Functional Safety Manual
22
Detecting Gas Saving Lives
English
8.4 Hardware Configuration
Route 1H (Hardware fault tolerance and Safe Failure Fraction) has been used to assess
hardware safety integrity level.
8.5 Software Configuration
Assessment of the Product firmware has been made to the requirements given in IEC
61508:3 2010.
8.6 Systematic Failures
Route 1S (as specified in IEC 61508:2 2010 paragraph 7.4.2.2c) is used for compliance with
the requirements of avoidance of systematic failures.
8.7 Diagnostic Interval
Most diagnostic functions are continuously monitored.
Tests of the system watchdog are to be accomplished during the annual proof test by
power cycling the instrument:
IRmax
must be power-cycled annually (ie have the 24Vdc
supply removed and re-applied) as part of the maintenance programme for the product
(refer also to section 3.2).
8.8 Constraints
Failure rates are constant.
A proof test conducted at least once a year will identify all un-revealed failures.
Repairs have a mean time to repair of 8 hours.
It is assumed that the user makes use of that diagnostic facility provided via the IR Display
accessory and/or PC interface in order to minimise potential product down time.
Reliability assessment is a statistical process for applying historical failure data to proposed
designs and configurations. It therefore provides a credible target/estimate of the likely
reliability of equipment assuming manufacturing, design and operating conditions identical
to those under which the data was collected. It is a valuable design review technique for
comparing alternative designs, establishing order of magnitude performance targets and
evaluating the potential effects of design changes. The actual predicted values cannot,
however, be guaranteed as forecasting the precise number of field failures which will
actually occur, since this depends on many factors outside the control of a predictive
exercise.
Failure rates (symbol
λ
), for the purpose of this prediction, are assumed to be constant with
time. Both early and wear-out related failures would decrease the reliability but are assumed
to be removed by burn in and preventive replacement respectively.