Mean Time to Dangerous Failure. In a safety system MTTFD is the portion of failure modes that can lead to failures that may result in hazards to personnel, environment or equipment.

MTTFD is critical to the determination of the performance level of a safety system. [[ISO 13849]] defines three levels of MTTFD:

{| class="wikitable" |- ! Level achieved by channel !! Range of each channel |- | Low || 3 years ≤ MTTFD < 10 years |- | Medium || 10 years ≤ MTTFD < 30 years |- | High || 30 years ≤ MTTFD ≤ 100 years |- |}

[[ISO 13849]] prescribes three methods to determine the MTTFD of a safety channel:

use the manufacturer's failure data;

use the methods prescribed in Annexes C and D of ISO 13849-1

use 10 years (i.e. assume the channel has low integrity)

Mean Time to Failure (MTTF) is assumed constant during the useful life period of a component. The [[MTTF]] can be calculated according to:

: \text{MTTF} = \frac{1}{\lambda}[hours] !

where λ is the failure rate for the component.

The relationship between [[MTBF]] and [[MTTF]] is expressed as:

: \text{MTBF} = MTTF + MTTR !

where MTTR is the [[mean time to repair]].

The [[MTTF]] of a system is the sum of MTTFS and MTTFD. To understand the relationship between MTTFS and MTTFD consider the case of a switch that turns a motor on or off. The switch has two failure modes: the switch can fail stuck closed or the switch can fail stuck open. If the switch fails stuck open, the motor will never energize; as a result, the motor will not create any hazards due to its operation. In contrast, if the switch fails stuck closed, this failure can lead to a dangerous situation like for example the case where the operator needs to stop the motor, but the motor will not stop because the switch is stuck in the closed position. The failure mode where the switch is stuck in the open position is denominated the safe failure mode, whereas the stuck closed failure mode is denominated the dangerous failure mode. The likelihood of occurrence of a dangerous or safe failure may differ and is a function of several variables in the construction and design of a component. A poorly designed switch may have a higher proportion of dangerous failures (thus a lower MTTFD), whereas switches rated for use in safety circuits may very well preclude the occurrence of stuck closed failure modes (thus have infinite or very high MTTFD). Assessing the performance level of a safety system, requires knowing the distribution of the dangerous vs. safe failure modes of its components and ultimately a determination of its MTTFD.

==External links==

• {{cite web| url=http://www.eventhelix.com/RealtimeMantra/FaultHandling/reliability_availability_basics.htm| title=Reliability and Availability Basics| publisher=EventHelix}}
• {{cite web| url=https://machinerysafety101.com/2017/02/13/iso-13849-1-analysis-part-4/| title=ISO 13849–1 Analysis, Part 4: MTTFd Mean Time to Dangerous Failure | first=Doug| last=Nix| publisher=Machinery Safety 101| date=2017}}

{{DEFAULTSORT:Mean Time To Dangerous Failures}} [[Category:ISO standards|#13849]] [[Category:Safety codes]] [[Category:Reliability analysis]] [[Category:Engineering failures]]