Safe Failure Fraction (SFF) is defined as the ratio of the average rate of safe failures plus dangerous detected failures of the subsystem to the total average failure rate of the subsystem. It is defined for a single channel (no redundancy, 1oo1).
It is a measurement of the likelihood of getting a dangerous failure that is NOT detected by automatic self diagnostics, shown in the equation below.
Example: You have failure rates from certificates totallying your subsystem to be:
Example 2: 100% means there are NO failures classified as dangerous that are not detected by automatic diagnostics. 100% is the best that can be achieved.
The number goes up for a product that is more inherently . The number goes up for a product that has very good automatic diagnostics.
After you know your SFF, end users can calculate their SIL based on their redundancy or based on the table below from IEC 61508. Or the table can be used calculate their redundancy or architectural constrains needed for their SIL target. The table below show the SFF comparison with the for, devices.
So, for the example given above, if your SIF calculates to a SFF of 86%, and you need a SIL 3 SIF operation, your Hardware Fault Tolerance is 1, or in other words you 1 extra set of equipment to do the same job. However, if your SFF was at 86%, but you only needed a SIL 2 SIF, your Hardware Fault Tolerance is 0, or in other words you only need 1 set of equipment to do the job, and no redundancy is needed.