Safety Analysis based on IEC 61508: Lessons Learned and the Way Forward
|
|
- Horace Gilbert Boyd
- 7 years ago
- Views:
Transcription
1 Safety Analysis based on IEC 61508: Lessons Learned and the Way Forward Jens Braband SAFECOMP 2006 Empfohlen Gdansk, September wird auf dem 2006Titel der Einsatz eines vollflächigen Hintergrundbildes (Format: 25,4 x 19,05 cm): Bild auf Master platzieren (JPG, RGB, 144dpi) ebase-nummer, Bild in den ebase-revision, Hintergrund legen ebase-sequenz =OKZ&DCC Schutz-Vermerk / Copyright-Vermerk Siemens AG 2006
2 Overview Introduction (IEC and Railway Applications) Definition of Operation Modes SIL Allocation and SIL Table SIL Capability and Safety Criticality Properties and Rigor Documentation Issues Conclusion Page 2 September 2006 TS RA RD / Jens Braband
3 Introduction IEC is a basic safety publication for programmable electronic systems (PES). It serves either as a basis for the creation of sector-specific standards or is applied as it stands. It therefore needs to be generic. In order to highlight certain problems, we have applied it as it stands to some simple railway examples (although sector-specific standards do exist). Where appropriate, we have also taken account of current proposals for amendments to IEC 61508, even though they are by nature volatile. Page 3 September 2006 TS RA RD / Jens Braband
4 PES: Railway Sector Application Examples Interlocking Automatic train protection system Page 4 September 2006 TS RA RD / Jens Braband
5 System according to IEC In general, a system consists of: equipment under control (EUC): equipment used for manufacturing, process, transportation,...: an EUC control system a safety-related PES Page 5 September 2006 TS RA RD / Jens Braband
6 Mode of Operation Definition The way in which a safety-related system is intended to be used, with respect to the frequency of demands made upon it. Two modes exist: low-demand mode: in which the frequency of demands for operation made on a safety-related system does not exceed once per year or twice the proof-test frequency. high-demand or continuous mode: in which the frequency of demands for operation made on a safety-related system exceeds once per year or twice the proof-test frequency. Note: In the new CD for IEC the reference to the proof-test frequency has been deleted. Page 6 September 2006 TS RA RD / Jens Braband
7 ATP Example Safety-related PES Automatic train protection (ATP) system stops the train if the driver passes a signal at danger (SPAD). 1 Lineside electronic unit (LEU) 2 Transparent-data balise 3 Fixed balise 4 Vehicle antenna 5 Interrogator On-board unit with peripheral equipment System safety depends on both the reliability of the driver and the ATP system. Application example: Eurobalise (ETCS Level 1) Page 7 September 2006 TS RA RD / Jens Braband Example: Hazard rate of 2x10-6 per train per hour
8 Problems with Modes of Operation Problems for railway applications: Proof-test intervals as in the process industry are often not available, although diagnostic self-checks may be performed every few minutes. The demand rate often depends on the reliability of the human operator (with him acting as a control system) and the operation profile, so it may be argued that the ATP system is both a lowdemand system and a continuous mode system. The distinguishing frequency (once a year) is not reasoned and apparently arbitrary. Page 8 September 2006 TS RA RD / Jens Braband
9 The Great Question: How Safe is Safe Enough? Besides general requirements, IEC provides some 30 pages of informative risk analysis examples, including: a typical MIL-STD risk matrix (mixed with ALARP) a very simple probabilistic approach a general risk graph and a kind of three-dimensional risk matrix This guidance is, however, of little use, as the examples cannot be directly applied in any sector. it fails to explain how to adapt and calibrate any of the methods. ALARP MIL-STD SIL as low as reasonably practicable US military standard safety integrity level Page 9 September 2006 TS RA RD / Jens Braband
10 Safety Integrity Level Definition IEC Definition: Unavailability of safety function? (IEC 61703) Instantaneous hazard rate? (IEC 61703) Page 10 September 2006 TS RA RD / Jens Braband
11 SIL Allocation Issues Step 1: Step 2: definition of overall safety target and selection of appropriate quantitative and qualitative figures apportionment to ATP, taking into account other risk reduction factors Hazard Demand ATP fails & SPAD... 1/λ 1/λ S ATP failure Hazard ATP automatic train protection SPAD signal passed at danger 1/λ H PdFH PES PFD T probability of dangerous failures per hour programmable electronic system probability of failure on demand Proof-test interval PdFH λ H = λ λs T 2 PFD Page 11 September 2006 TS RA RD / Jens Braband
