PFH avg and PFD avg Data for AADvance Controllers … e The Next Step in Automation AADvance Controller PFH avg and PFD avg Data PFH avg and PFD avg Data Issue: 04Issue: 04 …

AADvance The Next Step in Automation

AADvance Controller

PFH avg and PFD avg Data PFH avg and PFD avg Data PFH avg and PFD avg Data PFH avg and PFD avg Data

Issue: 04Issue: 04Issue: 04Issue: 04

DOCUMENT: 553847DOCUMENT: 553847DOCUMENT: 553847DOCUMENT: 553847 ((((ICSTTICSTTICSTTICSTT----RM449_EN_P)RM449_EN_P)RM449_EN_P)RM449_EN_P)

ii

Document: 553847

(ICSTT-RM449_EN_P) Issue 04:

PFH avg and PFD avg Data (AADvance Controller)

This page intentionally left blank

Document: 553847 (ICSTT-RM449_EN_P) Issue 04:

iii

NoticeNoticeNoticeNotice

In no event will Rockwell Automation be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment. The examples given in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation does not assume responsibility or reliability for actual use based on the examples and diagrams.

No patent liability is assumed by Rockwell Automation, with respect to use of information, circuits, equipment, or software described in this manual.

Reproduction of this manual in whole or in part, without written permission of Rockwell Automation is prohibited.

All trademarks are acknowledged.

DisclaimerDisclaimerDisclaimerDisclaimer

It is not intended that the information in this publication covers every possible detail about the construction, operation, or maintenance of a control system installation. You should refer to your own (or supplied) system safety manual, installation instructions and operator/maintenance manuals.

Revision and Updating PolicyRevision and Updating PolicyRevision and Updating PolicyRevision and Updating Policy

This document is based on information available at the time of its publication; however, the document contents are subject to change from time to time. You should contact Rockwell Automation Technical Support by e-mail — [email protected] to check if you have the latest version of this publication.

© Copyright Notice, Rockwell Automation 2012

This document contains proprietary information that is protected by copyright. All rights are reserved. This technical manual applies to Release 1.3 of the AADvance Controller.

iv

Document: 553847



Issue recordIssue recordIssue recordIssue record

Issue Date Comments

01 Sept 2009 First Issue

02 March 2011

Update for Release 1.2

03 May 2012 Updates and corrections from peer review and from TUV review, add distributed SIF example.

04 June 2012 Update for Release 1.3 and AOM 9481/2 values added


v

ForwardForwardForwardForward

This document contains the PFHavg and PFDavg Data for the AADvance Controller. It includes examples on how to calculate the final figures for different controller configurations. The data supports the recommendations in the AADvance Safety Manual Doc No: 553630.

AbbreviationsAbbreviationsAbbreviationsAbbreviations

Abbreviation Description

FMPH Failures Per Million Hours

HFT Hardware Fault Tolerance

MTBF Mean Time Between Failures

MTTR Mean time to Repair

MTI Manual Test Interval

PFDavg Probability of Failure on Demand - average

PFDe Probability of Failure on Demand - energized to action

PFDde Probability of Failure on Demand - de-energized to action

PFHe Probability of Failure per Hour - energized to action

PFHde Probability of Failure per Hour - de-energized to action

SFF Safe Failure Fraction

SIF Safety Instrumented Function

vi

Document: 553847



ContentsContentsContentsContents

Chapter 1 Chapter 1 Chapter 1 Chapter 1 Introduction ............................................................................................. 1-1

Failure Rates ........................................................................................................................................................ 1-1

PFD Data - 8 Hour MTTR ............................................................................................................................... 1-2

PFD Data - 24 Hour MTTR............................................................................................................................. 1-4

PFH Data .............................................................................................................................................................. 1-6

Binding and Peer-to-Peer Communication Data (per segment) ............................................................ 1-8

Safe Failure Fraction (SFF) and Hardware Fault Tolerance (HFT) ......................................................... 1-8

System Configurations ...................................................................................................................................... 1-9

Example 1 ....................................................................................................................................................... 1-9

Example 2 ....................................................................................................................................................... 1-9

Example 3 ..................................................................................................................................................... 1-10

Example 4 ..................................................................................................................................................... 1-10

Example 5 ..................................................................................................................................................... 1-11


1-1

The information in this document has been compiled as part of the AADvance IEC 61508 certification, the failure modes and Failure Mode Effect and Diagnostic Analysis (FMEDA) of each module having been inspected by TUV Rheinland.

The tables below provide PFD avg data for AADvance modules used in applications with an 8 or 24 hour MTTR and with 6 months, 1 year, 5 years or 10 years Manual Test Interval (MTI). If the AADvance system is to be used in an application with any other MTTR or MTI, use the data from the next column with a higher MTTR or MTI than that of the application.

