Functional Safety Hazard & Risk Analysis
|
|
- Clarissa Mariah Jacobs
- 8 years ago
- Views:
Transcription
1 Embedded - IC & Automation Fortronic Functional Safety Hazard & Risk Analysis MILANO - April, 23 rd 2013 CEFRIEL 2013; FOR DISCUSSION PURPOSES ONLY: ANY OTHER USE OF THIS PRESENTATION - INCLUDING REPRODUCTION FOR PURPOSES OTHER THAN NOTED ABOVE, MODIFICATION OR DISTRIBUTION - WITHOUT THE PRIOR WRITTEN PERMISSION OF CEFRIEL IS PROHIBITED
2 Disclaimer This presentation was prepared exclusively for the benefit and internal use of the customer and does not carry any right of publication or disclosure to any other party. No right to publish or distribute this document is neither expressly nor implicitly allowed to third party. The present original document was produced by CEFRIEL and no third party may claim any right or paternity on it. No part of this document may be reproduced. The entire document or part of it may not be used for any personal interest without any previous written authorization from CEFRIEL. copyright CEFRIEL - Milan, Italy All rights reserved in accordance with rule of law and international agreements.
3 CEFRIEL OVERVIEW December 2011
4 What is CEFRIEL? Center of excellence for research, innovation and education in Information & Communication Technologies Established in 1988 Independent, super-partes and not-for-profit organization
5 Low Our mission Bridging the gap between industries and academia to boost innovation Low Medium Medium High High CEFRIEL Unique Value Proposition Industrial companies CEFRIEL Academic universities Research Innovation Market Delivery
6 Our activities Innovation Knowledge and IP Application Research Knowledge and IP Creation Education Knowledge and IP Sharing
7 FUNCTIONAL SAFETY: (Brief) Introduction December 2011
8 Introduction to Functional Safety What is Functional Safety? What is Functional Safety about? IEC Definition: Safety is the freedom from unacceptable risk of physical injury or of damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment. Risk is a combination of the probability of occurrence of harm and the severity of that harm. Functional Safety is part of the overall safety that depends on a system or equipment operating correctly (i.e. perform a safety function) in response to its inputs. Functional Safety is thus about achieving absence of unreasonable risk due to hazards (potential source of harm) caused by malfunctioning behavior of the electrical/electronic/programmable electronic (E/E/PE) systems. Failures are the main impairment to safety: Systematic Failures: failure related in a deterministic way to a certain cause that can only be eliminated by a change of the design or of the manufacturing process, operational procedures, documentation or other relevant factors ROBUST PROCESS Random HW Failures: failure that can occur unpredictably during the lifetime of a hardware element and that follow a probability distribution ROBUST DESIGN
9 Introduction to Functional Safety Functional Safety standards MEDICAL [IEC 60601, IEC 62304] AUTOMOTIVE [ISO 26262] PROCESS INDUSTRY [IEC 61511] INDUSTRIAL AUTOMATION [IEC 61508] NUCLEAR [IEC 61513, IEC 60880, IEC 60987, IEC 61226] TRANSPORTATION [EN EN 50128, EN 50129] MACHINERY [IEC 62061]
10 Introduction to Functional Safety Risk Reduction The risk emerging from the EUC (Equipment Under Control) is classified according to its tolerability A risk is at a tolerable level, if the involved persons (the society) can accept it Standards and rules describe methods to determine the limits of acceptance If such a risk is not tolerable, it must be reduced by means of suitable measures (standards and rules describe measures to reduce risk to an accepted level): E/E/PE measures Other technology measures (e.g., mechanic, hydraulic, ) External risk reduction measures or facilities (e.g., instructions, labels, safety fences, ) Residual risk Tolerable risk Non tolerable risk Necessary risk reduction Rising Risk Actual risk reduction Partial risk covered by other technology Partial risk covered by E/E/PE measures Partial risk covered by external measures Risk reduction achieved by all safety-related systems and external risk reduction facilities
11 Introduction to Functional Safety Risk Reduction - Example SYSTEM Residual risk Tolerable risk Non tolerable risk Necessary risk reduction Actual risk reduction Rising Risk CONVENTIONAL BRAKE (mechanics, hydraulics) Partial risk covered by other technology Partial risk covered by external measures ELECTRO HYDRAULIC BRAKE (hydraulic backup) Partial risk covered by other technology Partial risk covered by E/E/PE measures Partial risk covered by external measures ELECTRO MECHANIC BRAKE (no hydraulic backup) Partial risk covered by E/E/PE measures Partial risk covered by external measures
12 Introduction to Functional Safety Safety Function vs Safety Integrity Key Concepts in IEC standard are RISK and SAFETY FUNCTION Risk is a function of frequency (or likelihood) of the hazardous event and the event consequence severity Risk is reduced to a tolerable level by applying safety function. The SIL (Safety Integrity Level) is the measure of the risk reduction level of the Safety Function. SAFETY FUNCTION Function, which is intended to achieve or maintain a safe state for the equipment under control (EUC) in respect to a specific hazardous event. SAFETY INTEGRITY Probability of a safety-related system satisfactorily performing the required safety function under all stated conditions within a stated period of time (process safety time) Four Level of safety integrity (SIL 1 to 4) Consider all causes of failures (random HW faults and systematic failures) which lead to an unsafe state SAFETY-RELATED SYSTEM Designated system that both: Implements the required safety functions necessary to achieve and maintain a safe state for the EUC Is intended to achieve, on its own or with other E/E/PE safety-related systems, other technology safety-related systems or external risk reduction facilities, the necessary safety integrity for the required safety functions