12 SIL Definition Problems (1) Ambiguous definition of PdFH in IEC same concept as instantaneous failure rate or hazard rate? Why is the concise terminology of IEC not used? SIL is defined for complete safety functions only, but in practice used mainly for hardware or software components. Strong dependence of the PFD on proof-test intervals This leads to contradictions, e.g. requirement based on PdFH specifies design of ATP according to SIL 1, requirement based on PFD depends on proof-test interval and may yield an arbitrary SIL! Page 12 September 2006 TS RA RD / Jens Braband
13 SIL Definition Problems (2) According to IEC 61508, the SIL 1 requirement applies to the entire ATP system, i.e. sensors, communication, PES and actuators. However, the PdFH or hazard rate for the PES may be much smaller, say 2x10-7 per train per hour (depending on the apportionment, e.g. by FTA). Question: Is SIL 1 still sufficient for the sensors, communication, PES and actuators? Page 13 September 2006 TS RA RD / Jens Braband
14 The Way Forward: Integrated SIL Allocation λ S 10 λ Independently proposed and justified by Sato 00 λ 2/T 1/MTTH μ 01 λ S 11 No definition of modes of operation necessary Unified SIL determination using new metric: mean time to hazard (MTTH) Page 14 September 2006 TS RA RD / Jens Braband
15 Model Evaluation MTTH MTTH MTTH λ = + MTTH λ + λ λ + λ = = S 1 μ + λ S 1 λ + 2 T + + S μ μ + λ S 2 T λ + 2 T MTTH 01 MTTH 00 λs + λ + λ 00 S MTTH 10 Index denotes the initial state Model can be explicitly solved Result is an explicit solution for MTTH Page 15 September 2006 TS RA RD / Jens Braband
16 Proposal for a Harmonised SIL Table SIL MTTH > 10,000 years > 1,000 years > 100 years > 10 years Relates to real-life performance Unambiguous SIL determination Integrates all relevant parameters into SIL determination Page 16 September 2006 TS RA RD / Jens Braband
17 Problems: SIL Capability and Safety Criticality (1) SIL capability: measure of the confidence that an element safety function will not fail due to relevant systematic failure mechanisms when the element is used in accordance with the instructions given in its element safety manual Safety criticality: extent to which a deviation from the specified functionality of an element has the potential to create a hazardous situation Categories: C3: single failure is hazardous C2: second (independent) failure is hazardous C1: interference free Based on the safety criticality category, safety functions may be implemented by elements with a lower SIL capability. Page 17 September 2006 TS RA RD / Jens Braband
18 Problems: SIL Capability and Safety Criticality (2) IEC proposal: A SIL X element safety function may be implemented by two (independent) SIL X-1 elements, provided both elements have SIL criticality C2. ATP example: The PES may be implemented by two independent SIL 0 elements, i.e. two (different) PCs with either two separate SIL 0 voters or one common SIL 1 voter. So far, no easy concept for SIL combinations has been validated, and each individual case must be closely scrutinized (e.g. FMEA/FTA, with a very careful consideration of common-cause failures). Also, the terminology is misleading (criticality has a different meaning in IEC standards) and no reasoning is provided. Page 18 September 2006 TS RA RD / Jens Braband
19 New Concepts: Properties and Rigor IEC has extensive tables for the selection of fault avoidance measures for particular SILs. However, many alternatives are possible: Appropriate techniques/measures shall be selected according to the safety integrity level is a standard note for each table and no rules are imposed on the possible combinations. In maintenance, levels of rigor were introduced to assess the achievement of a property: R1: No, or limited, objective acceptance criteria R2: Objective acceptance criteria R3: Objective, systematic reasoning Page 19 September 2006 TS RA RD / Jens Braband
20 Properties and Rigor: Example However, many factors affect systematic and software safety integrity, and it is not possible to give an algorithm for selecting and combining the techniques in a way that is guaranteed in any given application to achieve the desirable properties.. Page 20 September 2006 TS RA RD / Jens Braband
