# SIS PFD – Safety Instrumented System

For Safety Instrumented System (SIS) – The probability of Failure on Demand (PFD) calculation is carried out as part of the SIS design after the LOPA/PHA study.

## SIS PFD

Probability of Failure is a calculated term based upon reliability data, which reflects the possibilities or likelihood of an SIS failing to operate.

Typically expressed as Probability of Failure on Demand (PFD), this term is important in determining design configuration and test intervals.

## Probability of Failure on Demand (PFD)

This topic covers the definition of PFD, different calculation methods, and the important variables in the equations.

The higher the SIL, the lower the expected PFDavg for demand mode or the lower the average frequency of a dangerous failure causing a hazardous event

The required SIL shall be derived taking into account the required PFD

Overall SIS should achieve the target probability of failure on demand (PFD) for a demand mode system (viz. continuous mode of operation), it should achieve the target frequency of failure necessary to meet the calculated Safety integrity level.

## What is PFD?

PFD is the probability that a system will fail to perform a specified function on demand. It shall be equal to (or less than) the target failure measure as specified in the Safety Requirements specifications.

PFD is the function of device failure rate (Dangerous Undetected) Vs. Time

PFD(t) = 1 – e(-λDU*t)

λDU – Dangerous Undetected failure rate

t – Time in years

PFD – Probability of Failure on Demand

“As time increases failure probability also increases”

As PFD is a mathematically calculated figure over no of years it is preferred to calculate the average PFD,

PFDAVG = λDU *Ti/2 (For 1oo1 configuration), this formula varies according to the instrument configuration.

Most safety instrumented functions operate in the Low Demand Mode.  These SIS are normally not taking any action, but are available when needed.

For a SIF to meet the “low demand mode” definition the specific SIF demand must occur less often than once a year AND at least 2 proof tests must be conducted between demands.

PFD is the appropriate failure measure for SIFs in the Low or High Demand Mode.

Safety Integrity Requirements –  PFDAVG for Continuous mode of operation.

The average frequency of Dangerous failures of SIF (Continuous/Demand mode of operation)

## How PFD is Calculated?

PFD is basically calculated using a method as per the IEC-61508 standard.

Calculated PFD takes into account the architecture of the SIS (e.g. 1oo1, 1oo2D), the estimated dangerous failure rate of each subsystem (e.g. sensors), common cause, diagnostic coverage, proof test intervals, and repair times.

## Requirements of PFD in Complex Cases

Calculating PFD for most common valve (Like 2 valves in Series – 2oo2; 2 valves in parallel –twice 1oo1) configurations can be calculated using the available tools by certifying agents such as Exida.

Under some circumstances, quite complicated configurations arise, for example, when multiple feed lines feed a reactor or Multiple valves lined up for a furnace/boiler.

In these cases, some simplifying assumptions can be made and stepwise PFD calculations are done to determine the test frequency for the multiple valve configurations.

A more sophisticated evaluation using Fault Tree Analysis (FTA) is an option

## PFD budget

The probability of failure of an SIS loop is really the sum of the probabilities of failure of the individual components – namely the sensor(s), logic solver, and final element(s).

PFD (Total) = Sum of (sensors PFD + Logic solvers PFD + Final control elements)

Weightage factors

• Sensor – 35%
• Logic solver – 15%
• Final control element – 50%

By standard followed under many industrial conventions, the portion of the overall failure probability is normally “budgeted” to the individual components in the following way:  35% sensor, 15% logic solver, and 50% final element.

Analysis and Industrial experience have shown that historically 50% of the time that an SIS fails it is due to a failure in the final element (and 35% of the time the failure reason is caused by a failure in the sensor, and 15% of the time the logic solver is at fault).

Therefore, when we design an SIS, we “design” the SIS final element PFD to be 50% of the required total loop PFD. In certain cases, the budget for sensors could go as high as 50% for sensors, or as high as 70% for final elements.

Finally the total sums of individual PFDavg to 100%.

## Factors affecting PFD

The below table shows the impacting factors of the Probability of Failure on Demand and methods to improve them.

Hence it is always required to do SIS design taking into consideration various factors such as PFD & apply the rules/requirements to improve the plant Safety as well as reliability.