Safety Integrity Levels
|
|
- Bethanie Lane
- 8 years ago
- Views:
Transcription
1 Séminaire de Sûreté de Fonctionnement de l X Safety Integrity Levels Antoine Rauzy École Polytechnique
2 Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted these notions? Calculations Wrap-Up
3 Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted these notions? Calculations Wrap-Up
4 Risk: a Bi-Dimensional Notion A Riskfor a Systemis a pair (e,q), where e is an Initiating Eventthat leads the system into a Degraded State q in which the integrity of the system is more or less severely impacted. Whether a Risk is Acceptabledepends on the Frequency of the event e and Severityof the degradation in the state q. IEC Risk Matrix Frequency Severity Negligible Marginal Critical Catastrophic Minor injuries at worst Major injuries to one or more persons Loss of a single life Multiple loss of life Frequent > 10 3 Undesirable Unacceptable Unacceptable Unacceptable Probable 10-3 to 10-4 Tolerable Undesirable Unacceptable Unacceptable Occasional 10-4 to 10-5 Tolerable Tolerable Undesirable Unacceptable Remote 10-5 to 10-6 Acceptable Tolerable Tolerable Undesirable Improbable 10-6 to 10-7 Acceptable Acceptable Tolerable Tolerable Incredible 10-7 Acceptable Acceptable Acceptable Acceptable
5 Risk Mitigation To Mitigatea Risk, one has to reduce its Frequency or its Severityor both. Risk Mitigationis usually achieved by means of Safety Mechanisms and induces of additional Development Efforts. Risk Reduction of the Frequency Reduction of the Severity
6 Safety Standards Safety is regulated by Standards IEC Industrial Processes IEC IEC IEC Safety Instrumented Systems EN 50126, 50128, ISO Nuclear Machines Train Automotive ARP 4761 ARP 4754 DO 178B (C) DO 254 Avionic Strongly related concepts appear under different names in standards: Safety Integrity Levels(IEC 61508, IEC ) } Automotive Safety Integrity Levels(ISO 26262) Design Assurance Levels(ARP 4754, ARP 4761, DO 178B) Tolerable Hazard Rate(EN 50126, EN , EN ) are indicators of : The severity of the risk under consideration The mitigation necessary to make this risk acceptable The effortto be done to achieve this risk mitigation }
7 Design Assurance Levels ARP 4754 Severity A Risk is acceptable when its frequency per flight hour is lower than the one defined for the DAL corresponding to its severity Minor Major Hazardous Catastrophic Failure is noticeable, but has a lesser impact than a Major failure (for example, causing passenger inconvenience or a routine flight plan change) Failure is significant, but has a lesser impact than a Hazardous failure (for example, leads to passenger discomfort rather than injuries) or significantly increases crew workload Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers Failure may cause a crash. Error or loss of critical function required to safely fly and land aircraft Probable 10-5 < F 10-1 DAL D Unacceptable Unacceptable Unacceptable Frequency per flight hour Occasional 10-7 < F 10-5 Acceptable DAL C Unacceptable Unacceptable Remote 10-9 < F 10-7 Negligible Acceptable DAL B Unacceptable improbable F 10-9 Negligible Negligible Acceptable DAL A
8 IEC 61508: Safety Instrumented Systems Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems: Safety Instrumented Systems Logic Controller Sensors Actuators Risk: over pressure in the reactor IEC Prescriptions/Concerns: 1. Reduction of Systematic Failures (e.g. errors in the logic of the controller) 2. Probabilistic Safety Assessment (random mechanical failures in the SIS) 3. Architectural constraints (redundancies )
9 IEC 61508: Safety Integrity Levels The Safety Integrity Level (SIL)of the Safety Instrumented System (SIS)is determined by the Risk Reduction Factor (RRF) provided by the SIStotheEquipment Under Control (EUC). Assuming that the SIS prevents the whole risk, this is also a measure of the likelihood of a Failure of the SIS. Low Demand Mode: Probability of Failure on Demand (PFDaverage) High Demand Mode: Probabilityof Failure per Hour (PFH) SIL to 10-4 (RFF > 10000) 10-9 to 10-8 SIL to 10-3 (1000 RFF < 10000) 10-8 to 10-7 SIL to 10-2 (100 RFF < 1000) 10-7 to 10-6 SIL to 10-1 (10 RFF < 100) 10-6 to 10-5
10 Other Standards Similar concepts are used in other Standards, e.g. ISO EN ASIL ASIL D < 10-8 h -1 ASIL C < 10-7 h -1 ASIL B < 10-6 h -1 ASIL A < 10-5 h -1 Random hardwarefailure target values Maximum THR per hour SIL 10-9 to to to to
