A study on the relation between safety analysis process and system engineering process of train control system
|
|
- Maximilian Moore
- 5 years ago
- Views:
Transcription
1 A study on the relation between safety analysis process and system engineering process of train control system Abstract - In this paper, the relationship between system engineering lifecycle and safety lifecycle is Eui-Jin Joung, Jong-Woo Lee, Railway Signaling Telecommunication Research Team, Korea Railroad Research Institute (KRRI) 374-1, Woulam-dong, Uiwang-city, Kyonggi-do, 437-5, Korea. {ejjoung, jwlee}@krri.re.kr Yang-Mo Kim Electrical Engineering Department Chungnam National University 22, Kung-dong, Taejon-city, , Korea. ymkim@ee.chungnam.ac.kr investigated. V diagram, and IEC 6158 model are represented in both lifecycle model. V diagram easily shows the flow of information between phases. But it does not show the amount of work involved in each stage. IEC 6158 model describes the activities to be performed during each phase of the lifecycle. And also the risk assessment for the level crossing is presented. Pursuing pre-certified process to reduce the risk, it is convinced that the risk level of the level crossing used in Korean railway network is appropriate previously determined ALARP level. Keyword : Lifecycle, safety engineering, system engineering, Level Crossing, Risk Assessment 1. Introduction Having identified not only advantages, but also disadvantages to the use of computers within safetyrelated systems, it is clear that a programmable solution will not always be ideal for a given application. However, in many cases the advantages outweigh the problems and a computer-based approach is adopted. In certain circumstances a computer-based system is the only viable method of producing the required functions. The train control system is also used a computerized system. To analyze the train control system in all the phase, we investigate various lifecycle models used in the train control system. Mainly V diagram, and IEC 6158 model are represented for the investigation between system engineering and safety engineering. And for the quantitative analysis, The risk analysis of a level crossing is presented. 2. Lifecycle model We can use lifecycle models as a means of describing the development of a safety-critical system. A number of models have been devised to describe the various phases of a development project. Like all development projects process of developing a safety-related computer system has various phases, these may be represented diagrammatically using a lifecycle model. 2.1 The system engineering lifecycle An example of a widely used development lifecycle model is the V diagram. This model may be expanded to indicate the outcome of each phase. It may also show the flow of information between phases. An example of a relatively simple diagram is shown in Figure 1. In this model, data from early phases is used at a later stage. Exactly speaking the V model clearly illustrates the outcome of each phase of the development process, and also indicates the flow of information between phases. However, it does not show the amount of work involved in each stage or when that effort will be required.
2 Requirements analysis Service Requirements document Certified system Specification Certification Specification Verified system Top level design System test Design specification Integrated system Detailed design System integration Module design Tested module Construction/ coding Module test Development phase Output from phase Modules Figure 1. V diagram for system engineering lifecycle Another widely used lifecycle model is IEC 6158 and shown in Figure 2. The model separates the realization of the system into three sections to represent these aspects of the implementation such as electrical/electronic/programmable, other technologies, and external facilities. IEC 6158 considers the impact of modifications during the system's life. The standard describes in detail the activities to be performed during each phase of the lifecycle and outlines the inputs and outputs of each phase. 1.Concept 2. Overall scope definition 3. Overall system requirement 4. System requirement allocation 5. Overall operation & maintenance Overall 6. Overall validation 7. Overall installation & commissioning 8. Electrical /electronic / programmable 9. Other technologies 1. External facilities 11.Overall installation & commissioning 12. Overall validation 13. Overall operation & maintenance 14. Overall modification & retrofit 15. Decommissioning Figure 2. Lifecycle model from the IEC The safety lifecycle Some various lifecycle models are suitable for corporate, others for resource management or
3 costing. Figure 3 shows a typical safety lifecycle. This model emphasizes a top-down approach to design, as shown on the left-hand arm of the diagram and a bottom-up approach to testing, as shown on the righthand arm. In safety-critical applications, this model may also be used to focus attention on the safety aspects of the project. The starting point is determined by the system requirements. Generally the term requirements is taken to represent an almost abstract definition of what the system should do. And then these abstract requirements must be formalized into a functional requirement document. Once the functional requirements of the system have been established, hazard and risk analyses are performed to identify potential dangers in the system and to allocate an overall level of integrity. Safety requirement of the system is stated from the hazard and risk analyses. In order to ensure safety, safety requirement defined what the system must and must not do. Once a specification has been produced, this is used as the basis