According to the basic functional safety standard IEC61508:2010 Part 2 [1], when assessing the safety performance of a safety instrumented function (SIF) operating in high demand mode, full credit can be given for the positive effects of automatic self‐diagnostics (ASD) in SIF devices provided the frequency of ASD execution is 100 times (100X) or more the demand rate on the SIF and the SIF is configured to convert dangerous failures into safe failures via an automatic shutdown. However, no credit may be given for the positive safety effects of ASD if the frequency of ASD execution is less than 100X the demand rate.
This paper shows that the 100X requirement is quite excessive and that significant positive safety effects accrue even when the ASD frequency is much smaller than the 100X stipulation. The theory, which provides reasonable justification for assigning some degree of partial diagnostic credit (PDC) for ASD based on the ratio of ASD frequency to demand rate, is developed under two different assumptions: Scenario 1 which is extremely conservative and Scenario 2 which is more realistic.