Abstract
The current state of the art in process and plant safety for the process industries with means of process control technology (PCT) follows the concepts of functional safety as denoted in IEC 61511-1 (2003). Target of the standard is to provide suitable means for ensuring safety integrity of PCT safety functions throughout their entire lifecycle.
Each PCT safety function gets rated with a SIL (safety integrity level) as a measure for the process risk that any particular measure covers. The higher the SIL the higher the requirements towards safety related availability.
Among other requirements, IEC 61511-1 provides two criteria that depend on the target SIL and are tailored towards handling of systematic and random failures preventing a PCT safety function from executing its intended safety function upon demand:The minimum required hardware fault tolerance (HFT) criterion demands a minimum degree of redundancy in order to compensate for systematic failures, like design flaws, that could not be eliminated by the safety management system.
For random hardware failures the average PFD (Probability of Failure on Demand) is to be calculated. It is a probabilistic criterion that is impacted by hardware failure rates, degree of redundancy, diagnostic means, as well as the maintenance strategy.
IEC 61508-6 (2010) (part 6 of the related framework standard to IEC 61511) provides an overview of suitable mathematical methods that could be used to obtain the PFD. However, since most of the approaches tend to generate large and complex system descriptions (e.g. Markov technique) a set of simplified calculation formulae is also provided. From these, a large set of publications have been generated, providing even further simplified PFD calculation approaches, e.g. US ISA TR84.00.02 pt. 2 (2002) or German VDI/VDE 2180 pt. 4 (2010). Simplified equations allow for PFD calculation without the need for elaborate and time-consuming probabilistic models that require well-trained reliability engineers.
A typical disadvantage of available simplified equations is their lack of consideration of imperfect proof tests: While a 100 % test of PCT safety equipment is not feasible in many cases, the related mathematical representation would often become too complex to be presented as a closed equation.
In order to overcome these shortcomings, the current revision of German VDI/VDE and NAMUR PCT safety standards will address said topic by including a set of advanced PFD calculation formulae.
These come for the most common (diverse redundancy) architectures (1oo1, 1oo2, 2oo3, …) and allow for the consideration of individual imperfect proof tests per channel. They can further be combined with partial tests (also with individual proof test coverage per channel).
Together with the equations, recommendations on achievable proof test coverages for both, proof tests and partial tests, will be included.