for the top-level design that defines the system architecture. One of the major aspects of this process is to partition the system into hardware and software. This hardware-software trade- off is a vital part of the design and must take into account many diverse considerations. In the design architecture phase, the project is split into a number of more manageable modules to simplify the design and testing processes. And then the detailed design of the hardware and the software of each of the module is followed. When this design stage is complete the modules will be constructed and tested individually. This testing forms part of the process of verification that is used to establish that each module satisfies its specification. Verification continues throughout the lifecycle and forms an important aspect of each phase. Once the various modules have been completed and verified, the process of system integration may begin. Once the system is complete and appears to be functioning correctly, the verification and validation of the entire system may begin. The final stage is to convince some external regulating body that the system is safe. For any system that is safety related, a more detailed hazard and risk analysis phase is required in order to determine an appropriate integrity level for the project. Requirements Completed system Hazard and risk analysis Certification Specification System validation Architectural design System verification Module design System integration and testing Module construction and testing Figure 3. V diagram for safety lifecycle IEC 6158 also describes an overall safety lifecycle, as shown in Figure 4. This again covers all aspects of a system's life, from conception to decommissioning, and also considers the diverse aspects of its realization. The form of the safety lifecycle is very similar to that of the system lifecycle, with the addition of a phase concerned with hazard and risk analysis. The importance of the safety lifecycle is that it focuses attention on the safety aspects of each phase of the development process. Each phase has an input, a defined function and an associated output or deliverable. This lifecycle provides a mechanism for verifying the results of each of the activities relevant to the safety of the system. The phases 1-4 of Figure 4 are concerned with determining the overall characteristics of the system and looking at its safety implications. The results of the preliminary hazard and risk analysis determine the technique. Conceptually, the hazard and risk analysis associated with phase 3 of this model is used within phase 4 to determine the appropriate integrity level for the system. Within the phase 5, the various safety
4 requirements identified in phase 4 are allocated to appropriate safety-related systems. In the system, high complexity should be avoided wherever possible. The safety of a system is determined not only by its design and development, but also by how it is installed, used and maintained. For this reason an overall strategy for commissioning, operation and maintenance is established at an early stage in the development process. Boxes 9, 1 and 11 of the safety lifecycle are concerned with the design and implementation of the various safety-related systems and features. Following the implementation of the various safetyrelated systems, these are combined during installation (phase 12), and the complete system then begins a process of validation and, if necessary, certification (phase 13). The operation and maintenance stages of the system's life are covered by phase 14 and any modification or retrofitting by phase 15. The eventual decommissioning of the system is addressed by phase Concept 2. Overall scope definition 3. Hazard and risk analysis 4. Overall system requirement 5. Safety requirement allocation 6. Overall operation & maintenance Overall 7. Overall validation 8. Overall installation & commissioning 9. Safety-related system : Electrical /electronic / programmable 1. Safety-related system : Other technologies 11. External risk reduction facilities 12.Overall installation & commissioning 13. Overall safety validation Back to appropriate overall safety lifecycle phase 14. Overall operation & maintenance 15. Overall modification & retrofit 16. Decommissioning Figure 4. Overall safety lifecycle from the IEC 6158 For a system validation and certification in the phase 13, the safety case is documented and adopted. The safety case is a record of all the safety activities associated with a system, throughout its life. One of the most important uses of the safety case is to support an application for certification. Here the regulatory authority will be looking for evidence that all potential hazards have been identified, and appropriate steps have been taken to deal with them. The safety case must also demonstrate that appropriate development methods have been adopted and that these have been performed correctly. One of the problems associated with the production of a safety case is that the issues concerned are always multidisciplinary. It may therefore be appropriate, and necessary, to involve staff with expertise in areas such as computer software; computer hardware; analogue electronics; electrical engineering; mechanical engineering; pneumatics; hydraulics; human factors; and psychology. This will involve numerous steps that in some ways resemble the components of a mathematical proof. For this reason, the production of the safety case represents one of the most difficult and most demanding aspects of the generation of safety critical systems. The Figure 5 represents interaction in the engineering safety management among the safety authority, project, independent safety assessor, and customer.
5 Prepare Preliminary Safety Plan Establish Hazard Log Endorse Preliminary Safety Plan Identify and Analyze Hazard Assess Risk Establish Safety Requirements Endorse Safety Requirements Prepare Safety Plan Endorse Safety Plan Implement Safety Plan Commission Safety Assessment Perform Safety Assessment Issue Safety Assessment Repor Prepare Safety Case Independent Safety Assessor Endorse Safety Case Safety Approval Transfer Safety Responsibility Safety Authority Project Customer Figure 5. Interaction in the engineering safety management 3. Risk assessment 3.1 Background The subject to analysis is the operation of an Automatic Level Crossing. The aim of this risk assessment is to determine whether changes are required in order to reduce the risk presented by Automatic Level Crossing that is compliant with the principle of ALARP. The specified level crossing for the calculation is balan on Korean railway network. According to the level crossing data 2, 14 traffics are crossing this crossing, and 368 trains are operated in this point per days. The classified rank is 1 st class. In Korea railway network, there are 3 types of classified level crossing described in Table 1. Table 1. Types of level crossing in Korea railway network classification Description 1 st class Barrier, alarm, and sign are operated day and night. 2 nd class Barrier, alarm, and sign are operated day only. 3 rd class Alarm, and sign are operated 3.2 Hazard Identification The frequency and severity of each hazard has been estimated using the Table 2. For the hazard, its estimated frequency and severity has been multiplied to obtain the hazard rank. - Estimated hazard : Failure of level crossing - Estimated frequency : 2 (1 to 1 years) - Estimated severity : 4 (Single fatalities) - Hazard rank : 8
6 Table 2. Estimated hazard rank Severity Multiple fatalities = 5 Single fatalities = 4 Multiple major injuries = 3 Major injuries = 2 Minor injuries = 1 f r e q u e n c y Daily to monthly = Monthly to yearly = to 1 years = to 1 years = Less than 1 yearly = Causal Analysis Causal Analysis has been conducted to estimate the annual frequency of occurrence of each of the hazard. The fault tree to evaluate the frequency of occurrence of the hazard is presented on Figure 6. - Because the average of 368 trains traverse the crossing per day and protection is required for the crossing of each train for a period of approximately 3 seconds, then the probability of the event Train near level crossing is as follows. Probability = (3*368) / (36*24) = the probability of the event Controller indicates route clear when occupied is 4.*1-2 per annum per controller. - The probability of the event Track circuit failure is 3.*1-2 per annum. - The probability of the event Communication failure is 2.*1-2 per annum. - The probability of the event Timing sequence failure is 1. per annum. Using the above values, the probability of the hazard has been determined as follows. ((3.* *1-2 ) + 4.* ) *.128 =.14 te that the probability of the hazard is dominated by the probability for the event Timing sequence failure.
7 Failure of Level Crossing to Protect Public from... Gate1 Failure to protect crossing Gate2 Train near crossing Event1 Train fails to activate controller Gate3 Controller indicates route clear when occupied Event2 Timing sequence failure Event3 Track Circuit failure Event4 Communication failure Event5 Figure 6. Fault tree for a hazard 3.4 Consequence Analysis The particular method of consequence analysis used to analysis this hazard is the Cause Consequence modeling technique. This is inductive method of analysis where the hazard is displayed at the bottom of a decision-tree structure. Possible protective barriers affecting event escalation are then identified, classified and assessed. The simple cause-consequence models constructed to investigate the consequences are presented in Figure 7. From the data above represented, there are 14 vehicles used the crossing per hour taking 3 seconds, and about 2 pedestrians use the crossing per day taking 9 seconds. And trains run for 17.5 hours per day on this line, then the probability of the vehicle and pedestrian being present at the crossing at any given time is as follows. Probability = (336*3+2*9) / (36*17.5) = 4.5*1-2 On this crossing point, the trains carrying 1 cars have 1 km/h running speed.
