SlideShare une entreprise Scribd logo

Functional-Safety-Overview-UL.ppt

Télécharger en tant que PPT, PDF
S
ssuserba01d94

Engineering

Ingénierie
1  sur  33
Functional Safety Overview Michael Mats
Table of Contents  What is Functional Safety?  FS in Standards  FS per IEC 61508  FS Lifecycle  FS Certification Process  Marketing Activities  Additional Resources Table of Contents
Standards  UL 991 (2004), "Tests for Safety-Related Controls Employing Solid-State Devices"  ANSI/UL 1998 (1998), "Software in Programmable Components" (used in conjunction with UL 991 for products that include software)  ANSI/UL 61496-1 (2010), "Electro-Sensitive Protective Equipment, Part 1: General Requirements and Tests"  ANSI/ASME A17.1/CSA B44 (2007), "Safety Code for Elevators and Escalators"  EN 50271 (2010), "Electrical Apparatus for the Detection and Measurement of Combustible Gases, Toxic Gases or Oxygen - Requirements and Tests for Apparatus Using Software and/or Digital Technologies"  IEC 60335-1 (2010), "Household and Similar Electrical Appliances - Safety - Part 1: General Requirements"  IEC 60730-1 (2010), "Automatic Electrical Controls for Household and Similar Use - Part 1: General Requirements"  EN/IEC 61508-1 through -7 (2010), "Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems Slide 3
Standards  EN/IEC 61511 (2003), "Functional Safety - Safety Instrumented Systems for the Process Industry Sector  EN/IEC 61800-5-2 (2007), "Adjustable Speed Electrical Power Drive Systems - Part 5-2: Safety Requirements - Functional"  EN/IEC 62061 (2005), "Safety of Machinery - Functional Safety of Safety-Related Electrical, Electronic, and Programmable Electronic Control Systems"  EN ISO/ISO 13849-1 (2006), "Safety of Machinery - Safety-Related Parts of Control Systems - Part 1: General Principles for Design"  ANSI/RIA/ISO 10218-1 (2007), "Robots for Industrial Environments - Safety Requirements - Part 1: Robot"  ISO/Draft International Standard 26262 (2009), "Road Vehicles - Functional Safety Slide 4
Demand Drivers for Functional Safety Why evaluate your product/system for functional safety? • A functional safety assessment determines whether your products meet standards and performance requirements created to protect against potential risks, including injuries and even death • Compliance is driven by customer requirements, legislation, regulations, and insurance demands
What is Functional Safety?  What is Functional Safety? • The exact definition according to IEC 61508: “part of the overall safety relating to the EUC and the EUC control system that depends on the correct functioning of the E/E/PE safety- related systems and other risk reduction measures” Slide 6
IEC 61508: A standard in seven parts (Parts 1 – 4 are normative)  1: general requirements that are applicable to all parts. – System safety requirements – Documentation and safety assessment  2 and 3: additional and specific requirements for E/E/PE safety-related systems – System design requirements – Software design requirements  4: definitions and abbreviations  5: guidelines and examples for part 1 in determining safety integrity levels,  6: guidelines on the application of parts 2 and 3; – Calculations, modeling, analysis  7: techniques and measures to be used – To control and avoid faults Slide 7
FS according to IEC 61508: EUC + EUC Control System EUC + Control System EUC + Control System EUC + Control System EUC + Control System Slide 8
Why is there something called Functional Safety?  Functional safety as a property has always existed  The definitions of Functional safety show that it is not related to a specific technology – Functional Safety, as a term and as an engineering discipline, has emerged with the advancement of complex programmable electronics Slide 9
IEC 61508 mandates an ”overall” safety approach could also be referred to as a: – System safety approach or – Holistic approach (accounts also for the whole life cycle of a system) Functional safety as per IEC 61508 Slide 10
