Last edit: 19/08/2025
THE QUESTION: What are the main reliability data for components used in Security Systems?
When it comes to components used in safety systems, you’re familiar with the concept of failure rate . There are actually two other important metrics to know: MTTF (Mean Time to Failure) and B10 . The latter is important when dealing with the reliability of electromechanical components . In this article, we’ll explain all three metrics and how they’re related.
If you need the reliability values of a pressure transmitter for use in a safety system, you’ll likely look in the component safety manual and, in particular, look for the different types of failure rates. These are typically calculated by specialized laboratories such as Exida or one of the TÜV companies .
The situation is different when you need the reliability parameters of a pneumatic solenoid valve; in this case, you should contact the manufacturer directly and rely on the B 10D value provided.
Questions that may arise are: “Why is there a different approach in the two cases? Why does the data for electronic components depend only on the component itself, while for an electromechanical component it depends not only on the component but also on how the component is connected to the logic solver? Why is it possible to know all types of failure rates for an electronic component, while for the solenoid valve only a B 10D value ? How can we use these values?”
It will take several articles to answer all these questions. In this one, we will focus on explaining the three parameters: failure rate , mean time to failure , and B10 .
The failure rate
When dealing with the reliability of a component used in a safety system the main parameter is the Failure Rate λ: its unit of measurement is the inverse of time. It is common practice to use the unit of measurement “failures per billion (10 9 ) hours”, this unit is known as FIT (Failures In Time) . For example, a particular integrated circuit that suffers seven failures per billion hours of operation at 25°C, has a failure rate of 7 FIT.
According to IEC 61508 , there are four types of faults:
- safe failures;
- dangerous failures;
- failures without effect;
- “no part” breakdowns
It’s fairly intuitive to understand what a safe and dangerous failure is . Conversely, a ” no-part ” failure is the failure of a component that plays no role in completing the safety function. A “no-effect” failure is the failure of an element that plays a role in completing the safety function, but that failure has no direct effect on the safety function.
In the 2010 version of IEC 61508, both no-effect and no-part faults were added to avoid influencing the SFF calculation by considering circuits that are not relevant to the reliability of the safety function: both types of faults should not be used to calculate the SFF. We will discuss the SFF in another article. No-effect faults were not mentioned in the previous edition of IEC 62061 , but they are now important for understanding some new aspects related to the failure of electromechanical components.
In addition to being safe or dangerous , each fault can also be classified as detected or undetected :
Therefore, the Failure Rate is the sum of five elements:
- λ SD : rate of detectable safe failures
- λ SU : rate of safe undetectable failures
- λ DD : rate of detectable dangerous failures
- λ DU : rate of dangerous undetectable failures
- λ NE : no-effect failure rate
- λ T : total failure rate
The Bathtub Curve
In general, any component has a failure rate that can be represented with a graph as a function of the time of use; the one shown in the figure, usually defined as a ” bathtub” graph, is typical of electronic components:
In the early phase of the component’s life, λ(t) decreases rapidly with time; this is also called early mortality rate.
During the period called useful life, λ(t) is constant.
The last period is characterized by wear, with a rapidly increasing failure rate λ(t).
During the useful life of a component, assuming a constant failure rate, considering as an initial condition that the Reliability at time 0 is maximum and equal to 1, we have that the Reliability in time R(t) is:
For electromechanical components, such as electrical power contactors, the curve is shown below.
Even after the initial failure rate period, the failure rate is never constant, but increases slowly over time.
This is a problem for functional safety standards, such as the IEC 61508 series . This is why, for such components, an approximation is made for a maximum time of T 10D . In general, for electromechanical components, a so-called “surrogate failure rate” is calculated so that there is a constant value, but only for the time period T 10D .
This is an important step for the functional safety standards used in machinery: ISO 13849-1 and IEC 62061. In particular, this allows the use of Markov chain models or reliability block diagrams to calculate the reliability of a safety function. This is not as important for IEC 61511-1 , as it focuses primarily on electronic and low-demand components.
Example of failure rates for electronic and electromechanical components
For electronic components, the failure rate depends on the component itself: how it is designed and engineered, and its ability to detect internal failures . This is assessed by specialized laboratories that analyze both the field performance for the specific component and how the component is manufactured.
| Pressure Transmitter – failure rate data
(Source: Exida SERH 2015 – 01 sensors – item 1.6.2) |
For 10 9 hours (FITs) | |
| Fail dangerous detected | λ DD | 260 |
| Fail dangerous undetected | λ DU | 84 |
| Fail safe detected | λ SD | 0 |
| Fail safe undetected | λ SU | 145 |
| No effect failure | λ NE | 135 |
For electromechanical components, the situation is somewhat different. They typically have no internal failure detection capability. This means that the failure rate depends on how the component is connected to the logic system (e.g., the safety PLC). Furthermore, since they are subject to wear from the moment they are first used, their reliability is not given by a failure rate value but by a B10 value .
How λD and MTTFD are derived from B10D
In functional safety, and in particular in the high-demand mode of safety-related control systems, B 10D is used to indicate the reliability of components that do not have a constant failure rate.
Since such components will have a constant “surrogate” failure rate associated with them, in order to limit the error in calculating the PFH D of the Safety Function, the use of the component will be limited to reaching the number of operations B 10D . This means that the component must be replaced when B 10D is reached , or earlier, if its Mission Time is shorter.
Since the duration of a cycle corresponds to the reciprocal of the operating frequency n op , the time T 10D at which the element has completed the B 10D cycles is:
Given a component with unreliability function F(t) ,
the probability of dangerous failures on the component when T 10D is reached is
but we know that the probability F(t=T 10D ) = 10% , so:
In case of constant failure rate the following applies:
So the following is the formula to use to calculate the MTTF D from the B 10D
CONCLUSIONS
In this article we have analyzed the meaning of the three main parameters used to define the reliability of a component used in a safety system . There is an important distinction based on whether the component is subject to wear or not .
In the first case, the failure rate is never constant . This is a problem that is overcome by defining what is sometimes called a surrogate failure rate .
In the case of electronic components , the situation is somewhat simpler, since the failure rate characteristics remain constant over a relatively long period of time. Furthermore, the different types of failure rates depend only on the component itself and its ability to detect whether it is susceptible to failure.