Conclusions

Last edit: 26/02/2024

In this article we described some of the limits and critical aspects of the SFF parameter.

When the IEC 61508 first edition was defined, the Diagnostic Coverage was used, which came from an old German standard.  However,  it was indicated that some devices may not have DC, but were designed to have the majority of failures to fail to the safe condition (sprung valve). Therefore, still during the development of the first edition, it was agreed that this was equivalent to DC and after several discussions the reference was changed to the SFF.

That generated “abuses” that were reduced in the second edition of the standard, with the definition of the No Effect Failures. Those were considered Safe Failure with the first edition and that induced some laboratories to attribute too high SFF for certain components.

Still in the second edition of IEC 61508, it was made clear that it is not enough that the component can detect dangerous failures to be able to define them as Dangerous detected failures. It is important that, in case of a detected Dangerous Failure, the safety System can be brough to a safe state.

Finally, in 2021, with the new edition of IEC 62061 it was highlighted that, normally, electromechanical components do not have safe failures and therefore, usually, SFF = DC.