13 Introduction to Functional Safety Safety Integrity Level According to IEC 61508: The Safety Integrity Level describes the level for the required risk reduction Scale with 4 levels (SIL 1 to SIL 4): SIL 1 = low, SIL 4 = high Identification by approved measures (Risk analysis) Derivation of requirements and measures for the risk reduction depending on the SIL According to ISO 26262: The Automotive Safety Integrity Level describes the level for the required risk reduction Scale with 4 levels (ASIL A to ASIL D): SIL A = low, SIL D = high Identification by the method proposed in the standard IEC ISO QM SIL 1 SIL 2 SIL 3 SIL 4 ASIL A ASIL B ASIL C ASIL D
14 Introduction to Functional Safety Development of Safety Function The development of Safety Functions requires the following main steps: Identify and analyze the risks Determine the tolerability of each risks Determine the risk reduction necessary for each intolerable risk Specify the safety requirements for each risk reduction, including their Safety Integrity Level Design the Safety Functions to meet the safety requirements Implement the safety functions Validate the safety function The safety lifecycle specifies all aspects related to the development process of safety related systems Management of the process itself Definition of system Specification of the system and sub-systems Documentation and configuration management Architectural design Hardware & software design Hardware & software development Test & validation planning Operation, maintenance and decommissioning planning
15 Introduction to Functional Safety Safety Lifecycle according to IEC Concept 2 Overall scope definition 3 Hazard and risk analysis 4 Overall safety requirements 5 Safety requirements allocation Overall planning 6 Overall operation and maintenance planning 7 Overall safety validation planning 8 Overall installation and commissioning planning 9 Safety related systems E/E/PE E/E/PE Safety lifecycle Realisation Software safety lifecycle Safety related systems Other technology 10 Realisation 11 External risk reduction facilities Realisation 12 Overall installation and commissioning 13 Overall safety validation 14 Overall operation, maintenence and repair 15 Overall modification and retrofit 16 Decommissioning or disposal
16 Introduction to Functional Safety Safety Lifecycle according to ISO Vocabulary 2. Management of functional safety 2.5 Overall safety management 2.6 Safety management during item development 2.6 Safety management after release for production 3. Concept phase 4. Product development: system level 3.5 Item definition 3.6 Initiation of the safety lifecycle 3.7 Hazard analyses and risk assesment 3.8 Functional safety concept 4.5 Initiation of product development at systemlevel 4.6 Specification of the technical safety requirements 5. Product development: hardware level 5. Product development: software level 5.5 Initiation of product development at hardware level 5.6 Specification of hardware safety requirements 5.7 Hardware design 5.8 Hardware architetcural metrics 5.9 Evaluation of violation of the safety goal due to hardware random failures 6.5 Initiation of product development at software level 6.6 Specification of software safety requirements 6.7 Software architectural design 6.8 Software unit design and implementation 6.9 Software unit testing 4.11 Release for production 4.10 Functioanl safety assesment 4.9 Safety validation 4.7 System design 4.8 System integration and testing 6.10 Software integration and testing 6.11 Verification of software safety requirements 7. Production and operation 7.5 Production 7.6 Operation, service and decommiissioning 8.5 Interfaces within distributed developments 8. Supporting processes 8.9 Verification 8.12 Qualification of software components 8.6 Specification & management of safety requirements 8.10 Documentation 8.13 Qualification of hardware components 8.7 Configuration management 8.11 Qualification of software tools 8.14 Proven in use argument 8.8 Change management 9. ASIL-oriented and safety-oriented analyses 9.5 Requirement decomposition with respect to ASIL tailoring 9.7 Analysis of dependent failures 9.6 Criteria for coexistence of elements 9.9 Safety analyses 10. Guidelins on ISO (Informative) April 29, 2013
17 FUNCTIONAL SAFETY: Hazard & Risk Analysis December 2011
18 Hazard & Risk Analysis Hazard Analysis In order to perform a risk assessment The hazards (potential source of harm) of the EUC shall be determined systematically, as well as the event sequences leading to them Techniques can be used for the extraction of hazards at system level: Brainstorming Checklists Quality history FMEA Fault Tree Analysis (FTA) Event Tree Analysis (ETA) Product metrics Field studies For each identified hazard, risks shall be determined and assessed If a risk is not tolerable, necessary risk reduction must be evaluated.
