Functional Safety Specialists May be Stuck in the Past – Do our SIL calculations Reflect Reality?

by Keith Brumbaugh

Functional safety specialists may be stuck in the past and doing industry a disservice. The current industry trend is to only consider random hardware failures in safety integrity level probability of failure on demand calculations. But are random hardware failures the only thing that cause a safety instrumented function to fail? What if our assumptions are wrong? What if our installations do not match generic data or vendor assumptions? What else might we be missing? How might we address systematic (human) failures? Is anyone updating assumptions as operating experience is gained?One obvious problem with incorporating systematic failures is their non-random nature, hence the difficulty in including them in standard calculations. Many functional safety practitioners claim that systematic errors are addressed (i.e., minimized or eliminated) by following all the procedures in the ISA/IEC 61511 standard. Yet even if the standard were strictly adhered to, could anyone realistically claim a 0% chance of a SIF failing due to a systematic issue? Some will say that systematic errors cannot be predicted, much less modeled. But is that true?Traditional PFD calculations are a useful starting point, but it is possible to incorporate systematic errors into a SIF’s real-world performance model. One can use Bayes’ theorem to capture data after a SIF has been installed — either through operating experience or incidents — and update the function’s predicted performance. This methodology can incorporate both objective and subjective observations. It can also be used to justify prior use of existing and non-certified equipment.To learn more about the use of Bayes’ theorem in SIF performance evaluations, read the full paper here.

Other papers you may like:Reverend Bayes, meet Process Safety. Use Bayes’ Theorem to establish site specific confidence in your LOPA calculation by Dave Grattan and Keith Brumbaugh

Bayes’ Theorem is an epistemological statement of knowledge, versus a statement of proportions and relative frequencies. It is therefore a method that can bridge qualitative knowledge with the rare-event numbers that are intended to represent that knowledge. Bayes’ Theorem is sorely missing from the toolbox of Process Safety practitioners. This paper will introduce Bayes’ Theorem to the reader and discuss the reasons and applications for using Bayes in Process Safety related to IPLs and LOPA. While intended to be introductory (to not discourage potential users), this paper will describe simple Excel™ based Bayesian calculations that the practitioner can begin to use immediately to address issues such as uncertainty, establishing confidence intervals, properly evaluating LOPA gaps, and incorporating site specific data, all related to IPLs and barriers used to meet LOPA targets.

The use of Bayesian Networks in Functional Safety by Paul Gruhn

Functional safety engineers follow the ISA/IEC 61511 standard and perform calculations based on random hardware failures. These result in very low failure probabilities, which are then combined with similarly low failure probabilities for other safety layers, to show that the overall probability of an accident is extremely low (e.g., 1E-5/yr). Unfortunately, such numbers are based on frequentist assumptions and cannot be proven. Looking at actual accidents caused by control and safety system failures shows that accidents are not caused by random hardware failures. Accidents are typically the result of steady and slow normalization of deviation (a.k.a. drift). It’s up to management to control these factors. However, Bayes theorem can be used to update our prior belief (the initial calculated failure probability) based on observing other evidence (e.g., the effectiveness of the facility’s process safety management process). The results can be dramatic.

United States


Greenville, South Carolina
Corporate Headquarters

  • LinkedIn
  • Twitter
  • YouTube
  • Facebook

Contact Us