About Proof-testing
Increase efficiency and safety with proven solutions for level devices in safety instrumented systems
Proof-testing is performed to check the functionality of devices implemented within a safety loop and is mandatory to be compliant with international safety standards. Dangerous undetected failures (DU), which are failures not identified by device diagnostics, must be considered when designing the safety loop. The regularity of proof-tests is based on the safety integrity level of the safety loop and probability of a device failure (PFD). To ensure a device continues to achieve its required SIL, the PFD, which increases over time, can be reduced to almost its original level by performing comprehensive proof-testing. For devices with a low DU, this can also be achieved with partial proof-tests. These can be performed remotely and are far less time-consuming than comprehensive testing.
Proof-testing is defined in IEC 61508 as a ‘Periodic test performed to detect dangerous hidden failures in a safety-related system so that, if necessary, a repair can restore the system to an “as new” condition or as close as practical to this condition’. A proof-test is designed to reveal built-in device failures, not detected by anyone. It is a vital part of the safety lifecycle, critical to ensure a system achieves its required SIL throughout the safety lifecycle.
The IEC 61511 standard recommends the use of a functional safety life cycle to:
IEC 61508 indicates that Systematic Capability, Architectural Constraints and Probability of Failure of a product must be evaluated. An independent third-party test company such as Exida can provide certification covering all three parts required for the targeted SIL level:
Probability of Failure on Demand (PFD)
The risk of a device failing to perform its safety function when required. IEC 61511 states that the interval between proof-tests shall be calculated based on the average PFD (PFDavg). The individual failure rates, diagnostic coverage and safety function factor are used for calculation of PFDavg. A lower individual instrument value helps improve the overall reliability.
Risk Reduction Factor (RRF)
Risk reduction factor (RRF) is the inverse of the required probability of failure. For example, a required probability of failure value of 0.001 equals an RRF of 1000, which means one dangerous failure every 1000 years.
A comprehensive proof-test verifies all three functional elements of a device – output circuitry, measurement electronics and sensing element. A partial proof-test verifies one or two of them. A partial proof-test is performed to ensure that a device has no internal problems, and it will bring the PFD of a device back to a percentage of the original level and ensure that it fulfills its specified SIL requirement.
A combination of partial proof-tests that covers all three functional elements is considered as a comprehensive proof-test.
In addition to measurement data, modern level devices also provide access to diagnostic features and support remote proof-testing. Failures can be identified in real time. Diagnostic coverage (DC) describes the device’s ability to detect dangerous failures. Proof-test coverage is a measure of how many undetected dangerous failures, not identified by a device’s diagnostics, that can be detected by proof-testing. This is defined as the proof-test coverage (PTC) factor, which should be an as high percentage as possible (ideally 100% for a full test).
Learn how perform a safety proof-test of the Rosemount Tank Gauging System, using the proof-test manager function, which is built into the TankMaster WinSetup software. A step-by-step guided process making your proof-testing quick and easy.