21 Properties and Rigor: SIL Guidance While the rigor of a great variety of techniques is evaluated in more than 10 tables with respect to many properties, no combination or acceptance rules are given for determining what level of rigor (or combined levels) is (are) appropriate for which SIL. Also, the concept is relatively new and needs further explanation. Page 21 September 2006 TS RA RD / Jens Braband
22 Last, but not Least: Documentation (1) The requirements for documentation are fairly general. For example: The documentation shall contain sufficient information In particular, a more detailed structure for safety documentation would facilitate the cross-acceptance of products in different application sectors. The safety case concept, which has improved cross-acceptance in the railway sector for example, is ignored. Page 22 September 2006 TS RA RD / Jens Braband
23 Last, but not Least: Documentation (2) A standard structure for safety documentation should be introduced. The approach can be supported with structured notations for safety arguments. The Goal Structure Notation (GSN) should be recommended. 6: Safety Qualification Tests 5: Safety-related application conditions 4: Operation with external influences 3: Effects of Faults 2: Assurance of Correct Functional Operation 1: Introduction TECHNICAL SAFETY REPORT Page 23 September 2006 TS RA RD / Jens Braband
24 The Way Forward: Conclusions Use mathematically concise, standard terminology which is consistent (at least) with other IEC standards. Abandon the distinction between different operation modes. Delete sections on risk analysis or give clear guidance for calibration of methods. Make sure that SIL determination is unambiguous, e.g. by a single target metric such as MTTH. Use only validated concepts and explain them fully. Enhance cross-acceptance by using a standard safety case structure. Page 24 September 2006 TS RA RD / Jens Braband
25 References Braband, J.: Risikoanalysen in der Eisenbahn-Automatisierung, Eurailpress, 2005 (Risk analyses in railway automation) Braband, J.: Ein Ansatz zur Vereinheitlichung der Betriebsarten und Sicherheitsziele nach IEC 61508, Proc. EKA 2006 (An approach to the standardisation of operating modes and safety targets in accordance with IEC 61508) IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems, 2000 IEC 61703: Mathematical expressions for reliability, availability, maintainability and maintenance support terms, 1999 Yoshimura, I., Sato, Y., Suyanma, K.: Safety Integrity Level Model for Safety-related Systems in Dynamic Demand State, Proceedings of the 2004 Asian International Workshop on Advanced Reliability Modeling (AIWARM 2004), Hiroshima, Page 25 September 2006 TS RA RD / Jens Braband
Ein einheitliches Risikoakzeptanzkriterium für Technische Systeme
ETCS Prüfcenter Wildenrath Interoperabilität auf dem Korridor A Ein einheitliches Risikoakzeptanzkriterium für Technische Systeme Siemens Braunschweig, Oktober 2007 Prof. Dr. Jens Braband Page 1 2007 TS
More informationHardware safety integrity Guideline
Hardware safety integrity Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed
More informationIEC 61508 Overview Report
IEC 61508 Overview Report A Summary of the IEC 61508 Standard for Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems exida Sellersville, PA 18960, USA +1-215-453-1720
More informationOverview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems
Overview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems Simon Brown The author is with the Health & Safety Executive, Magdalen House, Bootle, Merseyside,
More informationTÜV Rheinland Functional Safety Program Functional Safety Engineer Certification
TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification The TÜV Rheinland Functional Safety Program is a unique opportunity to provide certified evidence of competency in functional
More informationUnderstanding Safety Integrity Levels (SIL) and its Effects for Field Instruments
Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments Introduction The Industrial process industry is experiencing a dynamic growth in Functional Process Safety applications.
More informationValue Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity
Value Paper Author: Edgar C. Ramirez Diverse redundancy used in SIS technology to achieve higher safety integrity Diverse redundancy used in SIS technology to achieve higher safety integrity Abstract SIS
More informationAn introduction to Functional Safety and IEC 61508
An introduction to Functional Safety and IEC 61508 Application Note AN9025 Contents Page 1 INTRODUCTION........................................................... 1 2 FUNCTIONAL SAFETY.......................................................