11 Issues with IEC The formulation of the current version of IEC (next version expected in 2015) raises a number of problems: Fuzzy definitions: High demand mode: systems that operate continuously (more than once per year) Low demand mode: systems that operate intermittently (less than once a year) Obscure concepts: PFD? PFH? Safe Failure Fraction Formulas given without justification Many issues not taken into account, e.g. ageing, failure dependencies Low Demand Mode: Probability of Failure on Demand (PFDaverage) High Demand Mode: Probabilityof Failure per Hour (PFH) SIL to to 10-8 SIL to to 10-7 SIL to to 10-6 SIL to to 10-5
12 Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted these notions? Calculations Wrap-Up
13 Risk = Hazard x Exposure Hazard: Condition, event, or circumstance that could lead to or contribute to an unplanned or undesirable event (FAA). The initiating event of the accident sequence can be externalto the system, i.e. a hazard, or internalor a combination of both. The frequency of the risk is the product of the probabilityof this initiating event and the exposure time. Bird Strike taxi takeoff initial climb climb cruise descent initial approach final approach landing exposure 1% 1% 14% 57% 11% 12% 3% 1% accidents 12% 12% 8% 10% 8% 4% 10% 11% 25% fatalities 0% 16% 14% 13% 16% 4% 12% 13% 12% Averaging the risk per use hour (here flight hour) may be incorrect: although a bird strike can be dangerous only during takeoff and initial climb, those two phases occur in each flight.
14 Reliability versus Availability S: system under study. T: (random variable) date of the first failure of S. Reliability: Availability: def { t T } RS ( t) = Pr < F ( t) = 1 R ( t) A S def { Sisworkingatt} ( t) = Pr Q ( t) = 1 A ( t) S S def def S S If the system is not repairable, then R S (t) = A S (t). However, most of the componentsof the Safety Instrumented Systems are periodically tested. F S (t) Q S (t) for a periodically tested component
15 Low Demand versus High Demand Modes Low Demand Mode: demand frequency << test frequency When failed, the Safety Instrumented System is likely to be repaired before being demanded. The Safety Instrumented System behaves almost independently from the Equipment Under Control. Consequence: PFD S (t) = Q S (t), and of coursepfdavg S (t) = Q S (t)/t PFD PFDavg High Demand Mode: demand frequency > test frequency The Safety Instrumented System and the Equipment Under Control are tightly linked. An accident is likely to occur as soon as the SIS fails. Consequence: PFH S (T)is related to the (un)reliabilityf S (t)
16 Periodically Tested Systems To be taken into account at component level: Availability of the component during the test Covering (probability that a failure is actually detected) Failures du to the test (bad reconfiguration) Duration of the test To be taken into account at system level Average versus maximum Test shifts 1-out-of-1 system unavailable during the test 2-out-of-2 system simultaneous tests 2-out-of-2 system shifted tests
17 Probability of Failure per Hour (1) How to interpret the notion of Probability of Failure per Hour? PFH S ( t)? = FS( t) t does not mean anything. Moreover, it tends to 0 as t increases. f S def ( t) = dfs( t) dt The Failure Intensity f S (t)is of no help, for the very same reason. Moreover it is not a probability. def Pr rs( t) = limdt 0 { the system fails between tandt + dt/ C } dt where C stands for the event: the system worked without interruption from 0 to t (included) The Failure Rate r S (t)is of no help. It is undetermined when t increases.
18 Probability of Failure per Hour (2) w S def Pr ( t) = limdt 0 { the system fails between tandt + dt/ E } dt where E stands for the event: the system was working at t = 0 The Unconditional Failure Intensity w S (t)is probably the right notion. We know how to calculate w S (t) (see articles by Dutuit, Rauzy& Signoret). w ( t). w ( t) S( t) = MIFS, c c S MIF w S, c ( t) def = QS( t) Q ( t) c c ( t) = ( t). A ( t) Failure Rate λ C (t) c λ c c Marginal Importance Factor MIF S,c (t), also called Birnbaum Importance Factor
19 Safe Failure Fraction The Safe Failure Fraction (SFF)is an awkward attempt to measure the proportion/relative importance of failures/failure scenarios of the Safety Instrumented System that are not harmful for the Equipment Under Control. Similar indicators are proposed in other standards. nominal state detection/alert degraded state failure(s) test/maintenance repair safe state failure(s) the Equipment Under Control accident is stopped correctly the Safety Instrumented System is demanded while being failed repair state the Safety Instrumented System is repaired before being demanded At best the SFF can be understood as a conditional probability: given that a failure occurs, what is the probability that something bad happens?.
