TABLE OF CONTENTS A reliability engineer's first design priority is successful operation. Great effort must be made to ensure that things work. This priority is certainly logical for most systems as failure mode is not relevant.
In safety instrumented systems, however, the failure mode is very important. It makes a difference if the system fails and causes a false trip versus a failure that prevents the automatic protection.
Actual failures of instruments can be classified as "fail-safe," "fail-danger," or another failure mode. Such failure modes will be defined in this chapter in the context of an individual instrument. Note that sometimes the application must be understood before these classifications can be made. It must be remembered that the safety instrumented function may or may not fail when one instrument has failed. A redundant architecture may compensate for instrument failures.
Instrumentation equipment can fail in different ways. We call these "failure modes." Consider a two-wire pressure transmitter. This instrument is designed to provide a 4 - 20 milliamp signal in proportion to the pressure input. Detailed failure modes, effects, and diagnostic analyses of several of these devices reveal a number of failure modes: frozen output, current to upper limit, current to lower limit, diagnostic failure, communications failure, and drifting/erratic output among perhaps others. These instrument failures can be classified into failure mode categories when the application is known.
If a single transmitter (no redundancy) were connected to a safety PLC programmed to trip when the current goes up (high trip),...
