Last edit: 20/08/2025
Introduction
In the previous articles we explored the Parameter PFDavg: Average Probability of Failure on Demand. It is used to indicate the reliability of a Safety Instrumented System operating in Low demand. We will now explore the domain of Safety-related Control Systems working in High Demand. The parameter used in defined as Probability of Failure per Hour and the acronym is PFH.
Actually, there is a bit of confusion with that parameter and it is due to its usage in ISO 13849-1, up to the third edition (2015) the standard used the acronym PFHD defined as “average probability of dangerous failure per hour”. That definition was not correct since the PFH is a frequency and not a probability. That was changed in the fourth edition of 2023. Its definition is now aligned with both IEC 61508 series and IEC 62061 (see later in this article).
Il PFH
The starting point for the calculation of the PFH is the Failure Frequency. Hereafter its definitions [29]:
[ISO/TR 12489] 3.1 Basic Reliability concepts
3.1.22 Failure Frequency (or Unconditional Failure Intensity) w(t). Conditional probability per unit of time that the item fails between t and t+dt, provided that it was working at time 0
In high demand mode, the unreliability value used is the Average Failure Frequency. Here its definitions [29]:
[ISO/TR 12489] 3.1 Basic Reliability concepts
3.1.23 average failure frequency . Average value of the time-dependent failure frequency over a given time interval
The average failure frequency is also called “Probability of Failure per Hour” (PFH) by the standards related to functional safety of safety related instrumented systems:
However the correct term for PFH is Average Failure frequency. That is the reason why, in the new edition of IEC 62061, PFH is defined as the following [12]:
[IEC 62061] 3.2 Terms and definitions
3.2.29 average frequency of a dangerous failure per hour PFH or PFHD. average frequency of dangerous failure of an SCS to perform a specified safety function over a given period of time where T is the overall life duration of the system.
Where:
- λA: is the failure rate of the component
- μA: is the component restoration rate. Please consider that the restoration rate has the same mathematical properties of the failure rate.
Since the model includes the restoration transition, the system is considered repairable; in other terms, it can be brought to an “as new status” after a repair or a Proof Test. In general, the unconditional failure intensity w(t) is a saw-teeth curve while f(t) is decreasing and goes to 0 when t goes to infinity.
Considering the following data (example taken from [29] Annex C):
- λA = 510-4 [h-1]
- μA = 0,01 [h-1]
- τ = 2160 h
the graphs are the following:
Weibull Distribution
It is now clear that, in Functional Safety, the failure rate of any component has to be constant: the issue are components subject to wear, like contactors and solenoid valves, since their failure rates are usually not constant. Therefore, the exponential curve is not helpful to model their life distribution: that is where the Weibull distribution comes in.
The Weibull distribution is one of the most widely used Life Distributions in Reliability analysis. The distribution is named after the Swedish professor Waloddi Weibull (1887-1979), who developed the distribution for modelling the strength of materials.
The Weibull distribution is very flexible and can, through an appropriate choice of parameters, model many types of failure rate behaviours. It is therefore used to model the failure behaviour of electromechanical components.
The Cumulative Density Function
The Weibull Cumulative Density Function is the following:
Please notice that when t = η
Therefore, regardless of the distribution shape parameter β, when t = η, the Probability of unavailability F(t) of the component = 63%.
The parameter η is defined as the characteristic lifetime of the distribution.
The Instantaneous Failure Rate
Finally, the Instantaneous Failure Rate is the following:
When β =1, the failure rate is constant and equal to:
In this case, the Weibull distribution is identical to the exponential one.
When β < 1 the failure rate decreases with time. Both electronic and mechanical systems may initially have high failure rates. Manufacturers conduct production process control, production acceptance tests, “burn-in,” or reliability stress screening (RSS), to prevent early failures before delivery to customers. Therefore, shape parameters of less than one indicates the following:
- lack of adequate process control;
- inadequate burn-in or stress screening;
- production problems, mis-assembly, poor quality control;
- overhaul problems;
- mixture of populations;
- run-in or wear-in.
Many electronic components during their useful life show a decreasing instantaneous failure rate, thus featuring shape parameters less than 1. Preventive maintenance on such a component is not appropriate, as old parts are better than new.
When β > 1 the failure rate increases with time. That behaviour is attributed, first of all, to components in the wear-out, or end of life, phase. Some typical examples of these cases are:
- wear;
- corrosion;
- crack propagation;
- fatigue;
- moisture absorption;
- diffusion;
- evaporation (weight loss);
- damage accumulation.
Design measures have to ensure that those phenomena do not significantly contribute to the probability of product failure during the expected operational life, however that is typically the behaviour of Contactors and Solenoid valves during their entire life.
In the article that will be published in the second issue of Tuttomisure 2024, we will go into detail about the reliability parameters used in High Demand security systems.