Upload
willa-phelps
View
218
Download
1
Embed Size (px)
DESCRIPTION
What is the safety question? How to make a product safe, or How to make a safe product?
Citation preview
How to develop E/E/PESs to IEC 61508?
E/E/PES is:
electrical/electronic/programmable electronic system
IEC 61508-4 subclause 3.3.3
What is the safety question?
How to make a product safe,
or
How to make a safe product?
What is safety?
How do you measure it?
safety
people
property
environment
people
property
environment
probability of
occurrence
severityof
occurrence
Safety: “freedom from unacceptable risk”
Harm to:
What is a Risky System?
A system with an unacceptable combination of:
probability of occurrence of harm
and
the severity of that harm.
IEC 61508 safety theory is - remove systematic defects
IEC 61508 implies:
ad hoc or non-safety processes non-safety products
non-safety processes – systematic defects safety processes
safety processes safety products
safety processes + functional safety assessment IEC 61508 compliance
The Safety Equation
MTBF = MTBRF + MTBSF
PFD = PRFD + PSFD
safety integrity = hardware safety integrity + systematic safety integrity
MTBF - Mean Time Between Failure MTBRF - Mean Time Between Random Failure MTBSF - Mean Time Between Systematic Failure
PFD - Probability of Failure on Demand PRFD - Probability of Random Failure on Demand PSFD - Probability of Systematic Failure on Demand
Safety Measurements
MTBF = 1/(failure rate)
failure rate = RHF + SHF + SSF
SIL 1/(failure rate)
SIL 1/(RHF + SHF + SSF)
RHF - Random Hardware Failure SHF - Systematic Hardware Failure SSF – Systematic Software Failure SIL - Safety Integrity Level
See IEC 61508-1, Tables 2 and 3
Relationship of IEC 61508 to failure type
random hardware failure (RHF) see IEC 61508-2
systematic hardware failure (SHF) see IEC 61508-2
systematic software failure (SSF) see IEC 61508-3
Systematic defects
Systematic defects are removed during the product development lifecycle
The product development lifecycle is depicted graphically with the V-model
The V-model for software development is shown in Figure 5 of IEC 61508-3
The Parts of IEC 61508
IEC 61508-1 Part 1: General requirements
IEC 61508-2 Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
IEC 61508-3 Part 3: Software requirements
IEC 61508-4 Part 4: Definitions and abbreviations
IEC 61508-5 Part 5: Examples of methods for the determination of safety integrity levels
IEC 61508-6 Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
IEC 61508-7 Part 7: Overview of techniques and measures
Non-complex or Complex system?
Non-complex deterministic system
A deterministic system has a unique output for each specific input
Complex non-deterministic system
A non-deterministic system means that the system output is a function of the current input and the previous output.
IEC 61508-3 Software Requirements Example
From the E/E/PES hardware development processes, it has been determined that a microcontroller is required to implement the complex logic in software,
(See IEC 61508-3 Figure 1) and SIL 3 has been determined
IEC 61508-3, clause 7.2, Software safety requirements specification, points to IEC 61508-3, Table A.1
IEC 61508-3, Table A.1, Software safety requirements specification, points to IEC 61508-7, Technique/Measure B.2.4
IEC 61508-7, Technique/Measure B.2.4, describes Computer-aided specification tools
WHY NOT ENGINEERINGwww.whynotengineering.com