Advanced PFH calculations for safety integrity systems with high diagnostic

Abstract

The calculation of "Probability of Failure on Demand" (PFH) according to IEC 61508 shows for a 1oo1 and a 1oo2 system using the same initial values that - as expected - a 1oo2 system is a better safety integrity system than a 1oo1 system. This means, that a 1oo2 system has a lower probability of failure than a 1oo1 system. Comparing the same systems operating in a high demand or continuous mode of operation, there will be some cases, especially for systems with high diagnostics, where a 1oo1 system has a lower ¿Probability of Failure per Hour¿ (PFH) value than a 1oo2 system, using the PFH formulas according to IEC 61508. Using the equation according to IEC 61508, it is also possible that the PFH value is apparently better the longer the system runs either in the high mode or continuous mode of operation. Both results are irreproducible in industrial reality. Therefore, this paper will analyze first what conditions are necessary to get a hazard event when using a PFH system. Only those cases are considered in the modified PFH calculation, in which indeed a hazard event occurs. In a second step, it presents a new approach with the help of plausible arguments in order to calculate the PFH value of a PFH system considering a high diagnostic and a very low failure rate. The presented approach can also be correctly verified with mathematics using the advanced Markov model also described in this paper.