The calculation of the probability of failure of each control function concerning the safety (SRCF - safety related control function) as part of a safety-related electrical control system (SRECS - safety related electrical control system) is executed in accordance with the requirements of CEI EN 62061 and IEC 61508-6.
The EN 62061 standard indicates that the SIL, that can be achieved by the SRECS, must be calculated from the probability of random hardware dangerous failure, from the constraints to architecture and from the systematic integrity of the security subsystems that include the SRECS; the standard also indicates that the probability of a dangerous failure of each SRCF due to random dangerous hardware failures must be at or below the fault value to be indicated in the specification of safety requirements.
The calculation performed is therefore aimed to determine the rate of dangerous failure per hour (PFHD) of each SRCF part of the SRECS. This failure rate is equal to the sum of all related subsystems PFHD relating to the execution of the SRCF, and shall include, for digital data communication processes, where this is the case, the probability of dangerous transmission errors.
To perform the calculation of the probability of failure of the various subsystems that constitute a SRCF the calculation techniques given in IEC 61508-6 are used, using all available data for each individual element of the subsystem:
• Failure Rate: (total λ, fraction of dangerous failures λD, fraction of dangerous failures detected λDD, fraction of failures not detected λDU, etc.);
• diagnostic coverage (DC);
• fraction of common mode failures (with a common cause) not recognized (β);
• fraction of common mode failures detected (βD);
• mean time to recovery (MTTR);
• interval between periodic tests (T1);
• interval between requests (T2).
If all the necessary data are not available, some of them can be calculated (for example by referring to what is stated in the same IEC 61508-6 ). Alternatively, the data contained in appropriate date basis, or estimated data available in the literature and with appropriate safety margins may be used.
Finally, the SIL achieved for the entire SRECS is equal to or less than the lowest SIL obtained from any subsystem concerned by the execution of SRCF.4