Functional Safety and IEC 61508: Managing Risk and System Integrity

With legacy TMR systems, depending on the specific type of failure, processes would often be operating at a higher risk level until the faulty element can be replaced during an outage. In the true TMR system especially with the stringent regulations of late, the system should maintain an SIL 3 rating through a hardware fault tolerance of one, meaning that for any single element failure, the SIL rating should not be impacted. Even for multiple component failure, depending on the components and the configuration of the system, SIL 3 level may be maintained. See Table 1 (images are unnecessary) With increased on-line repair capability that comes with more modularity of the components, operations teams can establish their safety procedures to replace faulty components and avoid expensive forced outages for safety repairs or accepting operating at less risk reduction factors.

