The Probability of Failure on Demand (PFD) is a measure of the effectiveness of a safety function. It expresses the probability that a system designed to prevent a hazardous situation will fail at the very moment a claim is made on this function.
The PFD of a safety function depends on the failure probabilities of all components of the function. To calculate the failure probabilities for sensors, logic solvers and actuators, data must be collected on all possible failure states, including those states that can be detected, those states that cannot be detected (by the built-in diagnostic software), states that cause the component as a whole to go to a safe state, and states that cause a hazardous state to occur for the entire component. In practice, this data is known for new "SIL-compliant" components, however, often not for older components.
Another important factor for the PFD is the frequency with which the system is tested. It is assumed that faults detected by the component itself (through its built-in diagnostic software) are quickly repaired. However, faults not detected by the component become visible only during a complete system test. In the period between the occurrence of the fault and the execution of the test, the system is not available if the preventive function is invoked.
As an example, consider the following two components (e.g., pressure switches) which are characterized by the failure probabilities λdu and λdd, and for which no redundant switches are installed (i.e., no voting), which are subjected to a system test every six months ("Proof Test Interval") and which require approximately eight hours to repair a switch ("Mean Time To Repair"):
Example PFD calculation
Component A and B have similar failure rates of 4.0-10-6 per hour. Yet, component B is of better design quality because the built-in diagnostic software detects more faults. As a result, the PFD value of component B is much lower.
Related to the Safety Integrity Level (SIL), both components can be used in a SIL-2 function (PFD is higher than 0.001 but lower than 0.01), provided, however, that the other components in the safety function (e.g., logic solver, barriers, actuators) do not add too much to the total of dangerous errors so that the PFD of the complete function remains lower than 0.01.
We are happy to help you with all the necessary calculations so you only have to focus on the application. We indicate what information we need and make practice-based assumptions if information is not available. You can also leave the interpretation and explanation of the results to us. In addition, we will provide advice on how to improve the PFD of the various functions with minimal impact on your budget.