important parameters are when we calculate the value of PFDavg.

Equations of architectures 1oo1 and 1oo2:

1-Failure Rate per hour

The most important is the “dangerous undetected” failure rate represented by the letter λ_DU (“Dangerous Undetected”). As it is a very small value, it is usually measured in FITS by multiplying its value by 10⁹. The rate of “dangerous detected failures” λ_DD also intervenes in the calculation, although it impacts little.

2-Life Time

It is usually represented by the acronym LT (“Life Time”) or MT (“Mission Time”). It is the life time of the SIF that normally varies between 10 and 20 years.

3-Test Interval

It is the frequency of the Proof Tests of the SIF, that is, how often the tests are carried out (in months or years). This TI interval is directly related to plant maintenance overhauls. It may be different for each SIF subsystem, for example, between 1 and 4 years for the sensor, between 2 and 5 years for the logic solver, and between 1 and 2 years for the final element.

4-Effectiveness of Proof Tests

This parameter is represented as PTC (“Proof Test Coverage”) or Cpt, and what it quantifies is the percentage of “Dangerous Undetected Failures” that we are able to detect during Proof Testing. For sensors and logic solver it is usually a value between 90 and 95%, and for the final element between 70 and 90%, depending on the type of tests we perform.

5-Beta Factor

This β factor quantifies the impact, in redundant architectures (1oo2, 2oo3, etc.), of the “common cause failures” that simultaneously affect all channels. It must be quantified in each case. Typical values of this parameter are 5% for the sensor, 2% for the logic solver, and 10% for the final element.

6-Mean Time To Restore

The abbreviation for this parameter is MTTR (“Mean Time To Restore”) and is the sum of the Mean Detection Time of a dangerous failure (MDT) and the Mean Repairing Time (MRT). Normally values between 8 and 72 hours are used.