8 Probability of occurrence of hazard.99 5.*1-3 5.* *1-3 9.* *1-3 Safe condition Train hits Near miss (1) Safe condition Near miss (2) Road user strikes pedestrian train Road user strikes crossing Prob=.3 Prob=.7 Road user strikes train Prob=.5 Pedestrian hit by train Prob=.5 Prob=.7 Prob=.3 Road user takes successful emergency action Prob=.9 Prob=.1 Pedestrian notices train and takes avoiding action Prob=.9 Prob=.1 Road user notices and makes controlled stop Prob=.9 Prob=.1 pedestrian at crossing Prob=.9 Prob=.1 other road user at crossing Failure of level crossing to protect public from train Failure of level crossing to protect public from train Figure 7. Cause-Consequence model for the hazard. 3.5 Loss Analysis Loss analysis has been conducted to determine the magnitude of potential safety losses associated with each hazard. Table 3 presents details of the loss modeling conducted. The incidents have been taken from the cause consequence diagram. The following incidents were identified. - Safety condition - Near miss - Train hits pedestrian - Road user strikes train - Road user strikes crossing It has been assumed that no losses arise from a safety condition. It has been assumed that : - The incident Train hits pedestrian results in no injuries to passengers, but 1 fatality to a member of the public. - The incident Road user strikes train results in 2 minor injuries to passengers, and a single major injury to a member of the public. - The incident Road user strikes crossing results in 1 minor injury to passengers, and 1 major injury to a member of the public. Using the currently accepted convention, The potential equivalent fatality is represented in Table 3. The annual frequency of each incident has been determined by multiplying the estimated frequency of the hazard by the estimated probability of the hazard leading to the incident once thc hazard has occurred. Table 3. Results of Loss Analysis for the hazard Incident Frequency Safety loss per incident Safety loss per annum (per annum) (PEF) (PEF) Passenger Public Passenger Public Train hits pedestrian 7.* *1-4 Near miss (1) 7.*1-4 Near miss (2) 9.8*1-4 Road user strikes train 1.2* * *1-5 Road user strikes crossing 2.9*1-4 5* * * Option Analysis Total per annum 4.1* *1-4
9 Both structured brainstorming and a suitable checklist have been used to identify potential risk mitigation options for the hazard. Table 4 represents risk mitigation options that have been identified. Table 4. Result of options analysis Hazard description Hazard rank Option Failure of level crossing to 8 1. Modify crossing to have more protect the public from reliable controller passing trains (wrong side failure of level crossing) 2. Modify crossing sequence to provide greater crossing time 3. Rewire cable to controller to replace degraded cabling 3.7 impact analysis The result of the analysis of one of the options is presented modify crossing sequence to provide greater crossing time. Using this result, the probability of the event timing sequence failure can be reduced by an order of magnitude. Applying this revised failure probability within the previous causal analysis of the hazard leads to a reduced annual probability of occurrence of the hazard of 2.*1-2 The results of this revised analysis are presented in Table 5. Table 5. Results of Loss Analysis for the hazard Incident Frequency Safety loss per incident Safety loss per annum (per annum) (PEF) (PEF) Passenger Public Passenger Public Train hits pedestrian 1.* *1-4 Near miss (1) 1.*1-4 Near miss (2) 1.4*1-4 Road user strikes train 1.8* * *1-6 Road user strikes crossing 4.2*1-5 5* * *1-6 Total losses per annum (with mitigation) (A) 3.9* *1-4 Total losses per annum (without mitigation) (B) 4.1* *1-4 Total mitigated losses per annum (B-A) 3.7* * Demonstration of ALARP and compliance We can define three groups exposed to the risks of their operations : employees (track side staff), passengers and the public. An average risk of fatality per annum for an individual in the respective group is represented in Table 6. Table 6. ALARP and Benchmark criteria for all of its operation Group Upper limit of Broadly Benchmark tolerability acceptable bound Employee Passenger Public Automatic level crossing contribute 1%, 2%, and 5% of the total risk of all of operation, to employees, passengers and the public respectively. There are 1,8 crossing in the railroad network. Hence, it can be assumed that the fraction of total safety risk which is associated with a automatic level crossing is as follows. - fraction of total safety risk to employees = (1*.1)/1,8 = 5.5*1-5 - fraction of total safety risk to passengers = (1*.2)/1,8 = 1.1*1-4 - fraction of total safety risk to public = (1*.5)/1,8 = 2.8*1-4 The apportioned ALARP and benchmark can be determined by multiplying the criteria. The resulting apportioned criteria are given in Table 7. Table 7. Apportioned ALARP and Benchmark criteria Group Apportioned Apportioned Apportioned