19 Hazard & Risk Analysis Risk Assessment Inorder to determine the necessary level of risk reduction (expressed as SIL, ASIL, ) Two reference risk levels must be estimated The EUC risk associated with the Equipment Under Control The level of risk considered tolerable Risk assessment is the procedure to evaluate the EUC risk Risk assessment can be summarized in answering the question: How likely is the EUC to fail and if it does fail, what is the outcome? Frequency x Consequence The EUC risk must be assessed independently from the measures adopted to reduce it The EUC risk must be assessed separately for each determined hazardous event Risk assessment techniques can be Qualitative: provides qualitative risk assessment (used mainly in early risk assessment phase) Semi-quantitative (semi-qualitative): provides discrete risk "levels" Quantitative: provides quantitative risk estimates based on formal mathematical models Several techniques can be adopted ALARP Model Risk Graph / Calibrated Risk Graph Hazardous Event Severity Matrix Layer of protection analysis (LOPA)
20 Hazard & Risk Analysis ALARP Model According to this model, risks can be classified into three classes The risk is so great that it cannot be justified in any ordinary circumstance The risk is, or has been made, so small as to be insignificant The risk falls between the two previous classes and has been reduced to the lowest practicable level When the risk falls in the last class, then it must be reduced to a level which is "ALARP", i.e. "As Low As Reasonably Practicable" Intolerable region ALARP region: Risk is undertaken only if a benefit is desired Broadly accepted region Negligible risk Risk cannot be accepted except in extraordinary circumstances Risk is tolerable only if further risk redusction is impracticable or disproportionate to the benefits obtained The more the risk is reduced, the less must be spent to reduce it further to satisfy ALARP
21 Hazard & Risk Analysis ALARP Model According to this model, risks can be classified into three classes The risk is so great that it cannot be justified in any ordinary circumstance The risk is, or has been made, so small as to be insignificant The risk falls between the two previous classes and has been reduced to the lowest practicable level When the risk falls in the last class, then it must be reduced to a level which is "ALARP", i.e. "As Low As Reasonably Practicable" Intolerable region ALARP region: Risk is undertaken only if a benefit is desired Broadly accepted region Negligible risk Risk cannot be accepted except in extraordinary circumstances Risk is tolerable only if further risk redusction is impracticable or disproportionate to the benefits obtained The more the risk is reduced, the less must be spent to reduce it further to satisfy ALARP
22 Hazard & Risk Analysis ALARP Model - Example As an example consider the following table where risk classes are I (lowest risk), II, III, IV (highest risk) Consequence Frequency Catastrophic Critical Marginal Negligible Frequent IV IV IV III Probable IV IV III II Occasional IV III II II Remote III II II I Improbable II II I I Incredible I I I I The interpretation of risk classes in terms of the ALARP model might be: Risk class I II III IV ALARP Interpretation Negligible risk Tolerable risk if the cost of risk reduction would exceed the improvement gained Undesirable risk. Tolerable only if risk reduction is impracticable or if the costs are grossly disproportionate to the improvement gained. Intolerable risk
23 Hazard & Risk Analysis Risk Graph Method The risk graph method is based on the following equation Where R = function of f, C R is the risk with no safety-related systems in place f is the frequency of the hazardous event with no safety-related systems in place C is the consequence of the hazardous event The frequency is inturn influenced by Frequency and exposure time in the hazardous zone Possibility of avoiding the hazardous event Probability of the hazardous event taking place with no safety-related measures in place but with other risk reduction facilities (probability of unwanted occurrence) This extends the number of parameters to be considered to four C = Consequence of the hazardous event S = Severity F = Frequency and exposure time in the hazardous zone E = Exposure P = Possibility of failing to avoid the hazardous event C = Controllability W = Probability of the unwanted occurrence --- ISO 26262
24 Hazard & Risk Analysis Risk Graph Method - Example The implementation of a risk graph requires Defining values / levels for each parameter Defining the relations between parameters and their levels The values / levels of the parameters, expressed qualitatively or quantitatively as number, must be: Justified on a rigorous and widely accepted basis Agreed with all the parties involved W 3 W 2 W 1 C: CA < CB < CC < CD F: FA < FB P: PA < PB W: WA < WB < WC Start C A C B C C C D F A F B F A F B F A P A P B P A P B P A P B X 1 X 2 X 3 X 4 X 5 a SIL 1 SIL 2 SIL 3 SIL 4 a SIL 1 SIL 2 SIL a SIL 1 SIL 2 F B P A P B X 6 b SIL 4 SIL 3 Using different integrity scales, e.g. W1, W2 and W3 Allows accounting explicitly for other risk reduction measures From one scale to another there is an integrity level "shift" --- No safety requirements a No special safety requirements b Single E/E/PE system not sufficient
25 Hazard & Risk Analysis HRA acc. to ISO SEVERITY Class S0 S1 S2 S3 Reference for single injuries (from AIS scale) Maximum AIS 0 Damage that cannot be classified safety-related, e.g. bumps with roadside infrastructure Maximum AIS 1-2 more than 10% probability of AIS 1-6 (and not S2 or S3) Maximum AIS 3-4 more than 10% probability of AIS 3-6 (and not S3) Maximum AIS 5-6 more than 10% probability of AIS 5-6 AIS (Abbreviated Injury Scale): The AIS represents a classification of the severity of injuries and is issued by AAAM (Association for the Advancement of Automotive Medicine): AIS 0: no injuries. AIS 1: light injuries such as skin-deep wounds, muscle pains, whiplash etc. AIS 2: moderate injuries such as deep flesh wounds, concussion with up to 15 minutes of unconsciousness, AIS 3: severe but not life-threatening injuries such as skull fractures without brain injury, spinal dislocations below the fourth cervical vertebra without damage to the spinal cord, AIS 4: severe injuries (life-threatening, survival probable) such as concussion with or without skull fractures with up to 12 hours of unconsciousness, paradoxical breathing. AIS 5: critical injuries (life-threatening, survival uncertain) such as spinal fractures below the fourth cervical vertebra with damage to the spinal cord, more than 12 hours of unconsciousness including intracranial bleeding, AIS 6: extremely critical or fatal injuries such as fractures of the cervical vertebrae above the third cervical vertebra with damage to the spinal cord, extremely critical open wounds of body cavities (thoracic and abdominal cavities),
