17
V01.00 | 2021/10
8
Terms and Abbreviations
DC
Diagnostic Coverage
FIT
1 FIT is 1 failure per 10E09 hours
FMEDA
Failure Modes, Effects and Diagnostic Analysis
HFT
Hardware failure tolerance
λ
AU
Undetected Annunciation failure rate (per hour)
Annunciation failures do not directly impact safety but impact the ability to detect a future
fault (such as a fault in diagnostic circuit).
λ
DD
Detected dangerous failure rate (per hour)
λ
DU
Undetected dangerous failure rate (per hour)
λ
SD
Detected safe failure rate (per hour)
λ
SU
Undetected safe failure rate (per hour)
MTTR
Mean time to restoration (hour)
PFDavg
Average probability of dangerous failure on demand
PFH
Probability of dangerous failure per hour
SFF
Safe Failure Fraction
SIL
Safety Integrity Level
T1
Proof test interval (hour)
Type A
„Non-complex” element (all failure modes are well defined); for details see 7.4.4.1.2 of
IEC 61508-2
Type B
„Complex” element (using micro controlllers or programmable logic); for details see 7.4.4.1.3
of IEC 61508-2
9
Proof Tests
Proof tests shall be undertaken to reveal dangerous faults which are undected by diagnostic
tests. This means that it is necessary to specify how dangerous undetected faults which have
been noted during the FMEDA can be detected during proof testing.
Ensure that the proof test is only carried out by qualified personnel.
A suggested proof test consists of the following steps:
Step Action
1.
Bypass the safety functions and take appropriate action to avoid a false trip.
2.
Provide appropriate input-/control signals to the interface modules and verify the expected
signal input/output conditions for the interfaces.
3.
Verify if internal fault detection is working in case it is activated.
4.
Provide appropriate input-/control signals to the interface modules and verify that the safety
function is carried out correctly.
5.
Remove the bypass and otherwise restore normal operation.
Once the test has been completed, document and archive the results.
The proof test coverage is 98.94 %
