What is PFDavg?

Important indicator representing “probability that safety functions will not work when needed”

When researching “SIL (Safety Integrity Level),” you may come across the term PFDavg (average Probability of Dangerous Failure).

PFDavg is a value which represents the “probability that a safety function will not work when needed.”

One of its characteristics is that a smaller PFDavg value indicates higher safety.

Why do we use PFDavg?

Machines in the factory have “safety functions” to protect people from hazards.

For example, the following safety devices are used:

• Emergency stop buttons
• Safety switches
• Safety sensors
• Safety PLCs

These devices protect workers by operating correctly when danger occurs.

However, no device is completely free from failures.
If a safety function fails, there is a possibility for workers to encounter hazardous situations such as:

• the machine does not stop even though the emergency stop button is pressed.
• the machine does not stop even though the safety door is opened.

At this point, what we need to consider is “how reliable the safety function is.”
PFDavg is one of ways to express the reliability numerically.

PFDavg in simple terms

PFDavg is an abbreviation for the average Probability of Failure on Demand.

Although the name may sound complicated, it is imporatnt to understand that PFDavg is the “possibility that a safety function will fail at the required time.”

What’s the meaning of “fail to work when needed”?

Let’s imagine an emergency stop button as an example.

In a normal situation, the emergency stop button is not used because nothing has happened.

However, in emergencies like below, it is necessary to ensure that the machine can be stopped reliably:

• A person entered a hazardous area
• A machine is running out of control
• A fault has been observed

What do you think will happen if the emergency stop button fails at that moment?

It could lead to dangerous situations such as:

• The machine does not stop even though the button is pushed.
• No signal is being transmitted.
• Output cannot be cut off.

In other words, PFDavg represents the “possibility of failure when you need it most.”

The smaller the value, the safer it is

PFDavg represents the “probability of failure.”

Therefore, the relationship between PFDavg value and safety is as follows:

• A smaller PFDavg value → Less likely to fail → Safer
• A larger PFDavg value → More likely to fail → More dangerous

Relationship between SIL and PFDavg

SIL classifies safety devices and systems into stages based on “how reliable it is.”

PFDavg is one of the important values used in this classification.
The higher the SIL, the smaller the PFDavg required.

In other words,

• SIL2 is less likely to fail than SIL1
• SIL3 is less likely to fail than SIL2

Why is the word “average” used?

PFDavg includes the word “avg (average).”
This means the “average probability of failure over a certain period.”

Safety devices are used while undergoing periodical inspections and tests.

Let’s assume that inspections are conducted periodically like below:

• semi-annually (every 6 months)
• annually

Even if the safety device works normally right after the inspection, the possibility of failure gets gradually higher over time.
PFDavg represents the “average probability of dangerous failure between the previous inspection and the following inspection.”

PFDavg will never be “zero”

The important point here is that:

no safety device can have a zero probability of failure.

No matter how advanced the safety device is,

• component degradation
• wiring troubles
• failed contacts
• electronic parts failures

can happen.

Therefore, in the world of SIL, the approach is not to “create a machine that never fails” but rather to “minimize the possibility of failure sufficiently.”

It can be said that PFDavg is a quantified representation of this approach.

How is it different from MTTFd?

If you are familiar with PL (Performance Level), you may feel

“Is PFDavg similar to MTTFd?”

Indeed, both are values related to safety.

However, their meanings are different.

• MTTFd is “average time until a dangerous failure occurs.”
• PFDavg is “probability that a safety function will not work when needed.”

In other words, they describe safety from different perspectives:

• MTTFd (time) → How long the device can operate before a dangerous failure occurs
• PFDavg (probability) → How reliably the safety function works when needed

Start with understanding that it’s the “probability of failure”

The term, PFDavg, may seem complicated, but for now, it is enough to understand it as “probability that the safety functions will not work when needed.”

Also, it will significantly improve your understanding of SIL if you keep in mind that

a smaller value indicates greater safety.

As you continue to learn more about SIL, you will come across terminilogies like SFF (Safe Failure Fraction) and HFT (Hardware Fault Tolerance).

However, at the heart of them all lies a question: “Do the safety functions really work when needed?”

PFDavg is one of the important indicators that represents that idea.

Related Products