Overall Safety Lifecycle and E/E/PES life cycle Slide 11 Concept Overall Scope Definition Hazard & Risk Analysis Overall Safety Requirements Safety Requirements Allocation Operation & Maintenance Safety Validation Installation & Commissioning Overall Planning Safety-related systems: E/E/PE Realization: E/E/PE Other risk Reduction measures Overall Modification & Retrofit Overall Installation & Commissioning Overall Safety Validation Overall Operation, Maintenance & Repair Decommissioning or Disposal E/E/PES System Safety Requirements Specification
Functional Safety Certification Process Kick-Off Meeting • Most effective during the product design phase • Collaborate to ensure that the features required by the specified standard are included in the initial design • Understand the consequence of choices being made • Guidance from certification body on how to design product • Discuss prototyping Slide 12
Functional Safety Certification Process Pre-Audit and IA • Increase the probability of success of the certification audit • Management system audit • Engineers perform on-site GAP analysis • Customer received concept evaluation report with detailed action items Slide 13
Functional Safety Certification Process Certification Audit • Certification body audits the system’s compliance with the designated standard and functional safety rating • Evaluation of documentation • Product is certified Slide 14
Functional Safety Certification Process Follow-up Surveillance • A surveillance to verify that the protective functions of the product match the report are performed • Certification body conducts an audit of the functional safety management system once every three years Slide 15
Examples of Function Safety Products Slide 16
EUC – E/E/PE System – Subsystems  Hazard & Risk Analysis shall be conducted for the EUC and the EUC control system  Hazardous events are identified, and the associated risk (the “EUC risk”) determined  If the risk is not acceptable, it must be reduced to a tolerable risk level by at least one of, or a combination of, the following: – External risk reduction facilities – Safety-related control systems, which can be: • Based on electrical/electronic/programmable electronic (E/E/PE) technology • Other technology Slide 17
Necessary risk reduction and Safety Integrity Level (SIL)  IEC 61508 is a standard for E/E/PE safety related systems (E/E/PES), or subsystems. Therefore, the following is addressed by this standard: – The part of necessary risk reduction allocated to an E/E/PES is expressed as a failure probability limit (target failure measure), which in turn is used to select the so called Safety Integrity Level (SIL) – This means SIL is an attribute of an E/E/PES ( or subsystem), i.e. of a system/device/product that provides risk reduction Slide 18
FS Marks  The FS Marks are related to a SIL (or similar other FS ratings) – They can thus only be granted for products or components which provide risk reduction functions (i.e. E/E/PE safety- related systems or subsystems) • From a SIL point of view, it doesn’t make a difference whether the E/E/PE safety-related (sub-)system is to be considered a stand alone product or a component  An E/E/PE safety-related system can be: – Either integral part of the EUC control system – Or implemented by separate and independent systems dedicated to safety Slide 19
E/E/PE safety-related system and risk reduction  EUC risk – risk arising from the EUC or its interaction with the EUC control system  Tolerable risk – risk which is accepted in a given context based on the current values of society  Necessary risk reduction – risk reduction to be achieved by the E/E/PE safety-related systems, other technology safety-related systems and external risk reduction facilities in order to ensure that the tolerable risk is not exceeded  Residual risk – risk remaining after protective measures have been taken – Must be equal or lower than tolerable risk Slide 20
E/E/PE safety-related system and risk reduction  EUC (+ EUC control system) poses risk, E/E/PES contributes to reduce risk below a tolerable level IEC 61508-5, Figure A.1 Slide 21 Target failure measure => SIL
EUC Risk Slide 22
