• Not Answered

Availability and Reliability for DeltaV DCS

Please share if you have any data about  Availability and Reliability regarding DeltaV DCS.

Thank you in-advanced

5 Replies

  • Are you looking for information on reliability and availability of DeltaV hardware components? If so, you should be able to get that information from your local office as it pertains to your DeltaV system.
  • As Brian indicated, your Emerson Local Buisness Office (LBP) should be able to get you in the right direction. I want to make you aware there is an Emerson Lifecycle Services that can help. They can provide you with an Overall Scheduled System Maintenance Appraisal about the Health of your DeltaV system. They will be able to provides any recommendations for making your DeltaV system more Reliable to maintain it's availability. Again, your Emerson LBP will be able to bring this service to you as well.
  • Availability and Reliability are often misunderstood. Here are the definitions I use:
         - Reliability: Operating Time/ Number of Failures. ( MTBF, Failure Rate (λ))
         - Availability: Up Time/(Uptime +Downtime). (Downtime is often referred to as MTTF)

    Emerson does not release individual component MTBF data for the DeltaV DCS. System Availability is calculated for customer systems based on specific system hardware designed to meet process applications and an appropriate estimate of MTTF, typically 4 hours. MTTF is determined by the end user and their ability to diagnose and repair an issue with the system. The availability of Spare parts on hand plays greatly to this number.


    Different manufactures calculate MTBF data differently. The more common method is a parts count method based on MIL-HDBK 217, and the source data can come from different reliability databases, which differ from each other. After a significant number of components have been in operation for a minimum time, actual failure data may be used to represent MTBF.

    Different manufactures may use a different nominal operating temperature for their MTBF number. Comparing components from different systems would yield misleading results if values were not normalized. DeltaV uses 50 C. One Power Supply manufacture uses 40 C. MIL-HDBK 217 references 25 C in its discussions. A DeltaV component MTBF at 50 C would be over 5 times greater if calculated at 25 C.

    Increased DCS system availability is achieved through redundancy. Failure of a single controller in a redundant pair results in no loss of availability. Some times, MTBF of a Redundant component is calculated based on the resulting availability, but in reality, redundancy does not increase reliability, and failure of a controller in a redundant controller pair is still a failure. The consequence of the failure on the system availability has been mitigated with redundancy, but the number of individual components increases, so overall, the failure rate of individual parts over time can be expected to be higher. That is why we use Availability as the measure for the system and Reliability for the individual components.

    Availability also requires a definition of what it means for the system to be available. In reality, the availability of a control system is dictated by the availability of the instrumentation. Loss of a particular transmitter means that signal is no longer available, regardless of what the DCS IO availability is (simplex or redundant IO Card). So the maximum availability of the control system is limited by the choice of instrumentation. The Availability of the DCS is designed to minimize the reduction in availability of the process. It cannot increase it!

    A typical definition of Availability is “No single point of failure will result in the loss of more than X field signals.” If the value of X is set to 1, then redundant hardware is required through out, from the IO card, Network components and controllers. Remember that failure of a transmitter will result in the loss of one field signal. The DCS cannot increase the availability of the transmitter. For process applications that have multiple trains, or have the capacity for manual operation and thus continue to be available with the loss of multiple field signals, the Availability requirement of the DCS may be relaxed and simplex IO may be appropriate.

    So when an Availability calculation is required on the DCS, Emerson uses the system hardware to determine the availability based on loss of one field signal with an MTTF of 4 hours. There are multiple factors to consider, beyond just the component MTBF, to properly calculate system Availability.

    If you need a calculation of Availability for your DeltaV DCS, please contact your local sales representative office to have this done for you.

    Andre Dicaire

  • In reply to Andre Dicaire:

    Thanks for your good reply. There is white paper on same topic done by Emerson.

    Mean Time Between Failure (MTBF)
    Understanding the concept of MTBF:
    MTBF (Mean Time Between Failure) is a term which applies to repairable systems only. It is an average value but
    it is time between failures. This implies that a component has failed and then has been repaired. This can be
    represented mathematically as:
    MTBF = MTTF + MTTR
    MTTR (Mean Time to Repair) is generally smaller then MTTF (Mean Time to Fail), MTBF is approximated to
    MTTF, which applies to repairable and non-repairable systems.
    MTTF is defined as the measure of Random Constant Failures. In simple words, it shows how reliable a product
    is. MTTF is usually given in units of hours.
    For electronic products, it is commonly assumed that during the useful operating life period the parts have
    constant failure rates, and part failure rates follow an exponential law of distribution. In other words, a collection of
    components that have an exponentially decreasing probability of failure will have a constant failure rate. Constant
    failure rate represents the worst case assumption. MTTF of the product can be calculated as:
    MTTF = Integration of Reliability function with respect to time from 0 to infinity limit = ∫ R(t) dt
    or simply
    1/(sum of all the part failure rates) = 1 /λ {Assumption: Single or series of components with constant failure rates}
    and the probability that the product will work for some time T without failure is given by:
    R(T) = e( -T/MTTF)
    Thus, for a product with an MTTF of 876,000 hours (100 years), and an operating time of interest of 5 years
    (43,800 hours):
    R = e( -43800/876000) = 0.951229
    which says that there is an 95.2% probability that the product will operate for the 5 years without a failure, or that
    95.2% of the units in the field will still be working at the 5 year point.
    The MTTF or MTBF figure for a product can be derived in various ways: prediction models (such as
    MIL-HDBK-217, or Telcordia / Bellcore), lab test data, or actual field failure data.
    MTTF analysis typically ignores “infant mortality failures” and “special cause failures”.

