5 Annexe A - Relationship between Proof Testing and

Reliability

A SIS is considered to be a number of physical components that are each subject to

random hardware failures. The reliability of a SIS is a function of the proof test interval

(i.e. the time between proof tests), the failure rates of the individual components and time

of operation, as follows:

For a demand mode systems, the reliability of a system is normally expressed as the

probability of system failing to operate on demand (PFD). PFD increases over time in an

exponential fashion (although for relatively short proof test intervals, it is often

approximated to a linear relationship).

For example, if a fully operating system is put into operation at a particular time, its PFD is

zero, since we know that it is a fully operating system. As time increases, un-revealed

failures are expected to occur to the system components in a random fashion and

therefore the PFD of the system increases. The rate at which the PFD increases over time

will depend upon the failure rates of the components.

The purpose of proof testing is to reveal all undetected dangerous failures that would

prevent the system performing its designed functionality (i.e. PFD

AV

with respect to the

safety function is back to zero). This should occur before the PFD gets higher than the

target PFD.

Once a test interval is known, then the average PFD (PFD

AV

) across the test interval

period can easily be calculated and compared against the target PFD. This can then form

part of the demonstration that the SIS provides the necessary risk reduction.

2

i

D

AV

T

PFD







Where:

Interval

Test

Proof

)

(Dangerous

Rate

Failure





i

D

T



[Equations taken from BS EN 61508-6:2001 B2.2.1 and assuming mean time to repair is

small relative to the proof test interval.

Note these equations have been simplified for the purposes of demonstration of particular

issues.

These equations are suitable for low demand modes of operation only, i.e. where demand

frequency ≤ 1 per year and ≤ 2 x proof test frequency – BS EN 61508:-4:2001 3.5.12

.

This equation is an approximation that is only valid when

1

2





i

D

T



, and typically < 0.2]

So if the failure rate of a particular component was 0.02 per year then with a 1 year proof

test interval the PFD

AV

would be 0.01. Similarly for 2 year interval the PFD

AV

would be

0.02. By running the equation in reverse, if a PFD

AV

of 0.001 was required then the proof

test interval would be 0.1 years (about 36 days).