You may not know or care much about Hardware Fault Tolerance (HFT) unless you're working in a hazardous industry with Safety Integrity Level *SIL requirements.
However, just like the multiple safety systems in your motor vehicle, systems used for protecting hazardous process plants are often built with intentional redundancy, both for safety, and to keep things running when stuff fails.
Fault Tolerance for Safety
Levels of Hardware Fault Tolerance (HFT) are specified in functional safety standards IEC 61508 and IEC 61511, primarily for safety reasons. Very generally speaking, the higher the safety integrity Level (SIL) required, the more hardware fault tolerance is expected in the design.
Systems or functions with ZERO hardware fault tolerance (HFT = 0) cannot tolerate a single dangerous failure. All such "single channel" systems, by definition, have no ability to tolerate faults.
Systems or functions with ONE LEVEL of hardware fault tolerance (HFT = 1) are designed to tolerate a single dangerous failure. Examples of these are dual or triple-redundancy.
So, a typical SIL 1 safety instrumented function (SIF) may not require any level of HFT to achieve the overall safety goal, provided that goal is met by other aspects such as the calculated PFD/PFH. The benefit of this is lower complexity, installation cost and reduced maintenance. Single channel systems are very common when the risk of failure is relatively low.
When the integrity requirement increases, there may need to be some redundancy added to achieve the SIL target. So, a SIL 2 SIF may require redundant sensors, logic and/or final elements. A SIL 3 SIF will always require some redundant elements in the design.
Given that SIL 3 requirements are fairly uncommon, it is the designer's responsibility to check that the HFT is sufficient for SIL 2 and SIL 1 requirements. Of course, these are not the only things needed - check our other blog on this topic.
Fault Tolerance for Availability
Another goal for systems and safety functions is the AVAILABILITY. High availability means a well-designed fault tolerant system will keep a plant running even in the presence of single hardware failures.
Adding redundancy for availability can also allow a system to keep running during testing, possibly even without shutting down the plant. This aspect of fault tolerance is often forgotten in the quest for safety integrity, but it's very critical for the bottom-line.
Want to Know More?
This topic is covered in a lot more depth in our online training course for Safety Instrumented Systems. Download the course PDF flyer below.