If a de-energize to action system is configured to provide a shutdown on the first fault, the MTTR has a negligible effect, hence, the tables in the PFD Data can be used for any MTTR.

In This ChapterIn This ChapterIn This ChapterIn This Chapter

Failure Rates ......................................................................................................... 1-1 PFD Data - 8 Hour MTTR ................................................................................ 1-2 PFD Data - 24 Hour MTTR ............................................................................. 1-4 PFH Data............................................................................................................... 1-6 Safe Failure Fraction (SFF) and Hardware Fault Tolerance (HFT) .......... 1-8 System Configurations ....................................................................................... 1-9

Failure RatesFailure RatesFailure RatesFailure Rates

The following failure rates apply to the AADvance modules:

Table 1: Table 1: Table 1: Table 1: AADvance Module Failure RatesAADvance Module Failure RatesAADvance Module Failure RatesAADvance Module Failure Rates

Module Module Description MTBF Years

FPMHλλλλ

T9110 Processor module 95 1.19

T9401 Digital input module, 24Vdc, 8 channel, isolated 93 1.22

T9402 Digital input module, 24Vdc, 16 channel, isolated 50 2.28

T9431 Analogue input module, 8 channel, isolated 93 1.22

T9432 Analogue input module, 16 channel, isolated 50 2.28

T9451 Digital output module, 24Vdc, 8 channel, isolated, commoned

95 1.19

T9481 Analogue output module, 3 channel, isolated 110 1.04

T9482 Analogue output module, 8 channel, isolated 47 2.39

Chapter Chapter Chapter Chapter 1111

IntroductionIntroductionIntroductionIntroduction

1-2

Document: 553847



PFD Data PFD Data PFD Data PFD Data ---- 8 Hour MTTR8 Hour MTTR8 Hour MTTR8 Hour MTTR

The following tables provide the probability of failures upon demand for the energize to action and de-energize to action Safety Instrumented Function (SIF) configurations. The Manual Test Interval is as indicated

Table 2: Table 2: Table 2: Table 2: PFD Data for a SIF with MTI = 6 monthsPFD Data for a SIF with MTI = 6 monthsPFD Data for a SIF with MTI = 6 monthsPFD Data for a SIF with MTI = 6 months

Module Module Description PFDde PFDe

Single Dual Triple Single Dual Triple

T9110 Processor module 6.16E-5 2.43E-7 2.58E-7 7.88E-5 4.07E-7 4.32E-7

T9401 Digital input module, 24Vdc, 8 channel, isolated

2.25E-6 2.16E-7 2.16E-7 3.59E-6 2.27E-7 2.27E-7


2.25E-6 2.16E-7 2.16E-7 3.59E-6 2.27E-7 2.27E-7

T9431 Analogue input module, 8 channel, isolated

2.25E-6 2.16E-7 2.16E-7 3.59E-6 2.27E-7 2.27E-7


2.25E-6 2.16E-7 2.16E-7 3.59E-6 2.27E-7 2.27E-7


7.67E-7 1.53E-6 2.18E-5 2.18E-7

T9481 Analogue output module, 3 channel, isolated

2.02E-6 3.96E-6 7.08E-5 1.93E-6


2.02E-6 3.96E-6 7.08E-5 1.93E-6

Table 3: Table 3: Table 3: Table 3: PFD Data for a SIF with MTI = 1 YearPFD Data for a SIF with MTI = 1 YearPFD Data for a SIF with MTI = 1 YearPFD Data for a SIF with MTI = 1 Year





3.89E-6 4.28E-7 4.28E-7 6.02E-6 4.46E-7 4.47E-7


3.89E-6 4.28E-7 4.28E-7 6.02E-6 4.46E-7 4.47E-7


3.89E-6 4.28E-7 4.28E-7 6.02E-6 4.46E-7 4.47E-7


3.89E-6 4.28E-7 4.28E-7 6.02E-6 4.46E-7 4.47E-7


1-3


1.36E-6 2.73E-6 4.07E-5 4.09E-7


3.98E-6 7.83E-6 1.52E-4 3.54E-6


3.98E-6 7.83E-6 1.52E-4 3.54E-6

Table 4: Table 4: Table 4: Table 4: PFD Data for SIF with MTI = 5 YearsPFD Data for SIF with MTI = 5 YearsPFD Data for SIF with MTI = 5 YearsPFD Data for SIF with MTI = 5 Years