26 Hazard & Risk Analysis HRA acc. to ISO SEVERITY (Informative examples) Class S0 S1 S2 S3 Informative examples Side collision, e.g. crashing into a tree Side collision with a passenger car Rear/front collision between two passenger cars Other collisions Under riding a truck Pedestrian/bicycle accident Pushing over roadside infrastructure Light collision Light grazing damage Damage while entering or leaving a parking space Leaving the road without collision or rollover Δv <15km/h 15 < Δv <25 km/h Δv >25 km/h Δv <15km/h 15 < Δv <35 km/h Δv >35 km/h Δv <20km/h 20 < Δv <40 km/h Δv >40 km/h Scrape collision with little vehicle to vehicle overlap Without deformation of the passenger cell E.g. during a turning manoeuver inside built-up area Roof or side collision with considerable deformation With deformation of the passenger cell Outside built-up area
27 Hazard & Risk Analysis HRA acc. to ISO EXPOSURE Class E0 E1 E2 E3 Description Very low probability Low probability Medium probability High probability Definition of duration / probability of exposure Not specified < 1% of average operating time 1% - 10% of average operating time > 10% of average operating time Informative examples - Pulling a trailer Driving with roof rack Driving on a mountain pass with unsecured steep slope Snow and ice Driving backwards Fuelling Overtaking Car wash Tunnels Hill hold Night driving on roads without streetlights Wet roads Congestion Accelerating Braking Steering Parking Driving on highways Driving on secondary roads City driving Classes of probability of exposure regarding duration/probability of exposure in initial situations
28 Hazard & Risk Analysis HRA acc. to ISO EXPOSURE Class E0 E1 E2 E3 Description Extremely low probability Low probability Medium probability High probability Definition of frequency of exposure Situations that occur less often than once a year for the great majority of drivers Situations that occur a few time a year for the great majority of drivers Situations that occur once a month or more often for an average driver All situations that occur during almost every drive on average Informative examples Stop at railway crossing, which requires start of engine Towing Jump start Pulling a trailer, driving with roof rack Driving on a mountain pass with unsecured steep slope Driving situation with deviation from desired path Snow and ice Fuelling Overtaking Tunnels Hill hold Car wash Wet roads Congestion Starting Shifting gears Accelerating Braking Steering Using indicators Parking Driving backwards Classes of probability of exposure regarding frequency in initial situations
29 Hazard & Risk Analysis HRA acc. to ISO CONTROLLABILITY Class C0 C1 C2 C3 Description Controllable in general Simply controllable Normally controllable Difficult to control or uncontrollable Definition Controllable in general 99% or more of all drivers or other traffic participants are usually able to avoid a specific harm 90% or more of all drivers or other traffic participants are usually able to avoid a specific harm Less than 90% of all drivers or other traffic participants are usually able, or barely able, to avoid a specific harm. Informative examples Unexpected increase in radio volume Situations that are considered distracting Unavailability of a driver assisting system When starting the vehicle with a locked steering column, the car can be brought to stop by almost all drivers early enough to avoid a specific harm to persons nearby. Faulty adjustment of seats while driving can be controlled by almost all drivers by bringing the vehicle to a stop. Avoid departing from the lane in case of a failure of ABS during emergency braking. Avoid departing from the lane in case of a motor failure at high lateral acceleration (motorway exit). Bring the vehicle to a stop in case of a total lighting failure at medium or high speed on an unlighted country road without departing from the lane in an uncontrolled manner. Avoid hitting an unlit vehicle on an unlit country road. Wrong steering with high angular speed at medium or high vehicle speed can hardly be controlled by the driver. Cannot avoid departing from the lane on snow or ice on a bend in case of a failure of ABS during emergency braking. Cannot bring the vehicle to a stop if a total loss of braking performance occurs. In the case of faulty airbag release at high or moderate vehicle speed, the driver usually cannot prevent vehicle from departing from the lane.
30 Hazard & Risk Analysis HRA acc. to ISO RISK MATRIX Note: If a hazard is assigned to a Severity class S0 or Controllability class C0, or Exposure class E0, no ASIL (SIL) assignment is required.
31 Hazard & Risk Analysis When the required SIL is assessed? Based on the required Safety Integrity Level Different requirement on the design and the process apply Different techniques and measures should be used Requirements to the integrity of HW SIL Low Demand Mode of Operation (PFD probability of failure on demand) e.g., airbag High Demand Mode of Operation (PFH probability of failure per hour) e.g., brake / steer by wire PFD < PFH < FIT< PFD < PFH < FIT < PFD < PFH < FIT < PFD < PFH < FIT < 10 Requirements to the integrity of SW Requirements to SW design and development (architecture, support tools, programming language, code implementation, testing, ) Requirements to SW diagnostics to achieve the required HW integrity
32 Training Course: An introduction to Functional Safety Basic course on Functional Safety (2 days) Info: Web: Mail: Tel: For any request related to Functional Safety area: ENRICO SILANI Mail:
ISO 26262 Introduction
ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product
More informationASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY
ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment
More informationUniversity of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities
II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when
More informationHow to Upgrade SPICE-Compliant Processes for Functional Safety
How to Upgrade SPICE-Compliant Processes for Functional Safety Dr. Erwin Petry KUGLER MAAG CIE GmbH Leibnizstraße 11 70806 Kornwestheim Germany Mobile: +49 173 67 87 337 Tel: +49 7154-1796-222 Fax: +49
More informationISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview
ISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview Barbara J. Czerny, Joseph D Ambrosio, Rami Debouk, General Motors Research and Development Kelly
More informationControlling Risks Safety Lifecycle
Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system
More informationIntroduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level
ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development
More informationTÜ V Rheinland Industrie Service
TÜ V Rheinland Industrie Service Business Area: Automation / Functional Safety Contact Minsung Lee +82-2-860-9969 mailto : minsung.lee@kor.tuv.com Sales Account Manager for Functional Safety Fax +82-2-860-9862
More informationSafety Integrity Levels
