Hardware Fault Tolerance

When designing a SIL 3 SIS (Safety Instrumented System), many people make the assumption that all they need to do is design the system including all components that can be used in applications up to SIL 3.  This is a general misunderstanding that I have run across several times.  HFT (Hardware Fault Tolerance) must be adhered to as well.  For a SIL 3 design, an HFT = 1 must be followed for final control elements.  This means there must be at least 1 level of redundancy to ensure the system can be brought to its safe state.  Concerning final control elements such as process valves, this means that there must be 2 process valves in series (1oo2) to ensure that either one of the process valves will shut off the flow of media when asked to do so.

Bill Reeson

Global Project Pursuit & Strategic Account Manager | ASCO

Emerson

T +1 973 966 2097 | M +1 973 495 8561

Bill.Reeson@Emerson.com

1 Reply

  • Good post Bill. You make a very good point when considering component selection from a Hardware Failure Tolerance HFT perspective. Have encountered this many a times myself. I would like to add that if we look at the entire safety function, I think it is important to note that there are 3 major considerations:

    1. The average Probability of Failure on Demand PFDavg of the specific Safety Integrity Function SIF, which takes into account the PFDavg of each component of the SIF
    2. Systematic capabilities, addressed by specifying IEC61508 rated devices with 3rd party certified System Capabilites ("SIL rated devices") or devices with customer Proven in Use declarations/documentation
    3. System Architectural Constraints which is addressed by designing systems in accordance with IEC61511 or IEC 61508 HFT tables.