Impact of Imperfect Proof Testing
Periodic proof testing (PT) is critical in providing adequate assurances that the Safety Instrument Functions (SIFs) provide the required risk reduction on demand from a hazardous scenario. The purpose of the PT is to prove the SIF operates at defined trip point, functions as per the Safety Requirements Specification (SRS) and fundamentally detects dangerous undetected failures (λDU) that cannot be detected by diagnostics. However, it is recognised that not all failures can be detected by diagnostics or PT and will only be identified either at equipment overhaul or when a demand is placed on the SIF.
The fraction of failures detected by the proof test is referred to as the Proof Test Coverage Factor (PTC). This paper will define proof test coverage, identify areas of consideration as to what can impact the PTC, propose methods for determining the PTC for greenfield and legacy equipment, and how the PTC can impact the average probability of failure on demand (PFDAVG).
This paper will conclude that the impact of imperfect proof testing can have a significant impact on the designed risk reduction requirements, impact on safety systems performance standards and the suitability of the defined proof testing method when the PTC is not considered. It shall also identify key areas of consideration within Functional Safety Management (FSM) that must be addressed to avoid systematic failures that can be introduced by the PT. Therefore, a theoretical and pragmatic approach should be adopted considering the prescribed proof testing methods in the safety manual and its predefined PTC for the selected operation mode. Consideration should also be given to the persons’ responsible for writing and conducting the proof testing and their ongoing relevant competency requirements.