20 Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted these notions? Calculations Wrap-Up
21 Multi-Phases Markov Processes Multi-phases Markov processes with rewards phase 1 (before 1 st test) λ OK KO OK KO R OK KO µ phase 2 (between tests) λ OK KO Rewards: phase 1 OK KO availability phase 2 OK KO R availability R Calculations: Transient probabilities (+ rewards) Sink state for unreliability OK KO R OK KO R
22 Calculations Several tools can be used for SIL calculation, e.g. Multi-Phases Markov Processes with Rewardsare a very convenient framework to model componentsare calculate their availability. They can hardly be used for systemsbecause of the exponential blow-up of the size of the models. For systems, tools such as Fault Treesmust be used. Otherwise, it remains Stochastic Simulation(from Petri Nets, AltaRica ) which isa versatile tooland workswellatleast whennumbersare not toolow.
23 SIL/DAL Allocation Standards such as ARP 4761 describe top-down allocation methods, typically based on the Fault Tree structure. Safety Requirement: 5.0 x 10-9 Loss of the Aircraft Unannounced Loss of Braking Capacities 5.0 x x 10-9 Spurious Braking afterv1 Other Failure Conditions Loss of Thrust Invertors Loss of Wheel Braking Spurious Thrust Inversion after V1 Spurious Wheel Braking after V1 Erroneous Fault Report after V1 5.0 x x 10-8 Announced Loss of the Braking System on Dangerous Runway Unannounced Loss of the Braking System 5.0 x x x x x 10-7 Such empirical methods can take seamlessly into account duplicated events, technology readiness, costs It is much better to see allocation as optimization problems, working bottom-up
24 Agenda Safety Integrity Levels and related measures as introduced by the Standards How to interpreted these notions? Calculations Wrap-Up
25 Wrap-Up Safety Standards introduce SIL and related concepts. Definitions are rather fuzzy. The same concept may appear under different names and the same name can be used with different meaning. However, once mathematically cleaned up, SIL and related concepts are very useful indicators of: The severity of the risk under consideration The mitigation necessary to make this risk acceptable The effort to be done to achieve this risk mitigation There exist efficient calculation methods Multi-phases Markov Processes with Rewards (for components) Fault Trees Stochastic Simulation
Basic Fundamentals Of Safety Instrumented Systems
September 2005 DVC6000 SIS Training Course 1 Basic Fundamentals Of Safety Instrumented Systems Overview Definitions of basic terms Basics of safety and layers of protection Basics of Safety Instrumented
More informationHardware safety integrity Guideline
Hardware safety integrity Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed
More informationUniversity of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities
II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when
More informationViewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President
Viewpoint on ISA TR84.0.0 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Presented at Interkama, Dusseldorf, Germany, October 1999, Published in ISA Transactions,
More informationMachineontwerp volgens IEC 62061
Machineontwerp volgens IEC 62061 Insert Photo Here Safety solution Architect Safety Local Business Leader Benelux. Stephen Podevyn Safety Solution Seminar Agenda deel 1 1. Richtlijnen en normen 2. Safety
More informationValue Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity
Value Paper Author: Edgar C. Ramirez Diverse redundancy used in SIS technology to achieve higher safety integrity Diverse redundancy used in SIS technology to achieve higher safety integrity Abstract SIS
More informationFunctional Safety Hazard & Risk Analysis
Embedded - IC & Automation Fortronic Functional Safety Hazard & Risk Analysis MILANO - April, 23 rd 2013 CEFRIEL 2013; FOR DISCUSSION PURPOSES ONLY: ANY OTHER USE OF THIS PRESENTATION - INCLUDING REPRODUCTION
More informationControlling Risks Risk Assessment
Controlling Risks Risk Assessment Hazard/Risk Assessment Having identified the hazards, one must assess the risks by considering the severity and likelihood of bad outcomes. If the risks are not sufficiently
More informationA System-safety process for by-wire automotive systems
A System-safety process for by-wire automotive systems Steer-by-wire and other by-wire systems (as defined in this article) offer many passive and active safety advantages. To help ensure these advantages
More informationSafety Risk Impact Analysis of an ATC Runway Incursion Alert System. Sybert Stroeve, Henk Blom, Bert Bakker
Safety Risk Impact Analysis of an ATC Runway Incursion Alert System Sybert Stroeve, Henk Blom, Bert Bakker EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 Contents Motivation Example
More informationFinal Element Architecture Comparison
Final Element Architecture Comparison 2oo2 with diagnostics: Lower False Trip Rate and High Safety Project: Safety Cycling Systems Architecture Review Customer: Safety Cycling Systems, L.L.C. 1018 Laurel
More informationSIL manual. Structure. Structure
With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery for Products and Services of the Electrical Industry, published by the Central
More informationFMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany
FMEDA and Proven-in-use Assessment Project: Inductive NAMUR sensors Customer: Pepperl+Fuchs GmbH Mannheim Germany Contract No.: P+F 03/11-10 Report No.: P+F 03/11-10 R015 Version V1, Revision R1.1, July
More informationSelecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)
Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA
More informationUnderstanding Safety Integrity Levels (SIL) and its Effects for Field Instruments
Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments Introduction The Industrial process industry is experiencing a dynamic growth in Functional Process Safety applications.
