ISA S84.01 PFD Simplified System Equations
The following equations are in accordance with ISA-TR84.02. Equation for typical configurations to calculate PFD:
The second term is the systematic error term.
The second term is the common cause term. The third term is the systematic error term.
Note: The equation of 2 out of N (N is >=4) voting is not specified in IEC and ISA Standards.
The reliability for 2 out of N voting is higher level than 2 out of 3 voting; therefore the equation of 2 out of 3 voting will be used for 2 out of N voting providing a conservative result.
Similarly, 1 out of 3 voting will be assumed for 1 out N (N is >=4).
When the configuration of Final element is 1oo2, 1oo3 and consists of different types such as “CV and On-Off valve” or “MOVs and Pump”, this PFD value will be multiplied the individual PFDs.
Value of λDU, Dangerous Undetected Failure Rate
The relevant value of λDU, is obtained from a published data book, SINTEF REPORT “Failure rates, coverage and TIF probabilities”, or equivalent reliable data source. The value λFTO undet in the data book is to be used as λDU.
The value of λDU using for SIL verification may be changed after vendor selection for the valves / others instrument.
The value of λDU using for SIL verification may be changed after vendor selection for the valves / others instrument.
The configuration for the SIS valve with partial stroking test function consists of a 3-way solenoid valve (24VDC signal) and a positioner (4-20mA control signal) to be installed in series on the pneumatic line.
The following λDU for positioner will be applied for PFD calculation, which is referenced from FMEDA (Failure Mode Effect and Diagnostic Analysis) Report for DVC6000 series manufacturer by EMERSON. λDU for Positioner = 9.7E-08 [Failures per hour]
Value of β, Common Cause Factor
The value of β is one of the main factors affecting the SIL calculations. The calculated β is dependent on sensor and valve configuration. The value of β is used within PFD calculations.
For calculating a value of β, we refer to Appendix A-6 from ISA-TR84.02 . Two sets of values are incorporated in the tables providing a scoring arrangement for measures that may be used to minimize the probability of occurrence of common cause failures. One of these sets of values, in the column labelled Y, corresponds to those measures whose contribution will not be improved by the use of automatic diagnostics.
The other column labelled X, is thought to lead to an improvement when automatic diagnostics are in operation.
we ascertain which measures apply to the system in question and sum the corresponding values shown in each columns XSA and YSA for the sensors or actuators, the sum being referred to as X and Y respectively.
Tables A-2 and A-3 provide the value of Z for the level of diagnostic coverage. The score is then calculated using the following equation:
S = X + Y to obtain the value of β, (for undetected failures),
And SD = X (1+Z) + Y to obtain the value of βD, (for detected failures)
Here S or SD is a score, which is used in Table A-4 to determine the appropriate β-factor.
The value to be assumed for β calculation of sensors or actuators is based on S for undetected failures of 59 summed from Table A-1 (Appendix-D).
From Table A-4, we obtain the β value:
S = 70 ~ 120 → 2%
S = 45 ~ 70 → 5%
Thus for this project, the value generally assumed for β is 5%, i.e.
β = 0.05 based on the conclusion of β scoring of sensors / actuators (XSA and YSA).
Note: Although programmable electronics is also included in Table A-1 etc., we do not apply this methodology of scoring
for β, as the system vendor provides a more accurate basis for the calculation of his PFD.
for β, as the system vendor provides a more accurate basis for the calculation of his PFD.
Value of TI, Test Interval
The value of TI, the time interval between periodic off-line/on-line testing of the system or any elements of the system shall be in six months increments, e.g., six months or longer.
ZVs can be partial stroke tested, (10-20% movement), every six months. However, ZVs which may impact operation if tested online shall not be subject to partial stroke testing. TI for full stroke test for none stand-by valves shall correspond to the process shutdown periods as specified in shutdown philosophy document of each unit.
The TI value of the full stroke test for the stand-by valves activated by SIS system shall be one year. SIS stand-by valves shall be minimized.
Transmitters that may be function check calibrated on line are assumed to provide a TI of twelve months and switches are assumed to provide a TI of twelve months.
The TI values for the instruments that do not have plural units or bypass facility shall correspond to the process plant shutdown periods unless they can be safely bypassed and taken out of service for the maintenance duration. However, the frequency of such maintenance shall not be more than every six months. Plural and bypass facility shall be re-considered to meet this requirement.
The TI values for logic solvers shall be 10 years.
Value of TIF, Test Independent Factor
For the relevant value of TIF, use the data from the published data book, SINTEF REPORT “Reliability Data for Control and Safety Systems”, or equivalent reliable data source.
These TIF value will be used as ‘Systematic Failure Rate’ of which the concept is described on ISA S84.01 without the quantitative references.
Contribution of Partial Stroking Test (PST) Diagnostic Coverage Factor (DCPST)
The partial stroke test may typically provide a diagnostic coverage factor of 60 to 90% depending on a number of factors including the valve/actuator manufacturer, configuration and the service. As per SAEP-250 (Safety Integrity Level Assignment & Verification), Partial Stroke Testing for valves shall use a 60% diagnostic coverage factor and Full Stroke Test shall use a 40% diagnostic coverage factor.
Wherever partial stroking test (PST) provision for periodical diagnostics on valves is applied, PFD calculation with simplified technique will be brought in the following way:
Valve requires a positioner for the partial stroking test provision. The failure rate of the positioner along with the failure rates of the actuator and the valve allow the creation of a probabilistic model of a safety instrumented function (SIF) to determine suitability in part for a particular SIL in a SIS.
Furthermore, performing the partial stroking test using the positioner can improve the PFD.
This may enable the use of the equipment at a higher SIL of the complete SIF.
Calculation Example – Case 2: Solution with partial stroking test
Assuming the followings:
(1) The hardware in 1 out of 1 basis is consisted of a valve with a positioner and a solenoid valve.
(2) 4-year test interval as full stroking test
(3) 6-month test interval as partial stroking test, i.e.:
λDU Valve = 1.3 x 10-6 (As an ESV listed in Appendix C of this Specification)
DCPST = Diagnostic coverage factor for dangerous failure rate of valve,
λDU Positioner = 9.7 x 10-8
λDU SOV = 1.4 x 10-6
TI FS = 24 x 365 x 4 = 35040 [hr]
TI PS = 24 x 365 x ( 6 / 12 ) = 4380 [hr]
Then,
PFDavg = {(1 – DCPST) x λDU Valve + λDU Positioner x λDUSOV } x TIFS / 2 +( DCPST x λDU Valve ) x TIPS / 2
= (0.4 x 1.3 x 10-6 + 9.7 x 10-8 x 1.4 x 10-6) x 35040 / 2 + (0.6 x 1.3 x 10-6) x 4380 / 2
= 1.08 x 10-2
As long as the sum of the PFDavg of the remaining hardware in the SIF is less than 6.42 x 10-3, this example SIF would qualify for a SIL 1 rating. For this example, the failure probabilities of the positioner and solenoid valve multiply since they provide a redundant pneumatic path