C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS

Size: px
Start display at page:

Download "C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS"

Transcription

1 C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS Chinnarao Mokkapati Ansaldo Signal Union Switch & Signal Inc Technology Drive Pittsburgh, PA Abstract This paper presents a practical methodology for a) assessment of risks associated with the intended application of a safety-critical system, and b) verification that the system meets the safety design requirements that enable the risks to be kept at acceptable levels throughout its lifecycle. The methodology consists of the following steps: 1) Define the system and analyze its intended operation to determine all potential hazards; 2) Analyze the risks (potential consequences after considering the available procedural, circumstantial and physical risk reduction barriers in the intended operation of the system); 3) Determine the tolerable hazard rates for the system functions by comparing the remaining risks with industry-accepted tolerable levels; 4) Apportion the tolerable hazard rates and corresponding safety integrity levels to various subsystems/equipment within the system; and 5) Analyze the design of the subsystems/ equipment and the system to show that the tolerable hazard rates will not be exceeded, and that the required levels of safety integrity (assurance against systematic failures) have been built into the system. Suitability of the methodology for railroad signaling systems is shown with the help of an example. 1.0 INTRODUCTION When an organization such as a Railway desires to install a new product/system for the purpose of improving the efficiency and/or safety of its operations, there must be verifiable proof that the

2 C. Mokkapati 2 new product/system does indeed provide the desired improvements. Specific to safety, the improvements should come in the form of a reduced level of risk (of accidents/mishaps) relative to the current level of risk (if known), or relative to commonly-accepted tolerable risk levels. This paper presents an approach that can be used for risk and safety assessment of a safetycritical system. This approach, broadly based upon U.S. Military Standard 882C (1), AREMA C&S Manual Section 17 (2), IEEE Standard (3), and the CENELEC Standards EN50126 (4), EN50128 (5), and EN50129 (6), has been used by the author s organization for the assessment of Automatic Train Control Systems furnished for the Copenhagen Metro and the Kuala Lumpur Monorail System. It can be applied in a practical manner for other systems such as PTC Systems, Train Protection Warning Systems, Train Collision Avoidance Systems, etc., that use newer technologies and architectures for meeting defined risk and safety requirements. The concepts of Safety Integrity Levels (SILs) and Tolerable Hazard Rates (THRs) are used in this approach. Reference (6) provides a detailed description of the concepts of SILs and THRs. Section 2 of this paper presents an overview of the risk and safety analysis methodology. Section 3 presents details of risk analysis while Section 4 outlines the system design analysis that provides proof that the system meets its safety requirements derived from the risk analysis. Section 5 gives an example. 2.0 OVERVIEW OF RISK ANALYSIS AND SYSTEM DESIGN ANALYSIS A methodology, derived from CENELEC Report prr (7), for risk analysis and system design analysis is presented in this section. At the heart of this approach is a well-defined interface between the operational environment and the architectural design of the system. From

3 C. Mokkapati 3 the safety point of view this interface is defined by a list of hazards and tolerable hazard rates associated with the system. The general steps of the risk analysis and system design analysis methodology are shown in Figure 1 and can be summarized as follows: 1. Define the system adequately 2. Identify key operational hazards 3. Determine the tolerable hazard rate THR for each hazard by analyzing the consequences of the hazards (taking into account the operational parameters) 4. For each hazard: Anlyze the causes down to a functional level taking into account system definition and architecture 5. Decide which functions are implemented by which subsystem. Then, for each subssytem: Collect contributions of each function, which is realised by the subsystem, to all hazards Calculate overall tolerable hazard rate THR s for the subsystem Translate THR s into a safety integrity level SIL s for the subsystem using a SIL table Determine failure rates for the system elements to meet THR s for the subsystem Verify & validate that the THR s and SIL s are met. This methodology, shown in the flowchart of Figure 1, can be divided into two parts: Risk Analysis, consisting of Steps 1-3, and System Design Analysis, consisting of Steps 4-5. Risk Analysis deals with the real world of the system operation. System Design Analysis deals with the technical solutions for managing the risks.

4 C. Mokkapati DETAILS OF RISK ANALYSIS The Risk Analysis steps are shown in Figure System Definition The system under investigation must be defined completely. This is typically done in the form of following documents: System Requirements Specification System Architecture Description System Design Description Documents These documents should give details of the system s Functional Requirements Type of Operation (e.g., signaling principles) Operational Parameters (e.g., train schedules, speeds, density, ) System Boundaries 3.2 Hazard Identification Through a structured Hazard Identification study (e.g., as described in AREMA C&S Manual ), and based on existing data from the End User s sources, the potential hazards associated with the intended operation of the system shall be identified and documented in a Hazard Log. The following terminology is used: 1. An individual i uses the technical system (e.g., a train, a Level Crossing). The usage profile is described by the number of uses N i (per year or per hour). For reference, a total exposure

5 C. Mokkapati 5 per use E i (hours) may be defined (i. e. the duration of a train journey or the time needed to pass a LC). 2. While using the technical system the individual is exposed to hazards arising from failure of the technical system (or its subsystems etc.). Let there be n hazards associated with the technical system. Let each hazard H j have a hazard rate HR j hazards/hour, j = 1,., n. The tolerable value of each HR j is what we are trying to determine through the Risk Analysis process. The probability that the individual is exposed to the hazard depends additionally on the hazard duration D j and the exposure time E ij of the individual to the hazards. This probability consists of a sum of the probability that the hazard already exists when the individual enters the system (approximately HR j D j ) and the probability that the hazard occurs while the individual is exposed (approximately HR j E ij ). Note that the exposure to the hazard H j may be shorter than or equal to the total exposure: E ij E i. 3.3 Risk Determination From each hazard one or several types of accidents may occur. This is described for each hazard by the consequence probability C jk, that accident k occurs. Associated with each type of accident A k is a corresponding severity, which from the individual point of view is described as the probability of fatality F ik for the single individual. This causality corresponds one to one to the individual risk of fatality by IRF i = all hazards H j N i ( HR j x (D j + E ij ) C jk x F ik ) (1) Accidents A k