E/E/PE System and Subsystems IEC 61508-4, Figure 3  In most cases the FS products certified by UL will be sub-systems of an E/E/PE safety-related system Subsystem (sensors) Subsystem (logic unit) Subsystem (actuators) Subsystem (data communication) Slide 23
Software Drives FS Requirements - IEC 61508-3  Electromechanical systems are rapidly being replaced by (software) programmable electronic systems due to: – Lower cost parts – Greater redesign flexibility – Ease of module reuse – Less PCB space required – Improved Efficiency – Greater functionality Slide 24
Software is Being Used Increasingly  Software controls motor-driven equipment safety parameters such as: - PRESSURE generated by a compressor - Motor SPEED of an inline gasoline pump - POSITIONING of Fuel/Air valves in a combustion control - FORCE applied by a robotic arm - Air FLOW RATE within a combustion chamber - …the possibilities are limitless… Slide 25
Achieving HW safety integrity  IEC 61508-2 requires application of the following principles to achieve the intended HW safety integrity: – Redundancy • Diversity of redundant channels to eliminate common cause failures – Failure detection • per IEC 61508, detection implies a reaction to a safe (operating) state ▪ For fail-safe applications, this can mean activation of the fail-safe state – Reliability of components • Probability of dangerous failure (on demand - PFD, per hour - PFH) in accordance with target failure measure of the required SIL Slide 26
Two routes to demonstrate HW safety integrity: Route 1H and Route 2H  Route 1H : – based on hardware fault tolerance and safe failure fraction concepts • This means a complete FMEDA on HW component level must be carried out • PFH and SFF calculated on this basis  Route 2H : – based on field reliability data and hardware fault tolerance for specified safety integrity levels, • Data must have been recorded in accordance with applicable standards, >90% statistical confidence • stricter HW fault tolerance requirements for the different SIL’s Slide 27
Slide 28 Achieving HW safety integrity  The primary measurement is PFDavg or PFHavg – These depend on the following system-level parameters: • Proof-test interval • Mission time (if proof-test not feasible)  In addition to this, the HW integrity of an E/E/PES is measured by – Degree of redundancy: Hardware Fault Tolerance HFT – Detection capability: Safe Failure Fraction SFF – Susceptibility to common cause failure: b-factor
FMEDA Table (Design level) Slide 29 Component reference Component function Failure modes Effects failure distribution Criticality DC l [FIT] lD lS lDD lDU Detection reqmts Exclusion reqmts R100 energetic separation between channels, cross communication for diagnostics 0,9 1 0,9 0,1 0,813 0.087 short circuit no separation between channels 0,2 1 0,6 0,2 0 0,12 0,08 sample test, off line MELF resistor open circuit no cross communica tion 0,7 1 0,99 0,7 0 0,693 0,007 cross comparison between channels 0,5< value <2 no effect 0,1 0 0 0 0,1 0 0 select value high enough to ensure separation IC101 IC102 Output diag Safety-related output Safety device Emergency Stop switch Switch off 1 Switch off 2 T101 T102 R100 Input 1 Input 2
SFF and diagnostic test interval  Looking at SFF formula, it doesn’t depend on the test frequency (low demand vs high demand) SFF = (SlS + SlDD)/(SlS + SlD) Slide 30
Simplified approaches proposed by other standards  Also ISO 13849-1 and IEC 62061 suggest simplified methods for determining the probability of random HW failure  ISO 13849-1 approach is based on ”designated architectures” for the different Categories  IEC 62061 approach is based on ”basic subsystem architectures”  These simplified approaches claim to err towards the safe direction, and make a number of assumptions  If the assumptions cannot be made, or if just more precise (and less conservative) values are desired, then more detailed reliability modeling may be applied Slide 31
Additional Information Websites: www.ul.com/functionalsafety www.exida.com www.siemens.com http://www.automationworld.com/newsletters_fsn.html
Questions?

