While a specific degree of probability can be expected for the occurrence of a random fault, this does not apply to a systematic fault.
But unlike random faults, systematic faults can be prevented altogether, in principle. However, experience shows that this is only partly true (especially when it comes to software). This knowledge leads to the following requirements relating to protective equipment design:
- Preventing failures by introducing a special quality management system (keywords: “Functional Safety Management System” or “FSM system” for short)
- Avoiding failures through redundancy and/or fail-safe behavior and fault detection (keywords: Hardware fault tolerance, sum of safe faults, diagnostic coverage)
- Making calculations to quantify the probability of failure based on random faults (keywords: PFD/PFH calculation)
The practical implementation of the three points mentioned above determines the extent of the risk reduction for protective equipment. Generally speaking, the workload involved in planning, implementing, and operating protective equipment depends on which SIL the equipment must reach. Standards EN 61508, EN 61511 and VDI/VDE 2180 describe the exact correlation between the protective equipment design and the SIL that can be achieved.
When protective equipment is designed, fault prevention, fault control, and the probability of failure must all be considered appropriately in order to achieve a specific degree of risk reduction. Taking into account the probability of failure alone is not sufficient to fulfill a SIL requirement. In reality, protective equipment can only reach a specific SIL when both the structure (redundancy, diagnostics, fail-safe design) and the probability of failure (PFD/PFH) meet the requirements stipulated in the standard for the relevant SIL. Furthermore, a FSM system must be used for the implementation. Only then can it be assumed that systematic faults will be prevented to the necessary extent.