Definition(s)
Mean Time to Safe State
MTTS
expected time needed for the protected installation to reach a safe state after a dangerous failure of a
safety system has been detected
EXAMPLE When a dangerous fault is revealed for a safety system operating in demand mode, it may be
decided to reach a safe state rather to undertake the repair of the fault and this may take some time: a MTTS of 8 h
means, for example, that, on average, 8 h are needed to shut down the process. After the shut down, a safe state is
reached, the fault is no longer dangerous and it is not necessary to take into account the remaining time spent to
complete the repair. This is illustrated in Figure 6, Figure 7 and Figure B.1.
Note 1 to entry: When the MTTS is defined as a maintenance procedure it is necessary to take it into consideration
for the probabilistic calculations of hazardous events. In this case the MTTS replaces the MRT (see 3.1.33) with
regard to the probabilistic calculations. Reciprocally it is necessary to verify that this MTTS is respected during
the actual repair actions in order to keep the probabilistic calculations valid.
Note 2 to entry: The role of the MTTS is close to the role of the MPRT. The difference is that the MPRT is a maximum
duration allowed to reach a safe state when the MTTS is the average of the random duration of the TTS needed
to reach the safe state when a dangerous fault is revealed (see Figure 6 and Figure 7). The methods developed
in this Technical Report have been focused on average random values (MTTRes, MRT, MTTS) rather than on
deterministic values (MPRT), but the MPRT can be easily handled by using Petri nets and Monte Carlo simulations.
Source: ISO/TR 12489:2013(E) Reliability modelling and calculation of safety systems. Global Standards