Recommandé

ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introductionKoenLeekens
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
Safety instrumented systems
Safety instrumented systemsSafety instrumented systems
Safety instrumented systemsMowaten Masry
 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyEmbitel Technologies (I) PVT LTD
 
Functional integrity certification exida
Functional integrity certification exidaFunctional integrity certification exida
Functional integrity certification exidaKoenLeekens
 
Safety system
Safety systemSafety system
Safety systemjafarhosseini123
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...John Kingsley
 

Recommandé

ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introductionKoenLeekens
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
Safety instrumented systems
Safety instrumented systemsSafety instrumented systems
Safety instrumented systemsMowaten Masry
 
ISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyISO 26262: Automotive Functional Safety
ISO 26262: Automotive Functional SafetyEmbitel Technologies (I) PVT LTD
 
Functional integrity certification exida
Functional integrity certification exidaFunctional integrity certification exida
Functional integrity certification exidaKoenLeekens
 
Safety system
Safety systemSafety system
Safety systemjafarhosseini123
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...John Kingsley
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinarمحمدعبد الحى
 
Sil presentation
Sil presentationSil presentation
Sil presentationValeriano Barrilà
 
SIL.ppt
SIL.pptSIL.ppt
SIL.pptKrishna Yadav
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation Living Online
 
Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Luis Atencio
 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive Embitel Technologies (I) PVT LTD
 
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1dnunez1984
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
 
Safety Integrity Levels
Safety Integrity LevelsSafety Integrity Levels
Safety Integrity LevelsSandeep Patalay
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machineryie-net ingenieursvereniging vzw
 
ISO 45001 – Health & Safety International Standard
ISO 45001 – Health & Safety International StandardISO 45001 – Health & Safety International Standard
ISO 45001 – Health & Safety International StandardPECB
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance Intland Software GmbH
 
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesIntland Software GmbH
 
ISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxKarthika Keshav
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Presentation1
Presentation1Presentation1
Presentation1Mohamed Mahmoud
 
Machinery Safety. TÜV SÜD.pdf
Machinery Safety. TÜV SÜD.pdfMachinery Safety. TÜV SÜD.pdf
Machinery Safety. TÜV SÜD.pdfssuser2c15bc
 
Electro Static Discharge Basics
Electro Static Discharge BasicsElectro Static Discharge Basics
Electro Static Discharge BasicsTransformingTech
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?Embitel Technologies (I) PVT LTD
 
Safety of machinery
Safety of machinerySafety of machinery
Safety of machineryVo Quoc Hieu
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 

Contenu connexe

Tendances

Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation Living Online
 
Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Luis Atencio
 
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1dnunez1984
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
 
ISO 45001 – Health & Safety International Standard
ISO 45001 – Health & Safety International StandardISO 45001 – Health & Safety International Standard
ISO 45001 – Health & Safety International StandardPECB
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance Intland Software GmbH
 
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesIntland Software GmbH
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Machinery Safety. TÜV SÜD.pdf
Machinery Safety. TÜV SÜD.pdfMachinery Safety. TÜV SÜD.pdf
Machinery Safety. TÜV SÜD.pdfssuser2c15bc
 
Electro Static Discharge Basics
Electro Static Discharge BasicsElectro Static Discharge Basics
Electro Static Discharge BasicsTransformingTech
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
 

Tendances (20)

Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinar
 
Sil presentation
Sil presentationSil presentation
Sil presentation
 
SIL.ppt
SIL.pptSIL.ppt
SIL.ppt
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation
 
Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511
 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive
 
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
 
Safety Integrity Levels
Safety Integrity LevelsSafety Integrity Levels
Safety Integrity Levels
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machinery
 
ISO 45001 – Health & Safety International Standard
ISO 45001 – Health & Safety International StandardISO 45001 – Health & Safety International Standard
ISO 45001 – Health & Safety International Standard
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
 
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
 
ISO-26262-Webinar.pptx
ISO-26262-Webinar.pptxISO-26262-Webinar.pptx
ISO-26262-Webinar.pptx
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Presentation1
Presentation1Presentation1
Presentation1
 
Machinery Safety. TÜV SÜD.pdf
Machinery Safety. TÜV SÜD.pdfMachinery Safety. TÜV SÜD.pdf
Machinery Safety. TÜV SÜD.pdf
 
Electro Static Discharge Basics
Electro Static Discharge BasicsElectro Static Discharge Basics
Electro Static Discharge Basics
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?
 

Similaire à Functional-Safety-Overview-UL.ppt

Safety of machinery
Safety of machinerySafety of machinery
Safety of machineryVo Quoc Hieu
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuatorsJohn Kingsley
 
Safety pp002 -en-e
Safety pp002 -en-eSafety pp002 -en-e
Safety pp002 -en-eVo Quoc Hieu
 
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...Gaurav Singh Rajput
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety pptSimon Steele
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationVo Quoc Hieu
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Arrelic
 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd EditionCedric Heller
 
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...InfinIT - Innovationsnetværket for it
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaVo Quoc Hieu
 
4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...Luiz Fernando Moraes
 

Similaire à Functional-Safety-Overview-UL.ppt (20)

