Icstt Rm449 en P

AADvance
The Next Step in Automation
AADvance Controller
PFH avg and PFD avg Data
Issue: 04
DOCUMENT: 553847
(ICSTTICSTT-RM449_EN_P)
PFH avg and PFD avg Data (AADvance Controller)
This page intentionally left blank
ii
Document: 553847
(ICSTT-RM449_EN_P) Issue 04:
Notice
In no event will Rockwell Automation be responsible or liable for indirect or
consequential damages resulting from the use or application of this equipment. The
examples given in this manual are included solely for illustrative purposes. Because of
the many variables and requirements associated with any particular installation,
Rockwell Automation does not assume responsibility or reliability for actual use based
on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, with respect to use of
information, circuits, equipment, or software described in this manual.
Reproduction of this manual in whole or in part, without written permission of
Rockwell Automation is prohibited.
All trademarks are acknowledged.
Disclaimer
It is not intended that the information in this publication covers every possible detail
about the construction, operation, or maintenance of a control system installation. You
should refer to your own (or supplied) system safety manual, installation instructions
and operator/maintenance manuals.
Revision and Updating Policy
This document is based on information available at the time of its publication; however,
the document contents are subject to change from time to time. You should contact
Rockwell Automation Technical Support by e-mail support@icstriplex.com to
check if you have the latest version of this publication.
Copyright Notice, Rockwell Automation 2012
This document contains proprietary information that is protected by copyright. All
rights are reserved. This technical manual applies to Release 1.3 of the AADvance
Controller.
Document: 553847
iii
Issue record
Issue
Date
Comments
01
Sept 2009
First Issue
02
March
2011
Update for Release 1.2
03
May 2012
Updates and corrections from peer review and from TUV

review, add distributed SIF example.
04
June 2012
Update for Release 1.3 and AOM 9481/2 values added
iv
Document: 553847
Forward
This document contains the PFHavg and PFDavg Data for the AADvance Controller. It
includes examples on how to calculate the final figures for different controller
configurations. The data supports the recommendations in the AADvance Safety
Manual Doc No: 553630.
Abbreviations
Abbreviation
Description
FMPH
Failures Per Million Hours
HFT
Hardware Fault Tolerance
MTBF
Mean Time Between Failures
MTTR
Mean time to Repair
MTI
Manual Test Interval
PFDavg
Probability of Failure on Demand - average
PFDe
Probability of Failure on Demand - energized to action
PFDde
Probability of Failure on Demand - de-energized to action
PFHe
Probability of Failure per Hour - energized to action
PFHde
Probability of Failure per Hour - de-energized to action
SFF
Safe Failure Fraction
SIF
Safety Instrumented Function
Document: 553847
Contents
Chapter 1
Introduction ............................................................................................. 1-1

Failure Rates ........................................................................................................................................................ 1-1
PFD Data - 8 Hour MTTR ............................................................................................................................... 1-2
PFD Data - 24 Hour MTTR............................................................................................................................. 1-4
PFH Data.............................................................................................................................................................. 1-6
Binding and Peer-to-Peer Communication Data (per segment) ............................................................ 1-8
Safe Failure Fraction (SFF) and Hardware Fault Tolerance (HFT) ......................................................... 1-8
System Configurations ...................................................................................................................................... 1-9
Example 1....................................................................................................................................................... 1-9
Example 2....................................................................................................................................................... 1-9
Example 3..................................................................................................................................................... 1-10
Example 4..................................................................................................................................................... 1-10
Example 5..................................................................................................................................................... 1-11
vi
Document: 553847
Chapter 1
Introduction
The information in this document has been compiled as part of the AADvance IEC
61508 certification, the failure modes and Failure Mode Effect and Diagnostic Analysis
(FMEDA) of each module having been inspected by TUV Rheinland.
The tables below provide PFD avg data for AADvance modules used in applications with
an 8 or 24 hour MTTR and with 6 months, 1 year, 5 years or 10 years Manual Test
Interval (MTI). If the AADvance system is to be used in an application with any other
MTTR or MTI, use the data from the next column with a higher MTTR or MTI than
that of the application.
If a de-energize to action system is configured to provide a shutdown on the first fault,
the MTTR has a negligible effect, hence, the tables in the PFD Data can be used for any
MTTR.
In This Chapter
Failure Rates......................................................................................................... 1-1
PFD Data - 8 Hour MTTR ................................................................................ 1-2
PFD Data - 24 Hour MTTR ............................................................................. 1-4
PFH Data............................................................................................................... 1-6
Safe Failure Fraction (SFF) and Hardware Fault Tolerance (HFT).......... 1-8
System Configurations ....................................................................................... 1-9
Failure Rates
The following failure rates apply to the AADvance modules:
Table 1:
AADvance Module Failure Rates
Module
Module Description
MTBF
Years
FPMH
T9110
Processor module
95
1.19
T9401
Digital input module, 24Vdc, 8 channel, isolated
93
1.22
T9402
Digital input module, 24Vdc, 16 channel, isolated
50
2.28
T9431
Analogue input module, 8 channel, isolated
93
1.22
T9432
Analogue input module, 16 channel, isolated
50
2.28
T9451
Digital output module, 24Vdc, 8 channel, isolated,

