Failure

A failure occurs when a device at some level (a system, a unit, a module, or a component) fails to perform its intended function. To many, the definition is clear. Disagreement may occur, but when this happens it is usually a matter of properly defining "intended function." For safety instrumented systems, the definition of intended function is usually clear and should be properly recorded in the safety requirements specification.

Each safety instrumented function (SIF) in a safety instrumented system must perform its protection function, must not falsely shut down the process, and must perform ancillary functions such as communications and diagnostics. However, all these functions are not necessarily included in all analyses. Diagnostic functions or communications functions may or may not be counted as a failure depending on the purpose of the analysis.

What if certain components are used only for diagnostic purposes and they fail? The safety protection functionality will continue to work perfectly but the diagnostic function no longer works. Is this failure considered when calculating probability of failure on demand? Generally not! This is justified in many cases because the safety protection function will operate even when the diagnostics do not.

However, as we will see, if the safety instrumented function verification takes credit for the diagnostics to achieve a sufficiently high level of safety integrity, then the diagnostic failures will need to be modeled in an accurate probabilistic SIF verification.