(poolUV.

lVnJi oq 10UUV;)
SJfvo.1qoifvd puv oUJIfo puv S!oqtw(s fo t{;)V.1n:J;)Volfl petsenbtu
sindoo ;)JUO.1J;)o!o o.1olfA1 .woN)
uooq

ol1.Vlf

uodiu

SJlfl fo

WI.1N:!IGI.iNO:)

.LN:!II,}:)

G.1'} S,}OH.1NO:)-X:!I.1WI
t'OO-L6SI:!I
fOO-L6SI:!I
ZOO-L6SI:!I
roO-L6SI:!I
:S:!l~V)I:JV d HO.1Vfl.1:JV :)1.1VW
ao '\.LIH~:!I.1NI :!IH.L
tsu U!3.l!it@fi!pS!u'I:JiJ.L
8l009E ZELlO :xotl
ZE~Z~EZELlO :/iJ.L

D7frOlN.L
'.LN:FDI
''ilD([fl[flNO.L

'tutuamIVH:JNO

.LN'ilW'ilAONclWI A.LI7VilO
A.LIND'il.LNI sisurs
.LN'ilWSS'ilSSV JISIN l' A.LI7IflVI7'ilN

9Z

SINH03

Technis Reliability Study 18ll

Issue .1.0: 7 Dec 2015 _ Client Confidential

CONTENTS
Executive Summary & Recommendations
1. Scope and Safety-Integrity Targets
2. Hardware Reliability and Safe Failure Fraction
3. Failure Rate Data
4. References
APPENDIX 1 - Fault Tree details

(Note: Where electronic copies of this report have been

requested the accuracy of symbols and of line and page breaks
cannot be guaranteed)

1(()J

~)
I

L_

:?SOll

FR
RV

__

----'Dr David J Smith Bsc,PhD,CEng,FIEE,FIQA,HonFSaRS,MIGasE

Technis Reliability Study T8ll

Issue .1.0: 7 Dec 2015 - Client Confidential

EXECUTIVE

SUMMARY & RECOMMENDATIONS

OBJECTIVES
To assess the safety-integrity of the Matic actuator assemblies E13597-001, E13597-002,
E13597-003 and E13597-004 for comparison against a safety-integrity target of SIL 2.

RESULTS
In respect of the failure modes:
Failure to close a host valve despite a valid removal of a 24 Volt
solenoid valve input signal.

Including the Host

ESD Valve
Assumes 0.5 pmh
for the host

"Hazardous"
Failure rate

Probability
of failure on
demand

Safe Failure
Fraction
"Type A"

SIL
claim

1.16 10-6per hr

5.110-3

>60%
See section 2.2

Thus, in respect of random hardware failures and safe failure fraction, the above allows the
simplex use of the assemblies in up to SIL 2 safety functions.
RECOMMENDATIONS
Take note that the above integrity claim is dependent on the assumptions in this report and,
in particular, the failure rate of the host valve.

__

____cDrDavid J. Smith Bsc,PhD, CEng,FIEE,FIQA,HonFSaRS,MIGasE

3

Technis Reliability Study 18ll

Issue .1.0: 7 Dec 2015 - Client Confidential

1. SCOPE & SAFETY-INTEGRITY TARGETS

1.1 Scope

Bifold FP15 Solenoid

Camtorc Type S Actuator
SBV Ball Valve

The assembly is shown in a sketch on page 2 (see also Imtex Drawings J100405-X). Human
error in respect of closing the valve in error is not within the scope of this study. The study
addresses the following failure mode:
Following a valid removal of 24 volts from the solenoid valve, failure to close the
Camtorc actuator (including and excluding the host valve).
Both the instrument air supply and the control system to which this assembly is to be fitted
are outside the scope of this report.
1.2 Assumptions
a) Reliability assessment is a statistical process for applying historical failure data to
proposed designs and configurations. It therefore provides a credible target/estimate of the
likely reliability of equipment assuming manufacturing, design and operating conditions
identical to those under which the data was collected. It is a valuable design review
technique for comparing alternative designs, establishing order of magnitude performance
targets and evaluating the potential effects of design changes. The actual predicted values
cannot, however, be guaranteed as forecasting the precise number of field failures which
will actually occur, since this depends on many factors outside the control of a predictive
exercise. The information and statements contained in this document are opinions only and
reflect Technis's best judgement based on the available information. Technis shall not be
responsible whatsoever for loss or damage (including, without limitation, loss of profits or
any indirect loss), if any, suffered by any party as a result of decisions made or actions taken
in reliance upon or in connectionwith the information contained in this report.
b) Failure rates, for the purpose of this prediction, are assumed to be constant with time.
Both early and wearout related failures would decrease the reliability but are assumed to be
removed by bum in and preventive replacement respectively.
c) The proof test interval for unrevealed failures is annual (8760hrs). The mean time to
repair is thus insignificant and is not modelled.
1.3 Safety-Integrity Targets
The client has stipulated a SIL 2 target.
Low demand

