Hi all thanks for the add, this looks like a really good way to share experience in the functional safety world. Thanks for setting up Richard. I have a question for you all on the requirements when adding a new SIF to an existing SIL2 system that was designed over 40 years ago and was never designed to 61508. What things would we consider to make this possible without a full system redesign.

What is the best way to know the failure modes of components? Manufacturers usually don't provide failure modes and failure modes in databases as NPRD are usually very ambiguous.

I've been struggling with this point for some time. In Automotive, ISO 26262 part 5 provides an equation to calculate the PMHF. A follow-up example explains it with numbers. My issue is: When I try to apply the same equation on the solved example in the standard, I cannot generate the same results. The main tool we use to calculate the PMHF is Medini, and it uses a completely different strategy to get it. Can someone inform me how these values are generated with the equation?

Hi all, thanks for accepting. First of all, I am new in functional safety and sorry for my bad english😊. Actually I have some doubt about one of variable in PFDavg calculation namely mission time, couple of question to all: 1. What will happen in the end of mission time?should end user decommissioned the plant?or just replace everything and the mission time will get restarted? 2. If it depend on end user, than based on what consideration usually for them to determine the correct mission time?and what is the reason behind that? 3. Since by the time PFDavg will get derated, and SIL claimed may decreased over the time, shouldn't end user decide to set the mission time before the SIL/RRF drops beyond the rating it should be? Hope you guys can share your knowledge. Thanks,

Hi All. Just thought I would post in here to get others thoughts on a scenario I have come across recently. I know it’s best practice to avoid a single element being used in multiple SIFs, but are there any factors to take into consideration for the calculation. For example, several vessels have a common feed supply and whilst each have their own level sensor and logic solver, the common feed line overfill trip valve is shared for all vessels. Each SIF will have a calculation of all components, but all are actually using the same valve. My understanding is no common cause can really be applied as all have a 1oo1 output function. On another note, the configuration would also result in more demands on the valve with it being shared. Downtime and maintenance would also be impacted if shared. Again, just to get other thoughts on other factors that should be taken into account in this scenario. Thanks, Craig