6 C. Mokkapati 6 If, as a result the IRF is less than the Tolerable Individual Risk (TIR) usually expressed in fatalities per year, then the calculated or estimated hazard rates (HR) are called tolerable hazard rates (THR). In Formula (1), the individual probability of fatality F ik can be calculated from the severity S k (e.g., number of fatalities) in accident k, out of a population of N k exposed to accident k (concept of collective measure of severity). That is, F ik = S k / N k (2) Note: Accident k could result in other types of potential losses, namely commercial loss and environmental loss. It is possible to quantify these losses (convert them into an equivalent number of fatalities) in order to include them in the term S k in Equation (2). A discussion and agreement with the User shall be needed in this regard. 3.4 Risk Tolerability Criteria and THR Determination To determine the tolerable level of risk, either the GAMAB, the ALARP, or the MEM principle can be used. Reference (8), a report by Dr. Hendrik Schäbe, of the Institute for Software, Electronics, Railroad Technology, TÜV InterTraffic GmbH, provides a detailed treatment of these principles. The GAMAB principle requires the risk of the new system to be no higher than that associated with the system being replaced. An upper and a lower bound on TIR (fatality rate in fatalities per year) can be derived from the ALARP principle. A single value of TIR can be derived from the MEM principle.

7 C. Mokkapati 7 The IRF i in Formula 1) is now equated to the TIR in order to determine the tolerable value of each hazard rate HR j. These are denoted THR j. 4.0 DETAILS OF SYSTEM DESIGN ANALYSIS The System Design Analysis Process is shown in Figure 3. The Risk Analysis detailed in Section 3.0 results in list of n hazards H 1,.., H n together with their tolerable hazard rates THR 1,.., THR n respectively. Further analysis is then required to arrive at a suitable system architecture for the control of such hazards. This is called System Design Analysis, which is essentially a causal analysis of the hazards H 1,..,H n. It consists of the following tasks: Define the system functions and architecture (technical solution), Analyze the causes leading to each hazard, Determine the safety integrity requirements (SIL and hazard rates) for the subsystems, Determine the reliability requirements for the equipment Causal analysis of hazards constitutes two key phases. In a first phase, each THR is apportioned to a functional level (system functions). The hazard rate for a function is then translated to a SIL using the SIL table below, taken from (6). The SILs are defined at this functional level for the subsystems implementing the functionality. Tolerable Hazard Rate THR per Safety Integrity Level hour and per function THR < < THR < < THR < < THR <

8 C. Mokkapati 8 A sub-system, i. e. a combination of equipment, may implement a number of Safety-Related Functions, each of which could require a different SIL. Where this is the case, the sub-system must be designed to meet the highest Safety Integrity Level of those functions. In the second phase of the causal analysis, the hazard rates for subsystems are further apportioned, leading to failure rates for the equipment, but at this physical or implementation level the SIL remains unchanged. Consequently also the software SIL defined in (5) would be the same as the subsystem SIL but for the exception described in clause of (5) The apportionment process may be performed by any method which allows a suitable representation of the combinational logic, e. g. reliability block diagrams, failure modes & effects analyses, fault trees, binary decision diagrams, Markov models etc. In any case, particular care must be taken when independence of items is required. While in the first part of the Causal Analysis functional independence is required (i. e. the failure of functions shall be independent with respect to systematic and random faults), physical independence is sufficient in the second part (i. e., the failure of subsystems shall be independent with respect to random faults). Assumptions made in the causal analysis must be checked and may lead to safetyrelevant application rules for the implementation. System design analysis is essentially a combination of various qualitative and quantitative hazard analyses and safety verification & validation steps. A disciplined approach to system design

9 C. Mokkapati 9 analysis using a structured Safety Assurance Program (e.g., as outlined in AREMA C&S Manual Part ) is recommended. 5.0 EXAMPLE A hypothetical Train Protection Warning System (TPWS) shown in Figure 4 is used as an example for detailing the steps involved in the Risk Analysis. The Safety Analysis portion is not covered in detail for this hypothetical system. The desired functions of the TPWS are a) Provide Emergency Brake application to prevent Signals Passed at Danger(SPADs), and b) Provide driver warning and speed supervision with ability to stop the train if overspeed condition is ignored by the driver. This system is intended to be used on a Railroad with heavy passenger train traffic, and the goal is to reduce the risk of fatalities due to SPADs to a tolerable level. The following steps are as outlined in Section 3. The quantitative numbers used in the example calculations are the author s assumed data and are not reflective of any particular Railroad s statistics. HAZARD H 1 : TPWS fails to prevent a SPAD that could result in a collision and ensuing fatalities. RISK ANALYSIS 1. Determine Risk Tolerability A reasonably practical scheme shall be implemented with the aim of ensuring that train collisions due to SPADs pose a risk of fatality no higher than 1 in 1,000,000 per year. That is,

10 C. Mokkapati 10 Tolerable Individual Risk (TIR) 10-6 per year (Risk of SPAD-caused fatality to the train driver, also assumed to be the same for a passenger if the train involved in the event is a passenger-carrying train) 2. Determine Risk Exposure N i = Number of times/year train i passes signals = 10,000 D 1 = Duration of Hazard H 1 = 10 hours (A pessimistic estimate) Hazard H1 exists when the TPWS has a wrong-side (hazardous) failure that remains non-negated or un-repaired. Hazard H 1 has a hazard rate of HR 1 failures/hour. The goal is to determine this HR 1 before the design of the TPWS can proceed. E i1 = Exposure time of the train to Hazard H 1 (time taken by the train to pass a signal at a failed TPWS location. Very short, relative to D 1. Ignored) 3. Cause-Consequence Analysis Done in the form of an Event Tree Analysis (ETA), as shown in Figure Loss Analysis From the ETA, two types of accidents and their probabilities of occurrence are determined and listed below. For the sake of simplicity, assume the probabilities of fatality in each accident as shown below. No. (k) Accident (A k ) Probability of Occurrence (C 1k ) Probability of Fatality (F ik ) 1 High Speed Collision Low Speed Collision Determine THR Substitute the above values in Equation (1): IRF i = N i {HR 1 x (D 1 +E i1 ) (C 1k xf ik )}

