About Proof-testing

About Proof-testing

Increase efficiency and safety with proven solutions for level devices in safety instrumented systems 

Proof-testing made easy! 

Proof-testing is performed to check the functionality of devices implemented within a safety loop and is mandatory to be compliant with international safety standards. Dangerous undetected failures (DU), which are failures not identified by device diagnostics, must be considered when designing the safety loop. The regularity of proof-tests is based on the safety integrity level of the safety loop and probability of a device failure (PFD). To ensure a device continues to achieve its required SIL, the PFD, which increases over time, can be reduced to almost its original level by performing comprehensive proof-testing. For devices with a low DU, this can also be achieved with partial proof-tests. These can be performed remotely and are far less time-consuming than comprehensive testing.

Read More...
Click to continue reading Proof-testing made easy! 

Learn more about functional safety and proof-testing

Proof-testing is defined in IEC 61508 as a ‘Periodic test performed to detect dangerous hidden failures in a safety-related system so that, if necessary, a repair can restore the system to an “as new” condition or as close as practical to this condition’. A proof-test is designed to reveal built-in device failures, not detected by anyone. It is a vital part of the safety lifecycle, critical to ensure a system achieves its required SIL throughout the safety lifecycle.


Safety Lifecycle

The IEC 61511 standard recommends the use of a functional safety life cycle to: 

  1. Analyze situation and document safety requirements
  2. Translate requirements into a documented safety system design, using appropriate software and hardware and design methodology
  3. Evaluate system against the required integrity and reliability specifications - modify as needed
  4. Operate and maintain system according to accepted procedures - document results to ensure performance is maintained throughout the lifecycle


How are failures defined?

  • Safe Undetected (SU): A spurious (untimely) activation of a component when not demanded  
  • Safe Detected (SD): A non-critical alarm raised by the device 
  • Dangerous Detected (DD): A reported critical diagnostic alarm, which will prevent the safety function from being executed if not corrected 
  • Dangerous Undetected (DU): A critical dangerous failure, not identified by the device diagnostics. Remains hidden until the next test or safety function activation. Selecting a device with high diagnostic coverage will minimize DU, and improve safety 


How does a measurement device obtain a SIL rating?

IEC 61508 indicates that Systematic Capability, Architectural Constraints and Probability of Failure of a product must be evaluated. An independent third-party test company such as Exida can provide certification covering all three parts required for the targeted SIL level:

  • Systematic Capability requires the device manufacturer’s quality management system to be assessed to ensure procedures are followed to prevent systematic design errors
  • A Failure Mode Effects and Diagnostic Analysis (FMEDA) is performed to evaluate the Architectural Constraints 
  • Probability of Failure is assessed by calculating the average random probability of a failure 


Probability of Failure on Demand (PFD) 

The risk of a device failing to perform its safety function when required. IEC 61511 states that the interval between proof-tests shall be calculated based on the average PFD (PFDavg). The individual failure rates, diagnostic coverage and safety function factor are used for calculation of PFDavg. A lower individual instrument value helps improve the overall reliability. 

Risk Reduction Factor (RRF)  

Risk reduction factor (RRF) is the inverse of the required probability of failure. For example, a required probability of failure value of 0.001 equals an RRF of 1000, which means one dangerous failure every 1000 years.


A comprehensive proof-test verifies all three functional elements of a device – output circuitry, measurement electronics and sensing element. A partial proof-test verifies one or two of them. A partial proof-test is performed to ensure that a device has no internal problems, and it will bring the PFD of a device back to a percentage of the original level and ensure that it fulfills its specified SIL requirement.

A combination of partial proof-tests that covers all three functional elements is considered as a comprehensive proof-test.


In addition to measurement data, modern level devices also provide access to diagnostic features and support remote proof-testing. Failures can be identified in real time. Diagnostic coverage (DC) describes the device’s ability to detect dangerous failures. Proof-test coverage is a measure of how many undetected dangerous failures, not identified by a device’s diagnostics, that can be detected by proof-testing. This is defined as the proof-test coverage (PTC) factor, which should be an as high percentage as possible (ideally 100% for a full test).


Please enable JavaScript to use this website.