Last edit: 22/08/2023
How many faults should be considered?
A Safety system has to be reliable; but how many faults should be taken into consideration? A redundant system can be designed with two sensors and two redundant final elements but, in case of two faults, we are in trouble! In general, the following fault criteria shall be taken into account:
- If, because of a fault, further components fail, the first fault together with all following faults shall be considered as a single fault (known as a dependent fault).
- Two or more separate faults, having a common cause, shall be considered as a single fault. This situation is analysed in detail in 3.6.
- The simultaneous occurrence of two or more faults having separate causes is considered highly unlikely and therefore needs not be considered ([ISO 13849-1] 6.1.10.2 Fault consideration).
That means, in machinery, due to the advantage of having, most of the time, a high demand mode of operations, only one independent fault has to be considered. Two faults are considered very unlikely during the time between two demands upon the safety function. The assumption becomes less sustainable in case of demands of few times a year or in case of a safety system in low demand mode.