11 C. Mokkapati 11 = 10,000 x HR 1 x 10 x ( x x0.5) TIR = 10-6 This results in HR 1 = 2x10-7 failures/hour, which is now called THR 1 SYSTEM DESIGN ANALYSIS Apportion THR 1 to individual pieces of equipment in the TPWS by using Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA) techniques. Guidance given in AREMA C&S Manual Parts (2) and IEEE Std 1483 (3) can be used. Make sure physical, functional and process dependencies within the TPWS equipment are properly handled with the use of AND gates in the FTA. An iterative approach is needed to arrive at a cost-effective design. Different parts of the TPWS equipment may end up being designed to different SILs for systematic failure integrity. 6. CONCLUSIONS A practical methodology for risk and safety analysis using the concepts of tolerable risk, safety integrity levels, and tolerable hazard rates is presented in this paper with the help of a simple example. This methodology can be applied to signaling and train control systems that use new technologies and architectures, and is expected to provide a cost-effective approach to both design and assessment of such systems. 7. REFERENCES (1) United States Department of Defense (January 19, 1993) Military Standard: MIL-STD- 882C - System Safety Program Requirements.

12 C. Mokkapati 12 (2) AREMA Communications & Signal Manual, Section 17: Quality Principles. Parts (2004), (2004), and (2004). (3) IEEE Standard : Verification of Vital Functions for Processor-Based Systems Used in Signal and Train Control. (4) CENELEC Standard EN 50126: Railway Applications - The Specification and Demonstration of Dependability, Reliability, Availability, Maintainability and Safety (RAMS). Issue: March (5) CENELEC Standard EN 50128: Railway Applications- Communications, signaling and processing systems - Software for railway control and protection systems. Issue: March 2001 (6) CENELEC Standard EN 50129: Railway Applications- Communications, signaling and processing systems - Safety related electronic systems for signaling. Issue: May 2002 (7) CENELEC Report prr : Railway Applications Systematic Allocation of Safety Integrity Requirements (March 1999). (8) Different Approaches For Determination Of Tolerable Hazard Rates, by Dr. Hendrik Schäbe, Institute for Software, Electronics, Railroad Technology, TÜV InterTraffic GmbH, Köln.

13 C. Mokkapati List of Figures in the Paper A Practical Risk and Safety Assessment Methodology for Safety-Critical Systems Figure 1. Risk and Safety Analysis Overview (From Reference (4)) Figure 2: Process Details of Risk Analysis (From Reference (4)) Figure 3. System Design Analysis Summary (From Reference (4)) Figure 4. A Simple Train Protection Warning System Figure 5. Cause-Consequence Analysis (Determination of External Risk Reduction)

14 C. Mokkapati Input Activity Output 1 Define System (functions, boundary, interfaces, environment,.) System definition 2 Identify (system) hazards top level hazards Hazard Log Risk Analysis Risk tolerability criteria (Safety) 3 Analyze consequences of hazards Risk THRs System Requirements Specification (Sub-) System Architecture 4 Analyze causes of hazards. Identify additional hazards Hazard Analysis Iterate until system element level 5 Allocate Safety Integrity Requirements to subsystems/equipment SILs, Failure Rates Subsystem Requirements Specification System Design Analysis Figure 1. Risk and Safety Analysis Overview (From Reference (4))

15 C. Mokkapati System Definition Analyze Operation Identify Hazards Estimate Hazard Rates Identify Consequences: Accidents Near Misses Safe State Hazard Log Determine Risk Risk Tolerability Criteria (Safety) Determine THR System Design Analysis System Requirements Specification (Safety Requirements) Figure 2: Process Details of Risk Analysis (From Reference (4))

16 C. Mokkapati Hazards H 1,.., H n and their tolerable hazard rates For Each Hazard For each AND: Common Cause Failure Analysis Fault detection mechanism and time Safety-related application conditions Use FMEAs, FTAs, Reliability Block Diagrams, Binary Decision Diagrams, Markov models, etc. as appropriate For Each Subsystem System Architecture SIL Table 1. Collect contributions to hazards 2. Determine THR and SIL SIL and THR for subsystems Apportion failure rates to elements SIL and THR for elements Conduct Verification & Validation of SILs and THRs Figure 3. System Design Analysis Summary (From Reference (4))

17 C. Mokkapati Onboard Computer (OBC) 2. Transponder Transmission Module 3. Transponder Antenna 4. Driver s Console 5. Tachometer 6. Emergency Brake Interface 7. Signal Control Logic 8. Lineside Electronic Unit 9. Transponder BASIC FUNCTIONALITY DESIRED: Provide driver warning then Emergency Brake Application to prevent Signal Passed at Danger. Provide driver warning and speed supervision with ability to stop train if overspeed condition is ignored by the driver Figure 4. A Simple Train Protection Warning System

18 C. Mokkapati H 1 Train approaches a Signal at Danger Engineer passes Signal at Danger Yes Engineer does not notice obstruction, plows ahead Yes 0.5 No Yes 0.1 Engineer No notices obstruction, starts braking, No but can t stop short of obstruction Yes 0.2 No High Speed Collision Low Speed Collision Safe State Figure 5. Cause Consequence Analysis (Determination of External Risk Reduction)

A study on the relation between safety analysis process and system engineering process of train control system

A study on the relation between safety analysis process and system engineering process of train control system A study on the relation between safety analysis process and system engineering process of train control system Abstract - In this paper, the relationship between system engineering lifecycle and safety

