The importance of common cause failures
When designing a control system, we should paid special attention to common cause failures, that is, to the factors that may cause the simultaneous failure of several components or redundant channels. It is an even more important aspect in the case of safety instrumented systems (SIS) and is considered in international safety standards such as IEC-61508 (for all industries), IEC-61511 (for the process industry), IEC-62061 (for machinery safety), IEC-61513 (for the nuclear industry) or ISA-84.
We can perform an excellent design of the system or the safety instrumented function, but if we neglect the common cause failures the final result can be really bad. Not always the design engineer is aware of the importance of this. They are of vital importance in systems of high availability, i.e., in systems with redundant architectures 2oo3, 2oo4, 2oo2, 3oo3, etc. or in safety systems with architectures 1oo2, 1oo3, 2oo3, etc.
Suppose for example a PLC with redundant CPU mounted inside a cabinet with insufficient ventilation, with errors in the design of grounding system and that has been tested by personnel with little experience (which greatly increases the possible software errors) . Any of these aspects can have a very negative effect on both CPUs simultaneously.
How many System Integrators actually calculate the heat dissipation inside the control cabinet and under the specified temperature and humidity conditions? It is not a complicated calculation, but it serves as an example to draw attention to common cause failures.
In the field elements, such as sensors or actuators, there are also many common factors that influence the operation of the system, such as how they are assembled and calibrated, if they have been correctly specified, or for example, if we are using the same multi cable and junction boxes for all redundant channels.
In order to evaluate and quantify common cause failures, IEC-61508 makes several recommendations on how to do so and introduces the so-called β factor that should be used in formulas for calculation of failure probabilities and others.
To give a better idea of what we are talking about, we show below some of the formulas used in the SILcet application, where we can see in red the term corresponding to the common cause failures, and that greatly influences the 1oo2, 2oo3 and 2oo4 results since the first term is usually the power of a very small number (<< 0.1).
Visit our website about Functional Safety