Séminaire de Sûreté de Fonctionnement de l X Safety Integrity Levels Antoine Rauzy École Polytechnique Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted
More informationTÜV FS Engineer Certification Course www.silsupport.com www.tuv.com. Being able to demonstrate competency is now an IEC 61508 requirement:
CC & technical support services TÜV FS Engineer Certification Course www.silsupport.com www.tuv.com Being able to demonstrate competency is now an IEC 61508 requirement: CAPITALISE ON EXPERT KNOWLEDGE
More informationJEREMY SALINGER Innovation Program Manager Electrical & Control Systems Research Lab GM Global Research & Development
JEREMY SALINGER Innovation Program Manager Electrical & Control Systems Research Lab GM Global Research & Development ROADMAP TO AUTOMATED DRIVING Autonomous Driving (Chauffeured Driving) Increasing Capability
More informationIEC 61508 Overview Report
IEC 61508 Overview Report A Summary of the IEC 61508 Standard for Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems exida Sellersville, PA 18960, USA +1-215-453-1720
More informationDr. Brian Murray March 4, 2011
Event that could lead to an accident GM Autonomy HAZARD 1 Q=6e-7 Event that could lead to a hazard Control to prevent HAZARDOUS EVENT 1 HAZARDOUS EVENT 1 HAZARD CONTROL 1 r=6e-008 Q=0.0006 Q=0.001 Q=0.001
More informationTÜV Rheinland Functional Safety Program Functional Safety Engineer Certification
TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification The TÜV Rheinland Functional Safety Program is a unique opportunity to provide certified evidence of competency in functional
More informationRisk Assessment for Medical Devices. Linda Braddon, Ph.D. Bring your medical device to market faster 1
Risk Assessment for Medical Devices Linda Braddon, Ph.D. Bring your medical device to market faster 1 My Perspective Work with start up medical device companies Goal: Making great ideas into profitable
More informationImpact of Safety Standards to Processes and Methodologies. Dr. Herbert Eichfeld
Impact of Safety Standards to Processes and Methodologies Dr. Herbert Eichfeld Impact to Processes, Methodologies, Products Processes + New/changed role descriptions (e.g. safety manager) + Assignments
More informationControlling Risks Risk Assessment
Controlling Risks Risk Assessment Hazard/Risk Assessment Having identified the hazards, one must assess the risks by considering the severity and likelihood of bad outcomes. If the risks are not sufficiently
More informationA System-safety process for by-wire automotive systems
A System-safety process for by-wire automotive systems Steer-by-wire and other by-wire systems (as defined in this article) offer many passive and active safety advantages. To help ensure these advantages
More informationFunctional Safety and Automotive SW - Engineering Introduction ISO 26262 @ Daimler
Functional Safety and Automotive SW - Engineering Introduction ISO 26262 @ Daimler Dr. Juergen Schwarz Senior Manager Functional Safety & E/E - Processes WOCS 2012 September 27, 2012, Tokyo, Japan Overview
More informationRISK MANAGEMENT FOR INFRASTRUCTURE
RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all
More informationLSST Hazard Analysis Plan
LSST Hazard Analysis Plan Large Synoptic Survey Telescope 950 N. Cherry Avenue Tucson, AZ 85719 www.lsst.org 1. REVISION SUMMARY: Contents 1 Introduction... 5 2 Definition of Terms... 5 2.1 System... 5
More informationSAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR
SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR The information and any recommendations that may be provided herein are not intended
More informationGood afternoon how address / ask translators It is my privilege today to share with you perspectives of systems engineering for safety critical
Good afternoon how address / ask translators It is my privilege today to share with you perspectives of systems engineering for safety critical systems. Many of you come from impressive backgrounds and
More informationValue Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity
Value Paper Author: Edgar C. Ramirez Diverse redundancy used in SIS technology to achieve higher safety integrity Diverse redundancy used in SIS technology to achieve higher safety integrity Abstract SIS
More informationIntelligent development tools Design methods and tools Functional safety
Intelligent development tools Design methods and tools Functional safety Flanders DRIVE Index: Flanders DRIVE 1 Importance of functional safety 2 Functional safety for mechatronic systems 4 Global functional
More informationHardware safety integrity Guideline
Hardware safety integrity Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed
More informationFunctional Safety with ISO 26262 Principles and Practice Dr. Christof Ebert, Dr. Arnulf Braatz Vector Consulting Services
Functional Safety with ISO 26262 Principles and Practice Dr. Christof Ebert, Dr. Arnulf Braatz Vector Consulting Services Welcome to the Webinar Functional Safety with ISO 26262 Webinar Part 1, Principles
More informationIntroduction into IEC 62304 Software life cycle for medical devices
Introduction into IEC 62304 Software life cycle for medical devices Christoph Gerber 4. September 2008 SPIQ 9/5/2008 1 Agenda Current Picture Regulatory requirements for medical device software IEC 62304
More informationSIL manual. Structure. Structure
With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery for Products and Services of the Electrical Industry, published by the Central
More informationReduce Medical Device Compliance Costs with Best Practices. mark.pitchford@ldra.com
Reduce Medical Device Compliance Costs with Best Practices mark.pitchford@ldra.com 1 Agenda Medical Software Certification How new is Critical Software Certification? What do we need to do? What Best Practises
More informationAn introduction to Functional Safety and IEC 61508
An introduction to Functional Safety and IEC 61508 Application Note AN9025 Contents Page 1 INTRODUCTION........................................................... 1 2 FUNCTIONAL SAFETY.......................................................
More informationMethods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons
Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons 1 Introduction by W G Gulland (4-sight Consulting) The concept of safety integrity levels (SILs) was introduced during the
More informationSafety Lifecycle illustrated with exemplified EPS
September 2012 Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, mobilegt, PowerQUICC, Processor Expert, QorIQ,
More informationSafety Certification of Software-Intensive Systems with Reusable Components
Safety Certification of Software-Intensive Systems with Reusable Components Report type Report name Deliverable D4.4.1 Guidelines for tools and methodology integration for reusability of component in other
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More informationIEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.
