How to calculate PFD in System 1oo2 with comparison

Hello,

Your post has been forwarded to our safety metrics expert. We will get back to you as soon as we can.

Regards,

Sunil

Hello,

I am not familiar with the IEC 62425, but the calculation shown seems fairly standard.  Your first equation is calculating a "raw" failure rate for the system assuming there are no diagnostics applied.  Your second equation is de-rating the raw failure rate based on some assumed diagnostic coverage.  Either or both equations could be correct depending on how you apply to your system design.

Regards,

Karl 

In general terms for a 1oo2 scheme, assume each channel has input, compute, and output, each with a unique failure rate (Fi, Fc, Fo)

Failure rate of channel 1 F1= Fi1 + Fc1 + Fo1

Failure rate of channel 2 F2 = Fi2 + Fc2 + Fo2

Failure rate of combined system = F1 * F2

I know that failure rate of 1oo2 is as you said. but  how to express software comparison

Most standards allow you to remove the proportion of detected failures from the total failure rate, which results in an effective failure rate.  You may or may not be able to reduce as well based on distribution of safe failures vs. dangerous failures. For simplicity, we do not consider safe/dangerous failures in this example.

Building on previous example, assume D = diagnostic coverage of a diagnostic.  Each element in a channel may have a different diagnostic coverage, i.e. Di for input, Dc for compute, Do for output.

Effective failure rate of one channel after diagnostics  F = (1-Di)*Fi + (1-Dc)*Fc + (1-Do)*Fo

In general, if we assume a two channel system where the two channels diagnose each other (no diagnostics per channel), F = (1-D)*(F1*F2).

Dependent on the standard you are targeting, you may also need to consider effective reduction in diagnostic coverage due to common cause failure (IEC 61508 beta factor).

I  suggest that you refer to the examples in IEC 61508:2010 part 6 B.3.2.2.2.

Regards,

Karl

In general, if we assume a two channel system where the two channels diagnose each other (no diagnostics per channel), F = (1-D)*(F1*F2).

1. How to determine D?

2.Why not F = (1-D)F1* (1-D)F2

Diagnostic coverage can be tricky to determine.  The usual way to do this is to perform an FMEA, FTA, or other analysis on the target system to identify the fault population and assign a failure rate to each fault class.  The effectiveness of a diagnostic is the ratio of the weighed fault population detected by the diagnostic compared to the failure rate of the total population.  Generally you will need to execute a fault insertion type of activity to confirm your estimates of diagnostic efficiency.  If you want to do a quick estimation, you could use the guidance in IEC 61508:2010 Part 2 Annex A to provide some rough estimations of diagnostic coverage for common diagnostics.

Regarding the equation, what you show is mathematically equivalent to the equation I provided.  If the diagnostic coverage is different per channel, then you will need to break up the equation as you have done and apply different "D" factors per channel.  If the diagnostic coverage per channel is the same, you can use the original equation.

Regards,

Karl

 Hi, Karl

If the diagnostic coverage and failure rate per channel are the same, I think F_total =  (1-D)²*F² , right?

3286.1oo2D-Comparison_en.pdf

See attachment, I want to use this structure to achieve SIL4 (just technology).

I can use FMEDA to determine diagnostic coverage per channel(not diagnostic coverage between channel A and B) . How to get  diagnostic coverage between channel A and B?

Correct, if the failure rate and diagnostic coverage per channel are the same, your equation holds.

If you wish to add another layer of diagnostic coverage across both channels, you would need to use fault injection or a similar method as applied to the total system with both channels.  Effectively this is the same as doing it on a per channel basis, but at a higher level of system abstraction.

Regards,

Karl