Proof-testing strategies induced by dangerous detected failures of safety-instrumented systems

• Identify the tests induced by detected failures.
• Model the testing strategies following DD-failures.
• Propose analytical formulas for effects of strategies.
• Simulate and verify the proposed models.

Some dangerous failures of safety-instrumented systems (SISs) are detected almost immediately by diagnostic self-testing as dangerous detected (DD) failures, whereas other dangerous failures can only be detected by proof-testing, and are therefore called dangerous undetected (DU) failures. Some items may have a DU- and a DD-failure at the same time. After the repair of a DD-failure is completed, the maintenance team has two options: to perform an insert proof test for DU-failure or not. If an insert proof test is performed, it is necessary to decide whether the next scheduled proof test should be postponed or performed at the scheduled time. This paper analyzes the effects of different testing strategies on the safety performance of a single channel of a SIS. The safety performance is analyzed by Petri nets and by approximation formulas and the results obtained by the two approaches are compared. It is shown that insert testing improves the safety performance of the channel, but the feasibility and cost of the strategy may be a hindrance to recommend insert testing.