More informationVersion: 1.0 Latest Edition: 2006-08-24. Guideline
Management of Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed but please
More informationSAFETY MANUAL SIL Switch Amplifier
PROCESS AUTOMATION SAFETY MANUAL SIL Switch Amplifier KCD2-SR-(Ex)*(.LB)(.SP), HiC282* ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable: The General
More informationPABIAC Safety-related Control Systems Workshop
Health and and Safety Executive PABIAC Safety-related Control Systems Workshop KEY STANDARDS FOR ELECTRICAL & FUNCTIONAL SAFETY OF PAPERMAKING MACHINES: APPLICATION & USE Steve Frost HM Principal Electrical
More informationRisk Assessment / Risk Management Protocol
1 Canadian Pacific Railway Risk Assessment / Risk Management Protocol Overview / Outline At Canadian Pacific Railway, we conduct risk assessments of our activities and operations for a number of different
More informationMitigating safety risk and maintaining operational reliability
Mitigating safety risk and maintaining operational reliability Date 03/29/2010 Assessment and cost-effective reduction of process risks are critical to protecting the safety of employees and the public,
More informationSAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR
SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR The information and any recommendations that may be provided herein are not intended
More informationIntegrating System Safety and Software Assurance
Integrating System Safety and Software Assurance Systems Certification and Integrity Directorate of Aviation Engineering Directorate General Technical Airworthiness 1 Overview Integration of software assurance
More informationTÜV FS Engineer Certification Course www.silsupport.com www.tuv.com. Being able to demonstrate competency is now an IEC 61508 requirement:
CC & technical support services TÜV FS Engineer Certification Course www.silsupport.com www.tuv.com Being able to demonstrate competency is now an IEC 61508 requirement: CAPITALISE ON EXPERT KNOWLEDGE
More informationWhat is CFSE? What is a CFSE Endorsement?
ENDORSEMENT PROGRAM The CFSE endorsement program helps current holders of CFSE and CFSP certification build /demonstrate expertise and knowledge in specific focus areas of functional safety. What is CFSE?
More informationSAFETY LIFE-CYCLE HOW TO IMPLEMENT A
AS SEEN IN THE SUMMER 2007 ISSUE OF... HOW TO IMPLEMENT A SAFETY LIFE-CYCLE A SAFER PLANT, DECREASED ENGINEERING, OPERATION AND MAINTENANCE COSTS, AND INCREASED PROCESS UP-TIME ARE ALL ACHIEVABLE WITH
More informationFailure Modes, Effects and Diagnostic Analysis
Failure Modes, Effects and Diagnostic Analysis Project: Plant-STOP 9475 Company: R. STAHL Schaltgeräte GmbH Waldenburg Germany Contract No.: STAHL 13/04-027 Report No.: STAHL 13/04-027 R024 Version V1,
More informationControlling Risks Safety Lifecycle
Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system
More informationSafety Management Systems (SMS) guidance for organisations
Safety and Airspace Regulation Group Safety Management Systems (SMS) guidance for organisations CAP 795 Published by the Civil Aviation Authority, 2014 Civil Aviation Authority, CAA House, 45-59 Kingsway,
More informationA methodology For the achievement of Target SIL
A methodology For the achievement of Target SIL Contents 1.0 Methodology... 3 1.1 SIL Achievement - A Definition... 4 1.2 Responsibilities... 6 1.3 Identification of Hazards and SIL Determination... 8
More informationReliability Block Diagram RBD
Information Technology Solutions Reliability Block Diagram RBD Assess the level of failure tolerance achieved RELIABIL ITY OPTIMIZATION System reliability analysis for sophisticated and large scale systems.