61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.:
More informationHow To Understand The Safety Of A Motorcycle
Disclaimer All reasonable endeavours are made to ensure the accuracy of the information in this report. However, the information is provided without warranties of any kind including accuracy, completeness,
More informationISO 26262:2011 Functional Safety Assessment Report. Texas Instruments Richardson, TX USA. Project: TDA2X ADAS SoC. Customer:
ISO 26262:2011 Functional Safety Report Project: TDA2X ADAS SoC Customer: Texas Instruments Richardson, TX USA Contract No.: Q13/09-037 Report No.: TI 13-09-037 R002 Version V1, Revision R1, January 23,
More informationSoftware in safety critical systems
Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions
More informationTÜV Rheinland Functional Safety Engineer Certificate (Process Hazard & Risk Analysis)
TÜV Rheinland Functional Safety Engineer Certificate (Process Hazard & Risk Analysis) Controlling risks within major hazard enterprises requires a robust process safety management (PSM) system and the
More informationDigges 1 INJURIES TO RESTRAINED OCCUPANTS IN FAR-SIDE CRASHES. Kennerly Digges The Automotive Safety Research Institute Charlottesville, Virginia, USA
INJURIES TO RESTRAINED OCCUPANTS IN FAR-SIDE CRASHES Kennerly Digges The Automotive Safety Research Institute Charlottesville, Virginia, USA Dainius Dalmotas Transport Canada Ottawa, Canada Paper Number
More informationVersion: 1.0 Latest Edition: 2006-08-24. Guideline
Management of Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed but please
More informationELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL
61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable
More informationEin einheitliches Risikoakzeptanzkriterium für Technische Systeme
ETCS Prüfcenter Wildenrath Interoperabilität auf dem Korridor A Ein einheitliches Risikoakzeptanzkriterium für Technische Systeme Siemens Braunschweig, Oktober 2007 Prof. Dr. Jens Braband Page 1 2007 TS
More informationHow To Know If A Motorcyclist Is Safe
Motorcyclists CRASH FACTSHEET November 2013 CRASH STATISTICS FOR THE YEAR ENDED 31 DECEMBER 2012 Prepared by the Ministry of Transport In 2012, 50 motorcyclists 1 died and a further 1,138 were injured
More informationEdwin Lindsay Principal Consultant. Compliance Solutions (Life Sciences) Ltd, Tel: + 44 (0) 7917134922 E-Mail: elindsay@blueyonder.co.
Edwin Lindsay Principal Consultant, Tel: + 44 (0) 7917134922 E-Mail: elindsay@blueyonder.co.uk There were no guidelines/ regulations There was no training No Procedures No Inspectors Inform All staff of
More informationReducing Steps to Achieve Safety Certification
Reducing Steps to Achieve Safety Certification WP-01174-1.0 White Paper This white paper describes the successful steps in achieving certification for an FPGA implementation of an application certified
More informationSAFETY LIFE-CYCLE HOW TO IMPLEMENT A
AS SEEN IN THE SUMMER 2007 ISSUE OF... HOW TO IMPLEMENT A SAFETY LIFE-CYCLE A SAFER PLANT, DECREASED ENGINEERING, OPERATION AND MAINTENANCE COSTS, AND INCREASED PROCESS UP-TIME ARE ALL ACHIEVABLE WITH
More informationDefensive Driving While Towing a Trailer By Elizabeth Koncki, Maryland Department of Agriculture
Defensive Driving While Towing a Trailer By Elizabeth Koncki, Maryland Department of Agriculture Many of you have heard the term defensive driving, but maybe you may have not been taught the method or
More informationOverview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems
Overview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems Simon Brown The author is with the Health & Safety Executive, Magdalen House, Bootle, Merseyside,
More informationSafety Analysis based on IEC 61508: Lessons Learned and the Way Forward
Safety Analysis based on IEC 61508: Lessons Learned and the Way Forward Jens Braband SAFECOMP 2006 Empfohlen Gdansk, September wird auf dem 2006Titel der Einsatz eines vollflächigen Hintergrundbildes (Format:
More informationState of Minnesota Model Fleet Safety Management Standards
State of Minnesota Model Fleet Safety Management Standards Anyone who has ever been involved in even a minor fender bender is aware of the resulting fallout which involves time, money and effort. Accidents
More informationSafety controls, alarms, and interlocks as IPLs
Safety controls, alarms, and interlocks as IPLs Angela E. Summers, Ph.D., P.E. SIS-TECH Solutions 12621 Featherwood Dr. Suite 120, Houston, TX 77034 Keywords: safety controls, alarms, interlocks, SIS,
More informationRole of the systems engineer in safety critical systems. Dr. Cecilia Haskins, CSEP Keynote address WOCS 27. September 2012
Role of the systems engineer in safety critical systems Dr. Cecilia Haskins, CSEP Keynote address WOCS 27. September 2012 Roadmap About safety critical systems Relevant standards, including ISO/IEC 15288:
More informationNew York Car Accident Lawyers
New York Car Accident Lawyers What you need to know when you are hurt in a car accident An ebook by Stuart DiMartini, Esq. 1325 Sixth Avenue, 27 th Floor New York, NY 10019 212-5181532 dimartinilaw.com
More informationDesign of automatic testing tool for railway signalling systems software safety assessment
Risk Analysis VI 513 Design of automatic testing tool for railway signalling systems software safety assessment J.-G. Hwang 1, H.-J. Jo 1 & H.-S. Kim 2 1 Train Control Research Team, Korea Railroad Research
