It's been a minute, so to get back in the swing of things, we've asked guest blogger, Mr. Harry Cheddie, P.Eng. CRE, CQE, CFSE; an industry-recognized expert in industrial safety, to comment on the relationship between reliability and proof test intervals.
In functional safety, the proof test interval (PTI) is derived to minimize the probability of a dangerous undetected fault interfering with the operation of a safety system, in order to meet a defined Safety Integrity Level (SIL) target.
So another way of looking at the PTI is as a proxy for the system’s inherent reliability — a reflection of how confidently we expect it to remain free of dangerous undetected faults over time.
For a given SIL, a longer PTI implies a more reliable system.
If a system can maintain SIL performance while undergoing proof testing less frequently, it is inherently more reliable. Let’s look at why this is the case and what it means for design and maintenance.
A system’s Probability of Failure on Demand (PFDavg) is a key measure of reliability. It depends on both the dangerous undetected failure rate (λDU) and the proof test interval (T).
Note: in this post, “reliability” is used in the probabilistic safety sense — as expressed by PFDavg — which is closely related to availability but not identical.
In this relationship, smaller is better. Increasing "T" generally increases PFDavg — unless the system’s λDU is low enough to compensate. That’s the key insight:
If a system can maintain its SIL at a longer PTI, it must have a lower dangerous undetected
failure rate, making it inherently more reliable.
Maintaining SIL at a longer PTI means the system’s inherent failure rate is lower or it's fault detection is better, reflecting stronger design, better components, or more effective diagnostics.
Reliable systems can go longer between proof tests without exceeding PFDavg limits. If a system requires more frequent checking, everything else being equal, that’s a sign of higher risk.
Frequent proof tests can mask weak reliability. Robust design — through higher-quality materials, redundancy, or advanced diagnostics — enables longer PTIs without compromising safety.
Note: proof test interval is only meaningful in light of test coverage — if the test doesn’t detect a significant share of dangerous failures, then PTI by itself is an incomplete indicator regardless of frequency .
Two systems with the same purpose may both meet SIL-2, for example, but if one requires proof testing every year and another every twenty, the latter is carrying more of the reliability burden in its design.
Differences in PTI often reflect engineering choices such as:
In that sense, PTI provides a way to compare systems that meet the same SIL target by different means — distinguishing those that are compliant from those that are more inherently reliable.
A system that maintains SIL compliance with a longer PTI is statistically more robust, probably better designed, and safer over time.
That said, there are many considerations in selecting a safety system. PTI doesn’t tell the whole story — but it remains an important and practical specification to consider when comparing similarly purposed systems.
Further Reading
As always, your likes, comments, and questions are appreciated. Thanks for reading — see you next time!