The revised NAMUR Worksheet NA-106 (Issue: 2018-09-06) now gives examples of generic proof tests for sensors and actuators, as well as corresponding Proof Test Coverage (PTC).
Our blog on ‘SIL-Degradation‘ highlighted that Proof Test Coverage (PTC) is an important factor in determining the achieved SIL-rating of a safety function (SIF) in the field. PTC (also called CPT) is defined as the percentage of dangerous undetected random failures that are revealed by regular manual proof testing (IEC 61508-6, B3.2.5). This number clearly depends on the type and extent of proof testing carried out. For instance, as we previously noted, published data shows that the PTC for an actuator/valve assembly can vary from 57-99% depending on extent of proof testing. If PTC is defined too optimistically, Operators could be overestimating the actual SIL of existing SIFs, and thus not achieving risk reduction requirements.
It is often difficult for Operators to define what is a realistic PTC corresponding to the type of proof testing that is actually being carried out. Manufacturer’s Safety Manuals typically are a good starting point, but proof-test procedures may be later adapted at site to suit existing maintenance practice and resources, or to fit in with operational limitations. The revised NAMUR Worksheet NA-106 (Issue: 2018-09-06), Annex D, now gives some guidelines in this regard, which can be used in conjunction with industry standards (e.g. ExSILentia) to define a realistic PTC for each section of the safety loop and corresponding proof-test practice.
The table below gives some typical examples of PTC taken from NA-106, compared to default values in the ExSILentia software.
NA-106 is typically referenced in the process industries, such as petrochemical and pharmaceutical, as well as Plants that are subject to the Hazardous Incident Ordinance (Störfallverordnung, 12. BImschV). However, the guide PTCs may be considered in other sectors implementing functional safety protection systems according to IEC 61511.
A further interesting addition in the latest revision of NA-106 is the concept of flexible proof testing of field devices and sub-systems. This means sensors and actors may be individually tested at different times, instead of end-to-end testing of the entire loop on a yearly basis as per current general practice. The ExSILentia SILver module, used by PSC as a SIF design and verification tool, already allows for varying proof test intervals for each section of the safety loop.
PSC provides design and verification services according to IEC 61511 to align target SIL-ratings with achieved SIL for new and existing (legacy) safety systems, considering proof test procedures.