Basic HTML Version
12
The figure shows the simplified
procedure for determining the
performance level (PL) of a
safety function. The PL is a
function of categories B to 4,
diagnostic coverage “none to
high”, various MTTF d areas and
the Common Cause Failure.
The PL can be assigned to a
specific SIL level. However, it is
not possible to infer the PL from
the SIL. Apart from the average
probability of one dangerous
failure per hour, other measures
are needed to achieve a specific
PL.
Evaluating technical safety measures – Determining the performance level
Risk graph: Which Performance Level
is required? PL a to e
How is the control chain or safety function
structured? Category B to 4
Quality of components in the control chain:
Determining the MTTF d for the entire process
chain, from the sensor to the actuator!
Degree of diagnostic coverage: which
dangerous faults are detected?
Common cause failures (CCF): measures for
avoiding CCF
Determining the MTTF d = Mean Time To Dangerous Failure
Determining the PL = Performance Level
Determining the SIL = Safety Integrity Level
a
b
c
d
e
Cat. 2
60% ≤ DC
< 90%
Low
90% ≤ DC
< 99%
Medium
90% ≤ DC
< 99%
Medium
Cat. 3
60% ≤ DC
< 90%
Low
Cat. 4
99% ≤ DC
High
DIN EN ISO 13849-1
Chapter 4.5.4
Cat. 1
DC < 60%
None
Cat. B
CCF not relevant
CCF 65%
DC < 60%
None
1
2
3
1
1
2
2
3
3
4
4
5
5
Evaluation
Low
Medium
High
Source: DIN EN ISO 13849-1 Chapter 4.5.2
MTTF d
3 years ≤ MTTF d < 10 years
10 years ≤ MTTF d < 30 years
30 years ≤ MTTF d < 100 years
10
–5
≤ PFH d < 10
–4
3 x 10
–6
≤ PFH d < 10
–5
10
–6
≤ PFH d < 3 x 10
–6
10
–7
≤ PFH d < 10
–6
10
–8
≤ PFH d < 10
–7
≤