Safety Critical Systems Handbook (eBook)

Front Cover 1
Safety Critical Systems Handbook 2
Copyright 3
Contents 4
A Quick Overview 14
The 2010 Version of IEC 61508 16
Acknowledgements 18
PART A -The Concept of Safety Integrity 20
Chapter 1 The Meaning and Context of Safety Integrity Targets 22
1.1 Risk and the Need for Safety Targets 23
1.2 Quantitative and Qualitative Safety Targets 26
1.3 The Life-cycle Approach 29
1.4 Steps in the Assessment Process 32
1.5 Costs 34
1.6 The Seven Parts of IEC 61508 35
Chapter 2 Meeting IEC 61508 Part 1 40
2.1 Establishing Integrity Targets 41
2.2 ALARP (“As low as Reasonably Practicable”) 55
2.3 Functional Safety Management and Competence 57
IEC 61508 Part 1 63
Chapter 3 Meeting IEC 61508 Part 2 64
3.1 Organizing and Managing the Life-cycle 65
3.2 Requirements Involving the Specification 67
3.3 Requirements for Design and Development 68
3.4 Integration and Test (Referred to as Verification) 74
3.5 Operations and Maintenance 74
3.6 Validation (Meaning Overall Acceptance Test and the Close Out-of Actions) 75
3.7 Safety Manuals 75
3.8 Modifications 76
3.9 Acquired Sub-systems 76
3.10 “Proven in Use” (Referred to as Route 2s in the Standard) 76
3.11 ASICs and CPU Chips 77
3.12 Conformance Demonstration Template 79
IEC 61508 PART 2 79
Chapter 4 Meeting IEC 61508 Part 3 86
4.1 Organizing and Managing the Software Engineering 87
4.2 Requirements Involving the Specification 91
4.3 Requirements for Design and Development 91
4.4 Integration and Test (Referred to as Verification) 93
4.5 Validation (Meaning Overall Acceptance Test and Close Out of Actions) 94
4.6 Safety Manuals 94
4.7 Modifications 95
4.8 Alternative Techniques and Procedures 96
4.9 Data Driven Systems 96
4.10 Some Technical Comments 97
4.11 Conformance Demonstration Template 100
Chapter 5 Reliability Modeling Techniques 108
5.1 Failure Rate and Unavailability 108
5.2 Creating a Reliability Model 109
5.3 Taking Account of Auto-test 117
5.4 Human Factors 121
Chapter 6 Failure Rate and Mode Data 126
6.1 Data Accuracy 126
6.2 Sources of Data 129
6.3 Data Ranges and Confidence Levels 132
6.4 Conclusions 134
Chapter 7 Demonstrating and Certifying Conformance 136
7.1 Demonstrating Conformance 136
7.2 The Current Framework for Certification 137
7.3 Self Certification (Including Some Independent Assessment) 138
7.4 Preparing for Assessment 141
7.5 Summary 142
PART B -Specific Industry Sectors 144
Chapter 8 Second-tier Documents – Process, Oil and Gas Industries 146
8.1 IEC International Standard 61511: Functional Safety – Safety Instrumented Systems for the Process Industry Sector 147
8.2 Institution of Gas Engineers and Managers IGEM/SR/15:Programmable Equipment in Safety-related Applications e 5thEdition 2010 156
8.3 Guide to the Application of IEC 61511 to Safety Instrumented Systems in the UK Process Industries 157
8.4 ANSI/ISA-84.00.01 (2004) – Functional Safety, Instrumented Systems for the Process Sector 158
8.5 Recommended Guidelines for the Application of IEC 61508 and IEC 61511 in the Petroleum Activities on the Norwegian ... 158
Chapter 9 Machinery Sector 160
9.1 EN ISO 14121 160
9.2 EN ISO 13849 162
9.3 BS EN 62061 167
Chapter 10 Other Industry Sectors 170
10.1 Rail 171
10.2 UK MOD Documents 174
10.3 Earth Moving Machinery 175
10.4 C Coding Standard (MISRA – Motor Industries Research Association) – Development Guidelines for Vehicle Based Prog ... 176
10.5 Automotive 176
10.6 IEC International Standard 61513: Nuclear Power Plants – Instrumentation and Control for Systems Important to Saf ... 178
