22
5538
201
1-
04
6
SAFETY MANUAL SIL KFD0-RSH-1.4S.PS2
Planning
2
Planning
2.1
System Structure
2.1.1
Low Demand Mode
If there are two loops, one for the standard operation and another one for the
functional safety, then usually the demand rate for the safety loop is assumed to
be less than once per year.
The relevant safety parameters to be verified are:
■
the PFD
avg
value (average
P
robability of
F
ailure on
D
emand) and T
proof
(proof test interval that has a direct impact on the PFD
avg
)
■
the SFF value (
S
afe
F
ailure
F
raction)
■
the HFT architecture (
H
ardware
F
ault
T
olerance architecture)
2.1.2
High Demand Mode
If there is only one loop, which combines the standard operation and safety
related operation, then usually the demand rate for this loop is assumed to be
higher than once per year.
The relevant safety parameters to be verified are:
■
PFH (
P
robability of dangerous
F
ailure per
H
our)
■
Fault reaction time of the safety system
■
the SFF value (
S
afe
F
ailure
F
raction)
■
the HFT architecture (
H
ardware
F
ault
T
olerance architecture)