MTTFd values for MC3 MD3 and XA2?

Kevin 9 years ago updated by Gustav Widén (System support) 3 years ago 1
We are using various modules for some safety related controls (MC3) and others for non safety related controls (MD3 and XA2). During analysis of the failure modes of the complete control system I need to establish the MTTFd values of the outputs of the modules (safety related or not).

Do you have any values for these modules please?
Under review
Hi Kevin, thank you for this interesting question. 

For the IQAN-MC3, the instruction books shows maximum achivable Safety Integrity Level (SIL2), which translates to Perfomance Level PLd when analyzing the safety function using EN 13849-1. All internal components on the IQAN-MC3 are included in this analysis, including the COUT and DOUT outputs.
For the IQAN-MC3, we also state the PFHd, Probability of Dangerous Failure per Hour, 2*10^-8

The PFHd is the final result of the calculation of hardware integrity, when diagnostics and structure is included, you can compare this result with the values in EN 13849-1 Appendix K.

I don't really see why you would need MTTFd for the IQAN-MC3? This should not be necessary, as this is only an intermediate stage. Note that the EN 13849-1 MTTFd is used on single channesl before diagnostics and structure is considered, not the final result. It would be possible to calculate this value, but it is only relevant if the internal IQAN-MC3 electronics was to be analyzed again using the so called "Simplified procedure for estimating PL" in EN 13849-1.
Instead, I recommend the method where you calculate the PL and PFH (using EN 13849-1 Appendix K) for the sensors subsystem and the hydraulics subsystem. Then add the sum of PFH for sensors, IQAN-MC3 and hydraulics, and check that you still meet the requirements on average probability of failure per hour in EN 13849-1 table 3.
(see EN 13849-1, 6.3 Combination of SRP/CS to achieve overall PL)

Also, I don't really see what the use of calculating MTTFd for the IQAN-MD3 and IQAN-XA2 would be?
It is wise of you to use the IQAN-MC3 for the safety functions, and use MD3 and XA2 controllers for the non-safety related functions on the machine. As the MD3 and XA2 are not used for any of the safety functions on the machine, then they would not be seen as SRP/CS (safety related part of control system) in any of the safety functions. And then calculation should not be necessary.