    Methods to Predict MTTF or MTBF:

    1. Estimated and / or Physics of Failure approach
    This method of predicting MTTF uses a common approach of parts stress analysis per MIL-HDBK-217. Fisher
    uses this method early in the design process to assist in component selection, material selection, and design
    parameters.
    Another common method is to use FMEDA and combine the individual component/sub-system MTTF to estimate
    the total “System MTTF”. Fisher has completed this task for mechanical and electronic components for use of a
    FIELDVUE DVC6000 digital valve controller in Safety Instrumented System Applications. A Fisher Reliability
    engineer completed the exercise by identifying potential failure mechanisms, developing a model for each failure
    mode, and analyzing each failure mode with its cause & effects matrix. Confidence interval calculations are
    performed last, using a confidence interval of 70% per IEC 61508, Part 2, section 7.4.7.9.

    2. Demonstrated Method
    Demonstrated MTTF or MTBF involves test devices under in-situ conditions, where data is tracked and analyzed
    by our engineering teams for design improvement. This includes data for in-house rugged testing.
    All product testing is completed at Fisher Controls International LLC, Marshalltown, Iowa USA. We use an
    accelerated aging module to simulate an installed lifetime for the devices. During the aging, units are subjected to
    power cycling, pressure cycling, and high/low temperature cycling, Vibration testing (mechanical endurance),
    Impact / Drop testing, environmental testing (Humidity, temperature and pressure effects etc.). Additionally, EMI
    Testing, Chemical Environment Exposure Testing, Gas Tight or Sealing testing etc. are conducted in an attempt
    to duplicate actual process conditions. Results are reviewed and recorded and an improvement process is
    implemented. Test results data are given in consideration while making cause and effect matrix.

    3. Observed Method
    Observed MTTF is the most objective method but is very difficult in actual practice. Observed MTTF simply
    measures field failures, modes, and root causes and compares against the total number of units installed.
    Fisher has a system in place called FIX (Fisher Improvement Exchange), which logs all failures in the field during
    warranty period, its cause, corrective action and change / improvement of parts / components or recommendation
    for use.
    Fisher also uses data available from Fisher Service Company, where the device has come for repair after the
    warranty period or may be during plant turnaround with reported problems. Much of the time, faults are either due
    to external factors like dirty air, oil or moisture in supply air, linkage or mechanical connections, or abusive use.
    These analyses are used to arrive at correct failure rates of device published by Fisher. Exida.com, a leading
    safety consultant, participated in the process to ensure completeness, consistency and reasonability of the
    results. Final results were verified and reviewed by TUV, while according certification of compliance to IEC61508
    for the DVC6000, as suitable for use up to SIL3 in safety instrumented system.

    Constituents of MTTF
    A device can fail in two modes when used in SIS application. It can fail safely or fail dangerously. As an example,
    there is a probability that a normally energized SIS will fail with its outputs de-energized. This is termed probability
    of failing safely. There is also a probability that the system will fail with its outputs energized. This is called
    probability of failure on demand. The latter term indicates that the safety system has failed dangerously when
    demand occurred. This failure of Equipment under Control (EUC) is of more concern to the industry and has been
    addressed at length in IEC61508.

    The standard also discusses detection methods of failure modes. In more general terms, components of MTTF
    can be categorized as below:
    Safe Detected
    Safe undetected
    Dangerous Detected
    Dangerous Undetected

    The term most applicable for Safety Instrumented System is PFDavg, which can be described as average
    probability of failure on demand, while evaluating SIL requirements of Safety Instrumented Function.
    IEC 61508 standard defines PFDavg (Probability of failure upon demand) = 1- e- lambda x t , which can be
    simplified = 1/2 Dangerous Failure rate x Test frequency
    By installing devices like Fishers DVC6000 on SIS application’s Final control element (actuator), and performing
    partial stroke tests, portions of dangerous undetected failures of the final control element can be detected.
    This leads to the conclusion that PFDavg = 1/2 Test Frequency x Dangerous UNDETECTED Failure rate, while
    accessing SIL requirement for Safety Instrumented System.

    The contents of this publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy,
    they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use
    or applicability. We reserve the right to modify or improve the designs or specifications of such products at any time without notice.
  • In reply to Riyaz Ali:

    Dear my friends
    Thank you for your kind reply and explanations.
    They are very useful and helpful for me.
    You are great