Probability of failure on demand of safety systems: impact of partial test distribution

Abstract

In accordance with the IEC 61508 functional safety standard, safety-related systems operating in a low demand mode need to be proof tested to reveal any ‘dangerous undetected failures’. Proof tests may be full (i.e. complete) or partial (i.e. incomplete), depending on their ability to detect all the system failures or only a part of them. Following a partial test, some failures may then be left latent until the full test, whereas after a full test (and overhaul), the system is restored to an as-good-as-new condition. A partial-test policy is defined by the efficiency of the partial tests, and the number and distribution (periodic or non-periodic) of the partial tests in the full test time interval. Non-approximate equations are introduced for probability of failure on demand (PFD) assessment of a Moo N architecture (i.e. k-out-of- n: G) systems subject to partial and full tests. Partial tests may occur at different time instants (periodic or not) until the full test. The time-dependent, average, and maximum system unavailability (PFD(t), PFDavg, and PFDmax) are investigated, and the impact of the partial test distribution on average and maximum system unavailability are analysed, according to system architecture, component failure rates, and partial test efficiency.