Most end users I teach in our FSE100 class are not really aware of or fully, understand when we talk about failure rates.  For example, what’s a FIT mean?  For those end users more versed in this, they understand what is meant by a FIT.  Essentially a device can have its Safe and Dangerous Failures expressed in FITs.  A Failure unITs or Failures In Time (FIT) = 10⁹ Hours or 10^-9 per hour and is normally used to indicate a failure rate, based upon failures per hour.  For example, if we see a failure rate of 5E-7 per hour, we can represent this as 500 FITs (i.e. 500E-9 per hour).  

But unless you know this and unless you understand the significance, how do you know whether a device with 5 FITs versus a device with 500 FITs is better or worse?  Of course, those that know will understand that 5 FITs is two orders of magnitude lower in terms of failure rate and is thus, at first glance, much more reliable.  This is true but it depends upon the type of devices being considered and compared.  For example, if we were comparing two different spool solenoid valve manufacturers, we see the device with 5 FITs would be a much better device to use.  However, this is where the new clause 11.9.3 in IEC61511 comes into play.  This clause was added in the 2016 edition of IEC61511 to require that all reliability data used when quantifying the effects of random failure (i.e. PFDavg/PFH calculations) shall be credible, traceable, documented, justified and shall be based on field feedback from similar devices used in a similar operating environment.   In the case of our 5 FIT spool solenoid valve in low demand, when we compare this to industry norms (similar devices in similar operating environments), we would see that an average for this type of spool solenoid valve in low demand is between 450 and 1200 FITs (www.silsafedata.com).  In which case our 5 FIT spool solenoid valve does not meet the: credible, traceable, documented and justifiable requirements of IEC61511.  Therefore, if we were to use this device in our SIF design then we would not be able to use the stated 5 FITs in our SIL verification calculation, otherwise we will end up with an optimistic and unrealistic PFDavg result.

One other thing I do during class is to use a simple “smell” test for final elements.  This is to say that if the dangerous undetected failures for an electro-mechanical or mechanical device come out to be more than 1,000 years (and this is being very generous), then it doesn’t pass the smell test.  The easy way to do this is to divide 109 hours by the number of FITs given x the number of hours in a year.  In the case of our 5 FITS this would equate to approx. 22,800 years, as opposed to 500 FITs or approx. 228 years.

The good news is that more end users are becoming aware of what FITs mean and what they’re looking at on a product data sheet or certificate and are beginning to reject some of these ridiculously low device failure rates.  If you’re not sure about any device certificates you have for final elements then go to www.silsafedata.com and compare them.