4.6.1 Safety integrity of the NGC-20 hardware
According to IEC 61508-2:2000, a distinction must be made between Type A systems and type B systems. A sub-system can be viewed
as a Type A system if, for the components that are necessary in order to achieve the safety function:
1. The failure mode of all components that are used is adequately defined, and
2. The response of the sub-system in fault conditions can be completely determined,
3. Reliable failure data based on field experience are available for the sub-system, to demonstrate that the assumed failure rates for
recognized and unrecognized hazardous failures can be achieved.
A sub-system can be viewed as a Type B system if, for the components that are necessary in order to achieve the safety function:
1. The failure mode of at least one component that is used is not adequately defined, or
2. The response of the sub-system in fault conditions cannot be completely determined, or
3. No adequately reliable failure data based on field experience are available for the sub-system, to support the assumed failure rates
for recognized and unrecognized hazardous failures.
The NGC-20-CL-E temperature control system with limiter corresponds to a Type A system.
4.6.2 PFDavg safety function
The limiter sensor, limiter electronics and the limiter relay together form the safety related system that performs a safety function. The
“average probability of the hazardous failure of a safety function for the entire safety-related system” (PFDavg) is usually divided among
the subsystems. An external device e.g. an external power contactor installed in a panel, is specific to the installation, and shall, in
accordance with the standards for the safety loop, be considered separately.
Type
SIL level
Architecture
Proof check
interval
MTTR (hrs)
PFD avg.
HTF
SFF
NGC-20-CL-E
SIL 2
1oo1D
1 year
24
3.017E-3
0 (1oo1)
95.03%
Table 4: Safety Integrity level
MTTR = Mean time to repair
4.6.3 SIL related to SFF and HFT
The following table presents the achievable safety integrity level (SIL), depending on the safe failure fraction (SFF) and the hardware
failure tolerance (HFT) for Type A safety-related sub-systems.
Table 5 is valid for the NGC-20-CL-E:
Safe failure fraction (SFF)
Hardware fault tolerance (HFT) for Type A
0
1
2
SFF < 60%
SIL 1
SIL 2
SIL 3
60 < SFF < 90 %
SIL 2
SIL 3
SIL 4
90% < SFF < 99%
SIL 3
SIL 4
SIL 4
99% < SFF
SIL 3
SIL 4
SIL 4
Table 5: Relation SFF to HFT
nVent.com | 19