More informationPABIAC Safety-related Control Systems Workshop
Health and and Safety Executive PABIAC Safety-related Control Systems Workshop KEY STANDARDS FOR ELECTRICAL & FUNCTIONAL SAFETY OF PAPERMAKING MACHINES: APPLICATION & USE Steve Frost HM Principal Electrical
More informationTÜV FS Engineer Certification Course www.silsupport.com www.tuv.com. Being able to demonstrate competency is now an IEC 61508 requirement:
CC & technical support services TÜV FS Engineer Certification Course www.silsupport.com www.tuv.com Being able to demonstrate competency is now an IEC 61508 requirement: CAPITALISE ON EXPERT KNOWLEDGE
More informationSILs and Software. Introduction. The SIL concept. Problems with SIL. Unpicking the SIL concept
SILs and Software PG Bishop Adelard and Centre for Software Reliability, City University Introduction The SIL (safety integrity level) concept was introduced in the HSE (Health and Safety Executive) PES
More informationSafety Integrity Level (SIL) Assessment as key element within the plant design
Safety Integrity Level (SIL) Assessment as key element within the plant design Tobias WALK ILF Consulting Engineers GmbH Germany Abstract Special attention has to be provide to safety instrumented functions
More informationVersion: 1.0 Latest Edition: 2006-08-24. Guideline
Management of Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed but please
More informationida.com excellence in dependable automation
IEC 61508 Maintenance Status IEC 61508 Maintenance Projekt ist aus dem zulässigen Zeitrahmen gelaufen Viele Baustellen auch durch neue Mitglieder (Frankreich, USA, IEC 61511 Team) Bestehende Anforderungen,
More informationViewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President
Viewpoint on ISA TR84.0.0 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Presented at Interkama, Dusseldorf, Germany, October 1999, Published in ISA Transactions,
More informationUniversity of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities
II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when
More informationProf. Dr. Jens Braband (Siemens AG) Risk Assessment in IT Security for Functional Safety
Prof. Dr. Jens Braband (Siemens AG) Risk Assessment in IT Security for Functional Safety What s rail automation about? What s in and what s out Basic approach: IT security for functional safety EN 50129
More informationA methodology For the achievement of Target SIL
A methodology For the achievement of Target SIL Contents 1.0 Methodology... 3 1.1 SIL Achievement - A Definition... 4 1.2 Responsibilities... 6 1.3 Identification of Hazards and SIL Determination... 8
More informationMethods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons
Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons 1 Introduction by W G Gulland (4-sight Consulting) The concept of safety integrity levels (SILs) was introduced during the
More informationUnderstanding the Use, Misuse and Abuse of Safety Integrity Levels 1
Understanding the Use, Misuse and Abuse of Safety Integrity Levels 1 Felix Redmill Redmill Consultancy Email: Felix.Redmill@ncl.ac.uk Abstract Modern standards on system safety employ the concept of safety
More informationSafety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry.
SIMATIC Safety Matrix The Management Tool for all Phases of the Safety Lifecycle Brochure September 2010 Safety Integrated Answers for industry. Functional safety and Safety Lifecycle Management Hazard
More informationASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY
ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment
More informationExperience with Safety Integrity Level (SIL) Allocation in Railway Applications
Experience with Safety Integrity Level (SIL) Allocation in Railway Applications Peter Wigger Institute for Software, Electronics, Railroad Technology (ISEB), TÜV InterTraffic GmbH, a company of the TÜV
More informationSAFETY, PROCESS CONTROL, SOFTWARE
THE DESIGN AND VALIDATION OF SOFTWARE USED IN CONTROL SYSTEMS - SAFETY IMPLICATIONS J Brazendale* and I Lloyd** This paper gives an overview of software engineering and its role in safety. Strategies for
More informationIEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.
61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.:
More informationSelecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)
Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA
More informationsiemens.com/mobility Trainguard LEU S21 Central trackside equipment component
siemens.com/mobility Central trackside equipment component cross-border safety with ETCS Level 1 Ensuring mobility is one of the big challenges in our society. To ensure our mobility in future, we need
More informationELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL
61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable
More informationSafety controls, alarms, and interlocks as IPLs
Safety controls, alarms, and interlocks as IPLs Angela E. Summers, Ph.D., P.E. SIS-TECH Solutions 12621 Featherwood Dr. Suite 120, Houston, TX 77034 Keywords: safety controls, alarms, interlocks, SIS,
More informationComplete mobility solutions for worth living cities
Complete mobility solutions for worth living cities Roland Edel Siemens AG, Mobility Division, Complete Transportation CTO and Head of Innovative Mobility Solutions Empfohlen wird auf dem Titel der Einsatz
More informationFunctional Safety Hazard & Risk Analysis
Embedded - IC & Automation Fortronic Functional Safety Hazard & Risk Analysis MILANO - April, 23 rd 2013 CEFRIEL 2013; FOR DISCUSSION PURPOSES ONLY: ANY OTHER USE OF THIS PRESENTATION - INCLUDING REPRODUCTION
More informationBasic Fundamentals Of Safety Instrumented Systems
September 2005 DVC6000 SIS Training Course 1 Basic Fundamentals Of Safety Instrumented Systems Overview Definitions of basic terms Basics of safety and layers of protection Basics of Safety Instrumented
More informationFUNCTIONAL SAFETY CERTIFICATE
FUNCTIONAL SAFETY CERTIFICATE This is to certify that the hardware safety integrity of the Valvetop ESD Valve Controller manufactured by TopWorx Inc. 3300 Fern Valley Road Louisville Kentucky 40213 USA
More informationSAFETY MANUAL SIL SMART Transmitter Power Supply
PROCESS AUTOMATION SAFETY MANUAL SIL SMART Transmitter Power Supply KFD2-STC4-(Ex)*, KFD2-STV4-(Ex)*, KFD2-CR4-(Ex)* ISO9001 2 3 With regard to the supply of products, the current issue of the following
More informationDr. Brian Murray March 4, 2011
Event that could lead to an accident GM Autonomy HAZARD 1 Q=6e-7 Event that could lead to a hazard Control to prevent HAZARDOUS EVENT 1 HAZARDOUS EVENT 1 HAZARD CONTROL 1 r=6e-008 Q=0.0006 Q=0.001 Q=0.001
More informationGuidelines. Safety Integrity Level - SIL - Valves and valve actuators. March 2009. Valves
Valves Guidelines Safety Integrity Level - SIL - Valves and valve actuators March 2009 VDMA German Engineering Federation Valves Manufacturers Association Chairman: Prof.-Dr.-Ing. Heinfried Hoffmann Managing
More informationFrequently Asked Questions
Frequently Asked Questions The exida 61508 Certification Program V1 R8 October 19, 2007 exida Geneva, Switzerland Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547 1 Exida
More informationIBM Rational Rhapsody
IBM Rational Rhapsody IBM Rational Rhapsody Reference Workflow Guide Version 1.9 License Agreement No part of this publication may be reproduced, transmitted, stored in a retrieval system, nor translated
More informationSAFETY MANUAL SIL RELAY MODULE
PROCESS AUTOMATION SAFETY MANUAL SIL RELAY MODULE KFD0-RSH-1.4S.PS2 ISO9001 3 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery
More informationFMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany
FMEDA and Proven-in-use Assessment Project: Inductive NAMUR sensors Customer: Pepperl+Fuchs GmbH Mannheim Germany Contract No.: P+F 03/11-10 Report No.: P+F 03/11-10 R015 Version V1, Revision R1.1, July
More informationIEC 61508 Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands
IEC 61508 Functional Safety Assessment Project: Series 327 Solenoid Valves Customer: ASCO Numatics Scherpenzeel, The Netherlands Contract No.: Q09/04-59 Report No.: ASC 09-04-59 R003 V1 R3 61508 Assessment
More informationMXa SIL Guidance and Certification
MXa SIL Guidance and Certification SIL 3 capable for critical applications Experience In Motion Functional Safety in Plants Safety and instrumentation engineers demand that a functional safety system s
More informationDRAFT REGULATORY GUIDE
DRAFT REGULATORY GUIDE SOFTWARE IN PROTECTION AND CONTROL SYSTEMS Issued for public comments by the Atomic Energy Control Board October 1999 Atomic Energy Control Board Commission de contrôle de l énergie
More informationDesign of automatic testing tool for railway signalling systems software safety assessment
Risk Analysis VI 513 Design of automatic testing tool for railway signalling systems software safety assessment J.-G. Hwang 1, H.-J. Jo 1 & H.-S. Kim 2 1 Train Control Research Team, Korea Railroad Research
More informationFailure Modes, Effects and Diagnostic Analysis
Failure Modes, Effects and Diagnostic Analysis Project: Plant-STOP 9475 Company: R. STAHL Schaltgeräte GmbH Waldenburg Germany Contract No.: STAHL 13/04-027 Report No.: STAHL 13/04-027 R024 Version V1,