More informationCommandes de vol électriques Airbus: une approche globale de la sûreté de fonctionnement
Systèmes & Logiciels pour les NTIC dans le Transport 18 mai 2006 Presented by Pascal TRAVERSE Prepared with Isabelle LACAZE & Jean SOUYRIS Commandes de vol électriques Airbus: une approche globale de la
More informationIEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.
61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.:
More informationMary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9
Mary Ann Lundteigen Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen Safety instrumented systems in the oil and gas industry: Concepts and methods for safety and reliability assessments in design and
More informationSafety controls, alarms, and interlocks as IPLs
Safety controls, alarms, and interlocks as IPLs Angela E. Summers, Ph.D., P.E. SIS-TECH Solutions 12621 Featherwood Dr. Suite 120, Houston, TX 77034 Keywords: safety controls, alarms, interlocks, SIS,
More informationOverview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems
Overview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems Simon Brown The author is with the Health & Safety Executive, Magdalen House, Bootle, Merseyside,
More informationASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY
ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment
More informationWhy SIL3? Josse Brys TUV Engineer j.brys@hima.com
Why SIL3? Josse Brys TUV Engineer j.brys@hima.com Agenda Functional Safety Good planning if specifications are not right? What is the difference between a normal safety and SIL3 loop? How do systems achieve
More informationEffective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers
Effective Compliance with IEC 61508 When Selecting Solenoid Valves for Safety Systems by David Park and George Wahlers A White Paper From ASCO Valve, Inc. Introduction Regulatory modifications in 2010
More information140.01.3 REQUIREMENTS OF SAFETY MANAGEMENT SYSTEM
SA-CATS 140 Safety management system List of technical standards 140.01.3 REQUIREMENTS OF SAFETY MANAGEMENT SYSTEM 1. Minimum standards for the safety management system 140.01.3 REQUIREMENTS OF A SAFETY
More informationSAFETY MANUAL SIL SMART Transmitter Power Supply
PROCESS AUTOMATION SAFETY MANUAL SIL SMART Transmitter Power Supply KFD2-STC4-(Ex)*, KFD2-STV4-(Ex)*, KFD2-CR4-(Ex)* ISO9001 2 3 With regard to the supply of products, the current issue of the following
More informationSafety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator
Instruction Manual Supplement ED, ES, ET, EZ, HP, HPA Valves with 657/667 Actuator Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator Purpose This safety manual provides information
More informationSAFETY MANUAL SIL RELAY MODULE
PROCESS AUTOMATION SAFETY MANUAL SIL RELAY MODULE KFD0-RSH-1.4S.PS2 ISO9001 3 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery
More informationCertification of a Scade 6 compiler
Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What
More informationTesting of safety-critical software some principles
1(60) Testing of safety-critical software some principles Emerging Trends in Software Testing: autumn 2012 Matti Vuori, Tampere University of Technology 27.11.2012 Contents 1/4 Topics of this lecture 6
More informationTÜV Rheinland Functional Safety Program Functional Safety Engineer Certification
TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification The TÜV Rheinland Functional Safety Program is a unique opportunity to provide certified evidence of competency in functional
More informationSafety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April 2008 1
Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS April 2008 1 Contents 1 Introduction 3 2 Management Systems 2.1 Management Systems Introduction 3 2.2 Quality Management System
More informationRISK ASSESSMENT BASED UPON FUZZY SET THEORY
RISK ASSESSMENT BASED UPON FUZZY SET THEORY László POKORÁDI, professor, University of Debrecen pokoradi@mfk.unideb.hu KEYWORDS: risk management; risk assessment; fuzzy set theory; reliability. Abstract:
More informationUniversity of Ljubljana. Faculty of Computer and Information Science
University of Ljubljana Faculty of Computer and Information Science Failure Mode and Effects (and Criticality) Analysis Fault Tree Analysis Report Computer Reliability and Diagnostics Ľuboš Slovák Assoc.
