(53o) Why Run-to-Fail Is Not a Good Strategy for SIS

TITLE: Why Run-to-Fail Is Not A Good Maintenance Strategy For SIS

One of the fundamentals of the Probability of Failure on Demand (PFD_avg) calculations in SIL verification analysis, is the concept of a constant failure-rate during useful life of the equipment. Probabilistic calculations assume that the failure rate of the devices used in a Safety Instrumented System (SIS) remains constant during the “flat” (constant failure rate) portion of the “bathtub” curve.

Reliability engineers understand that the portion before the “flat” part of the “Bathtub” is where a high number of premature failures can occur: commonly referred to as “infant mortality”. Most manufacturers will perform stringent testing to weed-out, weaker units, that could fail prematurely, leading to unwanted warranty claims. Conversely, once the equipment reaches the end of the “flat” portion of the “Bathtub” then the failures start to rise dramatically. This part of the “Bathtub” is referred to as the “wear-out” phase. This paper will explain why a run-to-fail strategy is not good practice for a Safety Instrumented System (SIS), which will lead to the degraded performance of the Safety Instrumented Functions (SIFs). Once the Useful life is exceeded then the integrity of the SIFs is compromised.

It is important and critical to keep the SIS response time requirements, for each SIF, less than the process safety time; the objective of the SIL Validation requirements of this stage (Stage 4 Functional Safety Assessment) is to validate, through inspection and testing, that the installed and commissioned SIS and its associated SIFs achieve the requirements as stated in the safety requirement specification.

The paper is describing why SIL validation is importance and Run-to-Fail Is Not A Good Maintenance Strategy for a SIS.