1.70E-5 2.12E-6 2.12E-6 2.55E-5 2.20E-6 2.21E-6


1.70E-5 2.12E-6 2.12E-6 2.55E-5 2.20E-6 2.21E-6


1.70E-5 2.12E-6 2.12E-6 2.55E-5 2.20E-6 2.21E-6


1.70E-5 2.12E-6 2.12E-6 2.55E-5 2.20E-6 2.21E-6


6.16E-6 1.23E-5 1.92E-4 1.97E-6


1.97E-5 3.88E-5 7.41E-4 1.69E-5


1.97E-5 3.88E-5 7.41E-4 1.69E-5

Table 5: Table 5: Table 5: Table 5: PFD Data for a SIF with MTI = 10 YearsPFD Data for a SIF with MTI = 10 YearsPFD Data for a SIF with MTI = 10 YearsPFD Data for a SIF with MTI = 10 Years

Module Module Description PFDde PFDe_




3.34E-5 4.24E-6 4.25E-6 4.97E-5 4.40E-6 4.41E-6


3.34E-5 4.24E-6 4.25E-6 4.97E-5 4.40E-6 4.41E-6


3.34E-5 4.24E-6 4.25E-6 4.97E-5 4.40E-6 4.41E-6


3.34E-5 4.24E-6 4.25E-6 4.97E-5 4.40E-6 4.41E-6

1-4

Document: 553847




1.22E-5 2.43E-5 3.81E-4 4.00E-6


3.93E-5 7.75E-5 1.48E-3 3.49E-5


3.93E-5 7.75E-5 1.48E-3 3.49E-5

PFD Data PFD Data PFD Data PFD Data ---- 24 Hour MTTR24 Hour MTTR24 Hour MTTR24 Hour MTTR

The following tables provide the probability of failures upon demand for the energize to action and de-energize to action Safety Instrumented Function (SIF) configurations. Manual Test Interval is as indicated.

Table 6: Table 6: Table 6: Table 6: PFD Data for a SIF with MTI = 6 monthsPFD Data for a SIF with MTI = 6 monthsPFD Data for a SIF with MTI = 6 monthsPFD Data for a SIF with MTI = 6 months





3.48E-6 2.24E-7 2.24E-7 5.92E-6 2.40E-7 2.40E-7


3.48E-6 2.24E-7 2.24E-7 5.92E-6 2.40E-7 2.40E-7


3.48E-6 2.24E-7 2.24E-7 5.92E-6 2.40E-7 2.40E-7


3.48E-6 2.24E-7 2.24E-7 5.92E-6 2.40E-7 2.40E-7


1.10E-6 2.21E-6 2.76E-5 2.77E-7


2.07E-6 4.01E-6 8.67E-5 2.60E-6


2.07E-6 4.01E-6 8.67E-5 2.60E-6

Table 7: Table 7: Table 7: Table 7: PFD Data for a SIF with MTI = 1 YearPFD Data for a SIF with MTI = 1 YearPFD Data for a SIF with MTI = 1 YearPFD Data for a SIF with MTI = 1 Year





1-5


5.12E-6 4.36E-7 4.36E-7 8.35E-6 4.60E-7 4.60E-7


5.12E-6 4.36E-7 4.36E-7 8.35E-6 4.60E-7 4.60E-7


5.12E-6 4.36E-7 4.36E-7 8.35E-6 4.60E-7 4.60E-7


5.12E-6 4.36E-7 4.36E-7 8.35E-6 4.60E-7 4.60E-7


1.70E-6 3.40E-6 4.64E-5 4.68E-7


4.03E-6 7.87E-6 1.60E-4 4.21E-6


4.03E-6 7.87E-6 1.60E-4 4.21E-6

Table 8: Table 8: Table 8: Table 8: PFD Data for a SIF with MTI = 5 YearPFD Data for a SIF with MTI = 5 YearPFD Data for a SIF with MTI = 5 YearPFD Data for a SIF with MTI = 5 Yearssss





1.82E-5 2.13E-6 2.13E-6 2.78E-5 2.22E-6 2.22E-6


1.82E-5 2.13E-6 2.13E-6 2.78E-5 2.22E-6 2.22E-6


1.82E-5 2.13E-6 2.13E-6 2.78E-5 2.22E-6 2.22E-6


1.82E-5 2.13E-6 2.13E-6 2.78E-5 2.22E-6 2.22E-6


6.49E-6 1.30E-5 1.98E-4 2.03E-6


1.97E-5 3.88E-5 7.49E-4 1.76E-5


1.97E-5 3.88E-5 7.49E-4 1.76E-5

Table 9: Table 9: Table 9: Table 9: PFD Data for a SIF with MTI = 10 YearsPFD Data for a SIF with MTI = 10 YearsPFD Data for a SIF with MTI = 10 YearsPFD Data for a SIF with MTI = 10 Years




