![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0034.png)
Immingham East Terminal – Gasoline Overfill Protection
Safety Instrument System
P & I Design Ltd
DOCUMENT NO: SI277001_RPT
2 Reed Street, Thornaby, UK, TS17 7AF
ISSUE:
F
DATE: 31.10.14
Tel: + 44 (0)1642 617444
PAGE 14 OF 29
Fax: + 44 (0)1642 616447
www.pidesign.co.uk7.2.1.3 Sensor Subsystem Hardware Fault Tolerance
BS EN 61511-1:2003 Section 11.4 requires a minimum hardware fault tolerance.
Table 6 of the standard is reproduced below:
SIL
Minimum hardware fault tolerance
(see 11.4.3 and 11.4.4)
1
0
2
1
3
2
4
Special requirements apply
BS EN 61511-1:2003 Section 11.4.3 states that the fault tolerance in the above table should
be increased by 1, unless the dominant failure mode is to the safe state or dangerous failures
are detected.
In this application the logic solver (Nivotester) provides a continuous check of these events
and will cause the system to fail safe. Therefore, the fault tolerance has not been increased by
1.
BS EN 61511-1:2003 Section 11.4.4 states that the fault tolerance in the above table can be
reduced by 1 if the hardware complies with the following:
The hardware of the device is selected on the basis of prior use
The device allows adjustment of process related parameters only. i.e. measuring
range, upscale and downscale failures.
The adjustment of the process related parameters is protected either by jumper or
password.
The function has a SIL requirement of less than 4.
In this application the above requirements are true for each sensor subsystem and a reduction
of 1 applies.
As a cross check, the clause of hardware fault tolerance from BS EN 61508 has been applied.
BS EN 61508-2:2010 Section 7.4.3 requires architectural constraints on hardware safety
integrity.
Table 3 of the standard is reproduced below: