Question: *We have PLC (parent, not covered by the analysis) controller and if temperature falls too much or go to high the PLC temperature sensors (also, not covered) send information to the PLC that there is a failure (but we don’t know exactly where). Is it a detection method?*
Answer: It could be. Does the PLC alert the operator as to the malfunction? (This could be through an alarms, warning lamps or displays, error codes, etc) If it does, then you have detection.
If there is no form of ‘alert’ issued, the operator (or maintenance person)will not be aware of the failure condition, in which case it would not be detection.
Statement: *We have two temperature controllers – first maintain the temperature and the second one protects against low temperature (if something go wrong he takes control and turns the heater) – this are not a redundant devices. Each PLC has Duty Cycle 100%.*
Comment:*Although it is not full ’redundancy’, it is redundant as far as protection against the “temperature too low” condition is concerned, since both PLC1 and PLC2 provide low temperature protection; both would have to fail in order for the *temperature too low* to occur.
I would suggest that since both PLC1 and PLC2 protect against low temperature, the modes of failure that correspond to a * temperature too low protection failure * should have the same level of severity for PLC1 and PLC2. It cannot be assumed that when PLC1 fails, PLC2 will take over. Since both are in use 100% of the time, it is entirely possible that PLC2 could fail before PLC1 fails in which case, when PLC1 fails, there is no backup.
I suggest that you should add a ‘new’ severity ‘classification to cover failure of a redundant function, which is inherently ‘less severe’ than if it was not redundant.
Question: In my opinion in PLC2 beta value should be expression of percent of time when he actually control the heater for example 1% of time. So beta value should be 0,01. Is it correct?
Assigning a Beta value is frequently a judgment call, based on technical knowledge, and experience. As such, there is not a single *correct* answer as to how to assign Betas. One analyst may provide one answer based on their experience, and another would likely have a different answer. As long as each analyst used their best judgment and could justify the assignment, they both could be *correct* even though their answers may differ. For this reason, I cannot say that your assumption in incorrect.
Here is how I would approach it:
As mentioned above, as far as the ‘temperature too low’ failure is concerned,PLC1 and PLC2 are redundant. Therefore, the probability of a failure of either PLC1 or PLC2 resulting in a ‘too low temperature’ is reduced from what it would be if there were not redundancy.
If there were not redundancy, then this failure mode would have a beta of 1, correct?
However, in a 1 of 2 redundant function, (assuming PLC1 and PLC 2 designs are equivalent), the effective failure rate decreases by a factor of 1/1,5. As a result, one could argue that the Beta for a PLC1 and PLC2 for this mode of failure is deceased by a factor of about 1/ 1,5 , giving a Beta of 0,67 for both PLC1 and PLC2 for this mode of failure.
Don’t be alarmed by the relatively high beta as compared to the one that you proposed. If you add the new ‘reduced severity’ class for redundant function as recommended, that, plus the reduce beta, reduces the severity impact of this failure mode.
Again, if you feel that your Beta assignment is better, then use it.
Quanterion Solutions, Inc, is the day-to-day operator of the DSIAC in the technical areas of reliability, maintainability and quality (RMQ).