Safety of machinery
Safety of machinerySafety of machinery
Safety of machinery
 
Sil explained in valve actuators
Sil explained in valve actuatorsSil explained in valve actuators
Sil explained in valve actuators
 
Safety pp002 -en-e
Safety pp002 -en-eSafety pp002 -en-e
Safety pp002 -en-e
 
lenner.pptx
lenner.pptxlenner.pptx
lenner.pptx
 
7 1 r14
7 1 r147 1 r14
7 1 r14
 
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
SIL Awareness | Introduction to Safety Life-Cycle | IEC - 61508 & IEC- 61511 ...
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
Understanding sil
Understanding silUnderstanding sil
Understanding sil
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety ppt
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights
 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd Edition
 
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
 
4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...
 
Abb technical guide no.10 revd
Abb technical guide no.10 revdAbb technical guide no.10 revd
Abb technical guide no.10 revd
 

Dernier

Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...soginsider
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptNANDHAKUMARA10
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086anil_gaur
 

Dernier (20)

Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 

Functional-Safety-Overview-UL.ppt

  • 2. Table of Contents  What is Functional Safety?  FS in Standards  FS per IEC 61508  FS Lifecycle  FS Certification Process  Marketing Activities  Additional Resources Table of Contents
  • 3. Standards  UL 991 (2004), "Tests for Safety-Related Controls Employing Solid-State Devices"  ANSI/UL 1998 (1998), "Software in Programmable Components" (used in conjunction with UL 991 for products that include software)  ANSI/UL 61496-1 (2010), "Electro-Sensitive Protective Equipment, Part 1: General Requirements and Tests"  ANSI/ASME A17.1/CSA B44 (2007), "Safety Code for Elevators and Escalators"  EN 50271 (2010), "Electrical Apparatus for the Detection and Measurement of Combustible Gases, Toxic Gases or Oxygen - Requirements and Tests for Apparatus Using Software and/or Digital Technologies"  IEC 60335-1 (2010), "Household and Similar Electrical Appliances - Safety - Part 1: General Requirements"  IEC 60730-1 (2010), "Automatic Electrical Controls for Household and Similar Use - Part 1: General Requirements"  EN/IEC 61508-1 through -7 (2010), "Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems Slide 3
  • 4. Standards  EN/IEC 61511 (2003), "Functional Safety - Safety Instrumented Systems for the Process Industry Sector  EN/IEC 61800-5-2 (2007), "Adjustable Speed Electrical Power Drive Systems - Part 5-2: Safety Requirements - Functional"  EN/IEC 62061 (2005), "Safety of Machinery - Functional Safety of Safety-Related Electrical, Electronic, and Programmable Electronic Control Systems"  EN ISO/ISO 13849-1 (2006), "Safety of Machinery - Safety-Related Parts of Control Systems - Part 1: General Principles for Design"  ANSI/RIA/ISO 10218-1 (2007), "Robots for Industrial Environments - Safety Requirements - Part 1: Robot"  ISO/Draft International Standard 26262 (2009), "Road Vehicles - Functional Safety Slide 4
  • 5. Demand Drivers for Functional Safety Why evaluate your product/system for functional safety? • A functional safety assessment determines whether your products meet standards and performance requirements created to protect against potential risks, including injuries and even death • Compliance is driven by customer requirements, legislation, regulations, and insurance demands
  • 6. What is Functional Safety?  What is Functional Safety? • The exact definition according to IEC 61508: “part of the overall safety relating to the EUC and the EUC control system that depends on the correct functioning of the E/E/PE safety- related systems and other risk reduction measures” Slide 6
  • 7. IEC 61508: A standard in seven parts (Parts 1 – 4 are normative)  1: general requirements that are applicable to all parts. – System safety requirements – Documentation and safety assessment  2 and 3: additional and specific requirements for E/E/PE safety-related systems – System design requirements – Software design requirements  4: definitions and abbreviations  5: guidelines and examples for part 1 in determining safety integrity levels,  6: guidelines on the application of parts 2 and 3; – Calculations, modeling, analysis  7: techniques and measures to be used – To control and avoid faults Slide 7
