One of the fundamentals of the Probability of Failure on Demand (PFDavg) calculations in SIL verification analysis, is the concept of a constant failure-rate during useful life of the equipment.  Probabilistic calculations assume that the failure rate of the devices used in a Safety Instrumented System (SIS) remains constant during the “flat” portion of the “bathtub” curve, shown below.

Reliability engineers understand that the portion before the “flat” part of the “Bathtub” is where a high number of premature failures can occur: commonly referred to as “infant mortality”.  Most manufacturers will perform stringent testing to weed-out, weaker units, that could fail prematurely, leading to unwanted warranty claims.  This usually involves testing, where the units are temperature cycled and/or subjected to shock/vibration testing. 

Conversely, once the equipment reaches the end of the “flat” portion of the “Bathtub” then the failures start to rise dramatically.  This part of the “Bathtub” is referred to as the “wear-out” phase.  During this portion the concept of a constant failure rate no-longer applies since the failures are unpredictable.  Therefore, the probabilistic calculation of PFDavg can no longer be applied.

The Manufacturer will provide the useful life of its equipment in its Safety Manual, which will enable end users to be able to plan maintenance for changing out equipment that has reached the end of its useful life, assuming no failures up to this point.  During the SIL verification of the Safety Instrumented Functions (SIFs) in the SIS, the PFDavg is calculated for any Low Demand SIFs, predicated on the concept of constant failure rate during useful life.  Once the useful life is exceeded, however, then the PFDavg is not applicable and hence the SIL of the SIF is now compromised and is no longer valid.

Oftentimes when I teach our FSE100 Course, I ask my students whether they have a run-to-fail policy and I’m surprised by how many times I hear the word “yes” in answer.

Therefore, if you are following a run-to-fail strategy for your SIS and its SIFs, you may want to think again because your system may not be as reliable as you think! 

If this article has stimulated your interest, then be sure to look out for the upcoming webinar on this subject.