Decrease font size
Increase font size
Topic Title: Functional Safety - MTTR
Topic Summary: Calculation of MTTR Figure - Is this correct?
Created On: 11 April 2013 09:27 AM
Status: Read Only
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 11 April 2013 09:27 AM
User is offline View Users Profile Print this message


Posts: 34
Joined: 19 March 2004

Could some-one possible validate my statement calculation below. Will not be cited as validation just making sure I'm not missing anything silly as internal discussion ongoing!

If a system has a proof test period of 1 year (T1 = 8760 hrs) and a MRT of 3 weeks (504 hrs) then the MTTR = 4884 hours

Based on


Really I wish to validate the above formula is correct as I have it ustilised but cannot find the original source again in either 61508 or 61511, probably just being blind but work a check.

IEC 61508 Pt 4

mean time to restoration
expected time to achieve restoration
NOTE MTTR encompasses:
. the time to detect the failure (a); and,
. the time spent before starting the repair (b); and,
. the effective time to repair (c); and,
. the time before the component is put back into operation (d)
The start time for (b) is the end of (a); the start time for (c) is the end of (b); the start time for (d) is the end of (c).

mean repair time
expected overall repair time
NOTE MRT encompasses the times (b), (c) and (d) of the times for MTTR (see 3.6.21).

Many Thanks in advance

Geof I
 24 June 2013 12:59 PM
User is offline View Users Profile Print this message


Posts: 15
Joined: 09 April 2011

I think you need to refer to David J Smith's Text: Reliability Maintainability and Risk (later revisions). In the starting chapters he explains the MDT (Mean Down Time) with regard to the unrevealed/covert failures for a non-redundant item while developing the equation for Unavailability. It's the nice argument in explaining the meaning of the equation: lambda*TI/2.

The author argues that in a covert failure mode the item will be down in covert/unrevealed mode till it would be discovered during the Proof testing and then the item will be restored back to "as good as new" condition. In the longer run and on an average, for the simplex/non-redundant item, one can expect that half the PTI time the item will be failed in covert/unrevealed mode.

For the start, the above explanation helps in understanding the effect of averaging in the failure probabilities. However, I am a bit against averaging and incorporating the symmetrical assumptions.

Safety function would be impaired for TI/2, on an average, on account of the covert failures. And if during the revealed falilures the Safety function is not brought to the "Safe" state then MTTR would come into picture and contribute to MDT wherein MDT represents Mean of the time during which the item is down with respect to performing it's safety function.

-Vinod Pal Singh


See Also:

FuseTalk Standard Edition v3.2 - © 1999-2016 FuseTalk Inc. All rights reserved.