More information

Understanding safety life cycles

Understanding safety life cycles Understanding safety life cycles IEC/EN 61508 is the basis for the specification, design, and operation of safety instrumented systems (SIS) Fast Forward: IEC/EN 61508 standards need to be implemented

More information

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508 DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508 Simon J Brown Technology Division, Health & Safety Executive, Bootle, Merseyside L20 3QZ, UK Crown Copyright

More information

Definition of Safety Integrity Levels and the Influence of Assumptions, Methods and Principles Used

Definition of Safety Integrity Levels and the Influence of Assumptions, Methods and Principles Used Definition of Safety Integrity Levels and the Influence of Assumptions, Methods and Principles Used H. Schäbe TÜV InterTraffic, Am Grauen Stein, 51105 Köln, Germany 1 Introduction Methods for derivation

More information

Safety-Critical Systems

Safety-Critical Systems Software Testing & Analysis (F22ST3) Safety-Critical Systems Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3) 2 What Are

More information

The Safety Case. The safety case

The Safety Case. The safety case The Safety Case Structure of safety cases Safety argument notation Budapest University of Technology and Economics Department of Measurement and Information Systems The safety case Definition (core): The

More information

Determination of Safety Level for the Train Protection System at Ringbanen in Copenhagen

Determination of Safety Level for the Train Protection System at Ringbanen in Copenhagen Determination of Safety Level for the Train Protection System at Ringbanen in Copenhagen Søren Randrup-Thomsen & Lars Wahl Andersen, RAMBØLL, Bredevej 2, 2830 Virum Bent Nygaard, Banestyrelsen, Banehuset,

More information

Safety Critical Systems

Safety Critical Systems Safety Critical Systems Mostly from: Douglass, Doing Hard Time, developing Real-Time Systems with UML, Objects, Frameworks And Patterns, Addison-Wesley. ISBN 0-201-49837-5 1 Definitions channel a set of

More information

Functional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards

Functional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards Functional safety Functional safety of Programmable systems, devices & components: Requirements from global & national standards Matthias R. Heinze Vice President Engineering TUV Rheinland of N.A. Email

More information

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Lecture 04 (02.11.2015) Hazard Analysis Christoph Lüth Jan Peleska Dieter Hutter Where are we? 01: Concepts of Quality 02: Legal Requirements:

More information

The Safety Case. Structure of Safety Cases Safety Argument Notation

The Safety Case. Structure of Safety Cases Safety Argument Notation The Safety Case Structure of Safety Cases Safety Argument Notation Budapest University of Technology and Economics Department of Measurement and Information Systems The safety case Definition (core): The

More information

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis Failure Modes, Effects and Diagnostic Analysis Project: Solenoid Drivers KFD2-SL2-(Ex)1.LK.vvcc KFD2-SL2-(Ex)*(.B).vvcc Customer: Pepperl+Fuchs GmbH Mannheim Germany Contract No.: P+F 06/09-23 Report No.:

More information

Safety Management in Multidisciplinary Systems. SSRM symposium TA University, 26 October 2011 By Boris Zaets AGENDA

Safety Management in Multidisciplinary Systems. SSRM symposium TA University, 26 October 2011 By Boris Zaets AGENDA Safety Management in Multidisciplinary Systems SSRM symposium TA University, 26 October 2011 By Boris Zaets 2008, All rights reserved. No part of this material may be reproduced, in any form or by any

More information

Safety-critical systems: Basic definitions

Safety-critical systems: Basic definitions Safety-critical systems: Basic definitions Ákos Horváth Based on István Majzik s slides Dept. of Measurement and Information Systems Budapest University of Technology and Economics Department of Measurement

More information

Marine Risk Assessment

Marine Risk Assessment Marine Risk Assessment Waraporn Srimoon (B.Sc., M.Sc.).) 10 December 2007 What is Risk assessment? Risk assessment is a review as to acceptability of risk based on comparison with risk standards or criteria,

More information

Purpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT

Purpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT SYDNEY TRAINS SAFETY MANAGEMENT SYSTEM OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT Purpose Scope Process flow This operating procedure supports SMS-07-SP-3067 Manage Safety Change and establishes the

More information

D-Case Modeling Guide for Target System

D-Case Modeling Guide for Target System D-Case Modeling Guide for Target System 1/32 Table of Contents 1 Scope...4 2 Overview of D-Case and SysML Modeling Guide...4 2.1 Background and Purpose...4 2.2 Target System of Modeling Guide...5 2.3 Constitution

More information

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511 PROCESS AUTOMATION Manual Safety Integrity Level SIL Edition 2005 IEC 61508/61511 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of

More information

Safety Manual VEGAVIB series 60

Safety Manual VEGAVIB series 60 Safety Manual VEGAVIB series 60 NAMUR Document ID: 32005 Contents Contents 1 Functional safety... 3 1.1 General information... 3 1.2 Planning... 4 1.3 Adjustment instructions... 6 1.4 Setup... 6 1.5 Reaction

More information

Session: 14 SIL or PL? What is the difference?

Session: 14 SIL or PL? What is the difference? Session: 14 SIL or PL? What is the difference? Stewart Robinson MIET MInstMC Consultant Engineer, Pilz Automation Technology UK Ltd. EN ISO 13849-1 and EN 6061 Having two different standards for safety

More information

Risk Management Qualitatively on Railway Signal System

Risk Management Qualitatively on Railway Signal System , pp. 113-117 The Korean Society for Railway Ya-dong Zhang* and Jin Guo** Abstract Risk management is an important part of system assurance and it is widely used in safety-related system. Railway signal

More information

Safety Manual VEGAVIB series 60

Safety Manual VEGAVIB series 60 Safety Manual VEGAVIB series 60 Contactless electronic switch Document ID: 32002 Contents Contents 1 Functional safety... 3 1.1 General information... 3 1.2 Planning... 4 1.3 Adjustment instructions...

