Table of Contents Table of Contents
Previous Page  333 / 1143 Next Page
Information
Show Menu
Previous Page 333 / 1143 Next Page
Page Background

Functional Safety 2016

November, 2016 - London

Page 3 of 17

Introduction

The periodic proof testing of a Safety Instrumented Function (SIF) is an integral element of the

SIF design and the assurance that the SIF will continue to provide the target and “as designed”

risk reduction for the required mission time of the SIF or until it is no longer required to provide

the risk reduction.

Manufacturers of safety related equipment, that is claimed as being compliant with BS EN

61508:2010 must perform analysis of the equipment, with respect to random hardware failures.

This analysis must determine the: failure modes; with respect to equipment operation

parameters; the estimated dangerous failure rates for detected and undetected failures;

diagnostic coverage; environmental limits; estimated equipment lifetime and any periodic proof

test and / or maintenance requirements. For the claimed compliant equipment, this information

must be provided in a safety manual that is in accordance with the requirements of BS EN

61508:2010 Part 2 Annex D and includes the specific requirements for proof testing of the

equipment.

The primary objective of the proof test is to reveal undetected dangerous faults, but it is

recognised that not all faults can be detected by either equipment diagnostic tests or proof tests

and may only be found during overhaul or a demand on the SIF to operate. If faults are not

detected by overhaul or a demand then it should be assumed that they will remain for the life of

the equipment, but do not impact on the equipment’s ability to perform the safety function, as

the SIF would have failed during the demand. These types of faults may be considered no

effect failures and are not considered in this paper.

Therefore, considering undetected dangerous faults, the fraction of faults detected when the

proof test is performed is termed as the Proof Test Coverage (

!"

) and the fraction of faults not

detected is termed (1-

!"

). These latter faults, which are not detected at the proof test, will only

be detected when a demand is made on the SIF.

The

!"

impacts on the achieved Average probability of failure on demand (PFD

AVG

) of a SIF. It

is therefore critical that the manufacturers requirements for testing are complied with, to provide

the assurance that the SIF will continue to provide the target and “as designed” risk reduction

for the required mission time of the SIF or until it is no longer required to provide the risk

reduction.

1 326-327 328-329 330 331 332 333 334 335 336 337 338 339 1143  FlippingBook