1-6

Document: 553847




3.46E-5 4.25E-6 4.25E-6 5.21E-5 4.42E-6 4.43E-6


3.46E-5 4.25E-6 4.25E-6 5.21E-5 4.42E-6 4.43E-6


3.46E-5 4.25E-6 4.25E-6 5.21E-5 4.42E-6 4.43E-6


3.46E-5 4.25E-6 4.25E-6 5.21E-5 4.42E-6 4.43E-6


1.25E-5 2.50E-5 3.86E-4 4.06E-6


3.94E-5 7.75E-5 1.49E-3 3.56E-5


3.94E-5 7.75E-5 1.49E-3 3.56E-5

PFH DataPFH DataPFH DataPFH Data

The following table provides the probability of failures per hour for both energize to action and de-energize to action for SIF configurations designed for High Demand applications.

Table 10: Table 10: Table 10: Table 10: PFH DataPFH DataPFH DataPFH Data

Module Module Description PFHde PFHe



1-7



7.48E-10 4.77E-10 4.78E-10 1.11E-9 8.22E-10 8.27E-10


7.48E-10 4.77E-10 4.78E-10 1.11E-9 8.22E-10 8.27E-10


7.48E-10 4.77E-10 4.78E-10 1.11E-9 8.22E-10 8.27E-10


7.48E-10 4.77E-10 4.78E-10 1.11E-9 8.22E-10 8.27E-10


7.47E-10 1.49E-9 8.62E-9 3.64E-9


1.24E-9 2.45E-9 3.36E-8 3.23E-9


1.24E-9 2.45E-9 3.36E-8 3.23E-9

1-8

Document: 553847



Binding and PeerBinding and PeerBinding and PeerBinding and Peer----totototo----Peer Communication Data (per segment)Peer Communication Data (per segment)Peer Communication Data (per segment)Peer Communication Data (per segment)

The PFH and PFD values for the Binding and Peer-to-Peer communications per segment are as follows:

PFH = 1E-11

PFD = 1E-7

Safe Failure Fraction (SFF) and HSafe Failure Fraction (SFF) and HSafe Failure Fraction (SFF) and HSafe Failure Fraction (SFF) and Hardware Fault Tolerance (HFT)ardware Fault Tolerance (HFT)ardware Fault Tolerance (HFT)ardware Fault Tolerance (HFT)

The following table provides the SFF and HFT data for SIF configurations energize to action and de-energize to action mode.

Note: SFFde applies to a normally energized system that is de-energized to action.

Table 11: Table 11: Table 11: Table 11: Module SFFde, SFFe Module SFFde, SFFe Module SFFde, SFFe Module SFFde, SFFe and HFT Dataand HFT Dataand HFT Dataand HFT Data

Module Module Description SFF de HFT SFF e HFT

T9110 Processor module >90% 0 >90% 0


>99% 0 >99% 0


>99% 0 >99% 0


>99% 0 >99% 0


>99% 0 >99% 0


>90% 1 >90% 0


>90% 1 >90% 0


>90% 1 >90% 0


1-9

System ConfigurationsSystem ConfigurationsSystem ConfigurationsSystem Configurations

The PFH and PFD calculations are derived from IEC 61508 Section 6 and the examples below show how the calculations are used to define the probability of failure for a SIF.

Example 1Example 1Example 1Example 1

This illustrates a SIL3 SIF with one signal input and one signal output; it has a MTI of 1 year and a MTTR of 8 hours, it is configured as a de-energized to trip arrangement.

Refer to the Table 3

ExaExaExaExample 2mple 2mple 2mple 2

This illustrates a SIL 3 SIF with 2 inputs on dual input modules and 1 output with an MTI of 1 year and MTTR = 8 hours, configured as 1oo2 de-energize to trip.

Refer to Table 3

1-10

Document: 553847




SIL3 SIF with 2 inputs on dual input modules and 1 output with a manual test interval of 1 year and MTTR = 8 hours as 1oo2 de-energize to trip.

Refer to Table 3


This illustrates a SIL 3 with 1 dual input and 2 outputs, with a manual test interval of 1 year and MTTR = 8 hours, configured as 1oo2 de-energize to trip.

Refer to Table 3


1-11


This illustrates a SIL 3 SIF distributed between two controllers, with one signal input and one signal output; it has a MTI of 1 year and a MTTR of 8 hours, it is configured as a de-energize to trip arrangement.

Documents

PFH avg and PFD avg Data for AADvance Controllers … e The Next Step in Automation AADvance Controller PFH avg and PFD avg Data PFH avg and PFD avg Data Issue: 04Issue: 04 …