More informationRisk Assessment / Risk Management Protocol
1 Canadian Pacific Railway Risk Assessment / Risk Management Protocol Overview / Outline At Canadian Pacific Railway, we conduct risk assessments of our activities and operations for a number of different
More informationSystem Safety Process Applied to Automotive High Voltage Propulsion Systems
System Safety Process Applied to Automotive High Voltage Propulsion Systems ISSC Tutorial Mark Vernacchia, Galen Ressler, Padma Sundaram August 2015 Tutorial Overview Objectives Safety Process Overview
More informationSafety Issues in Automotive Software
Safety Issues in Automotive Software Paolo Panaroni, Giovanni Sartori INTECS S.p.A. SAFEWARE 1 INTECS & Safety A very large number of safety software development, V&V activities and research project on
More informationIdentifying Factors Underlying Injury
Moving Towards Competency in Injury Prevention Identifying Factors Underlying Injury Thomas Songer, PhD University of Pittsburgh Center for Injury Research & Control Lecture Objectives On completion of
More informationPABIAC Safety-related Control Systems Workshop
Health and and Safety Executive PABIAC Safety-related Control Systems Workshop KEY STANDARDS FOR ELECTRICAL & FUNCTIONAL SAFETY OF PAPERMAKING MACHINES: APPLICATION & USE Steve Frost HM Principal Electrical
More informationDEFENSIVE DRIVING. It s an Attitude
DEFENSIVE DRIVING It s an Attitude RLI Design Professionals Design Professionals Learning Event DPLE 155 July 15, 2015 RLI Design Professionals RLI Design Professionals is a Registered Provider with The
More informationA System-Safety Process For By-Wire Automotive Systems
SAE TECHNICAL PAPER SERIES 2000-01-1056 A System-Safety Process For By-Wire Automotive Systems Sanket Amberkar, Joseph G. D Ambrosio and Brian T. Murray Delphi Automotive Systems Joseph Wysocki HRL Laboratories
More informationIdentifying and Understanding Relevant System Safety Standards for use in the Automotive Industry
SAE TECHNICAL PAPER SERIES 2003-01-1293 Identifying and Understanding Relevant System Standards for use in the Automotive Industry Barbara J. Czerny, Joseph G. D Ambrosio, Paravila O. Jacob and Brian T.
More informationRisk Assessment and Management. Allen L. Burgenson Manager, Regulatory Affairs Lonza Walkersville Inc.
Risk Assessment and Management Allen L. Burgenson Manager, Regulatory Affairs Lonza Walkersville Inc. Standard Disclaimer Standard Disclaimer: This presentation is the opinion of the presenter, and does
More informationSpeeding. Probability of death at different impact speeds
Speeding CRASH FACTSHEET 2012 CRASH STATISTICS FOR THE YEAR ENDED 31 DECEMBER 2011 Prepared by the Ministry of Transport In this fact sheet speeding is defined as driving too fast for the conditions. The
More informationOREGON TRAFFIC ACCIDENT AND INSURANCE REPORT
DMV OREGON TRAFFIC ACCIDENT AND INSURANCE REPORT Tear this sheet off your report, read and carefully follow the directions. ONLY drivers involved in an accident resulting in any of the following MUST file
More information15-Passenger Van Safety Frequently Asked Questions & Recommendations for Safe Operation
15-Passenger Van Safety Frequently Asked Questions & Recommendations for Safe Operation Mississippi Institutions of Higher Learning Safety and Loss Control FY 20 0 6 Page 1 of 7 15-Passenger Van Safety
More informationFrequently Asked Questions
Frequently Asked Questions The exida 61508 Certification Program V1 R8 October 19, 2007 exida Geneva, Switzerland Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547 1 Exida
More informationFunktionale Sicherheit IEC 61508 & IEC 62443
Funktionale Sicherheit IEC 61508 & IEC 62443 Seite 1 PROFIsafe trifft New York PROFIsafe Senior Safety Expert Siemens AG, DF FA AS E&C-PRM3 bernard.mysliwiec@siemens.com Seite 2 Roosevelt Island Picture
More informationTitle: Basic Principles of Risk Management for Medical Device Design
Title: Basic Principles of Risk Management for Medical Device Design WHITE PAPER Author: Ganeshkumar Palanichamy Abstract Medical devices developed for human application are used for diagnostic or treatment
More informationVersion: 1.0 Last Edited: 2005-10-27. Guideline
Process hazard and risk Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary This report will try
More informationDoes the Federal government require them? No, the Federal government does not require manufacturers to install EDRs.
EDR Q&As THE BASICS What is an EDR? What is its purpose? An Event Data Recorder (EDR) is a function or device installed in a motor vehicle to record technical vehicle and occupant information for a brief
More informationThe Concepts of IEC 61508
The Concepts of IEC 61508 An Overview and Analysis Sommersemester 2001 Prof. Peter B. Ladkin PhD ladkin@rvs.uni-bielefeld.de Motivation: Clear Concepts Concepts must be clear in order to enable easy and
More informationFrequently Asked Questions
Frequently Asked Questions The exida Certification Program Functional Safety (SIL) Cyber-Security V2 R3 June 14, 2012 exida Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547
More informationLevel 2 Award in Safe Driving at Work
Level 2 Award in Safe Driving at Work Student notes (sample) www.britsafe.org Membership Training Qualifications Audit and Consultancy Audit and Policy Consultancy and Opinion Policy Awards and Opinion
More informationDRIVING TEST POSSIBLE QUESTIONS & ANSWERS.
