Definition:
Safe Failure Fraction (SFF) represents how good a device is at avoiding undetected dangerous failures by showing the percentage of failures that are either safe or detected. SFF is a math term that recognizes dangerous undetected as the worst case type of failure. It is the ratio of safe (SD and SU) and detected dangerous (DD) failures to total failures (SD+SU+DD+DU). This is part of the analysis and intertwines with route 1 (1H and 1S).
The core purpose of SFF is to determine, along with HFT, the maximum SIL of a device undergoing certification. Some practitioners say SFF only applies to things with diagnostics, but that is not technically true. Without diagnostics, SFF would be lower, at times < 60%. Common SFF thresholds in SFF and HFT tables used in IEC 61508 are 60%, 90%, and 99%.
SFF is very tied to route 1 (1H along with 1S). If 2H or 2S are used, SFF is not needed for compliance under Route 2, but often is calculated as supporting data.
This can also be confusing as SFF is similar to DCdang.
- DC focuses on the dangerous portion of failures
- SFF focuses on the entire portion of failures
- SFF is always >= DCdang
Key Points:
- Higher SFF reduces the required hardware fault tolerance.
- Important for achieving higher SIL levels.
- Do not confuse with diagnostic coverage (DC). They are closely related but distinct topics.
- Do not confuse with proof test coverage (Cpt)
- SFF is used in architectural constraint evaluations (Route 1), while DC is commonly used in analytical modeling (e.g., FMEDA)
Example:
If a device has 90 safe or detected failures out of 100 total, its SFF is 90%.
See also: DC, routes, hardware fault tolerance (HFT), Cpt
Cited Source:
- IEC 61508-2:2010, Clause 7.4.4.