__

High Demand

PFD

PFD

SIL 4

>=10-5 to <10-4

>=10-5 to <10-4

SIL3

>= 10-4 to <10-3

>=10-4 to <10-3

SIL2

>= 10-3 to <10-2

>=10-3 tot <10-2

SILl

>= 10-2 to <10-1

>=10-2 to <10-1

_____:Dr
David J. Smith Bsc.Phl), CEng,FIEE,FIQA,HonFSaRS,MIGasE
4

Technis Reliability Study IS}}

Issue .1.0: 7 Dec 2015 - Client Confidential

2. HARDWARE RELIABILITY
2.1 Random Hardware

AND SAFE FAILURE FRACTION

Failures

The fault tree in Figure 2.1 shows the simple simplex arrangement of the three elements. It
was analysed using the TTREE package (reference 4.5). The details are shown in Appendix
1.
The probability of the top event is 5.110-3 which (being in the SIL 2 range) meets the SIL 2
requirement.
Figure 2.1 - Fault Tree - Failure to close

FAIL TO
CLOSE THE
HOST VALVE
GTOP

BIFOLD
SOLENOID
FAILS TO REL

CAMTORC
ACTUATOR
FAIL TO MOVE

HOST VALVE
FAILS TO
CLOSE

SOL

CAM

VALVE

Note that (Appendix 1) the top event is dominated 43% by the failure of the host valve
rather than by the Imtex equipment.

__

_____cDr
David J. Smith Bsc.Phl), CEng,FIEE,FIQA,HonFSaRS,MIGasE
5

-----------------------------

-- --

--

Technis Reliability StudyT8ll

Issue .l.0: 7 Dec 2015 - Client Confidential

2.2 Safe Failure Fraction (Architectures)

The safe failure fraction (SFF) is calculated from the ratio:
"safe" failures + Diagnosed failures of that mode
Total ("safe" failures + failures of that mode)
A "safe" failure is a failure of an element and/or subsystem and/or system that plays a part in
implementing the safety function that:
a) results in the spurious operation of the safety function to put the EUe (or part thereof) into a
safe state or maintain a safe state; or
b) increases the probability of the spurious operation of the safety function to put the EUe (or
part thereof) into a safe state or maintain a safe state
There are two Tables which cover the so-called "Type A" components (Failure modes well defmed
PLUS behaviour under fault conditions well defmed PLUS failure data available) and the "Type B"
components (likely to be more complex and whereby any of the above are not satisfied).
In the following Tables "m" refers to the number of failures which lead to system failure. The Tables
provide the SIL number for each safe failure fraction case. The expression "m+ 1" implies redundancy
whereby there are (m+ 1) elements and m failures are sufficient to cause system failure.

TYPE A
SFF
<60%
60%-90%
90%-99%
>99%

TYPEB
SFF
<60%
60%-90%
90%-99%
>99%

SIL for
Simplex

SIL for
(m+l)

SIL for
(m+2)

1
2
3
3

2
3
4
4

3
4
4
4

SIL for
Simplex

SIL for
(m+l)

SIL for
(m+2)

NO*
1
2
3

1
2
3
4

2
3
4
4

* This configuration

is not allowed.
Simplex infers no redundancy and is referred to as Hardware Fault Tolerance 0
(m+l) infers lout of2, 2 out of3 etc and is referred to as Hardware Fault Tolerance 1
(m+2) infers lout of3, 2 out of 4 etc and is referred to as Hardware Fault Tolerance 2

