The Functional Safety Test Procedure is a document which describes how and how often a SIF must be tested in order to ensure its full functionality.

The SIL verification involves determining what the largest Test Interval can be in order to remain below the limit of the Probability of Failure on Demand for the Safety Instrumented Function at all times. In practice we often see that a test is only partially performed. If a valve is not allowed to let anything through after it has been closed, then you must also test this with a leakage test. We do that in a test procedure.

If you want to test a high level switch, the sensor must actually see liquid. You must also check that the Process connection(s) are not blocked, otherwise a variation in the process will not be noticed. If not, you will have to lower the quality of the test (Test Coverage Factor). Test Coverage Factor = 0 - 1 or 0-100% is the percentage of dangerous failures detected by the functional test. In order to determine a good TCF for the test procedure, a Failure Mode Effect Analysis (FMEA) must be performed for each measuring principle to determine what the dangerous hidden failures are and whether these are detected with the specific test.

Test procedure

Broadly speaking, we apply the following TCFs:

Temperature element and transmitter (full test): 95%.

Pressure transmitter (full test): 95%.

Safety PLC (incl. diagnostics): 99%.

On-Off valve with actuator (non-Tight Shut-Off): 95%.

On-Off valve with actuator (Tight Shut Off): 75%.

In de testprocedure is het dus de bedoeling dat de gemiddelde Probability of Failure on Demand (PFDavg) onder de PFD limiet van de Safety Instrumented Function (SIF) (SIL 1 = < 10^-1, SIL 2 = <10^-2, etc.) blijft. Wanneer je een SIF test met een Test Coverage Factor van 50% is na het testen de PFDavg met 50% teruggebracht. Als je test met een Test Coverage Factor van 95% is na de testprocedure de PFDavg met 95% teruggebracht.

When you enter a Test Interval and the TCF for the sensor-logic solver and final element into the SIL verification programme (aeShield), the programme calculates whether you are still under the PFD limit of the SIF.