07. What safety parameters are there? What information do you get from the equipment manufacturer?

In the IEC 61508 and EN 62061 the following safety parameters are available for safety equipment and safety features:

Parameter

Meaning

Range

SIL

Safety Integrity Level:

Summary parameter for a level of safety. The value is calculated as the requirement for a safety solution because of the risk assessment of the machine. For safety equipment and components this value is specified, indicating that the component in safety features up to that level of safety may be used (often referred to as SIL Claim). In addition, however, taking into account the relay, the failure probability for the safety function must also be calculated out of the failure probabilities (see PFH) of the individual components,

1 to 3:

A larger value means higher level of safety.

Value 4: not adopted in engineering, but can occur in the process industry.

PFH

Failure probability of a dangerous failure per hour (dangerous failure rate)

- Used with a high or continuous demand rate for the safety function. A high demand rate is more frequent than once a year. In mechanical engineering it is generally accepted that the safety function is requested at a high rate.

Depending on the SIL,  limits for the PFH values are defined:

SIL 1: PFH < 10-5 /h

SIL 2: PFH < 10-6 /h

SIL 3: PFH < 10-7 /h

PFD

Failure probability of a dangerous failure on demand  of the safety function

- used with a low demand rate. For example in the process industry.

 

Depending on the SIL  different limits are set for the PFD value. 

SIL 1: PFD < 10-1

SIL 2: PFD < 10-2

SIL 3: PFD < 10-3

b-Factor (CCF)

Consideration of common causes of errors that can  lead to joint failure of multi-channel (redundant) structures.

- is included in the calculation of the PFD and PFH values.

typically 0,5 % to 10 %

Depends on the appropriate measures, for example diversity, separate wiring.

SFF

Safe failure fraction: Percentage of failures that lead   to a safe condition, in respect of all failures. Describes the safety error, expressed as a percentage of a subsystem.

- is included in the regulation of the SIL

0 % to 100 %

According to the SIL   different limits are difined for the SFF values to be observed as a function of the hardware    fault tolerance.

DC

Diagnose coverage:

Specifies how many of the dangerous failures can be detected and controlled by test and monitoring functions, without being able to have dangerous effects.

- A high DC helps to reduce the failure rate values PFH and PFD

0 % to 100 %

The standard defines 4 levels

0 % to 60 %: no DC

60 % to 90 %: low DC

90 % to 99 %: medium DC

> 99 %: high DC

Proof test interval

Time until an examination of the safety function / of safety equipment is required. The examination shall have as result that no dangerous undetected errors are present in the system / in the equipment. In practice this test is only possible for very simple equipment such as contactors. Complex electronic equipment must be sent in to the manufacturer for proof-test.

typically: 1 to 20 years

Note: Standard EN 62061 recommends safety components be designed so that within a lifetime of at least 20 years, no special proof-test is required

 

With EN ISO 13849 the following safety parameters are available for safety equipment and safety features:

Parameter

Meaning

Range

PL

Performance Level:

Safety integrity level

Summary parameter for a safety level. The value arises as as the requirement for a safety solution because of the risk assessment of the machine. For safety equipment and components, this value is specified, indicating that the component in safety functions up to that level of safety may be used. When interconnecting multiple components to a safety function, tables for the resulting value are specified in the standard.

a to e:

a is the lowest, e the highest safety level.

 

MTTFd

Mean time to first dangerous failure

The MTTFd value is the reciprocal of the dangerous failure rate (ld)

- Is included  in the determination  of the PL

3 to 100 years

The standard defines 4 levels

3 - 10 years: MTTFd low

10 - 30 years: MTTFd medium

30 - 100 years: MTTFd high

At the end of the analysis of  a complete safety function MTTFd values over 100 years are limited to 100.

CCF

Common cause failure:

Consideration of common causes of errors that can  lead to joint failure of multi-channel (redundant) structures.

0 to 100 points achievable by appropriate measures.

A score of at least 65 points must be reached.

DCavg

Diagnostic coverage:

Specifies how many of the dangerous failures can be detected and controlled by test and monitoring functions, without being able to have dangerous  effects

- Is included  in the determination  of the PL

0 % bis 100 %

The standard defines 4 levels:

0 % to 60 %: no DC

60 % to 90 %: low DC

90 % bis 99 %: medium DC

> 99 %: high DC

Proof test interval

Time until an inspection of the safety function / of safety equipment is required. The examination shall have as result that no dangerous undetected errors are present in the system / in the equipment. In practice this test is only possible for very simple equipment such as contactors. Complex electronic equipment must  be sent in to the manufacturer for proof-test.

typically: 1 to 20 years

Note: The assessment procedure in EN ISO 13849-1 is based on the assumption of  a proof-Test Interval of 20 years.

Data from equipment and component manufacturers
At least the SIL, PFH, and the proof test interval or the PL and the Proof Test Interval is obtainable from a manufacturer of safety components. The manufacturer cannot of course specify safety parameters for standard components. Specification of a medium failure rate (e.g.
MTBF, MTTF, B10) is possible however.

total page views:2128
[to top]