More informationSystems Assurance Management in Railway through the Project Life Cycle
Systems Assurance Management in Railway through the Project Life Cycle Vivian Papen Ronald Harvey Hamid Qaasim Peregrin Spielholz ABSTRACT Systems assurance management is essential for transit agencies
More informationMitigating safety risk and maintaining operational reliability
Mitigating safety risk and maintaining operational reliability Date 03/29/2010 Assessment and cost-effective reduction of process risks are critical to protecting the safety of employees and the public,
More informationSAFETY LIFE-CYCLE HOW TO IMPLEMENT A
AS SEEN IN THE SUMMER 2007 ISSUE OF... HOW TO IMPLEMENT A SAFETY LIFE-CYCLE A SAFER PLANT, DECREASED ENGINEERING, OPERATION AND MAINTENANCE COSTS, AND INCREASED PROCESS UP-TIME ARE ALL ACHIEVABLE WITH
More informationReducing Steps to Achieve Safety Certification
Reducing Steps to Achieve Safety Certification WP-01174-1.0 White Paper This white paper describes the successful steps in achieving certification for an FPGA implementation of an application certified
More informationFunctional safety. Essential to overall safety
Functional safety Essential to overall safety What is Functional safety? In public spaces, factories, offi ces or homes; we are surrounded by an increasing number of electric and electronic devices and
More informationWELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS)
WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS) Angela E. Summers, Ph.D., P.E., President, SIS-Tech Solutions, LP Bryan A. Zachary, Director, Product & Application
More informationThe SISTEMA Cookbook 4
The SISTEMA Cookbook 4 When the designated architectures don t match Version 1.0 (EN) Authors: Michael Hauke, Ralf Apfeld Institut für Arbeitsschutz der Deutschen Gesetzlichen Unfallversicherung (IFA)
More informationControlling Risks Risk Assessment
Controlling Risks Risk Assessment Hazard/Risk Assessment Having identified the hazards, one must assess the risks by considering the severity and likelihood of bad outcomes. If the risks are not sufficiently
More informationSoftware in safety critical systems
Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions
More informationRepresenting and appraising Toulmin model arguments in trust cases
Representing and appraising Toulmin model arguments in trust cases Janusz Górski and Łukasz Cyra and Aleksander Jarzębowicz and Jakub Miler 1 Abstract. The paper presents a Toulmin-based argument model
More informationSAFETY MANUAL SIL Switch Amplifier
PROCESS AUTOMATION SAFETY MANUAL SIL Switch Amplifier KCD2-SR-(Ex)*(.LB)(.SP), HiC282* ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable: The General
More informationA systematic approach to safety case maintenance
Reliability Engineering and System Safety 71 (2001) 271 284 www.elsevier.com/locate/ress A systematic approach to safety case maintenance T.P. Kelly*, J.A. McDermid Department of Computer Science, University
More informationVetting Smart Instruments for the Nuclear Industry
TS Lockhart, Director of Engineering Moore Industries-International, Inc. Vetting Smart Instruments for the Nuclear Industry Moore Industries-International, Inc. is a world leader in the design and manufacture
More informationA STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS
A STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS EXECUTIVE SUMMARY March 2003 OF WORK CARRIED OUT FOR JRC ISPRA UNDER CONTRACT
More informationSoftware safety: relating software assurance and software integrity. Ibrahim Habli*, Richard Hawkins and Tim Kelly
364 Int. J. Critical Computer-Based Systems, Vol. 1, No. 4, 2010 Software safety: relating software assurance and software integrity Ibrahim Habli*, Richard Hawkins and Tim Kelly High Integrity Systems
More informationSIL in de praktijk (Functional Safety) 23.04.2015 - Antwerpen. 61508 Compliance of Actuators and Life Cycle Considerations. SAMSON AG Dr.
SIL in de praktijk (Functional Safety) 23.04.2015 - Antwerpen SAMSON AG Dr. Thomas Karte 61508 Compliance of Actuators and Life Cycle Considerations 2015-04-23 SAMSON AG Dr. Karte - 61508 Compliance of
More informationControlling Risks Safety Lifecycle
Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system
More informationA Methodology for Safety Case Development. Foreword
A Methodology for Safety Case Development Peter Bishop Adelard, London, UK Robin Bloomfield Adelard, London, UK Adelard Foreword This paper was presented in Industrial Perspectives of Safety-Critical Systems:
More informationUnderstanding Safety. Why SIL is important and how SIL compliance benefits you.
