Let's say failure rate of a single sensor is 0.01

When using 1oo2 logic, failure rate is effectively doubled because failure of ANY of the sensors will cause spurious trip. You have two sensors with failure rate 0.01 hence the system failure rate is 2x 0.1 = 0.02
When using 2oo2 logic, you need both sensors to fail simultaneously, i.e. 0.01 x 0.01 = 0.0001 hence the system failure rate is effectively reduced 100 times.

Dejan IVANOVIC
Process Engineer, MSChE

Hi,
Thanks for this. I just have a question. If the sensors are “ANDED” together and one fails to read the desired setpoint then would this not prevent the other sensor from working correctly as would this not feed into the second sensor ?

Thanks

Your OP is necessarily not true; if one of the controllers actually fails, you could be no worse off than if you only had a single controller, which you still would have. That's predicated on whether the downstream client can detect or be informed of the failure, in which case, it could revert to a single controller operational mode. Presumably, you have some indication that a controller actually failed, otherwise, you'd be running the process with a failed controller, which ought be possible.

IF (NOT (Fail_A OR Fail_B)), then Trip = Trip_A AND Trip_B
IF (Fail_A OR Fail_B), then Trip = ((Trip_A AND (NOT Fail_A)) OR (Trip_B AND (NOT Fail_B)))

Now, your actual hardware failure rate is doubled, but that's a cost/maintenance time issue.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

Voting arrangement might be susceptible to common cause failure modes - examples would be instrument sensing line blockage (if both sensors are connected to the source vessel via single sensing line), and in such case indeed both instruments would fail simultaneously and you will not have any increased reliability due to voting/redundancy. So to answer your question, you need to look at your system and confirm if there is any scenario during which both sensors would fail simultaneously from a common cause. If there is, reliability is reduced for the fraction (X%) of all failures (100%) that occur due to common cause failures. If there isn't any common cause failure scenario, the voting arrangement would effectively reduce failure rate 100 times compared to single sensor case.

Dejan IVANOVIC
Process Engineer, MSChE

Thanks for the replies. The problem is we have two sensors placed at opposite sides of a room. These will detect water leakage. If the first one detects leakage then an alarm will be generated and operators should then pull a plug to allow the water to drain away. However if they do not and the water continues to rise and activates the second sensor then this should trip the pumps in the room.

Both sensors will be taken back to relays in a panel and the second sensor will only be initiated if the first has detected water, so if there is a fault in the first then the second sensor would never be initiated to look for water and the pumps would never trip.

Thanks

OK, so why can't the second one always be looking for a leak all the time?

If S2 = Trip, AND S1 <> Trip, Pull Plug (anyway) Check S1 and room

Seems to me that you are actually trying to prevent inaction on the operator's part, so why is there even a human in the loop? All the testing and actual usage on autonomous cars and other systems show that the human is the weakest link and least able to sustain alertness for more than about 10 to 15 minutes. If the plug is automated, then you can apply normal reliability and redundancy calculations to crank up the probability of missed leaks to as much as you want. If the human is in the loop, then even a 99.99999% consistent trip can still be missed by a texting operator.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm