Many times in the design of a safety instrumented system it is necessary to utilize an interposing relay. Typically there is not a certified relay available. Since no certified product is being used it is important to follow the requirements to justify prior use and also to design the circuit in such a way as to minimize the dangerous failure rate. Users of the exSILentia software tool can find a proven in use template in the software and an example is shown below (Figure 1). Those not utilizing exSILentia should develop a standard template to document the justification of non-certified equipment.
If the Proven in Use justification is sufficient then the design engineer should turn to looking at how to minimize the dangerous failures of the relay. The two dominant failure modes of a typical relay are coil burnout and welding of the relay contacts. Assuming that the SIF is designed to be de-energized to trip, then the coil burnout is classified as a safe failure and the welding of the relay contacts is classified as a dangerous failure. The generic dangerous failure rate for a relay is 600 FITS. If good design practice is used, which includes providing a means of current limiting, such a fusing the feed to the relay, then a dangerous failure rate of 60 FITS is typically used.
Once the design is done it is important to add the relays to the list of devices that need to be periodically proof tested and that need to be replaced at the end of their useful life.
Tagged as: SIF safe failure proven in use justification prior use exSILentia dangerous failure chris o'brien