Spurious trip level

Spurious Trip Level (STL) is defined as a discrete level for specifying the spurious trip requirements of safety functions to be allocated to safety systems. An STL of 1 means that this safety function has the highest level of spurious trips. The higher the STL level the lower the number of spurious trips caused by the safety system. There is no limit the number of spurious trip levels..

Safety functions and systems are installed to protect people, the environment and for asset protection. A safety function should only activate when a dangerous situation occurs. A safety function that activates without the presence of a dangerous situation (e.g., due to an internal failure) causes economic loss. The spurious trip level concept represents the probability that safety function causes a spurious (unscheduled) trip.

The STL is a metric that is used to specify the performance level of a safety function in terms of the spurious trips it potentially causes. Typical safety systems that benefit from an STL level are defined in standards like IEC 61508, IEC 61511, IEC 62061, ISA S84, EN 50204 and so on. An STL provides end-users of safety functions with a measurable attribute that helps them define the desired availability of their safety functions. An STL can be specified for a complete safety loop or for individual devices.

For end-users there is always a potential conflict between the cost of safety solutions and the loss of profitability caused by spurious trips of these safety solutions. The STL concept helps the endusers to end this conflict in an a way that safety solutions provide both the desired safety and the desired process availability.

STL determination

The spurious trip level represents asset loss due to an internal failure of the safety function. The more financial damage the safety function can cause due to a spurious trip the higher the STL level of the safety function should be. Each company needs to decide for themselves which level of financial loss they can or are willing to take. This actually depends on many different factors, like the financial situation of the company, the insurance policy, the cost of process shutdown and startup, and so on. All these factors are unique to each company. The table below shows an example of how a company can calibrate its spurious trip levels.

In order to calculate the PFS or PFD value of a safety loop it is necessary to have a reliability model and reliability data for each component in the safety loop. The best reliability model to use is a Markov model (see Andrey Markov). Typical data required is:
* Lambda safe detected
* Lambda safe undetected
* Lambda dangerous detected
* Lambda dangerous undetected
* Repair rate
* Proof test coverage
* Proof test interval
* Common cause factors

External links

* [http://www.iec.ch/functionalsafety IEC Functional safety zone]
* [http://www.iec.ch/zone/fsafety/pdf_safe/hld.pdf Functional Safety and IEC 61508: A basic guide]
* [http://www2.theiet.org/oncomms/sector/computing/Articles/Object/58D25FCD-6153-46BD-ADAF910D2C4B69D4 Overview of IEC 61508]
* [http://www.safetyusersgroup.com Safety Users Group] - Functional Safety-Information Resources
* [http://www.insidefunctionalsafety.com Inside Functional Safety] - Technical magazine focusing on functional safety