Thus:
Matic SFF = 3.06/[3.06+0.44] = 80.5%
Bifold SFF = 0.363/[0.363+0.223] = 61.9%
Valve (typical) SFF = 3.5/[3.5+0.5] = 87.5%
Overall SFF (adding the above elements) = 6.92/8.09 = 85.5%
Each of the above are in the SIL 2 range for a HFT[O] device

__

----'Dr David J. Smith Bsc.Phl), CEng,FlEE,FlQA,HonFSaRS,MIGasE,

Technis Reliability Study T811

Issue .1.0: 7 Dec 2015 - Client Confidential

3. FAILURE RATE DATA

ITEM

Solenoid valve
(FP15 Bifold)

Solenoid valve generic

Pessimistic
Optimistic

FAILURE
RATEpmh
(PFD)

MODE

MODE
FRATE

SOURCE

0.586
0.586

Fail to release
Spurious rel

0.223
0.363

Ref4.4b
Ref4.4b

5
0.03

Fail to release
Fail to release

0.5
0.003

Ref4.3
Ref4.3

Fail to release
Spurious rel

0.223
0.363

Note (i)
Note (i)

Thus for this study

Note (i) The Ref4.4b Exida claim is within the Faradip range is thus perceived as credible.
Matic Actuator

3.5

Fail to close
0.44
Spurious close 3.06

Typical ESD valve*

Fail to close

0.5

Ref4.6
Ref4.6
Ref 4.3

* The failure rate of a host ball valve will depend upon the type and application. A credible
value has been used in this study.
4. REFERENCES
4.1 The Safety Critical Systems Handbook (A straightforward guide to functional safety
IEC61508) 3rd edition, 2010, Smith DJ and Simpson KGL, Butterworth Heinemann ISBN
9780080967813
4.2 IEC Standard 61508 Functional Safety, E/EIPE Safety Related Systems (7 Parts).
4.3 FARADIP.THREE Version 8.0 Failure Rate Data Base, Technis ISBN 0 951656236.
4.4 Client Documents:
a) email JR to DJS 4112/2015
b) EXida Certificate 1107001 COOl
4.5 TTREE Version 4.0 User's Manual 2015, Fault Tree package ISBN 09516562 4 4.
4.6 Technis Report T674 Matic Camtorc Actuator Failure Data

___

Dr David J. Smith Bsc,PhD,CEng,FIEE,FIQA,HonFSaRS,MIGasE

------

. _ -

-----------------

Technis Reliability Study T811

Issue .1.0: 7 Dec 2015 - Client Confidential

APPENDIX 1- FAULT TREE DETAILS

WITH HOST VALVE (0.5 pmh failure rate)
TTREE version 4.0
File name: T811.TRO
Results of fault tree quantification for top event: GTOP
0.116E-05 per hour
Top event frequency
0.101E-01 per year
0_864E+06 hours
Top event MTBF
0.987E+02 years
0.439E+04 hours
Top event MDT
Top event probability =
(PFD / Unavailability)

0.SOSE-02

Basic Event Reliability Data

Type
Failure
Mean Downtime/
Basic
Rate
Test Interval
Event
I/E
.223E-06
.876E+04 (PTI)
SOL
I/E
.440E-06
.876E+04 (PTI)
CAM
I/E
.500E-06
.876E+04 (PTI)
VALVE

Constant
Probability

Fussell-Vesely measure of cut set importance

Rank

Importance .430

Basic
Event
VALVE
Rank

Type
I/E

Failure
Rate
.440E-06

Importance .192

Basic
Event
SOL

____

I/E

Failure
Rate
.500E-06

Importance .379

Basic
Event
CAM
Rank

Type

Type
I/E

Failure
Rate
.223E-06

Cut set probability .219E-02

Mean Downtime/
Test Interval
.876E+04 (PTI)

Constant
Probability

Cut set probability .192E-02

Mean Downtime/
Test Interval
.876E+04 (PTI)

Constant
Probability

Cut set probability .976E-03

Mean Downtime/
Test Interval
.876E+04 (PTI)

Constant
Probability

Dr David J. Smith Bsc,PhD,CEng,FIEE,FIQA,HonFSaRS,MIGasE