Table of Contents Table of Contents
Previous Page  340 / 648 Next Page
Information
Show Menu
Previous Page 340 / 648 Next Page
Page Background

CDOIF

Chemical and Downstream Oil

Industries Forum

CDOIF is a collaborative venture formed to agree strategic areas for

joint industry / trade union / regulator action aimed at delivering

health, safety and environmental improvements with cross-sector

benefits.

Guideline – Demonstrating Prior Use v4

Page 15 of 30

Appendix A Failure rate calculations

In addition to addressing hardware fault tolerance for a Safety Instrumented Function

(SIF), it is necessary to demonstrate that the failure measure for the function falls within

the range specified in BS EN 61511 for the Safety Integrity Level required for the

function. For low demand mode Safety Instrumented Functions this failure measure is

the Average Probability of Failure on Demand (PFDavg).

Calculation of the PFDavg for the safety instrumented function uses the dangerous

failure rate (

λ

D) for each of the elements that comprise the safety instrumented function,

the proof test interval, and a knowledge of the architecture of the function, including

voting arrangements for both input and output channels.

The demonstration of prior use by the end user, as discussed earlier, involves the

recording of failure information. This recording of failure information provides the

opportunity to determine an appropriate failure rate for the devices or components to be

used in safety applications.

A.1 Failure rate

For the calculation of PFDavg the best and most appropriate failure rate information

comes from the operational experience of the end user (refer to section 4.4).

Where an end user has no operational experience of a new item of equipment, there are

other sources of failure data that might be considered. These may include:

Manufacturers failure rate data

Generic failure rate data, from sources such as EEMUA, FARADIP, OREDA etc.

However, great care should be taken when using either of these alternative sources.

Firstly, manufacturers will almost certainly have no direct experience of the use of the

items under conditions similar to those of the end user. Furthermore, the data provided

by manufacturers is often simply a synthesised prediction of performance that they are

hoping for from the product.

Secondly, with the generic failure rates to be found databases there is no guarantee that

the component that the end user is considering will be similar in performance to the

database figure. Any use of generic data should have appropriate justification for its

appropriateness and should be regarded as a provisional figure until real experience is

available to support or reject the figure.

Preferentially end users own failure data should be used to calculate failure rates. This

represents the actual reliability of a given component in a given service and operating

environment. One mechanism to gather failure rate data for a component is through

analysis of records held within a maintenance management system (or equivalent),

which should indicate the number of components in use, the period of time the

component has been in use for, and record any failures and failure modes during that

time. The end user should have confidence in their maintenance management system to

ensure that records are kept correctly, and are up to date. As discussed in Section 4.4,

the system should sufficiently reliable to be able to accurately detect and record failures

1 335 336 337 338 339 340 341 342 343 344 346-347 348 648 P & I Design Ltd