10 upper limit of broadly acceptable benchmark tolerability bound Employee 5.5* * *1-9 Passenger 1.1* * *1-9 Public 2.8* * *1-9 In order to determine the total safety losses, the estimated safety losses associated with each of the hazards have been summed together. Table 8. Total safety losses Group Total safety losses associated with undertaking per annum Employee Passenger 7.8*1-7 Public 2.2*1-4 It is estimated that 1, different individuals are regular daily users of the crossing. So the average risk to each of these individuals is presented in Table 9. Table 9. Average safety losses per individual Group Average safety losses per individual per annum Employee Passenger 7.8*1-11 Public 2.2*1-8 From the Table 9, the average risk to a member of the public is between the apportioned broadly acceptable bound and apportioned upper limit of tolerability. It is therefore necessary to determine those risk mitigation measures that should be applied in order to reduce risks to ALARP level. We can consider some risk mitigation options which is associated with direct costs per annum, net costs per annum, annual mitigated safety loss, and annual monetary value of mitigated loss. The most appropriate option should be found in these options. From this analysis, we can chose an appropriate value, 7.9*1-4. The residual risk of the undertaking after implementation of this option is as follows. Residual risk = 2.2* *1-4 = 1.*1-7 per annum. The average residual risk to the 1, regular daily users of the crossing is 1.*1-11 per annum. This is less than apportioned benchmark. 4. Conclusion Until now, the relationship between system engineering lifecycle and safety lifecycle is investigated. V diagram, and IEC 6158 model are represented in both lifecycle model. V diagram easily shows the flow of information between phases. But it does not show the amount of work involved in each stage. IEC 6158 model describes the activities to be performed during each phase of the lifecycle. Also the risk assessment for the level crossing is presented. The object is the specified level crossing used in Korean railway network. Pursuing pre-certified process to reduce the risk, it is convinced that the risk level of the level crossing is appropriate previously determined ALARP level. [Reference] 1. International Electrotechnical Commission, IEC6158, Functional safety of electrical/electronic/programmable electronic safety-related system. 2. CENELEC Draft pren5126, Railway application The specification and demonstration of dependability, reliability, availability, maintainability and safety (RAMS) 3. CENELEC Draft pren5128 : 1998, Railway application Software for railway control and protection system. 4. CENELEC ENV5129 : 1998, Railway application Safety related electronic systems for signaling, May HMRI, Guide to the Approval of Railway Works, Plants and Equipment, Health and Safety Executive, 1994
C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS
C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS Chinnarao Mokkapati Ansaldo Signal Union Switch & Signal Inc. 1000 Technology Drive Pittsburgh, PA 15219 Abstract
More informationRisk Management Qualitatively on Railway Signal System
, pp. 113-117 The Korean Society for Railway Ya-dong Zhang* and Jin Guo** Abstract Risk management is an important part of system assurance and it is widely used in safety-related system. Railway signal
More informationUnderstanding safety life cycles
Understanding safety life cycles IEC/EN 61508 is the basis for the specification, design, and operation of safety instrumented systems (SIS) Fast Forward: IEC/EN 61508 standards need to be implemented
More informationImplementing IEC Standards for Safety Instrumented Systems
Implementing IEC Standards for Safety Instrumented Systems ABHAY THODGE TUV Certificate: PFSE-06-607 INVENSYS OPERATIONS MANAGEMENT What is a Safety Instrumented System (SIS)? An SIS is designed to: respond
