Did you see my Changing the PVST Interval. Hey, my failure rates changed! post? There is more…
In addition to impacting the way the Partial Valve Stroke Test (PVST) is addressed in the SIL verification calculation, the PVST frequency can also have a significant impact on the minimum Hardware Fault Tolerance (HFT) requirements or Architectural Constraints. When users adapt the concepts as described in IEC 61508 where HFT requirements are based on equipment type (A or B) and element Safe Failure Fraction (SFF), considering a test automatic or not can easily make a SIL level difference. Consider the SFF formulas below:
If we use the example final element from yesterday’s post, assume all failures are undetected without PVST and that a PVST coverage of 60% applies, the Safe Failure Fractions for the two PVST situations can be calculated as shown below:
Now if we assume that the failure mode distributions for a typical pneumatic actuator-valve combination are 40% safe and 60% dangerous, the two Safe Failure Fractions evolve as shown below:
With a final element being a Type A element, the following Architectural Constraints table applies (IEC 61508:2010 part 2, clause 18.104.22.168.2 Table 2).
From this table it can be concluded that if the PVST is considered an automatic test, i.e. the test is done at least 10 time more frequent than the proof test, the single final element can be used in a SIL 2 application (given a SFF > 60%). If the PVST test is not done 10 times more frequent than the proof test, the final element can only be used in a SIL 1 application (SFF < 60%) unless redundancy is implemented.