IEC 61511 defines systematic failures as those “related to a “pre-existing” fault, which can only be eliminated by removing the fault by a modification of the design, manufacturing process, operating procedures, documentation or other relevant factors”.
The peculiarity of systematic failures is that they are “hidden” and may never manifest or be detected, and are also difficult to measure. They are almost always failures directly related to human error.
Examples of systematic failures:
-Error in an Instrument Data Sheet (human failure in the specification). Failure during the Analysis phase of the SIS Life Cycle.
–Forget a bypass after the tests (human failure or failure of the SIS maintenance procedure). Failure during the O&M phase of the SIS Life Cycle.
-A calibration error of an instrument due to excess operator fatigue or stress (human failure related to the organization, training and / or resources available at the Plant). Failure during the O&M phase of the life cycle.
-Error in the Logic Solver application software, normally known as a “bug” (human failure due to multiple factors: inexperienced programmer, insufficient rigorous FAT / SAT tests, error in the Logical Diagram or in the Cause-Effect matrix, etc.). Failure during the Design and Implementation phase of the SIS Life Cycle.
There is a big difference between “hardware failures” and “systematic failures”. The first (random hardware failures) are quantifiable and are the ones we use when calculating the value of the Probability of Failure (PFDavg / PFH). However, many systematic failures have a 100% probability of occurring, such as a calibration error, a specification error, a software error, etc. Therefore, this type of systematic failure can potentially be detected and eliminated if we can reproduce it with the appropriate tests.
What is the way to minimize systematic failures?
Functional Safety Management helps prevent the introduction of systematic failures. All the activities of the SIS Life Cycle must be correctly defined, assign managers and ensure that people are competent for it. This is covered in section 5 of IEC 61511.
- Use of products certified for SIS design (the “Systematic Capability” of the sensor, PLC, actuator, etc. is a requirement that helps to minimize the manufacturer’s systematic failures).
- Ensure that personnel related to the SIS are trained and competent.
- Perform periodic evaluations of SIS staff.
- Ensure that the procedures are complete, clear and that they are followed.
- Use checklists to ensure that nothing is missing.
- Have a good record of documents and activities of the SIS (specifications, verification and validation, training, fault record, etc.)
- Ensure that there is a Functional Safety Management Plan and that it is followed.
- Perform Evaluations (Funtional Safety Assessments) and SIS Audits.
- Perform follow-up and repair of any non-conformity in a reasonable time.
- Implement possible recommendations of the FSAs and audits.
The integrity of the Safety Instrumented Functions (SIF) and the SIS as a whole does not depend exclusively on Hardware Failures, that is, on the fulfillment of the Probability of Failure on demand (PFDavg), on the Systematic Capability and on the so-called “Architectural Constraints”. This is only a part.
Systematic failures are the main cause of most accidents in the process industry and should always be the focus of those responsible for the Functional Safety of the Plant.
We can make many efforts to achieve a SIL-3 Safety Function, but to maintain this SIL over time we need to perform a good Functional Safety Management.
A SIL-2 or SIL-3 SIF with certified products but with poor maintenance is neither complete nor safe.