Spurious Trip Explained

What is the Spurious Trip?

A spurious trip or safe failure would be a time when the process is in normal operation and the system acts as if there is a problem and goes to the safe state when it is not necessary. A spurious trip is the activation of a SIF when there is no demand.

Since a SIF or safety function is designed to put the Equipment Under Control (EUC) into a safe state, spurious trips are associated with safe failures, as opposed to dangerous failures where the affected SIF fails to activate when there is a demand. A spurious trip may be safe with regard to a given safety function but may be dangerous with regard to another safety function.

IEC 61511 (IEC, 2017) Part 1 Clause 10.3.2 requires that the “maximum allowable spurious trip rate for each SIF” be specified as part of the Safety Instrumented System (SIS) Safety Requirements Specification (SRS).

Spurious trip rate needs to be taken into account during the design of a SIF for a number of reasons, including:

A high spurious trip rate undermines the operator’s trust in the SIF, which may result in the SIF being bypassed/inhibited temporarily or permanently thus undermining functional safety;
A high spurious trip rate increases the need for unnecessary human intervention to investigate and restart the process, with increased opportunity for human errors thus undermining functional safety;
A high spurious trip rate leads to unnecessary process shutdowns, with associated production loss.

Examples of spurious or safe failures could include:

Loss of air pressure in the actuator in a close-on trip application.
Output fails open and immediately goes to the safe state

The Greek symbol λS represents safe or spurious failure rates in functional safety expressed in the unit of measurement of FITs which can be determined through FMEDAs. FITs (λ) are failures per billion hours, expressed by 10*E-9 hours.

λS is the number of safe of spurious failures per unit of time for a piece of equipment.

λS can further be broken down into subclasses: λSD and λSU, the detectable spurious trip failures and the undetected spurious trip failures, where λS = λSD + λSU.

Knowing your safe failure rate can help prevent unwanted and unneeded process shutdowns, which we all know can be not only frustrating but costly! Often the lS get overshadowed by the famous lD and the dangerous failures, but they are important too! So even if it is tempting to only consider dangerous failures in your system, take a minute to think about possible safe failures as well.

Effects of Spurious Trip

There are several effects of a spurious trip that have a negative financial effect on the operation of a plant. For high throughput operations such as refineries, the major impact is downtime. Spurious trips often result in immediate loss or turndown of production and take time to recover from (because certain conditions must be met before the SIF can be reset, and even then, throughput and efficiency take some time to return to their equilibrium levels).

Financial impact can also result from:

Lost materials: product or other materials may be dumped to waste or flare during a trip.

Damage to equipment: trips may result in large swings in physical conditions (e.g. pressure), resulting in shock to equipment. This can reduce the lifetime of vulnerable components such as heat exchangers and catalyst beds (which may suddenly expand or contract, causing the particles to disintegrate).

Cleanup: trips may result in material being deposited in emergency depressurization or inventory valves and the downstream piping. This must be decontaminated before restart, and the valves and piping proven to be in good order, so they can respond properly to a real trip.

Cost of investigation: every trip should be logged and investigated. This costs engineering time and may also result in design changes and/or retraining.