DRIVING TEST POSSIBLE QUESTIONS & ANSWERS. Question 1. What shape and colour is a warning sign? Diamond Shape - Yellow and Black Question 2. When should you not drive? While under the influence of alcohol,
More informationDMV. OREGON TRAFFIC ACCIDENT AND INSURANCE REPORT Tear this sheet off your report, read and carefully follow the directions.
OREGON TRAFFIC ACCIDENT AND INSURANCE REPORT Tear this sheet off your report, read and carefully follow the directions. ONLY drivers involved in an accident resulting in any of the following MUST file
More informationDesigning an Effective Risk Matrix
Designing an Effective Risk Matrix HENRY OZOG INTRODUCTION Risk assessment is an effective means of identifying process safety risks and determining the most cost-effective means to reduce risk. Many organizations
More informationthe Ministry of Transport is attributed as the source of the material
Disclaimer All reasonable endeavours are made to ensure the accuracy of the information in this report. However, the information is provided without warranties of any kind including accuracy, completeness,
More informationAccident configurations and injuries for bicyclists based on the German In-Depth Accident Study. Chiara Orsi
Accident configurations and injuries for bicyclists based on the German In-Depth Accident Study Chiara Orsi Centre of Study and Research on Road Safety University of Pavia State of the art Vulnerable road
More informationClinical Risk Management: Agile Development Implementation Guidance
Document filename: Directorate / Programme Document Reference NPFIT-FNT-TO-TOCLNSA-1306.02 CRM Agile Development Implementation Guidance v1.0 Solution Design Standards and Assurance Project Clinical Risk
More informationDeveloping software for Autonomous Vehicle Applications; a Look Into the Software Development Process
Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process By Andreas Lindenthal and Franz Walkembach, Wind River The concept of autonomous vehicles or unmanned
More informationMary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9
Mary Ann Lundteigen Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen Safety instrumented systems in the oil and gas industry: Concepts and methods for safety and reliability assessments in design and
More informationSoftware-based medical devices from defibrillators
C O V E R F E A T U R E Coping with Defective Software in Medical Devices Steven R. Rakitin Software Quality Consulting Inc. Embedding defective software in medical devices increases safety risks. Given
More informationthe Ministry of Transport is attributed as the source of the material
Disclaimer All reasonable endeavours are made to ensure the accuracy of the information in this report. However, the information is provided without warranties of any kind including accuracy, completeness,
More informationCommercial Auto Claims Services
Commercial Auto Claims Services Getting Businesses Back on the Road Commercial Auto Capabilities Collision and Glass Repair Networks Reporting an Auto Claim www.thehartford.com/losscontrol COMMERCIAL CLAIMS
More informationSOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND. Queensland 4072 Australia TECHNICAL REPORT
SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND Queensland 4072 Australia TECHNICAL REPORT No. 99-30 A Survey of International Safety Standards Axel
More informationThe Impact Of Measuring Driver And Vehicle Behavior
The Impact Of Measuring Driver And Vehicle Behavior Why Businesses are Investing in Fleet Data A Teletrac Whitepaper The Impact Of Measuring Driver And Vehicle Behavior Data has many meanings. Virtually
More informationGuidance note. Risk Assessment. Core concepts. N-04300-GN0165 Revision 4 December 2012
Guidance note N-04300-GN0165 Revision 4 December 2012 Risk Assessment Core concepts The operator of an offshore facility must conduct a detailed and systematic formal safety assessment, which includes
More informationOccupational safety risk management in Australian mining
IN-DEPTH REVIEW Occupational Medicine 2004;54:311 315 doi:10.1093/occmed/kqh074 Occupational safety risk management in Australian mining J. Joy Abstract Key words In the past 15 years, there has been a
More informationUnderstanding Safety. Why SIL is important and how SIL compliance benefits you.
Understanding Safety Integrity Levels (SIL) Why SIL is important and how SIL compliance benefits you. By Byron McLendon, P.E. 6/13/2013 Understanding Safety Integrity Levels (SIL) Defining Safety and Risk
More informationRequirements-driven Verification Methodology for Standards Compliance
Requirements-driven Verification Methodology for Standards Compliance Serrie-justine Chapman (TVS) serrie@testandverification.com Mike Bartley (TVS) mike@testandverification.com Darren Galpin (Infineon)
More informationImproving Driving Safety Through Automation
Improving Driving Safety Through Automation Congressional Robotics Caucus John Maddox National Highway Traffic Safety Administration July 25, 2012 NHTSA s Missions Safety Save lives, prevent injuries and
More informationPlatoon illustration Source: VOLVO
SARTRE: SAfe Road TRains for the Environment Arturo Dávila Mario Nombela IDIADA Automotive Technology SA 1. Introduction The SARTRE project aims at encouraging an evolutional change in the use of personal
More informationChange Impact analysis
1 Change Impact analysis and the safety standard IEC 61508:2010 series Author and presenter: Thor Myklebust SINTEF ICT Authors: Tor Stålhane, IDI NTNU Geir Hanssen, SINTEF ICT Børge Haugset, SINTEF ICT
More informationDeaths/injuries in motor vehicle crashes per million hours spent travelling, July 2008 June 2012 (All ages) Mode of travel
Cyclists CRASH STATISTICS FOR THE YEAR ENDED 31 DECEMBER 212 Prepared by the Ministry of Transport CRASH FACTSHEET November 213 Cyclists have a number of risk factors that do not affect car drivers. The
More informationPFSE Premier Functional Safety Engineering Safety Instrumented Systems Course Outline
in cooperation with TÜV Industrie Service GmbH Automation, Software and Information Technology - ASI PCS is TÜV Industrie Service GmbH, ASI accepted course provider for the TÜV Functional Safety Program
More informationSafety and security related features in AUTOSAR
Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22
More information