More information

THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS

THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS J.E. HARBER, M.K. KATTAN Atomic Energy of Canada Limited 2251 Speakman Drive, Mississauga, Ont., L5K 1B2 CA9900006 and M.J. MACBETH Institute for

More information

Sharing practice: OEM prescribed maintenance. Peter Kohler / Andy Webb

Sharing practice: OEM prescribed maintenance. Peter Kohler / Andy Webb Sharing practice: OEM prescribed maintenance Peter Kohler / Andy Webb Overview 1. OEM introduction 2. OEM maintenance: pros and cons 3. OEM maintenance: key message 4. Tools to help 5. Example 6. Takeaway

More information

(C) Anton Setzer 2003 (except for pictures) A2. Hazard Analysis

(C) Anton Setzer 2003 (except for pictures) A2. Hazard Analysis A2. Hazard Analysis In the following: Presentation of analytical techniques for identifyin hazards. Non-formal, but systematic methods. Tool support for all those techniques exist. Techniques developed

More information

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1* Safety Manual Process pressure transmitter IPT-1* 4 20 ma/hart Process pressure transmitter IPT-1* Contents Contents 1 Functional safety 1.1 General information... 3 1.2 Planning... 4 1.3 Instrument parameter

More information

Analysis of Safety Requirements for MODSafe Continuous Safety Measures and Functions

Analysis of Safety Requirements for MODSafe Continuous Safety Measures and Functions European Commission Seventh Framework programme MODSafe Modular Urban Transport Safety and Security Analysis WP 4 - D4.2 Analysis of Safety Requirements for MODSafe Continuous Safety Measures and Reviewed

More information

CT433 - Machine Safety

CT433 - Machine Safety Rockwell Automation On The Move May 16-17 2018 Milwaukee, WI CT433 - Machine Safety Performance Level Selection and Design Realization Jon Riemer Solution Architect Safety & Security Functional Safety

More information

Three Approaches to Safety Engineering. Civil Aviation Nuclear Power Defense

Three Approaches to Safety Engineering. Civil Aviation Nuclear Power Defense Three Approaches to Safety Engineering Civil Aviation Nuclear Power Defense Civil Aviation Fly-fix-fly: analysis of accidents and feedback of experience to design and operation Fault Hazard Analysis: Trace

More information

PL estimation acc. to EN ISO

PL estimation acc. to EN ISO PL estimation acc. to EN ISO 3849- Example calculation for an application MAC Safety / Armin Wenigenrath, January 2007 Select the suitable standard for your application Reminder: The standards and the

More information

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed) Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed) ICAO MID Seminar on Aerodrome Operational Procedures (PANS-Aerodromes) Cairo, November 2017 Avner Shilo, Technical officer

More information

Probability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture

Probability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture 6 th IAASS International Space Safety Conference Probability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture Oneil D silva Roger Kerrison Page 1 6 th IAASS International Space

More information

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis Failure Modes, Effects and Diagnostic Analysis Project: Solenoid Valves SNMF 532 024 ** ** and SMF 52 024 ** ** Customer: ACG Automation Center Germany GmbH & Co. KG Tettnang Germany Contract No.: ACG

More information

PRACTICAL EXAMPLES ON CSM-RA

PRACTICAL EXAMPLES ON CSM-RA PRACTICAL EXAMPLES ON CSM-RA Common Safety Method: What for? How? 0 SNCF Training in Budapest Technical University on CSM-RA SUMMARY CSM-RA A short history summary CSM-RA understanding What is there to

More information

Using what we have. Sherman Eagles SoftwareCPR.

Using what we have. Sherman Eagles SoftwareCPR. Using what we have Sherman Eagles SoftwareCPR seagles@softwarecpr.com 2 A question to think about Is there a difference between a medical device safety case and any non-medical device safety case? Are

More information

New Thinking in Control Reliability

New Thinking in Control Reliability Doug Nix, A.Sc.T. Compliance InSight Consulting Inc. New Thinking in Control Reliability Or Your Next Big Headache www.machinerysafety101.com (519) 729-5704 Control Reliability Burning Questions from the

More information

Introduction to Machine Safety Standards

Introduction to Machine Safety Standards Introduction to Machine Safety Standards Jon Riemer Solution Architect Safety & Security Functional Safety Engineer (TÜV Rheinland) Cyber Security Specialist (TÜV Rheinland) Agenda Understand the big picture

More information

Operator Exposed to Chlorine Gas

Operator Exposed to Chlorine Gas Operator Exposed to Chlorine Gas Lessons Learned Volume 04 Issue 29 2004 USW Operator Exposed to Chlorine Gas Purpose To conduct a small group lessons learned activity to share information gained from

More information

Safety of railway control systems: A new Preliminary Risk Analysis approach

Safety of railway control systems: A new Preliminary Risk Analysis approach Author manuscript published in IEEE International Conference on Industrial Engineering and Engineering Management Singapour : Singapour (28) Safety of railway control systems: A new Preliminary Risk Analysis

More information

On proof-test intervals for safety functions implemented in software

On proof-test intervals for safety functions implemented in software On proof-test intervals for safety functions implemented in software Alena Griffiths System Safety & Quality Engineering Pty Ltd 11 Doris Street, Hill End. Qld. 4101 alenag@uqconnect.net Abstract! Given

More information

'Dipartimento di Ingegneria Elettrica, Universita di Genova Via all 'Opera Pia, lla Genova, Italy

'Dipartimento di Ingegneria Elettrica, Universita di Genova Via all 'Opera Pia, lla Genova, Italy Safety specification and acceptance in ship control systems: a novel approach based on dynamic system modelling Gian Francesco D'Addio*, Pierluigi Firpo\ Stefano Savio* & Giuseppe Sciutto^ "Centra di Ricerca

More information

Accelerometer mod. TA18-S. SIL Safety Report

Accelerometer mod. TA18-S. SIL Safety Report Accelerometer mod. TA18-S SIL Safety Report SIL005/11 rev.1 of 03.02.2011 Page 1 of 7 1. Field of use The transducers are made to monitoring vibrations in systems that must meet particular technical safety

More information

Implementing IEC Standards for Safety Instrumented Systems

Implementing IEC Standards for Safety Instrumented Systems Implementing IEC Standards for Safety Instrumented Systems ABHAY THODGE TUV Certificate: PFSE-06-607 INVENSYS OPERATIONS MANAGEMENT What is a Safety Instrumented System (SIS)? An SIS is designed to: respond

More information

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions SIL SM.018 Rev 1 FP15 Interface Valve Compiled By : G. Elliott, Date: 30/10/2017 FP15/L1 FP15/H1 Contents Terminology Definitions......3 Acronyms & Abbreviations...4 1. Introduction...5 1.1 Scope.. 5 1.2

More information

Hazard Identification

Hazard Identification Hazard Identification Most important stage of Risk Assessment Process 35+ Techniques Quantitative / Qualitative Failure Modes and Effects Analysis FMEA Energy Analysis Hazard and Operability Studies HAZOP

More information

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no RAMS Group Department of Production and Quality Engineering

More information

Reliability Analysis Including External Failures for Low Demand Marine Systems

Reliability Analysis Including External Failures for Low Demand Marine Systems Reliability Analysis Including External Failures for Low Demand Marine Systems KIM HyungJu a*, HAUGEN Stein a, and UTNE Ingrid Bouwer b a Department of Production and Quality Engineering NTNU, Trondheim,

More information

Raw Material Spill. Lessons Learned. Volume 05 Issue USW

Raw Material Spill. Lessons Learned. Volume 05 Issue USW Raw Material Spill Lessons Learned Volume 05 Issue 14 2005 USW Raw Material Spill Purpose To conduct a small group lessons learned activity to share information gained from incident investigations. To

More information

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA Failure Modes, Effects and Diagnostic Analysis Project: 3095MV Mass Flow Transmitter Customer: Rosemount Inc. Chanhassen, MN USA Contract No.: Q04/04-09 Report No.: Ros 04/04-09 R001 Version V1, Revision

More information

European Union Agency for Railways. European Union Agency for Railways Rue Marc LEFRANCQ, 120 BP F Valenciennes Cedex France

European Union Agency for Railways. European Union Agency for Railways Rue Marc LEFRANCQ, 120 BP F Valenciennes Cedex France Information on the document Making the railway system European Union Agency for Railways Guideline for the application of harmonised design targets (CSM-DT) for technical systems as defined in (EU) Regulation

More information

Large Valve Causes Back Injury

Large Valve Causes Back Injury Large Valve Causes Back Injury Lessons Learned Volume 03 Issue 03 2004 USW Large Valve Causes Back Injury Purpose To conduct a small group lessons learned activity to share information gained from incident

More information

Transmitter mod. TR-A/V. SIL Safety Report

Transmitter mod. TR-A/V. SIL Safety Report Transmitter mod. TR-A/V SIL Safety Report SIL003/09 rev.1 del 09.03.2009 Pagina 1 di 7 1. Employ field The transmitters are dedicated to the vibration monitoring in plants where particular safety requirements

More information

Hydraulic (Subsea) Shuttle Valves

Hydraulic (Subsea) Shuttle Valves SIL SM.009 0 Hydraulic (Subsea) Shuttle Valves Compiled By : G. Elliott, Date: 11/3/2014 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant Standards

More information

Transducer mod. T-NC/8-API. SIL Safety Report

Transducer mod. T-NC/8-API. SIL Safety Report CEMB S.p.a. Transducer mod. T-NC/8-API SIL Safety Report SIL006/11 rev.0 dated 03.03.2011 Page 1 di 7 1. Employ field The transducers can measure the static or dynamic distance in plants which need to

More information

EUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS

EUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS ICAO EUR DOC 016 INTERNATIONAL CIVIL AVIATION ORGANIZATION EUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS - First Edition - 2004 PREPARED BY THE

More information

Solenoid Valves used in Safety Instrumented Systems

Solenoid Valves used in Safety Instrumented Systems I&M V9629R1 Solenoid Valves used in Safety Instrumented Systems Operating Manual in accordance with IEC 61508 ASCO Valves Page 1 of 7 Table of Contents 1 Introduction...3 1.1 Terms and Abbreviations...3

More information

Modeling of the Safety and the Performance of Railway Operation via Stochastic Petri Nets

Modeling of the Safety and the Performance of Railway Operation via Stochastic Petri Nets Modeling of the Safety and the Performance of Railway Operation via Stochastic Petri Nets Robert Nicolae 1 Florin Moldoveanu 1 Mihai Cernat 1 Roman Slovák 2 Eckehart Schnieder 2 1 Transilvania University

More information

INTERIM ADVICE NOTE 171/12. Risk Based Principal Inspection Intervals

INTERIM ADVICE NOTE 171/12. Risk Based Principal Inspection Intervals INTERIM ADVICE NOTE 171/12 Risk Based Principal Inspection Intervals Summary This Interim Advice Note sets out the requirements and guidance for service providers using risk based inspection intervals.

More information

DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report

DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report Number: Approval Date: 20160106 AMSC Number: N9616 Limitation: No DTIC Applicable: Yes GIDEP Applicable: Yes Defense

More information

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems EUR ING David Green BEng(hons) CEng MIET MInstMC RFSE Ron Bell OBE BSc CEng FIET Engineering Safety

More information

Workshop Functional Safety

Workshop Functional Safety Workshop Functional Safety Nieuwegein 12 March 2014 Workshop Functional Safety VDMA 4315 Part 1 page 1 Agenda VDMA Working Group on Functional Safety Functional Safety and Safety Lifecycle Functional Safety

More information

RISK ASSESSMENT GUIDE

RISK ASSESSMENT GUIDE RISK ASSESSMENT GUIDE Version Control Version Editor Date Comment 1.0 01/07/2013 Launch of NSW TrainLink SMS documents 2.0 P Couvret M Jones T Narwal 16/08/2016 Combined a number of guides to create new

More information

PIQCS HACCP Minimum Certification Standards

PIQCS HACCP Minimum Certification Standards PIQCS HACCP Minimum Certification Standards In the EU, requirements for the hygiene of food is laid down in Regulation (EC) 852/2004. This regulation establishes general hygiene procedures for food at

More information

Section 1: Multiple Choice Explained EXAMPLE

Section 1: Multiple Choice Explained EXAMPLE CFSP Process Applications Section 1: Multiple Choice Explained EXAMPLE Candidate Exam Number (No Name): Please write down your name in the above provided space. Only one answer is correct. Please circle

More information

Safety Manual OPTISWITCH series relay (DPDT)

Safety Manual OPTISWITCH series relay (DPDT) Safety Manual OPTISWITCH series 5000 - relay (DPDT) 1 Content Content 1 Functional safety 1.1 In general................................ 3 1.2 Planning................................. 5 1.3 Adjustment

More information

CHAPTER 4 FMECA METHODOLOGY

CHAPTER 4 FMECA METHODOLOGY CHAPTER 4 FMECA METHODOLOGY 4-1. Methodology moving into Criticality Analysis The FMECA is composed of two separate analyses, the FMEA and the Criticality Analysis (CA). The FMEA must be completed prior

More information

Instrument Craftsman Receives Caustic Burn to Ear

Instrument Craftsman Receives Caustic Burn to Ear Instrument Craftsman Receives Caustic Burn to Ear Lessons Learned Volume 03 Issue 38 2004 USW Instrument Craftsman Receives Caustic Burn to Ear Purpose To conduct a small group lessons learned activity

More information

18-642: Safety Plan 11/1/ Philip Koopman

18-642: Safety Plan 11/1/ Philip Koopman 18-642: Safety Plan 11/1/2017 Safety Plan: The Big Picture for Safety Anti-Patterns for Safety Plans: It s just a pile of unrelated documents It doesn t address software integrity You don t link to a relevant

More information

FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD

FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD Author: Maximilian Kleinubing BS. Field: Aeronautical Engineering, Flight Test Operations Keywords: Flight Test, Safety Assessment, Flight Test Safety Assessment

More information

Section 1: Multiple Choice

Section 1: Multiple Choice CFSP Process Applications Section 1: Multiple Choice EXAMPLE Candidate Exam Number (No Name): Please write down your name in the above provided space. Only one answer is correct. Please circle only the

More information

A quantitative software testing method for hardware and software integrated systems in safety critical applications

A quantitative software testing method for hardware and software integrated systems in safety critical applications A quantitative software testing method for hardware and software integrated systems in safety critical applications Hai ang a, Lixuan Lu* a a University of Ontario Institute of echnology, Oshawa, ON, Canada

More information

Software Reliability 1

Software Reliability 1 Software Reliability 1 Software Reliability What is software reliability? the probability of failure-free software operation for a specified period of time in a specified environment input sw output We

More information

Incorrect Relief Valve Material Causes Release

Incorrect Relief Valve Material Causes Release Incorrect Relief Valve Material Causes Release Lessons Learned Volume 04 Issue 18 2004 USW Purpose Incorrect Relief Valve Material Causes Release To conduct a small group lessons learned activity to share

More information

Safety-critical systems: Basic definitions

Safety-critical systems: Basic definitions Safety-critical systems: Basic definitions Ákos Horváth Based on István Majzik s slides Dept. of Measurement and Information Systems Budapest University of Technology and Economics Department of Measurement

More information

Pressure Gauge Failure Causes Release

Pressure Gauge Failure Causes Release Pressure Gauge Failure Causes Release Lessons Learned Volume 04 Issue 02 2004 USW Pressure Gauge Failure Causes Release Purpose To conduct a small group lessons learned activity to share information gained

More information

The IEC61508 Inspection and QA Engineer s hymn sheet

The IEC61508 Inspection and QA Engineer s hymn sheet The IEC61508 Inspection and QA Engineer s hymn sheet A few key points for those inspectors and QA engineers involved with a project using the IEC61508 group of standards by the 61508 Association SAFETY

More information

Unattended Bleeder Valve Thaws, Causing Fire

Unattended Bleeder Valve Thaws, Causing Fire Unattended Bleeder Valve Thaws, Causing Fire Lessons Learned Volume 03 Issue 12 2004 USW Purpose Unattended Bleeder Valve Thaws, Causing Fire To conduct a small group lessons learned activity to share

More information

Safety Assessment for Medical Test Lab. Dr. David Endler Systems Engineering Consultant Freelancer & Member of oose eg

Safety Assessment for Medical Test Lab. Dr. David Endler Systems Engineering Consultant Freelancer & Member of oose eg Safety Assessment for Medical Test Lab Dr. David Endler Systems Engineering Consultant Freelancer & Member of oose eg Agenda DLR :envihab test laboratory System safety process Design iterations Safety

More information

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions SIL SM.015 Rev 0 Eutectic Plug Valve Compiled By : G. Elliott, Date: 19/10/2016 Contents Terminology Definitions......3 Acronyms & Abbreviations...4 1. Introduction..5 1.1 Scope 5 1.2 Relevant Standards

More information

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No.

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No. L&T Valves Limited TAMIL NADU SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) MAY 2016 Report No. 8113245702-100-01 Submitted to L&T Valves Ltd. Report by

More information

THE DEVELOPMENT OF MALAYSIAN HIGHWAY RAIL LEVEL CROSSING SAFETY SYSTEMS: A PROPOSED RESEARCH FRAMEWORK. Siti Zaharah Ishak

THE DEVELOPMENT OF MALAYSIAN HIGHWAY RAIL LEVEL CROSSING SAFETY SYSTEMS: A PROPOSED RESEARCH FRAMEWORK. Siti Zaharah Ishak THE DEVELOPMENT OF MALAYSIAN HIGHWAY RAIL LEVEL CROSSING SAFETY SYSTEMS: A PROPOSED RESEARCH FRAMEWORK Siti Zaharah Ishak Transport System Centre, School of Natural & Built Environments, University Of

More information

Solenoid Valves For Gas Service FP02G & FP05G

Solenoid Valves For Gas Service FP02G & FP05G SIL Safety Manual SM.0002 Rev 02 Solenoid Valves For Gas Service FP02G & FP05G Compiled By : G. Elliott, Date: 31/10/2017 Reviewed By : Peter Kyrycz Date: 31/10/2017 Contents Terminology Definitions......3

More information

AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF. SEMS HAZARD ANALYSIS TRAINING September 29, 2011

AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF. SEMS HAZARD ANALYSIS TRAINING September 29, 2011 AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF SEMS HAZARD ANALYSIS TRAINING September 29, 2011 Purpose The purpose of this meeting is to provide guidelines for determination of hazard

More information

1309 Hazard Assessment Fundamentals

1309 Hazard Assessment Fundamentals 1309 Hazard Assessment Fundamentals Jim Marko Manager, Aircraft Integration & Safety Assessment 14 November 2018 Presentation Overview Fail-safe design concept Safety Assessment principles for hazard classification

More information

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis Failure Modes, Effects and Diagnostic Analysis Project: Isolating repeater 9164 Customer: R. STAHL Schaltgeräte GmbH Waldenburg Germany Contract No.: STAHL 16/08-032 Report No.: STAHL 16/08-032 R032 Version

More information

A Production Operator Received a Lime Burn on His Wrist

A Production Operator Received a Lime Burn on His Wrist A Production Operator Received a Lime Burn on His Wrist Lessons Learned Volume 03 Issue 37 2004 USW A Production Operator Received a Lime Burn on His Wrist Purpose To conduct a small group lessons learned

More information

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions SIL SM.0010 1 Pneumatic QEV Compiled By : G. Elliott, Date: 8/19/2015 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant Standards 5 1.3 Other

More information

Ch.5 Reliability System Modeling.

Ch.5 Reliability System Modeling. Certified Reliability Engineer. Ch.5 Reliability System Modeling. Industrial Engineering & Management System Research Center. - 1 - Reliability Data. [CRE Primer Ⅵ 2-6] Sources of Reliability Data. Successful

More information

Critical Systems Validation

Critical Systems Validation Critical Systems Validation Objectives To explain how system reliability can be measured and how reliability growth models can be used for reliability prediction To describe safety arguments and how these

More information

The Key Variables Needed for PFDavg Calculation

The Key Variables Needed for PFDavg Calculation Iwan van Beurden, CFSE Dr. William M. Goble, CFSE exida Sellersville, PA 18960, USA wgoble@exida.com July 2015 Update 1.2 September 2016 Abstract In performance based functional safety standards, safety

More information

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis Failure Modes, Effects and Diagnostic Analysis Project: 3051S SIS Pressure Transmitter, with Safety Feature Board, Software Revision 3.0 Customer: Rosemount Inc. Chanhassen, MN USA Contract No.: Ros 02/11-07

More information

Session Fifteen: Protection Functions as Probabilistic Filters for Accidents

Session Fifteen: Protection Functions as Probabilistic Filters for Accidents Abstract Session Fifteen: Protection Functions as Probabilistic Filters for Accidents Andreas Belzner Engine Functional Safety Gas Turbine, Alstom A generalized model is developed for the risk reduction

More information

Integration of safety studies into a detailed design phase for a navy ship

Integration of safety studies into a detailed design phase for a navy ship Integration of safety studies into a detailed design phase for a navy ship A. Fulfaro & F. Testa Fincantieri-Direzione Navi Militari, 16129 Genova, Italy Abstract The latest generation of Italian Navy

More information

CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS

CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS Applied R&M Manual for Defence Systems Part C - Techniques CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS Page 1 Introduction 2 2 Causes of Dependent Failures 3 3 Solutions 4 Issue 1 Page 1 Chapter 28

More information

Recommendations for the Risk Assessment of Buffer Stops and End Impact Walls

Recommendations for the Risk Assessment of Buffer Stops and End Impact Walls Recommendations for the Risk Assessment of Buffer Stops and End Synopsis This document gives details of a recommended method which, if followed, would meet the requirements of section 11, Buffer Stops

More information

Every things under control High-Integrity Pressure Protection System (HIPPS)

Every things under control High-Integrity Pressure Protection System (HIPPS) Every things under control www.adico.co info@adico.co Table Of Contents 1. Introduction... 2 2. Standards... 3 3. HIPPS vs Emergency Shut Down... 4 4. Safety Requirement Specification... 4 5. Device Integrity

More information

PROCEDURE. April 20, TOP dated 11/1/88

PROCEDURE. April 20, TOP dated 11/1/88 Subject: Effective Date: page 1 of 2 Initiated by: Failure Modes and Effects Analysis April 20, 1999 Supersedes: TOP 22.019 dated 11/1/88 Head, Engineering and Technical Infrastructure Approved: Director

More information

T71 - ANSI RIA R15.06: Robot and Robot System Safety

T71 - ANSI RIA R15.06: Robot and Robot System Safety - 5058-CO900H T71 - ANSI RIA R15.06: Robot and Robot System Safety PUBLIC ANSI/RIA R15.06-2012 RIA (print) www.robotics.org + old stds & technical reports ANSI (PDFs): note the TRs are NOT available from

More information

Hazard analysis. István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems

Hazard analysis. István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems Hazard analysis István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems Hazard analysis Goal: Analysis of the fault effects and the evolution of hazards

More information

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no RAMS Group Department of Production and Quality Engineering NTNU

More information