What is the Spurious Trip?
A spurious trip or safe failure would be a time when the process is in normal operation and the system acts as if there is a problem and goes to the safe state when it is not necessary. A spurious trip is the activation of a SIF when there is no demand.
Since a SIF or safety function is designed to put the Equipment Under Control (EUC) into a safe state, spurious trips are associated with safe failures, as opposed to dangerous failures where the affected SIF fails to activate when there is a demand. A spurious trip may be safe with regard to a given safety function but may be dangerous with regard to another safety function.
IEC 61511 (IEC, 2017) Part 1 Clause 10.3.2 requires that the “maximum allowable spurious trip rate for each SIF” be specified as part of the Safety Instrumented System (SIS) Safety Requirements Specification (SRS).
Spurious trip rate needs to be taken into account during the design of a SIF for a number of reasons, including:
- A high spurious trip rate undermines the operator’s trust in the SIF, which may result in the SIF being bypassed/inhibited temporarily or permanently thus undermining functional safety;
- A high spurious trip rate increases the need for unnecessary human intervention to investigate and restart the process, with increased opportunity for human errors thus undermining functional safety;
- A high spurious trip rate leads to unnecessary process shutdowns, with associated production loss.
Examples of spurious or safe failures could include:
- Loss of air pressure in the actuator in a close-on trip application.
- Output fails open and immediately goes to the safe state
The Greek symbol λS represents safe or spurious failure rates in functional safety expressed in the unit of measurement of FITs which can be determined through FMEDAs. (FITs (λ) are failures per billion hours, expressed by 10-9 hours).
λS is the number of safe of spurious failures per unit of time for a piece of equipment.
λS can further be broken down into subclasses: λSD and λSU, the detectable spurious trip failures and the undetected spurious trip failures, where λS = λSD + λSU.
Knowing your safe failure rate can help prevent unwanted and unneeded process shutdowns, which we all know can be not only frustrating but costly! Often the lS get overshadowed by the famous lD and the dangerous failures, but they are important too! So even if it is tempting to only consider dangerous failures in your system, take a minute to think about possible safe failures as well.
Top References:
