Functional Safety 2016
November, 2016 - London
Page 6 of 17
How and why does the PFD increase due to
Table 2: Comparison of PFDAVG for a 1oo1 High Pressure Loop with and without C
PT
Equipment
λ
DU
Hours
Ti
(YEARS)
PFD
AVG
C
PT
MT
(Years)
PFD
AVG
including
C
PT
COMMENTS
Pressure
Transmitter
(FAIL HIGH)
5.70E-08
3
7.49E-04 0.50
15 2.25E-03
SDOO189PEN-1413
PAGE 47
BASED ON PROOF
TEST 1
Logic Solver
1.51E-10 10 6.63E-06 0.95
20 6.96E-06
IM 32Q01S10-31E
Final
Element
(Actuator
and Vale
assembly)
9.33E-07
2
8.18E-03 0.50
10 2.45E-02
E112EE
Total
8.94E-03
2.68E-02
RRF & Hardware SIL Rating
112
SIL 2
37
SIL 1
Table 2 illustrates, for a simplified 1oo1 high pressure loop, the potential impact of the C
PT
on
the the risk reduction provided by a basic SIF loop. The C
PT
values are taken from the
equipment Safety Manuals, however if the recommended PT is not adopted by the end user
there is the potential that the C
PT
could be lower.
Should end-users PTs not meet the requirements of the safety manual then the PT should be
critically anlysed against the equipment FMEDA to assess the potential C
PT
.
However, rarely are the complete FMEDA’s provided by the vendor in the safety manual or
equipment certification, the end-user can request the FMEDA directly from the vendor, but this
is also unlikely due to propriety reasons. Alternatively, the end-user conducts their own FMEDA
on the equipment facilitated by a competent person in the technology being analysed.
However, this is resource intensive and it is unlikely most end-users would have the resources
available.
An approach suggested by (Abdelrhafour, Bajaj, & Boily, 2012) is to utilise a credit based
system, further information on this can be found in their paper Proof Test Procedure
Effectiveness on Safety Instrumented Systems (Abdelrhafour, Bajaj, & Boily, 2012). This
approach provides guidance on scoring system with suggested ranges to be judged per activity
conducted with the value selected based on the engineer’s experience and judgement.