SIL achievement requires that the design of a safety function meets three specific criteria as outlined in the standard. This section will concentrate on number 1 – Random Hardware Integrity.
Functional safety is the active detection of potentially dangerous conditions, resulting in a demand for a protective mechanism or function to prevent or reduce the impact of hazardous events that might occur. Forming part of the overall safety of equipment under control (EUC), functional safety has focused on electronics and related software.
IEC 61508 is an international standard for “Functional Safety or electrical/electronic/programmable electronic safety-related systems”. As the umbrella standard for functional safety, it forms the foundation of many industry-specific derivatives such as IEC 61511 for the process industry.
Following a safety lifecycle model, the standards formalize the management of functional safety and provide measures and techniques for the design of Safety Instrumented Systems (SIS) and associated Safety Instrumented Functions (SIF).
A key element of the safety lifecycle is the creation of the Safety Requirement Specification (SRS). Based on inputs from the hazard and risk assessment stages of the lifecycle, this document is the blueprint for the functionality, integrity, and validation of the safety system design.
The Safety Requirement Specification will document the level of any residual risk reduction required of the safety system design and assign a corresponding target SIL level.
SIL or Safety Integrity Level is a relative level of risk reduction provided by a safety function. Four separate SIL levels from 1 to 4 are defined, with SIL 4 offering the highest level of safety integrity and corresponding risk reduction factor.
SIL achievement requires that the design of a safety function meets three specific criteria as outlined in the standard.
These strict criteria are: Random hardware integrity, Architectural constraints, and Systematic capability
PR electronics offers a range of SIL-certified devices to cover a wide selection of SIL applications.
Random hardware integrity relates to random hardware failures. If safety systems were 100% reliable then the residual risk would be reduced to zero and all systems would be 100% safe.
This is not achievable, and as such, we need to quantify the likelihood of a safety function failing when a demand is placed upon it. Understanding this will allow us to determine the level of risk reduction it is likely to offer.
Safety Instrumented Functions (SIF’s) which operate in “Low Demand” mode use the Average Probability of Failure On-Demand (PFDavg) metric to quantify reliability, while “High” or “Continuous Demand” SIF’s use Probability of Failure per Hour (PFH).
Table 4 from IEC 61511 details how these values correspond to risk reduction factor (RRF) offered for Low Demand SIF’s:
Table 5 shows the correspondent values for High/Continuous Demand SIF’s:
Calculating a PFDavg of a Safety Instrumented Function requires analysis of its constituent parts. A typical SIF is made up of a sensor subsystem, logic solver, and final element subsystem.
Examples of SIF components are shown below:
Failure analysis techniques such as FMEDA (Failure Modes Effects and Diagnostics Analysis) are widely used to determine the failure modes and diagnostic capabilities of individual devices.
Failure rate data can be combined with additional variables to calculate a probability of failure across a defined mission time.
Although simple equations exist for calculating PFD, the more variables that are included in the calculation the more accurate and safer the result will be.
Variables to consider in PFD calculations:
Example Low Demand mode PFDavg equation
The PFDavg of a Safety Instrumented Function is the total of all subsystem PFDavg values
Total SIF PFDavg = 1.9 x 10-2 = SIL
High or Continuous Demand mode SIF’s use PFH (Probability of Failure per Hour) for their calculation
Achieving the target PFDavg/PFH for a safety function does not in itself prove target SIL achievement. Consideration must also be given to Architectural Constraints and Systematic Capability.
Copyright 2024 © All Rights Reserved Worldwide