More informationTHE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS
THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS J.E. HARBER, M.K. KATTAN Atomic Energy of Canada Limited 2251 Speakman Drive, Mississauga, Ont., L5K 1B2 CA9900006 and M.J. MACBETH Institute for
More informationNew Thinking in Control Reliability
Doug Nix, A.Sc.T. Compliance InSight Consulting Inc. New Thinking in Control Reliability Or Your Next Big Headache www.machinerysafety101.com (519) 729-5704 Control Reliability Burning Questions from the
More informationDETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508
DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508 Simon J Brown Technology Division, Health & Safety Executive, Bootle, Merseyside L20 3QZ, UK Crown Copyright
More informationEvery things under control High-Integrity Pressure Protection System (HIPPS)
Every things under control www.adico.co info@adico.co Table Of Contents 1. Introduction... 2 2. Standards... 3 3. HIPPS vs Emergency Shut Down... 4 4. Safety Requirement Specification... 4 5. Device Integrity
More informationThe Best Use of Lockout/Tagout and Control Reliable Circuits
Session No. 565 The Best Use of Lockout/Tagout and Control Reliable Circuits Introduction L. Tyson Ross, P.E., C.S.P. Principal LJB Inc. Dayton, Ohio Anyone involved in the design, installation, operation,
More informationSafety-critical systems: Basic definitions
Safety-critical systems: Basic definitions Ákos Horváth Based on István Majzik s slides Dept. of Measurement and Information Systems Budapest University of Technology and Economics Department of Measurement
More informationPurpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT
SYDNEY TRAINS SAFETY MANAGEMENT SYSTEM OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT Purpose Scope Process flow This operating procedure supports SMS-07-SP-3067 Manage Safety Change and establishes the
More informationSIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION
SIL explained Understanding the use of valve actuators in SIL rated safety instrumented systems The requirement for Safety Integrity Level (SIL) equipment can be complicated and confusing. In this document,
More informationThe Safety Case. The safety case
The Safety Case Structure of safety cases Safety argument notation Budapest University of Technology and Economics Department of Measurement and Information Systems The safety case Definition (core): The
More informationSafety-Critical Systems
Software Testing & Analysis (F22ST3) Safety-Critical Systems Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3) 2 What Are
More informationD-Case Modeling Guide for Target System
D-Case Modeling Guide for Target System 1/32 Table of Contents 1 Scope...4 2 Overview of D-Case and SysML Modeling Guide...4 2.1 Background and Purpose...4 2.2 Target System of Modeling Guide...5 2.3 Constitution
More informationThe Safety Case. Structure of Safety Cases Safety Argument Notation
The Safety Case Structure of Safety Cases Safety Argument Notation Budapest University of Technology and Economics Department of Measurement and Information Systems The safety case Definition (core): The
More informationEngineering Safety into the Design
Engineering safety into the design Peter Scantlebury P.Eng Technical Safety Manager Amec Foster Wheeler, Oil & Gas Canada Abstract Safety by design is Amec Foster Wheeler s systematic approach to engineering
More informationReliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis
Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no RAMS Group Department of Production and Quality Engineering
More informationReliability Analysis Including External Failures for Low Demand Marine Systems
Reliability Analysis Including External Failures for Low Demand Marine Systems KIM HyungJu a*, HAUGEN Stein a, and UTNE Ingrid Bouwer b a Department of Production and Quality Engineering NTNU, Trondheim,
More informationPROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511
PROCESS AUTOMATION Manual Safety Integrity Level SIL Edition 2005 IEC 61508/61511 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of
More informationEutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions
SIL SM.015 Rev 0 Eutectic Plug Valve Compiled By : G. Elliott, Date: 19/10/2016 Contents Terminology Definitions......3 Acronyms & Abbreviations...4 1. Introduction..5 1.1 Scope 5 1.2 Relevant Standards
More informationFunctional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards
