Wear out will typically manifest in a progressive fashion and although a device may have reached the

end of its nominal useful life, that is not to say it is immediately untenable. It would be unrealistic to

attempt to model wear out on a specific device-by-device basis, but we may adopt a generic

approach in recognition of the behaviour. We may postulate a power law increase in failure rate

with time:

= ×( )

Where:

λ

is actual failure rate beyond nominal useful life

λ

i

is initial failure rate during useful life

a is a constant

SL is actual service life

NUL is nominal useful life

A cubic law (a=3) gives an approximate doubling of failure rate with a 25% extension in service life

beyond the nominal useful life, and 8 times if service life doubles useful life. The actual value of ‘a’ is

likely to be a matter of judgement, (unless hard data is available), but for want of anything better

the above figure is suggested as a starting point (a doubling of failure rate would typically be of

limited significance given other uncertainties, and a 25% extension does not appear ambitious). The

typical expectation is that wear out will be progressive (no ‘cliff edge’) and there are many examples

of equipment continuing to provide good reliability performance at 20+ years despite the

declaration in the standard of typical useful life of 8-12 years. Unless an extension to useful life is

substantiated, the PFD calculation should be revisited and test intervals revised as appropriate.

If the assumed failure rate is increased to the point where the anticipated number of failures (within

the deployed population) is 1/year, (i.e., when the MTBF = population) there need be no further

increase in the assumed failure rate, since failure count may then be relied upon to indicate a higher

failure rate.

If there is a mix of ages in a population there is the possibility that an increased failure rate in the

older subset might be masked by the younger. Clearly, it would, in principle, be possible to monitor

the failure count in these subsets independently, but this may well be too complicated an approach.

Alternatively, the failure rate of those safety elements that are older than their nominal useful life

may be assumed to progressively increase as indicated above, with PFD recalculated correspondingly

and test intervals adjusted if appropriate. A swap of younger for older elements might also be

considered.

Logging of the ages of all (SIL + non-SIL) element populations is perhaps an unrealistic ambition. But

it is here suggested we should maintain an age database of all SIL rated elements. For each

deployed SIL element, the ‘vintage’ and function tag should be recorded. Vintage being the

‘birthday’ of the element, whether by virtue of an overhaul or new installation. If end of useful life is

detected or the assumed end approached, this will allow identification of all similar elements of that

vintage.

Conclusion

It is possible to conceive of all sorts of possible refinements here, but we need to establish a

practicable basis, not fantasise about what might be. There are many uncertainties in risk assessment