Understanding Safety Integrity Levels (SIL) Why SIL is important and how SIL compliance benefits you. By Byron McLendon, P.E. 6/13/2013 Understanding Safety Integrity Levels (SIL) Defining Safety and Risk
More informationStationary uplift measurement as a diagnostic tool for pantograph monitoring. H. Möller, H. Maly, B. Sarnes
Stationary uplift measurement as a diagnostic tool for pantograph monitoring H. Möller, H. Maly, B. Sarnes Abstract: The present paper describes a prototype of an automatic uplift measurement system capable
More informationSAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR
SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR The information and any recommendations that may be provided herein are not intended
More informationSAFETY MANUAL SIL SWITCH AMPLIFIER
PROCESS AUTOMATION SAFETY MANUAL SIL SWITCH AMPLIFIER KF**-SR2-(Ex)*(.LB), KFD2-SR2-(Ex)2.2S ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable:
More informationMathematical goals. Starting points. Materials required. Time needed
Level N of challenge: B N Mathematical goals Starting points Materials required Time needed Ordering fractions and decimals To help learners to: interpret decimals and fractions using scales and areas;
More informationFinal Element Architecture Comparison
Final Element Architecture Comparison 2oo2 with diagnostics: Lower False Trip Rate and High Safety Project: Safety Cycling Systems Architecture Review Customer: Safety Cycling Systems, L.L.C. 1018 Laurel
More informationISO 26262 Introduction
ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product
More informationThe Concepts of IEC 61508
The Concepts of IEC 61508 An Overview and Analysis Sommersemester 2001 Prof. Peter B. Ladkin PhD ladkin@rvs.uni-bielefeld.de Motivation: Clear Concepts Concepts must be clear in order to enable easy and
More informationPFSE Premier Functional Safety Engineering Safety Instrumented Systems Course Outline
in cooperation with TÜV Industrie Service GmbH Automation, Software and Information Technology - ASI PCS is TÜV Industrie Service GmbH, ASI accepted course provider for the TÜV Functional Safety Program
More informationThe Company intends to follow the ASX CGC P&R in all respects other than as specifically provided below.
Neptune Marine Services Limited Corporate Governance Statement ASX Corporate Governance Council s Corporate Governance Principles and Recommendations 3 rd edition As at 31 March 2016 and approved by the
More informationHardware in the Loop (HIL) Testing VU 2.0, 182.117, WS 2008/09
Testen von Embedded Systems Hardware in the Loop (HIL) Testing VU 2.0, 182.117, WS 2008/09 Raimund dkirner Testing Embedded Software Testing the whole system including the physical environment is not possible
More information1. Software Engineering Overview
1. Overview 1. Overview...1 1.1 Total programme structure...1 1.2 Topics covered in module...2 1.3 Examples of SW eng. practice in some industrial sectors...4 1.3.1 European Space Agency (ESA), software
More informationSOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND. Queensland 4072 Australia TECHNICAL REPORT
SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND Queensland 4072 Australia TECHNICAL REPORT No. 99-30 A Survey of International Safety Standards Axel
More informationMachineontwerp volgens IEC 62061
Machineontwerp volgens IEC 62061 Insert Photo Here Safety solution Architect Safety Local Business Leader Benelux. Stephen Podevyn Safety Solution Seminar Agenda deel 1 1. Richtlijnen en normen 2. Safety
More informationThe updated PDS method With a focus on systematic failures
The updated PDS method With a focus on systematic failures ESReDA, 07. June 2006 Stein Hauge, SINTEF Content 1. Introduction - what is PDS? 2. Related standards 3. Systematic failures in PDS 4. Summary
More informationSafety Integrity Levels
Séminaire de Sûreté de Fonctionnement de l X Safety Integrity Levels Antoine Rauzy École Polytechnique Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted
More informationFundamental Principles of Software Safety Assurance
Fundamental Principles of Software Safety Assurance Tim Kelly tim.kelly@york.ac.uk Context Lack of agreement in the details of requirements of software safety assurance standards has long been recognised
More informationStatistics 2014 Scoring Guidelines
AP Statistics 2014 Scoring Guidelines College Board, Advanced Placement Program, AP, AP Central, and the acorn logo are registered trademarks of the College Board. AP Central is the official online home
More information4. Critical success factors/objectives of the activity/proposal/project being risk assessed
ARTC Risk Management Work Instruction 2: 1. Conduct Risk Assessment Workshop This Work Instruction provides general guidelines for conducting a generic Risk Assessment workshop. The instructions supplement
More informationSkills across the curriculum. Developing communication
across the curriculum Developing communication Developing communication Schools should provide opportunities, where appropriate, for learners to develop and apply communication across the curriculum through
More informationCTCS Chinese Train Control System
CTCS Chinese Train Control System B. Ning, T. Tang, K. Qiu, C. Gao & Q. Wang Department of Control Engineering, School of Electronics and Information Engineering, Northern Jiaotong University, P. R. China
More informationA PROCESS ENGINEERING VIEW OF SAFE AUTOMATION
A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION Published in Chemical Engineering Progress, December 2008. Angela E. Summers, SIS-TECH Solutions, LP This step-by-step procedure applies instrumented safety
More informationChapter Seven. Multiple regression An introduction to multiple regression Performing a multiple regression on SPSS
Chapter Seven Multiple regression An introduction to multiple regression Performing a multiple regression on SPSS Section : An introduction to multiple regression WHAT IS MULTIPLE REGRESSION? Multiple
More informationCharacterizing the Chain of Evidence for Software Safety Cases: A Conceptual Model Based on the IEC 61508 Standard
Characterizing the Chain of Evidence for Software Safety Cases: A Conceptual Model Based on the IEC 61508 Standard Rajwinder Kaur Panesar-Walawege, Mehrdad Sabetzadeh, Lionel Briand Simula Research Laboratory,
More informationReduce Risk with a State-of-the-Art Safety Instrumented System. Executive Overview... 3. Risk Reduction Is the Highest Priority...
