Last edit: 26/02/2024
Summary
In the first part of the article we introduced the concepts of Unreliability function F(t) and of Reliability Function R(t). The former is the base for the parameter PFD(t) and the one used to indicate the reliability of a Safety Instrumented Function (SIR): PFD average or PFDavg.
In this second part, we show how to calculate, in practice, the PFDavg.
PFDavg for different architecture
In low demand mode, the average PFD can be calculated by integrating the PFD(t) function over the test interval.
Let’s considering a 1 out of 1 (1oo1) subsystem with Failure Rate λ. This architecture consists of a single channel, where any dangerous failure leads to the failure of the safety function, when a demand arises.
starting from its Reliability function
the unreliability function can be written and approximated as
therefore:
In case of two 1oo1 Subsystems in series, the Average PFD is the sum of the average PFD of the single subsystem.
Considering a 1oo2 subsystem, where each element has the same Failure Rate λ, safety is guaranteed if at least one of them is functioning correctly. In other words, in case of one failure, the safety function is still guaranteed.
This architecture consists of two channels connected in parallel, such that either channel can process the safety function. Thus there should be a dangerous failure in both channels before a safety function fails on demand.
Supposing each element of the subsystem is, for example, a pressure transmitter; if one of them detects a dangerous situation, the subsystem triggers a shuts down.
For devices connected in parallel, knowing their F(t), the total failure probability function Ftot(t) is obtained through this formula:
therefore :
Considering a 1oo3 subsystem, where each element has the same Failure Rate λ, safety is guaranteed if at least one of them is functioning correctly. In other words, in case of two faults, the safety function is still guaranteed.
Supposing each element of the subsystem is, for example, a temperature sensor, if one of them detects a dangerous situation (for example a high temperature), the subsystem does not trigger the shutdown of the process. In this case two temperature sensors must detect a high temperature to trigger the system shut down. This architecture has a high level of both reliability and availability. In this case, we have to use a more general formula, able to express the R(t) function for architectures with redundancy, knowing “n”, total number of devices” and “i”, number of devices that have to be functioning to ensure that the entire system is functioning correctly:
This set of formulas can be used for different combination of devices connected in parallel, included the previous scenario. For the 2oo3 architecture:
Therefore, PFDavg can be calculated using the well-known formula:
Summary Table
In case we consider Safety Critical Systems, only the dangerous part of the failure rate is significant. Moreover, considering non-repairable systems and no common cause failures, the formula for the Average PFD are summarised in the following table.
The value of PFDavg, in case of repairable systems and common cause failures for redundant subsystems (β≠0), can be found in IEC 61508-6 Annex B.
Just for a quick reference, for a 1oo2 architecture, in case only Common Cause Failures are taken into considerations, the formula for the PFD calculation becomes the following:
