Understanding PFD and PFH in Functional Safety: A Comprehensive Guide

Photo of author
Written By Functional Safety Expert

Lorem ipsum dolor sit amet consectetur pulvinar ligula augue quis venenatis. 

Functional safety is a critical aspect of engineering that ensures systems operate correctly in response to inputs, particularly in scenarios where failure could lead to harm. In functional safety, two important metrics are used to quantify the risk associated with system failures: Probability of Failure on Demand (PFD) and Probability of Failure per Hour (PFH). These metrics help evaluate the reliability of safety systems and determine their appropriate Safety Integrity Level (SIL). This article will explain these concepts with examples, outline the standards where they are applied, and discuss why they may not be relevant in some sectors.

What is PFD (Probability of Failure on Demand)?

PFD is a measure used to estimate the likelihood that a safety function will fail when it is called upon to act. It is commonly applied to low-demand safety systems, where the system is not frequently active but must function correctly when needed. For instance, a fire suppression system in a building is not continuously operating; it only activates when there is a fire.

Example:

Consider an Emergency Shutdown System (ESD) in an oil and gas processing plant. Such a system remains idle most of the time but must activate in case of an emergency (e.g., to close valves or stop pumps) to prevent a catastrophic incident.

  • If the ESD has a PFD of 0.001, this means that there is a 0.1% chance that it will fail when required during an emergency.
  • PFD is usually calculated over a specified time interval, such as the period between routine maintenance checks.

Norms and Sectors:

The concept of PFD is extensively used in the process industry and is defined in standards like IEC 61511, which is specific to the functional safety of Safety Instrumented Systems (SIS) for the process industry. IEC 61511 aligns with IEC 61508, the overarching international standard for functional safety of electrical, electronic, and programmable electronic safety-related systems. In these industries, PFD is crucial for evaluating systems like ESDs, pressure relief systems, and fire detection systems.

What is PFH (Probability of Failure per Hour)?

PFH, on the other hand, measures the probability that a safety function will fail per hour of operation. This metric is suitable for high-demand or continuously operating safety systems, where the system is active and continuously monitored throughout its operating life.

Example:

An example of a system where PFH would be relevant is the Automatic Train Control System (ATCS) used in rail transportation. The ATCS continuously monitors train speed and location, ensuring the train adheres to speed limits and avoids collisions.

  • If the ATCS has a PFH of 1×10^-6 failures per hour, it indicates that there is a very low probability (one in a million) of a failure occurring during each hour of operation.

Norms and Sectors:

PFH is predominantly used in sectors where systems operate continuously, such as automotive (ISO 26262), railway (EN 50129), and industrial automation (IEC 62061). For example:

  • In automotive functional safety, ISO 26262 uses PFH to assess the safety performance of systems like electronic stability control (ESC) and advanced driver-assistance systems (ADAS).
  • The railway industry employs PFH to quantify the reliability of train control and signaling systems, as outlined in the EN 50129 standard.

Safety Integrity Levels (SIL) and Their Relationship with PFD and PFH

Safety Integrity Level (SIL) is a measure of risk reduction provided by a safety function. It is determined based on either PFD or PFH, depending on the demand mode of the system.

  • Low-Demand Systems (e.g., emergency shutdown systems) use PFD to determine the SIL:
    • SIL 1: PFD range of 0.1 – 0.01
    • SIL 2: PFD range of 0.01 – 0.001
    • SIL 3: PFD range of 0.001 – 0.0001
    • SIL 4: PFD less than 0.0001
  • High-Demand or Continuous Operation Systems (e.g., train control systems) use PFH:
    • SIL 1: PFH range of 10^-5 to 10^-6 per hour
    • SIL 2: PFH range of 10^-6 to 10^-7 per hour
    • SIL 3: PFH range of 10^-7 to 10^-8 per hour
    • SIL 4: PFH less than 10^-8 per hour

The SIL is thus directly linked to the PFD or PFH values, determining the reliability requirements for a system based on its application and the associated risk.

Application Example:

For a chemical plant’s ESD, achieving SIL 2 may require reducing its PFD to a value below 0.01 through design improvements, redundancy, and regular maintenance checks. Meanwhile, for a rail signaling system, achieving SIL 3 may involve designing the system with a PFH lower than 1×10^-7 per hour to ensure its continuous safe operation.

Why PFD and PFH Are Not Applicable in Some Sectors

While PFD and PFH are widely used in sectors like process industries, automotive, railways, and automation, they are not always relevant in other domains. For example:

  1. Software Development: In pure software systems (without hardware interaction), measuring PFD or PFH may not be practical since software does not “fail” in the traditional sense of wear and tear. Instead, software errors are often bugs or logical faults, which require a different approach to safety analysis (like FMEA or code verification techniques).
  2. Healthcare: In medical devices and healthcare applications, standards like IEC 60601 focus more on risk management and ensuring patient safety through comprehensive testing and certification processes, rather than PFD/PFH metrics.
  3. Aerospace Industry: While PFD and PFH can be relevant, the aerospace sector often employs broader system-level reliability and risk management methodologies like Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA). Standards such as DO-178C (for software) and DO-254 (for hardware) place more emphasis on rigorous testing, verification, and validation processes rather than calculating failure probabilities alone.

PFD and PFH are critical metrics in functional safety for assessing the reliability of safety systems under different operating conditions. PFD is used for low-demand systems, while PFH applies to high-demand or continuously operating systems. Both are integral in determining the SIL of a system, which guides the level of risk reduction and reliability required.

These metrics are particularly relevant in industries such as process automation, automotive, and railways, where system performance directly impacts safety. However, they may not always be suitable in other sectors like software development or healthcare, where other safety assurance methodologies take precedence.

By understanding these distinctions, professionals can better apply functional safety principles across various industries, ensuring that systems are designed, maintained, and operated with the appropriate safety measures tailored to their specific contexts.

Functional safety : Key Indicators and Risk Mitigation Elements

FMEDA (Failure Modes, Effects, and Diagnostic Analysis)

Leave a Comment

Reach out to us for sponsorship opportunities

Contact Us

© 2024 Functional Safety Expert

Privacy Policy Terms of Service