ARC WHITE PAPER By ARC Advisory Group SEPTEMBER 2004 Reduce Risk with a State-of-the-Art Safety Instrumented System Executive Overview... 3 Risk Reduction Is the Highest Priority... 4 Safety Standards
More informationUSING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION. Dr. Angela E. Summers, PE. SIS-TECH Solutions, LLC Houston, TX
USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION By Dr. Angela E. Summers, PE SIS-TECH Solutions, LLC Houston, TX Prepared for Presentation at the 34 th Annual Loss Prevention Symposium, March 6-8,
More informationAutomation, Software and Information Technology. Test report of the type approval safety-related automation devices
Automation, Software and Information Technology Test report of the type approval safety-related automation devices GuardPLC 1200 GuardPLC 1600 GuardPLC 1800 GuardPLC 2000 GuardPLC Distributed I/O Report-No.:
More informationCerabar M PMC51, PMP51/55 Deltabar M PMD55 Deltapilot M FMB50/51/52/53
Functional Safety Manual Cerabar M PMC51, PMP51/55 Deltabar M PMD55 Deltapilot M FMB50/51/52/53 Process pressure / Differential pressure, Flow / Hydrostatic Cerabar M Deltapilot M Deltabar M Application
More informationAn Introduction to. Metrics. used during. Software Development
An Introduction to Metrics used during Software Development Life Cycle www.softwaretestinggenius.com Page 1 of 10 Define the Metric Objectives You can t control what you can t measure. This is a quote
More informationThe two separate aspects of RAC validation: Why they need to be considered together
The two separate aspects of RAC validation: Why they need to be considered together George Bearfield Head of Safety Knowledge and Planning RSSB RAC-TS Workshop Lille 26 th June Premise The purpose of the
More informationCONNECTING LESSONS NGSS STANDARD
CONNECTING LESSONS TO NGSS STANDARDS 1 This chart provides an overview of the NGSS Standards that can be met by, or extended to meet, specific STEAM Student Set challenges. Information on how to fulfill
More informationRigorous Methods for Software Engineering (F21RS1) High Integrity Software Development
Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University
More informationIs your current safety system compliant to today's safety standard?
Is your current safety system compliant to today's safety standard? Abstract It is estimated that about 66% of the Programmable Electronic Systems (PES) running in the process industry were installed before
More informationTechnical Bulletin. Understanding Servo Safety Functionality and SIL ratings
Technical Bulletin Understanding Servo Safety Functionality and SIL ratings What is meant by SIL rating and Stop Categories? Why do I need to understand how safety works if none of my current customers
More informationWRITING A CRITICAL ARTICLE REVIEW
WRITING A CRITICAL ARTICLE REVIEW A critical article review briefly describes the content of an article and, more importantly, provides an in-depth analysis and evaluation of its ideas and purpose. The
More informationEffective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers
Effective Compliance with IEC 61508 When Selecting Solenoid Valves for Safety Systems by David Park and George Wahlers A White Paper From ASCO Valve, Inc. Introduction Regulatory modifications in 2010
More informationHow to design safe machine control systems a guideline to EN ISO 13849-1
How to design safe machine control systems a guideline to EN ISO 13849-1 SP Technical Research Institute of Sweden Johan Hedberg Andreas Söderberg Jan Tegehall SP Electronics SP REPORT 2011:81 How to design
More information