A.K.A You’re About to Severely Under-Design your SIF and Put your People at Risk. Twice this week alone, and much more often than I like to remember, I’ve had safety system designers blindly follow certificates that contain data that simply cannot be true. They get a certificate from an equipment supplier and stamped by a 3rd party assessor that states the valve or actuator can meet SIL 3 requirements with no redundancy. One certificate actually listed the dangerous failure rate at 3.06 FITS for a scotch yoke actuator, which translates into an average of one dangerous failure in over 37,000 years! Any experienced safety or process engineers should know from experience that this type of performance is not even close to realistic.
It is critical that implementers of safety systems pause and perform a sanity check on information that they are receiving from suppliers. Optimistic failures rates will lead to under designed SIFs. The SIFs will have less redundancy and less testing than required to achieve the target risk reduction. Here is a simple, although not exhaustive checklist:
- What is the reputation of the 3rd party agency? (Just because you have seen their name stamped on a soccer ball or lamp cord doesn’t mean they are competent at IEC 61508)
- Convert the dangerous FIT rate to a MTTF and do a gut-check
- Does the SFF make sense (If a smart pressure transmitter is typically 90% - 92% how could a valve with no diagnostics could be higher or even close?)
- If a safety PLC has to be in a 2oo3 or 1oo2D configuration to meet SIL 3, how could the actuator-valve combo meet it in a 1oo1?
In the final analysis the user of the equipment must be competent and use good engineering judgment. If it seems too good to be true chances are it is dangerously unsafe.
Tagged as: SIF safety system plc mttf IEC 61508 fit dangerous failure rate chris o'brien