Safety Instrumented Systems Verification: Practical Probabilistic Calculations

2oo2D Architecture

2oo2D Architecture

The 2oo2D is a four channel architecture that consists of two 1oo1D controllers arranged in a 2oo2 style (Figure F-26). Since the 1oo1D protects against dangerous failures when diagnostics detect the failure, two units can be wired in parallel to protect against shutdowns. Effective diagnostics are essential to this architecture as an undetected dangerous failure on either unit will fail the system dangerously.

Figure F-26: 2oo2D Architecture

PFD Fault Tree for 2oo2D

The 2oo2D architecture will fail with outputs energized if either unit has a dangerous undetected failure or if the system experiences a dangerous undetected common cause failure. This is shown in the fault tree of Figure F-27.

Figure F-27: PFS Fault Tree for the 2oo2D Architecture

The approximate equation derived from the fault tree for PFD is:

The equation for PFDavg is:

PFS Fault Tree for 2oo2D

Figure F-28 shows that a 2oo2D architecture will fail safely only if both units fail safely. This can happen due to common cause failures SDC, SUC, or DDC, or if A and B fail safely.

Figure F-28: PFS Fault Tree for the 2oo2D Architecture

First order approximation techniques can be used to generate a formula for probability of failing safely from this fault tree.


SD = the time required to restart the process after a shutdown

RT = average repair time for a detected failure

TI = the inspection time interval

This equation has the same form as Equation B-10 with ( ? SDN+ ? DDN)...