commoned
95
1.19
T9481
Analogue output module, 3 channel, isolated
110
1.04
T9482
Analogue output module, 8 channel, isolated
47
2.39
Document: 553847
1-1
PFD Data - 8 Hour MTTR

The following tables provide the probability of failures upon demand for the energize
to action and de-energize to action Safety Instrumented Function (SIF) configurations.
The Manual Test Interval is as indicated
Table 2:
Module
PFD Data for a SIF with MTI = 6 months

Module Description
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
T9110
Processor module
6.16E-5
2.43E-7
2.58E-7
7.88E-5
4.07E-7
4.32E-7
T9401
Digital input module, 24Vdc, 8

channel, isolated
2.25E-6
2.16E-7
2.16E-7
3.59E-6
2.27E-7
2.27E-7
T9402

channel, isolated
2.25E-6
2.16E-7
2.16E-7
3.59E-6
2.27E-7
2.27E-7
T9431
Analogue input module, 8

channel, isolated
2.25E-6
2.16E-7
2.16E-7
3.59E-6
2.27E-7
2.27E-7
T9432

channel, isolated
2.25E-6
2.16E-7
2.16E-7
3.59E-6
2.27E-7
2.27E-7
T9451
Digital output module, 24Vdc, 8

channel, isolated, commoned
7.67E-7
1.53E-6
2.18E-5
2.18E-7
T9481
Analogue output module, 3

channel, isolated
2.02E-6
3.96E-6
7.08E-5
1.93E-6
T9482

channel, isolated
2.02E-6
3.96E-6
7.08E-5
1.93E-6
Table 3:
Module
PFD Data for a SIF with MTI = 1 Year

Module Description
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
T9110
Processor module
1.20E-4
4.58E-7
5.15E-7
1.54E-4
7.74E-7
8.68E-7
T9401

channel, isolated
3.89E-6
4.28E-7
4.28E-7
6.02E-6
4.46E-7
4.47E-7
T9402

channel, isolated
3.89E-6
4.28E-7
4.28E-7
6.02E-6
4.46E-7
4.47E-7
T9431

channel, isolated
3.89E-6
4.28E-7
4.28E-7
6.02E-6
4.46E-7
4.47E-7
T9432

channel, isolated
3.89E-6
4.28E-7
4.28E-7
6.02E-6
4.46E-7
4.47E-7
1-2
Document: 553847
T9451

1.36E-6
2.73E-6
4.07E-5
4.09E-7
T9481

channel, isolated
3.98E-6
7.83E-6
1.52E-4
3.54E-6
T9482

channel, isolated
3.98E-6
7.83E-6
1.52E-4
3.54E-6
Table 4:
Module
PFD Data for SIF with MTI = 5 Years

