APPENDIX B
1212 & 1212P Manual - Sep 2019
pg. 44
Curtis has analyzed each safety function and calculated its Mean Time To Dangerous Failure
(MTTFd) and Diagnostic Coverage (DC), and designed them against Common Cause Faults (CCF).
The safety-related performance of the Curtis 1212P is summarized as follows:
Safety Function
Designated
Architecture
MTTFd
DC
CCF
Score
PL
Crushing*
2
≥ 22 yrs
≥ 60%
70
b
Crushing**
2
≥ 22 yrs
≥ 60%
70
b
Loss of stablility***
2
≥ 22 yrs
≥ 60%
70
b
* due to unintended or uncontrolled movement
** through loss of STO/braking
*** from excessive speeds, as specified by vehicle limits
EN1175 specifies that traction and hydraulic electronic control systems must use Designated
Architecture 2 or greater. This design employs input, logic, and output circuits that are monitored and
tested by independent circuits and software to ensure a high level of safety performance (up to PL=d).
Mean Time To Dangerous Failure (MTTFd) is related to the expected reliability of the safety related
parts used in the controller. Only failures that can result in a dangerous situation are included in the
calculation.
Diagnostic Coverage (DC) is a measure of the effectiveness of the control system’s self-test and
monitoring measures to detect failures and provide a safe shutdown.
Common Cause Faults (CCF) are so named because some faults within a controller can affect several
systems. EN13849 provides a checklist of design techniques that should be followed to achieve
sufficient mitigation of CCFs. All circuits used by a safety function must be designed in such a way
as to score 65 or better on the CCF score sheet as provided by EN13849 table F.1.
Performance Level (PL) categorizes the quality or effectiveness of a safety channel to reduce the
potential risk caused by dangerous faults within the system with “a” being the lowest and “e” being
the highest achievable performance.
Contact Curtis technical support for more details.
