I got a copy of the IEC 61508 certificate for a solenoid valve today from an engineer who thought something was wrong. Although the certificate was from a well known certification company, the certificate gave a “Dangerous Failure Rate” of 1.7 FITS (1.7 * 10-9 failures per hour). This is less than the value for simple electrical resistor! Indeed something seems quite wrong.
The report for the certificate explained how a “Cycle Test” was used to determine the random failure rate. A number of solenoid were put on test and cycled until 12,000,000 total successful cycles were completed. It was then assumed that the “probability of failure of the safety function on demand” was less than 1/12,000,000. Assuming a proof test interval of one year and using the simple equation for PFDavg: PFDavg = LambdaD X TI/2, they calculated LambdaD.
This is dead wrong. First of all the equation they used was derived for use in low demand applications with perfect proof testing. The cycle test itself is only useful in continuous/high demand applications where mechanical wear-out is the primary failure mechanism. Combining a bad test with a bad equation is dangerous. The result of this is that a system engineer concluded that no proof test ever need be done during the 30 year “life” of a process unit. Competent engineers must read the reports for these products and recognize the bad quality of the results. I think the manufacturers of these products also have a duty to recall these certifications from the marketplace and quit dangerously misleading those who do not have the detailed knowledge to recognize the issue. This situation is dangerous. I hope “dead wrong” does not mean that a fatality occurs as a result of this someday.