Module Description
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
T9110
Processor module
5.91E-4
2.18E-6
3.55E-6
7.52E-4
3.72E-6
5.94E-6
T9401

channel, isolated
1.70E-5
2.12E-6
2.12E-6
2.55E-5
2.20E-6
2.21E-6
T9402

channel, isolated
1.70E-5
2.12E-6
2.12E-6
2.55E-5
2.20E-6
2.21E-6
T9431

channel, isolated
1.70E-5
2.12E-6
2.12E-6
2.55E-5
2.20E-6
2.21E-6
T9432

channel, isolated
1.70E-5
2.12E-6
2.12E-6
2.55E-5
2.20E-6
2.21E-6
T9451

6.16E-6
1.23E-5
1.92E-4
1.97E-6
T9481

channel, isolated
1.97E-5
3.88E-5
7.41E-4
1.69E-5
T9482

channel, isolated
1.97E-5
3.88E-5
7.41E-4
1.69E-5
Table 5:
Module
PFD Data for a SIF with MTI = 10 Years

Module Description
PFDde
PFDe_
Single
Dual
Triple
Single
Dual
Triple
T9110
Processor module
1.18E-3
4.35E-6
9.79E-6
1.50E-3
7.42E-6
1.63E-5
T9401

channel, isolated
3.34E-5
4.24E-6
4.25E-6
4.97E-5
4.40E-6
4.41E-6
T9402

channel, isolated
3.34E-5
4.24E-6
4.25E-6
4.97E-5
4.40E-6
4.41E-6
T9431

channel, isolated
3.34E-5
4.24E-6
4.25E-6
4.97E-5
4.40E-6
4.41E-6
T9432

channel, isolated
3.34E-5
4.24E-6
4.25E-6
4.97E-5
4.40E-6
4.41E-6
Document: 553847
1-3
T9451

1.22E-5
2.43E-5
3.81E-4
4.00E-6
T9481

channel, isolated
3.93E-5
7.75E-5
1.48E-3
3.49E-5
T9482

channel, isolated
3.93E-5
7.75E-5
1.48E-3
3.49E-5
PFD Data - 24 Hour MTTR

The following tables provide the probability of failures upon demand for the energize
to action and de-energize to action Safety Instrumented Function (SIF) configurations.
Manual Test Interval is as indicated.
Table 6:
Module
PFD Data for a SIF with MTI = 6 months

Module Description
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
T9110
Processor module
6.71E-5
2.98E-7
3.16E-7
8.69E-5
4.88E-7
5.20E-7
T9401

channel, isolated
3.48E-6
2.24E-7
2.24E-7
5.92E-6
2.40E-7
2.40E-7
T9402

channel, isolated
3.48E-6
2.24E-7
2.24E-7
5.92E-6
2.40E-7
2.40E-7
T9431
Analogue input module, 8 channel, 3.48E-6

isolated
2.24E-7
2.24E-7
5.92E-6
2.40E-7
2.40E-7
T9432

channel, isolated
3.48E-6
2.24E-7
2.24E-7
5.92E-6
2.40E-7
2.40E-7
T9451

1.10E-6
2.21E-6
2.76E-5
2.77E-7
T9481

channel, isolated
2.07E-6
4.01E-6
8.67E-5
2.60E-6
T9482

channel, isolated
2.07E-6
4.01E-6
8.67E-5
2.60E-6
Table 7:
Module
T9110
1-4
PFD Data for a SIF with MTI = 1 Year

Module Description
Processor module
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
1.26E-4
5.13E-7
5.77E-7
1.62E-4
8.55E-7
9.61E-7
Document: 553847
T9401

channel, isolated
5.12E-6
4.36E-7
4.36E-7
8.35E-6
4.60E-7
4.60E-7
T9402

channel, isolated
5.12E-6
4.36E-7
4.36E-7
8.35E-6
4.60E-7
4.60E-7
T9431

isolated
4.36E-7
4.36E-7
8.35E-6
4.60E-7
4.60E-7
T9432

channel, isolated
5.12E-6
4.36E-7
4.36E-7
8.35E-6
4.60E-7
4.60E-7
T9451

1.70E-6
3.40E-6
4.64E-5
4.68E-7
T9481

channel, isolated
4.03E-6
7.87E-6
1.60E-4
4.21E-6
T9482

channel, isolated
4.03E-6
7.87E-6
1.60E-4
4.21E-6
Table 8:
Module

Years
Module Description
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
T9110
Processor module
5.96E-4
2.24E-6
3.64E-6
7.60E-4
3.80E-6
6.08E-6
T9401