  • 8. FS according to IEC 61508: EUC + EUC Control System EUC + Control System EUC + Control System EUC + Control System EUC + Control System Slide 8
  • 9. Why is there something called Functional Safety?  Functional safety as a property has always existed  The definitions of Functional safety show that it is not related to a specific technology – Functional Safety, as a term and as an engineering discipline, has emerged with the advancement of complex programmable electronics Slide 9
  • 10. IEC 61508 mandates an ”overall” safety approach could also be referred to as a: – System safety approach or – Holistic approach (accounts also for the whole life cycle of a system) Functional safety as per IEC 61508 Slide 10
  • 11. Overall Safety Lifecycle and E/E/PES life cycle Slide 11 Concept Overall Scope Definition Hazard & Risk Analysis Overall Safety Requirements Safety Requirements Allocation Operation & Maintenance Safety Validation Installation & Commissioning Overall Planning Safety-related systems: E/E/PE Realization: E/E/PE Other risk Reduction measures Overall Modification & Retrofit Overall Installation & Commissioning Overall Safety Validation Overall Operation, Maintenance & Repair Decommissioning or Disposal E/E/PES System Safety Requirements Specification
  • 12. Functional Safety Certification Process Kick-Off Meeting • Most effective during the product design phase • Collaborate to ensure that the features required by the specified standard are included in the initial design • Understand the consequence of choices being made • Guidance from certification body on how to design product • Discuss prototyping Slide 12
  • 13. Functional Safety Certification Process Pre-Audit and IA • Increase the probability of success of the certification audit • Management system audit • Engineers perform on-site GAP analysis • Customer received concept evaluation report with detailed action items Slide 13
  • 14. Functional Safety Certification Process Certification Audit • Certification body audits the system’s compliance with the designated standard and functional safety rating • Evaluation of documentation • Product is certified Slide 14
  • 15. Functional Safety Certification Process Follow-up Surveillance • A surveillance to verify that the protective functions of the product match the report are performed • Certification body conducts an audit of the functional safety management system once every three years Slide 15
  • 16. Examples of Function Safety Products Slide 16
  • 17. EUC – E/E/PE System – Subsystems  Hazard & Risk Analysis shall be conducted for the EUC and the EUC control system  Hazardous events are identified, and the associated risk (the “EUC risk”) determined  If the risk is not acceptable, it must be reduced to a tolerable risk level by at least one of, or a combination of, the following: – External risk reduction facilities – Safety-related control systems, which can be: • Based on electrical/electronic/programmable electronic (E/E/PE) technology • Other technology Slide 17
  • 18. Necessary risk reduction and Safety Integrity Level (SIL)  IEC 61508 is a standard for E/E/PE safety related systems (E/E/PES), or subsystems. Therefore, the following is addressed by this standard: – The part of necessary risk reduction allocated to an E/E/PES is expressed as a failure probability limit (target failure measure), which in turn is used to select the so called Safety Integrity Level (SIL) – This means SIL is an attribute of an E/E/PES ( or subsystem), i.e. of a system/device/product that provides risk reduction Slide 18
  • 19. FS Marks  The FS Marks are related to a SIL (or similar other FS ratings) – They can thus only be granted for products or components which provide risk reduction functions (i.e. E/E/PE safety- related systems or subsystems) • From a SIL point of view, it doesn’t make a difference whether the E/E/PE safety-related (sub-)system is to be considered a stand alone product or a component  An E/E/PE safety-related system can be: – Either integral part of the EUC control system – Or implemented by separate and independent systems dedicated to safety Slide 19
  • 20. E/E/PE safety-related system and risk reduction  EUC risk – risk arising from the EUC or its interaction with the EUC control system  Tolerable risk – risk which is accepted in a given context based on the current values of society  Necessary risk reduction – risk reduction to be achieved by the E/E/PE safety-related systems, other technology safety-related systems and external risk reduction facilities in order to ensure that the tolerable risk is not exceeded  Residual risk – risk remaining after protective measures have been taken – Must be equal or lower than tolerable risk Slide 20
