Wear out will typically manifest in a progressive fashion and although a device may have reached the
end of its nominal useful life, that is not to say it is immediately untenable. It would be unrealistic to
attempt to model wear out on a specific device-by-device basis, but we may adopt a generic
approach in recognition of the behaviour. We may postulate a power law increase in failure rate
with time:
= ×( )
Where:
λ
is actual failure rate beyond nominal useful life
λ
i
is initial failure rate during useful life
a is a constant
SL is actual service life
NUL is nominal useful life
A cubic law (a=3) gives an approximate doubling of failure rate with a 25% extension in service life
beyond the nominal useful life, and 8 times if service life doubles useful life. The actual value of ‘a’ is
likely to be a matter of judgement, (unless hard data is available), but for want of anything better
the above figure is suggested as a starting point (a doubling of failure rate would typically be of
limited significance given other uncertainties, and a 25% extension does not appear ambitious). The
typical expectation is that wear out will be progressive (no ‘cliff edge’) and there are many examples
of equipment continuing to provide good reliability performance at 20+ years despite the
declaration in the standard of typical useful life of 8-12 years. Unless an extension to useful life is
substantiated, the PFD calculation should be revisited and test intervals revised as appropriate.
If the assumed failure rate is increased to the point where the anticipated number of failures (within
the deployed population) is 1/year, (i.e., when the MTBF = population) there need be no further
increase in the assumed failure rate, since failure count may then be relied upon to indicate a higher
failure rate.
If there is a mix of ages in a population there is the possibility that an increased failure rate in the
older subset might be masked by the younger. Clearly, it would, in principle, be possible to monitor
the failure count in these subsets independently, but this may well be too complicated an approach.
Alternatively, the failure rate of those safety elements that are older than their nominal useful life
may be assumed to progressively increase as indicated above, with PFD recalculated correspondingly
and test intervals adjusted if appropriate. A swap of younger for older elements might also be
considered.
Logging of the ages of all (SIL + non-SIL) element populations is perhaps an unrealistic ambition. But
it is here suggested we should maintain an age database of all SIL rated elements. For each
deployed SIL element, the ‘vintage’ and function tag should be recorded. Vintage being the
‘birthday’ of the element, whether by virtue of an overhaul or new installation. If end of useful life is
detected or the assumed end approached, this will allow identification of all similar elements of that
vintage.
Conclusion
It is possible to conceive of all sorts of possible refinements here, but we need to establish a
practicable basis, not fantasise about what might be. There are many uncertainties in risk assessment