channel, isolated
1.82E-5
2.13E-6
2.13E-6
2.78E-5
2.22E-6
2.22E-6
T9402

channel, isolated
1.82E-5
2.13E-6
2.13E-6
2.78E-5
2.22E-6
2.22E-6
T9431

isolated
2.13E-6
2.13E-6
2.78E-5
2.22E-6
2.22E-6
T9432

channel, isolated
1.82E-5
2.13E-6
2.13E-6
2.78E-5
2.22E-6
2.22E-6
T9451

6.49E-6
1.30E-5
1.98E-4
2.03E-6
T9481

channel, isolated
1.97E-5
3.88E-5
7.49E-4
1.76E-5
T9482

channel, isolated
1.97E-5
3.88E-5
7.49E-4
1.76E-5
Table 9:
Module
T9110

Module Description
Processor module
Document: 553847
PFDde
PFDe
Single
Dual
Triple
Single
Dual
Triple
1.18E-3
4.40E-6
9.90E-6
1.51E-3
7.50E-6
1.65E-5
1-5
T9401

channel, isolated
3.46E-5
4.25E-6
4.25E-6
5.21E-5
4.42E-6
4.43E-6
T9402

channel, isolated
3.46E-5
4.25E-6
4.25E-6
5.21E-5
4.42E-6
4.43E-6
T9431

isolated
4.25E-6
4.25E-6
5.21E-5
4.42E-6
4.43E-6
T9432

channel, isolated
3.46E-5
4.25E-6
4.25E-6
5.21E-5
4.42E-6
4.43E-6
T9451

1.25E-5
2.50E-5
3.86E-4
4.06E-6
T9481

channel, isolated
3.94E-5
7.75E-5
1.49E-3
3.56E-5
T9482

channel, isolated
3.94E-5
7.75E-5
1.49E-3
3.56E-5
PFH Data
The following table provides the probability of failures per hour for both energize to
action and de-energize to action for SIF configurations designed for High Demand
applications.
Table 10:
Module
PFH Data
Module Description
PFHde
Single
1-6
Dual
PFHe
Triple
Single
Dual
Triple
Document: 553847
T9110
Processor module
2.69E-8
T9401

channel, isolated
T9402

channel, isolated
3.41E-8
5.07E-9
5.52E-9
7.48E-10 4.77E-10 4.78E-10
1.11E-9
8.22E-10
8.27E-10
7.48E-10 4.77E-10 4.78E-10
1.11E-9
8.22E-10
8.27E-10
T9431
Analogue input module, 8 channel, 7.48E-10 4.77E-10 4.78E-10

isolated
1.11E-9
8.22E-10
8.27E-10
T9432

channel, isolated
7.48E-10 4.77E-10 4.78E-10
1.11E-9
8.22E-10
8.27E-10
T9451

7.47E-10 1.49E-9
8.62E-9
3.64E-9
T9481

channel, isolated
1.24E-9
2.45E-9
3.36E-8
3.23E-9
T9482

channel, isolated
1.24E-9
2.45E-9
3.36E-8
3.23E-9
Document: 553847
3.45E-9
3.69E-9
1-7
Binding and PeerPeer-toto-Peer Communication Data (per segment)

The PFH and PFD values for the Binding and Peer-to-Peer communications per
segment are as follows:
PFH = 1E-11
PFD = 1E-7
Safe Failure Fraction (SFF) and Hardware

