Missing MTTFd data

Last updated on August 17th, 2022 at 12:18 pm

What the heck is MTTFd???

The weak link in a chain is seen breaking violently, illustrating the idea of a component failure. MTTFD is the Mean Time to Dangerous Failure of a component in years.

When you start working through ISO 13849-1, the first thing that will smack you in the head is all the new acronyms. The first one you’ll run into is ‘PL,’ since the entire purpose of the standard is to aid the designer in determining the Performance Level of the control system. Shortly after that, you’ll find yourself face to face with MTTFd.

Note: Since this post was originally published in 2010, a new edition of ISO 13849-1 was published. That document changed MTTFd to MTTFD and B10d to B10D. The publication of a new edition of ISO 13849-1 is anticipated at the end of 2022.

MTTFd, or the Mean Time To Failure (dangerous), is the name given to the expected failure rate per year for a component used in a system that is being analyzed. This rate differs from the straight failure rate for the component because it’s limited to the failures that result in a dangerous failure mode leading to an immediate increase in risk to the user.

So how do you get this data?

Obtaining MTTFd data for a component should be easy for a designer. Component manufacturers who market components intended for safety applications should provide this data in the specifications. Still, thousands, perhaps millions, of different components are being marketed today for use in safety systems. Most major manufacturers are already providing this figure or a figure that can be used to derive MTTFd and B10d. Still, for many components, this data is simply not available.

Here are some randomly chosen examples of manufacturer’s specification sheets that give this data:

Allen-Bradley Trojan T15 Interlock Switch

Pilz PNOZ X series

Preventa XPS MC Catalog Safety Controller (pdf 2015 Catalog)

B10d is the number of cycles until 10% of the tested components fail dangerously. Using failure rate data from the component’s datasheet, it is possible to estimate B10d from either B10 or T10d (the application-dependent lifetime of the component). Check out Annex C of the standard if you want to see how this can be done.

But what do you do if the manufacturer of your favourite contactor doesn’t provide ANY failure data? Some major manufacturers don’t provide failure rate data; some provide expected lifetimes under specific operating conditions. Some provide only EN 954-1:95 data. In the last case, I think this is one of the reasons for the EC Machinery Working Group’s decision late last year to extend the transition period to ISO 13849-1:07. Need to know more about that decision?

Now what?

Unless you work for a large organization, instituting a life testing program is not likely to be an option since you either need a protracted period with a few components in the test or thousands of samples for a short time.

The standard allows the use of ten years as a default where no other data is available. Ten years sounds like a long time at first blush, particularly if the planned lifetime of the system involved is 20 years. Typical MTTFd values for high-reliability components are in the hundreds of years, so by comparison, ten years is almost nothing. Tables are also provided for some components, but the tables are necessarily limited in size, so not every component will be listed.

Your only option is to use the data in the standard or pick up some of the other publications that include component failure data, like MIL-HDBK-217 (note: MIL-HDBK-217 is no longer used except in historical contexts. The methods used to determine the component failure rates are incorrect [1]. Newer publications do a much better job [2].), IEC/TR 62380 (based on UTE 80810 & RDF 2000), NPRD 95 or IEC 61709 (based on Siemens SN 29500 documents).

The result of this lack of objective data from the component manufacturers is:

  • Conservative results based on the minimum default MTTFd;
  • Potential over-design of safety-related controls;
  • Increased manufacturing costs for machine builders;

The reasons for this situation vary by manufacturer, but ultimately it comes down to the cost of life testing components multiplied by the number of components built by each manufacturer. Typical life tests require load simulators, switching for thousands of components, and data logging to trap failures and record relevant data. This becomes increasingly complex in the case of fluid power components (pneumatics and hydraulics). For many component manufacturers, life testing costs are prohibitive, even though their users badly need this data.

Will we see an improvement in the future? The largest control component manufacturers will likely provide this data as they have it available as they complete testing. New designs are much more likely to come with this data initially, while it may be long before some old standard components get time in the life test cell. Until then, lots of components will be assigned ’10 years’.

A big thank you to Wouter Leusden for the idea for this post!

Have a thought to share on this topic? Correct an error in the article? Sound off? Leave a comment!


[1] Reliability Growth: Enhancing Defense System Reliability. Washington, DC: The National Academies Press, 2015, pp. 203-245. [Online]. Available: https://nap.nationalacademies.org/read/18987/chapter/17. [Accessed: 2022-08-17].

[2] ELECTRONIC RELIABILITY DESIGN HANDBOOK, MIL-HDBK-338B. Washington, D.C.: U.S. Department of Defence, 1998. [Online]. Available: https://www.weibull.com/knowledge/milhdbk.htm. [Accessed: 2022-08-17].

[3] W. Waller, Component Reliability, 1st ed. London: Red Globe Press, 1971.

© 2010 – 2022, Compliance inSight Consulting Inc. Creative Commons Licence
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.