  • 21. E/E/PE safety-related system and risk reduction  EUC (+ EUC control system) poses risk, E/E/PES contributes to reduce risk below a tolerable level IEC 61508-5, Figure A.1 Slide 21 Target failure measure => SIL
  • 23. E/E/PE System and Subsystems IEC 61508-4, Figure 3  In most cases the FS products certified by UL will be sub-systems of an E/E/PE safety-related system Subsystem (sensors) Subsystem (logic unit) Subsystem (actuators) Subsystem (data communication) Slide 23
  • 24. Software Drives FS Requirements - IEC 61508-3  Electromechanical systems are rapidly being replaced by (software) programmable electronic systems due to: – Lower cost parts – Greater redesign flexibility – Ease of module reuse – Less PCB space required – Improved Efficiency – Greater functionality Slide 24
  • 25. Software is Being Used Increasingly  Software controls motor-driven equipment safety parameters such as: - PRESSURE generated by a compressor - Motor SPEED of an inline gasoline pump - POSITIONING of Fuel/Air valves in a combustion control - FORCE applied by a robotic arm - Air FLOW RATE within a combustion chamber - …the possibilities are limitless… Slide 25
  • 26. Achieving HW safety integrity  IEC 61508-2 requires application of the following principles to achieve the intended HW safety integrity: – Redundancy • Diversity of redundant channels to eliminate common cause failures – Failure detection • per IEC 61508, detection implies a reaction to a safe (operating) state ▪ For fail-safe applications, this can mean activation of the fail-safe state – Reliability of components • Probability of dangerous failure (on demand - PFD, per hour - PFH) in accordance with target failure measure of the required SIL Slide 26
  • 27. Two routes to demonstrate HW safety integrity: Route 1H and Route 2H  Route 1H : – based on hardware fault tolerance and safe failure fraction concepts • This means a complete FMEDA on HW component level must be carried out • PFH and SFF calculated on this basis  Route 2H : – based on field reliability data and hardware fault tolerance for specified safety integrity levels, • Data must have been recorded in accordance with applicable standards, >90% statistical confidence • stricter HW fault tolerance requirements for the different SIL’s Slide 27
  • 28. Slide 28 Achieving HW safety integrity  The primary measurement is PFDavg or PFHavg – These depend on the following system-level parameters: • Proof-test interval • Mission time (if proof-test not feasible)  In addition to this, the HW integrity of an E/E/PES is measured by – Degree of redundancy: Hardware Fault Tolerance HFT – Detection capability: Safe Failure Fraction SFF – Susceptibility to common cause failure: b-factor
  • 29. FMEDA Table (Design level) Slide 29 Component reference Component function Failure modes Effects failure distribution Criticality DC l [FIT] lD lS lDD lDU Detection reqmts Exclusion reqmts R100 energetic separation between channels, cross communication for diagnostics 0,9 1 0,9 0,1 0,813 0.087 short circuit no separation between channels 0,2 1 0,6 0,2 0 0,12 0,08 sample test, off line MELF resistor open circuit no cross communica tion 0,7 1 0,99 0,7 0 0,693 0,007 cross comparison between channels 0,5< value <2 no effect 0,1 0 0 0 0,1 0 0 select value high enough to ensure separation IC101 IC102 Output diag Safety-related output Safety device Emergency Stop switch Switch off 1 Switch off 2 T101 T102 R100 Input 1 Input 2
  • 30. SFF and diagnostic test interval  Looking at SFF formula, it doesn’t depend on the test frequency (low demand vs high demand) SFF = (SlS + SlDD)/(SlS + SlD) Slide 30
  • 31. Simplified approaches proposed by other standards  Also ISO 13849-1 and IEC 62061 suggest simplified methods for determining the probability of random HW failure  ISO 13849-1 approach is based on ”designated architectures” for the different Categories  IEC 62061 approach is based on ”basic subsystem architectures”  These simplified approaches claim to err towards the safe direction, and make a number of assumptions  If the assumptions cannot be made, or if just more precise (and less conservative) values are desired, then more detailed reliability modeling may be applied Slide 31