How to develop E/E/PESs to IEC 61508?

E/E/PES is:

electrical/electronic/programmable electronic system

IEC 61508-4 subclause 3.3.3

What is the safety question?

How to make a product safe,

or

How to make a safe product?

What is safety?

How do you measure it?

              

           

 

 

safety

people

property

environment

people

property

environment

probability of

occurrence

severityof

occurrence

Safety: “freedom from unacceptable risk”

Harm to:

What is a Risky System?

A system with an unacceptable combination of:

probability of occurrence of harm

and

the severity of that harm.

IEC 61508 safety theory is - remove systematic defects

IEC 61508 implies:

ad hoc or non-safety processes non-safety products

non-safety processes – systematic defects safety processes

safety processes safety products

safety processes + functional safety assessment IEC 61508 compliance

The Safety Equation

MTBF = MTBRF + MTBSF

PFD = PRFD + PSFD

safety integrity = hardware safety integrity + systematic safety integrity

MTBF - Mean Time Between Failure MTBRF - Mean Time Between Random Failure MTBSF - Mean Time Between Systematic Failure

PFD - Probability of Failure on Demand PRFD - Probability of Random Failure on Demand PSFD - Probability of Systematic Failure on Demand

Safety Measurements

MTBF = 1/(failure rate)

failure rate = RHF + SHF + SSF

SIL 1/(failure rate)

SIL 1/(RHF + SHF + SSF)

RHF - Random Hardware Failure SHF - Systematic Hardware Failure SSF – Systematic Software Failure SIL - Safety Integrity Level

See IEC 61508-1, Tables 2 and 3

Relationship of IEC 61508 to failure type

random hardware failure (RHF) see IEC 61508-2

systematic hardware failure (SHF) see IEC 61508-2

systematic software failure (SSF) see IEC 61508-3

Systematic defects

Systematic defects are removed during the product development lifecycle

The product development lifecycle is depicted graphically with the V-model

The V-model for software development is shown in Figure 5 of IEC 61508-3

The Parts of IEC 61508 

IEC 61508-1 Part 1: General requirements

IEC 61508-2 Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems

IEC 61508-3 Part 3: Software requirements

IEC 61508-4 Part 4: Definitions and abbreviations

IEC 61508-5 Part 5: Examples of methods for the determination of safety integrity levels

IEC 61508-6 Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3

IEC 61508-7 Part 7: Overview of techniques and measures 

Non-complex or Complex system?

Non-complex deterministic system

A deterministic system has a unique output for each specific input

Complex non-deterministic system

A non-deterministic system means that the system output is a function of the current input and the previous output.

IEC 61508-3 Software Requirements Example

From the E/E/PES hardware development processes, it has been determined that a microcontroller is required to implement the complex logic in software,

(See IEC 61508-3 Figure 1) and SIL 3 has been determined

IEC 61508-3, clause 7.2, Software safety requirements specification, points to IEC 61508-3, Table A.1

IEC 61508-3, Table A.1, Software safety requirements specification, points to IEC 61508-7, Technique/Measure B.2.4

IEC 61508-7, Technique/Measure B.2.4, describes Computer-aided specification tools

WHY NOT ENGINEERINGwww.whynotengineering.com