Dangerous failures of the SIS
When calculating Probability of Failure of a Safety Instrumented Function (SIF), the most important are the dangerous failures, as we see in the following equations of 1oo1 and 1oo2 architectures.
The value Lambda DD is the rate of dangerous detected failures, and Lambda DU corresponds to the undetected ones.
We can break down dangerous failures into 4 groups:
- DD failures: these are the dangerous failures detected by the product diagnostics, i.e., by the diagnostics integrated by the manufacturer of the safety PLC, transmitter, positioner, etc. In the valves, being mechanical elements, we do not have product diagnostics.
- DU failures convertible to DD: these are the dangerous failures not detected by the automatic diagnostics, but that can be detected if we implement some application diagnostic in the SIF. Typical cases are, for example, the detection if analog signal is out-of-range or the PST test (Partial Stroke Test) on the safety valves.
- DU1 failures: are dangerous failures not detected by the automatic diagnostics, but that we detect in the manual tests (proof tests) made to the SIF every TI hours (Test Interval). The greater the effectiveness of these tests, the higher the value of the Cpt (coverage proof test), which is very important parameter in the formulas to calculate the failure probability.
- DU2 failures: are the dangerous failures that we never detect, neither with the automatic diagnostics nor in the manual tests. These are “hidden” faults that do not show up in tests and that can be very diverse in nature. Keep in mind that the tests we must perform periodically to all safety functions are never perfect.
Therefore, we can define the “effectiveness of the tests” in the following way:
Cpt = DU1 / (DU1 + DU2)
In the process industry this value varies, between 70 and 95% in the subsystems SENSOR and LOGIC SOLVER, and between 40 and 95% in the ACTUATOR subsystem.
We treat in our courses all these concepts and many others.