In attending last week’s 63rd Annual Texas A&M Instrumentation symposium, I was shocked to hear from a well respected safety expert that SFF (Safe failure fraction) was a failed metric.  No explanation, just that SFF was pretty much useless, followed by a cackle.  I really hate when people make profound statements like this, with no reasoning or justification behind it.  I felt as if the audience was just bullied into this person’s position, and all were just too intimidated to challenge it.  So what’s wrong with SFF?

SFF is defined in ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod), as the fraction of the overall random hardware failure rate of a device that results in either a safe failure or a detected dangerous failure.  It’s sole purpose was to help prevent over optimistic SIL claims by equipment manufactures, and helped to determine the required fault tolerance of your SIS (safety instrumented system). 

While I didn’t get a chance to follow up directly with the individual, I’m pretty sure the argument has something to do with how your system actually responds to a detected dangerous fault.  If your system detects a dangerous fault within itself, does it automatically shutdown your process, or just alarm the operator?  If it’s the latter, than the SFF’s pretty much a failed metric.