More informationHow To Improve Availability In Local Disaster Recovery
2011 International Conference on Information Communication and Management IPCSIT vol.16 (2011) (2011) IACSIT Press, Singapore A Petri Net Model for High Availability in Virtualized Local Disaster Recovery
More informationLSST Hazard Analysis Plan
LSST Hazard Analysis Plan Large Synoptic Survey Telescope 950 N. Cherry Avenue Tucson, AZ 85719 www.lsst.org 1. REVISION SUMMARY: Contents 1 Introduction... 5 2 Definition of Terms... 5 2.1 System... 5
More informationIEC 61508 Overview Report
IEC 61508 Overview Report A Summary of the IEC 61508 Standard for Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems exida Sellersville, PA 18960, USA +1-215-453-1720
More informationNew Challenges In Certification For Aircraft Software
New Challenges In Certification For Aircraft Software John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Aircraft Software Certification 1 Overview The basics
More informationA holistic approach to Automation Safety
A holistic approach to Automation Safety Mark Eitzman - Manager, Safety Business Development How technology, global standards and open systems help increase productivity and overall equipment effectiveness.
More informationFundamental Principles of Software Safety Assurance
Fundamental Principles of Software Safety Assurance Tim Kelly tim.kelly@york.ac.uk Context Lack of agreement in the details of requirements of software safety assurance standards has long been recognised
More informationObsolescence Management for Industrial Assets. Don Ogwude President Creative Systems International
Obsolescence Management for Industrial Assets Don Ogwude President Creative Systems International Presented by Don Ogwude Mr. Don A. Ogwude is president and CEO of Creative Systems International. He has
More informationMethods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons
Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons 1 Introduction by W G Gulland (4-sight Consulting) The concept of safety integrity levels (SILs) was introduced during the
More informationUnderstanding the Use, Misuse and Abuse of Safety Integrity Levels 1
Understanding the Use, Misuse and Abuse of Safety Integrity Levels 1 Felix Redmill Redmill Consultancy Email: Felix.Redmill@ncl.ac.uk Abstract Modern standards on system safety employ the concept of safety
More informationDr. Brian Murray March 4, 2011
Event that could lead to an accident GM Autonomy HAZARD 1 Q=6e-7 Event that could lead to a hazard Control to prevent HAZARDOUS EVENT 1 HAZARDOUS EVENT 1 HAZARD CONTROL 1 r=6e-008 Q=0.0006 Q=0.001 Q=0.001
More informationb) Describe the concept of ERROR CHAIN in aviation.
1. Crew Resource Management (CRM) was celebrated as the convergence ofa concept, an attitude and a practical approach to pilot training. a) What is the CRM all about and how this program could improve
More information8. USE OF DELTA CDF (AND DELTA LERF) AS THE SDP RISK METRIC
8. USE OF DELTA CDF (AND DELTA LERF) AS THE SDP RISK METRIC The relationship between delta CDF and CCDP (conditional core damage probability) is described below. This discussion is also correspondingly
More informationFUNCTIONAL SAFETY CERTIFICATE
FUNCTIONAL SAFETY CERTIFICATE This is to certify that the hardware safety integrity of the Valvetop ESD Valve Controller manufactured by TopWorx Inc. 3300 Fern Valley Road Louisville Kentucky 40213 USA
More informationSafety Manual BT50(T) Safety relay / Expansion relay
Safety Manual BT50(T) Safety relay / Expansion relay ABB Jokab Safety Varlabergsvägen 11, SE-434 39, Sweden www.abb.com/jokabsafety Read and understand this document Please read and understand this document
More informationSoftware Safety Hazard Analysis
UCRL-ID-122514 Software Safety Hazard Analysis Version 2.0 Prepared by J. Dennis Lawrence Prepared for U.S. Nuclear Regulatory Commission Disclaimer This document was prepared as an account of work sponsored
More informationSystem Specification. Objectives
System Specification cmsc435-1 Objectives To explain how dependability requirements may be identified by analyzing the risks faced by critical systems To explain how safety requirements are generated from
More informationMotivations. spm - 2014 adolfo villafiorita - introduction to software project management
Risk Management Motivations When we looked at project selection we just took into account financial data In the scope management document we emphasized the importance of making our goals achievable, i.e.
More informationPropulsion Gas Path Health Management Task Overview. Donald L. Simon NASA Glenn Research Center
Propulsion Gas Path Health Management Task Overview Donald L. Simon NASA Glenn Research Center Propulsion Controls and s Research Workshop December 8-10, 2009 Cleveland, OH www.nasa.gov 1 National Aeronautics
More informationSPAZIO IT. Spazio IT Open Source & AVIONICs. Open Source & Avionics. December 2014
Spazio IT Open Source & AVIONICs SPAZIO IT Open Source & Avionics Maurizio Martignano Spazio IT Soluzioni Informatiche s.a.s Via Manzoni 40 46030 San Giorgio di Mantova, Mantova http://www.spazioit.com
More informationFrequently Asked Questions
Frequently Asked Questions The exida Certification Program Functional Safety (SIL) Cyber-Security V2 R3 June 14, 2012 exida Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547
More informationQUANTITATIVE RISK ASSESSMENT FOR ACCIDENTS AT WORK IN THE CHEMICAL INDUSTRY AND THE SEVESO II DIRECTIVE
QUANTITATIVE RISK ASSESSMENT FOR ACCIDENTS AT WORK IN THE CHEMICAL INDUSTRY AND THE SEVESO II DIRECTIVE I. A. PAPAZOGLOU System Reliability and Industrial Safety Laboratory National Center for Scientific
More informationSAFETY MANUAL SIL SWITCH AMPLIFIER
PROCESS AUTOMATION SAFETY MANUAL SIL SWITCH AMPLIFIER KF**-SR2-(Ex)*(.LB), KFD2-SR2-(Ex)2.2S ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable:
More informationIdentifying and Understanding Relevant System Safety Standards for use in the Automotive Industry
SAE TECHNICAL PAPER SERIES 2003-01-1293 Identifying and Understanding Relevant System Standards for use in the Automotive Industry Barbara J. Czerny, Joseph G. D Ambrosio, Paravila O. Jacob and Brian T.
More informationI requisiti delle Norme IEC EN 61508 Ed 2: 2010 e IEC EN 61511 Ed. 2: 2016
I requisiti delle Norme IEC EN 61508 Ed 2: 2010 e IEC EN 61511 Ed. 2: 2016 18 Febbraio 2016 G. Picciolo Agenda The Norm IEC EN 61508 Ed. 2: 2010 overview Normative & informative requirements The new Norm
More informationUSING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION. Dr. Angela E. Summers, PE. SIS-TECH Solutions, LLC Houston, TX
USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION By Dr. Angela E. Summers, PE SIS-TECH Solutions, LLC Houston, TX Prepared for Presentation at the 34 th Annual Loss Prevention Symposium, March 6-8,
More informationTitle: Basic Principles of Risk Management for Medical Device Design
Title: Basic Principles of Risk Management for Medical Device Design WHITE PAPER Author: Ganeshkumar Palanichamy Abstract Medical devices developed for human application are used for diagnostic or treatment
More informationA System-Safety Process For By-Wire Automotive Systems
SAE TECHNICAL PAPER SERIES 2000-01-1056 A System-Safety Process For By-Wire Automotive Systems Sanket Amberkar, Joseph G. D Ambrosio and Brian T. Murray Delphi Automotive Systems Joseph Wysocki HRL Laboratories
More informationApplying Existing Standards to a Medical Rehabilitation Robot: Limits and Challenges
Applying Existing Standards to a Medical Rehabilitation Robot: Limits and Challenges Jérémie Guiochet 1,2, Quynh Anh Do Hoang 1,2, Mohamed Kaâniche 1,2 and David Powell 1,2 Abstract Considering the new
More informationSafety Analysis: FMEA Risk analysis. Lecture 8
Safety Analysis: FMEA Risk analysis Lecture 8 Failure modes and effect analysis (FMEA) Why: to identify contribution of components failures to system failure How: progressively select the individual components
More informationSESAR Air Traffic Management Modernization. Honeywell Aerospace Advanced Technology June 2014
SESAR Air Traffic Management Modernization Honeywell Aerospace Advanced Technology June 2014 Honeywell in NextGen and SESAR Honeywell active in multiple FAA NextGen projects ADS-B Surface Indicating and
More informationA risk assessment procedure for the safety management of airport infrastructures
A risk assessment procedure for the safety management of airport infrastructures Sascia Canale Department of Civil and Environmental Engineering, University of Catania, Catania, Italy Natalia Distefano
More informationIntroduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level
ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development
More informationISO 26262 Introduction
ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product
More informationHydraulic/pneumatic drive Cylinder (machine actuator) Optoelectronics Light curtain (sensor) Electronics Control system Danger! Hydraulics/pneumatics Valves (actuators) Safety control SRP/CS subsystem
More informationELECTRICAL SAFETY RISK ASSESSMENT
ELECTRICAL SAFETY RISK ASSESSMENT The intent of this procedure is to perform a risk assessment, which includes a review of the electrical hazards, the associated foreseeable tasks, and the protective measures
More informationRISK MANAGEMENT FOR INFRASTRUCTURE
RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all
More informationCivil Air Patrol BASIC LEVEL OPERATIONAL RISK MANAGEMENT
Civil Air Patrol BASIC LEVEL OPERATIONAL RISK MANAGEMENT 1 Civil Air Patrol wishes to thank the USAF Safety Center for the use of their information in the creation of this presentation. 2 Define Operational
More informationIntelligent development tools Design methods and tools Functional safety
Intelligent development tools Design methods and tools Functional safety Flanders DRIVE Index: Flanders DRIVE 1 Importance of functional safety 2 Functional safety for mechatronic systems 4 Global functional
More informationMXa SIL Guidance and Certification
MXa SIL Guidance and Certification SIL 3 capable for critical applications Experience In Motion Functional Safety in Plants Safety and instrumentation engineers demand that a functional safety system s
More informationidentify hazards, analyze or evaluate the risk associated with that hazard, and determine appropriate ways to eliminate or control the hazard.
