Accurate modeling of shared components in high reliability applications

This paper addresses how to model and evaluate the risk reduction factor (RRF) of safety instrumented systems (SIS) when one or more of the components in the SIS can cause the dangerous condition or hazard that the SIS is designed to protect against. Generally a failure that can cause a hazard is referred to as an initiating event (IE). International standards for SIS safety evaluation require that shared components either be prohibited or accurately modeled. Current practice generally falls into one of two extremes, ignoring any degradation of system reliability due to shared components or completely discounting any improvements in reliability as a result of redundancy created by the shared component. This paper shows how to accurately model shared components in an SIS and proposes a methodology for simplified modeling techniques when certain criteria are met. Ignoring the interaction of shared components can result in estimates of reliability being optimistic by a factor of 2 or more. Conversely, taking no credit for the redundancy created by the shared component results in estimates of reliability that can be overly pessimistic. Several examples modeling shared components with varying degrees of independence illustrate the impact on overall system reliability.