Hardware Fault Tolerance (HFT)
The following table provides the SFF and HFT data for SIF configurations energize to
action and de-energize to action mode.
Note: SFFde applies to a normally energized system that is de-energized to action.
Table 11:
Module SFFde, SFFe and HFT Data
Module
Module Description
SFF de
HFT
SFF e
HFT
T9110
Processor module
>90%
>90%
T9401
Digital input module, 24Vdc, 8 channel,

isolated
>99%
>99%
T9402
Digital input module, 24Vdc, 16 channel,

isolated
>99%
>99%
T9431
Analogue input module, 8 channel,

isolated
>99%
>99%
T9432
Analogue input module, 16 channel,

isolated
>99%
>99%
T9451

>90%
>90%
T9481
Analogue output module, 3 channel,

isolated
>90%
>90%
T9482
Analogue output module, 8 channel,

isolated
>90%
>90%
1-8
Document: 553847
System Configurations
The PFH and PFD calculations are derived from IEC 61508 Section 6 and the examples
below show how the calculations are used to define the probability of failure for a SIF.
Example 1
This illustrates a SIL3 SIF with one signal input and one signal output; it has a MTI of 1
year and a MTTR of 8 hours, it is configured as a de-energized to trip arrangement.
Refer to the Table 3
Example
Example 2
This illustrates a SIL 3 SIF with 2 inputs on dual input modules and 1 output with an
MTI of 1 year and MTTR = 8 hours, configured as 1oo2 de-energize to trip.
Refer to Table 3
Document: 553847
1-9
Example 3
SIL3 SIF with 2 inputs on dual input modules and 1 output with a manual test interval
of 1 year and MTTR = 8 hours as 1oo2 de-energize to trip.
Refer to Table 3
Example 4
This illustrates a SIL 3 with 1 dual input and 2 outputs, with a manual test interval of 1
year and MTTR = 8 hours, configured as 1oo2 de-energize to trip.
Refer to Table 3
1-10
Document: 553847
Example 5
This illustrates a SIL 3 SIF distributed between two controllers, with one signal input
and one signal output; it has a MTI of 1 year and a MTTR of 8 hours, it is configured as
a de-energize to trip arrangement.
Document: 553847
1-11

Icstt Rm449 en P

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Icstt Rm449 en P

Uploaded by

Copyright:

Available Formats

AADvance

The Next Step in Automation

PFH avg and PFD avg Data

PFH avg and PFD avg Data (AADvance Controller)

This page intentionally left blank

PFH avg and PFD avg Data (AADvance Controller)

Update for Release 1.2

Updates and corrections from peer review and from TUV

Update for Release 1.3 and AOM 9481/2 values added

Failures Per Million Hours

Hardware Fault Tolerance

Mean Time Between Failures

Mean time to Repair

Manual Test Interval

Probability of Failure on Demand - average

Probability of Failure on Demand - energized to action

Probability of Failure on Demand - de-energized to action

Probability of Failure per Hour - energized to action

Probability of Failure per Hour - de-energized to action

Safe Failure Fraction

Safety Instrumented Function

PFH avg and PFD avg Data (AADvance Controller)

Introduction ............................................................................................. 1-1

AADvance Module Failure Rates

Digital input module, 24Vdc, 8 channel, isolated

Digital input module, 24Vdc, 16 channel, isolated

Analogue input module, 8 channel, isolated

Analogue input module, 16 channel, isolated

Digital output module, 24Vdc, 8 channel, isolated,

Analogue output module, 3 channel, isolated

Analogue output module, 8 channel, isolated

PFH avg and PFD avg Data (AADvance Controller)

PFD Data - 8 Hour MTTR

PFD Data for a SIF with MTI = 6 months

Digital input module, 24Vdc, 8

Digital input module, 24Vdc, 16

Analogue input module, 8

Analogue input module, 16

Digital output module, 24Vdc, 8

Analogue output module, 3

Analogue output module, 8

PFD Data for a SIF with MTI = 1 Year

Digital input module, 24Vdc, 8

Digital input module, 24Vdc, 16

Analogue input module, 8

Analogue input module, 16

Digital output module, 24Vdc, 8

Analogue output module, 3

Analogue output module, 3

PFD Data for SIF with MTI = 5 Years

Digital input module, 24Vdc, 8

Digital input module, 24Vdc, 16

Analogue input module, 8

Analogue input module, 16

Digital output module, 24Vdc, 8

Analogue output module, 3

Analogue output module, 8

PFD Data for a SIF with MTI = 10 Years

Digital input module, 24Vdc, 8

Digital input module, 24Vdc, 16

Analogue input module, 8

Analogue input module, 16

PFH avg and PFD avg Data (AADvance Controller)