What is a risk assessment? Risk assessment is the process where you: identify hazards, analyze or evaluate the risk associated with that hazard, and determine appropriate ways to eliminate or control the
More informationThe need for Safety Intelligence based on European safety data analysis
The need for Safety Intelligence based on European safety data analysis Rachel Daeschler Head of Safety Intelligence and Performance OPTICS Workshop, 29 April 2015 Content Introduction to EASA Safety Intelligence
More informationSafety Requirements Specification Guideline
Safety Requirements Specification Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary Safety Requirement
More informationHow To Manage Safety Risk In Aviation
4 AVIATION RISK MANAGEMENT AN INTRODUCTION Civil AVIATION AuthORITy of New Zealand BOOKLET FOUR PUBLISHED: JUNE 2013 Preface The Civil Aviation Authority (CAA) published Advisory Circular AC00-4 Safety
More informationIs your current safety system compliant to today's safety standard?
Is your current safety system compliant to today's safety standard? Abstract It is estimated that about 66% of the Programmable Electronic Systems (PES) running in the process industry were installed before
More informationIEC 61508 Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands
IEC 61508 Functional Safety Assessment Project: Series 327 Solenoid Valves Customer: ASCO Numatics Scherpenzeel, The Netherlands Contract No.: Q09/04-59 Report No.: ASC 09-04-59 R003 V1 R3 61508 Assessment
More informationAVIATION SAFETY PROGRAM
AVIATION SAFETY PROGRAM February 13, 2008 IDAHO TRANSPORTATION DEPARTMENT Division of Aeronautics REVIEW / REVISION RECORD REVISION NUMBER EFFECTIVE DATE ACTION TO BE TAKEN POSTED BY (initials) 2 TABLE
More informationThe updated PDS method With a focus on systematic failures
The updated PDS method With a focus on systematic failures ESReDA, 07. June 2006 Stein Hauge, SINTEF Content 1. Introduction - what is PDS? 2. Related standards 3. Systematic failures in PDS 4. Summary
More informationDeveloping software which should never compromise the overall safety of a system
Safety-critical software Developing software which should never compromise the overall safety of a system Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 21 Slide 1 Objectives To introduce
More informationExperience with Safety Integrity Level (SIL) Allocation in Railway Applications
Experience with Safety Integrity Level (SIL) Allocation in Railway Applications Peter Wigger Institute for Software, Electronics, Railroad Technology (ISEB), TÜV InterTraffic GmbH, a company of the TÜV
More informationWildlife Hazard Mitigation Strategies for Pilots
Executive Summary From the very beginning of powered flight, pilots have competed with birds for airspace, sometimes with disastrous results. Over the years, there have been many efforts to create a better
More informationSafety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry.
SIMATIC Safety Matrix The Management Tool for all Phases of the Safety Lifecycle Brochure September 2010 Safety Integrated Answers for industry. Functional safety and Safety Lifecycle Management Hazard
More informationLecture 10: Managing Risk" Risk Management"
General ideas about Risk" Risk Management" Identifying Risks" Assessing Risks" Case Study:" Mars Polar Lander" Lecture 10: Managing Risk" 2012 Steve Easterbrook. This presentation is available free for
More information