10.7 Avionics 179
10.8 Medical – IEC 60601: Medical Electrical Equipment, General Requirements for Basic Safety and Essential Performance 180
10.9 Stage and Theatrical Equipment 181
10.10 Electrical Power Drives 182
10.11 Documents which are now Withdrawn 182
PART C -Case Studies in the Form of Exercises and Examples 186
Chapter 11 Pressure Control System (Exercise) 188
11.1 The Unprotected System 188
11.2 Protection System 189
11.3 Assumptions 190
11.4 Reliability Block Diagram 190
11.5 Failure Rate Data 190
11.6 Quantifying the Model 191
11.7 Proposed Design and Maintenance Modifications 192
11.8 Modeling Common Cause Failure (Pressure Transmitters) 192
11.9 Quantifying the Revised Model 193
11.10 ALARP 194
11.11 Architectural Constraints 194
Chapter 12 Burner Control Assessment (Example) 196
Executive Summary and Recommendations 197
12.1 Objectives 198
12.2 Integrity Requirements 198
12.3 Assumptions 201
12.4 Results 202
12.5 Failure Rate Data 206
12.6 References 207
Chapter 13 SIL Targeting – Some Practical Examples 212
13.1 A Problem Involving EUC/SRS Independence 212
13.2 A Hand-held Alarm Intercom, Involving Human Error in the Mitigation 214
13.3 Maximum Tolerable Failure Rate Involving Alternative Propagations to Fatality 214
13.4 Hot/cold Water Mixer Integrity 216
13.5 Scenario Involving High Temperature Gas to a Vessel 218
13.6 Example using the LOPA Technique 220
Chapter 14 Hypothetical Rail Train Braking System (Example) 224
14.1 The Systems 224
14.2 The SIL Targets 225
14.3 Assumptions 226
14.4 Failure Rate Data 226
14.5 Reliability Models 227
14.6 Overall Safety Integrity 228
Chapter 15 Rotorcraft Accidents and Risk Assessment 234
15.1 Helicopter Incidents 234
15.2 Floatation Equipment Risk Assessment 236
Chapter 16 Hydro-electric Dam and Tidal Gates 240
16.1 Flood-gate Control System 240
16.2 Spurious Opening of Either of Two Tidal Lock Gates Involving a Trapped Vessel 246
APPENDIX 1 -Functional Safety Management 250
Template Procedure 250
Company Standard xxx Implementation of Functional Safety 250
Annex A 258
Notes on the Second-level Work Instructions 001-008 258
APPENDIX 2 -Assessment Schedule 260
1 Defining the Assessment and the Safety System 260
2 Describing the Hazardous Failure Mode and Safety Targets 261
3 Assessing the Random Hardware Failure Integrity of the Proposed Safety-related System 261
4 Assessing the Qualitative Integrity of the Proposed Safety-related System 262
5 Reporting and Recommendations 262
6 Assessing Vendors 263
7 Addressing Capability and Competence 263
APPENDIX 3 -Betaplus CCF Model, Scoring Criteria 264
Checklist for Equipment Containing Programmable Electronics 264
Checklist and Scoring for Non-programmable Equipment 265
APPENDIX 4 -Assessing Safe Failure Fraction and Diagnostic Coverage 268
1 Failure Mode and Effect Analysis 268
2 Rigor of the Approach 269
APPENDIX 5 -Answers to Examples 272
Answer to Exercise 1 (Chapter 2.1.1d) 272
Answer to Exercise 2 (Chapter 2.1.1d) 272
Answer to Exercise 3 (Chapter 2.1.1d) 273
Answer to Exercise 4 (Chapter 2.2) 273
Answer to Exercises (Chapter 11) 273
Comments on Example (Chapter 12) 277
APPENDIX 6 -References 280
APPENDIX 7 -Quality and Safety Plan 282
1 Responsibilities (by name and must be listed in the company competency register) 282
2 Life-cycle Details 282
3 Hazard Analysis and Risk Assessment 282
4 Items/deliverables to be Called for and Described in Outline 282
5 Descriptions of 283
APPENDIX 8 -Some Terms and Jargon of IEC 61508 284
Software packages 286
Index 288