Impact of proof test effectiveness on safety instrumented system performance

This paper addresses the effectiveness of proof tests that are performed on safety instrumented functions (SIF) to reveal any failures undetected by automatic diagnostics. The paper focuses on low demand mode applications where an achieved safety integrity level (SIL) is determined by a SIF´s average probability of failure on demand (PFD_avg). Functional safety standards [1, 2], which require periodic proof tests, assume that proof tests are performed perfectly, i.e., all proof tests are 100% complete (all hidden failures are tested for), and 100% correct (all hidden failures are correctly identified; all indentified failures are completely repaired). Practical experience however easily shows that proof tests are typically neither 100% complete nor 100% correct. This paper proposes a measure of proof test effectiveness (PTE) which takes into account both proof test correctness and completeness. It shows how the SIF performance degrades over successive proof test intervals if the PTE is less than 100%. Consequently, a SIF may suffer a degradation of SIL level over time, a feature not recognized by current standards. Several examples using different levels of proof test completeness and correctness highlight the impact of PTE.