Table of Contents
Advertisement
Functional Safety HiD2872, HiC2873(Y1), HiD2876, HiC2877
Planning
3
Planning
3.1
System Structure
3.1.1
Low Demand Mode of Operation
If there are two control loops, one for the standard operation and another one for
the functional safety, then usually the demand rate for the safety loop is assumed to be
less than once per year.
The relevant safety parameters to be verified are:
•
the PFD
value (proof test interval that has a direct impact on the PFD
•
the SFF value (Safe Failure Fraction)
•
the HFT architecture (Hardware Fault Tolerance)
3.1.2
High Demand or Continuous Mode of Operation
If there is only one safety loop, which combines the standard operation and safety-related
operation, then usually the demand rate for this safety loop is assumed to be higher than
once per year.
The relevant safety parameters to be verified are:
•
the PFH value (Probability of dangerous Failure per Hour)
•
Fault reaction time of the safety system
•
the SFF value (Safe Failure Fraction)
•
the HFT architecture (Hardware Fault Tolerance)
3.1.3
Safe Failure Fraction
The safe failure fraction describes the ratio of all safe failures and dangerous detected failures
to the total failure rate.
SFF = (
s
A safe failure fraction as defined in IEC/EN 61508 is only relevant for elements or (sub)systems
in a complete safety loop. The device under consideration is always part of a safety loop
but is not regarded as a complete element or subsystem.
For calculating the SIL of a safety loop it is necessary to evaluate the safe failure fraction
of elements, subsystems and the complete system, but not of a single device.
Nevertheless the SFF of the device is given in this document for reference.
10
value (average Probability of dangerous Failure on Demand) and the T
avg
+
) / (
+
+
)
dd
s
dd
du
1
value)
avg
Advertisement
Table of Contents