Functional safety Functional safety of Programmable systems, devices & components: Requirements from global & national standards Matthias R. Heinze Vice President Engineering TUV Rheinland of N.A. Email
More informationGas Network Craftsperson
Gas Network Craftsperson Unit EIAU016 Carrying out Fault Diagnosis on Electrical Equipment and Circuits This assessment specification has been developed as part of the network maintenance craftsperson
More informationAnalyses and statistics on the frequency and the incidence of traffic accidents within Dolj County
UNIVERSITY OF PITESTI SCIENTIFIC BULLETIN Faculty of Mechanics and Technology AUTOMOTIVE series, year XXIV, no. 28 Analyses and statistics on the frequency and the incidence of traffic accidents within
More informationinnova-ve entrepreneurial global 1
www.utm.my innova-ve entrepreneurial global Safety Integrity Level (SIL) is defined as: Relative level of risk-reduction provided by a safety function to specify a target level of risk reduction. SIL is
More informationThe Meaning and Context of Safety Integrity Targets
CHAPTER 1 The Meaning and Context of Safety Integrity Targets Chapter Outline 1.1 Risk and the Need for Safety Targets 4 1.2 Quantitative and Qualitative Safety Targets 7 1.3 The Life-cycle Approach 10
More informationSafety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)
Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed) ICAO MID Seminar on Aerodrome Operational Procedures (PANS-Aerodromes) Cairo, November 2017 Avner Shilo, Technical officer
More informationHazard Identification
Hazard Identification Most important stage of Risk Assessment Process 35+ Techniques Quantitative / Qualitative Failure Modes and Effects Analysis FMEA Energy Analysis Hazard and Operability Studies HAZOP
More informationTools for safety management Effectiveness of risk mitigation measures. Bernhard KOHL
Tools for safety management Effectiveness of risk mitigation measures Bernhard KOHL Contents Background Tools for risk-based decision making Safety measures Illustration of methodical approach Case studies
More informationRISK ASSESSMENT GUIDE
RISK ASSESSMENT GUIDE Version Control Version Editor Date Comment 1.0 01/07/2013 Launch of NSW TrainLink SMS documents 2.0 P Couvret M Jones T Narwal 16/08/2016 Combined a number of guides to create new
More informationPneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions
SIL SM.0010 1 Pneumatic QEV Compiled By : G. Elliott, Date: 8/19/2015 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant Standards 5 1.3 Other
More informationHigh Integrity Pressure Protection Systems HIPPS
High Integrity Pressure Protection Systems HIPPS HIPPS > High Integrity Pressure Protection Systems WHAT IS A HIPPS The High Integrity Pressure Protection Systems (HIPPS) is a mechanical and electrical
More informationIGEM/SR/15 Edition 5 Communication 1746 Integrity of safety-related systems in the gas industry
Communication 1746 Integrity of safety-related systems in the gas industry Founded 1863 Royal Charter 1929 Patron: Her Majesty the Queen Communication 1746 Integrity of safety-related systems in the gas
More informationPartial Stroke Testing. A.F.M. Prins
Partial Stroke Testing A.F.M. Prins Partial Stroke Testing PST in a safety related system. As a supplier we have a responsibility to our clients. What do they want, and what do they really need? I like
More informationFP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions
SIL SM.018 Rev 1 FP15 Interface Valve Compiled By : G. Elliott, Date: 30/10/2017 FP15/L1 FP15/H1 Contents Terminology Definitions......3 Acronyms & Abbreviations...4 1. Introduction...5 1.1 Scope.. 5 1.2
More informationLecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016
Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Lecture 04 (02.11.2015) Hazard Analysis Christoph Lüth Jan Peleska Dieter Hutter Where are we? 01: Concepts of Quality 02: Legal Requirements:
More informationQuestions & Answers About the Operate within Operate within IROLs Standard
Index: Introduction to Standard...3 Expansion on Definitions...5 Questions and Answers...9 Who needs to comply with this standard?...9 When does compliance with this standard start?...10 For a System Operator
More informationSharing practice: OEM prescribed maintenance. Peter Kohler / Andy Webb
Sharing practice: OEM prescribed maintenance Peter Kohler / Andy Webb Overview 1. OEM introduction 2. OEM maintenance: pros and cons 3. OEM maintenance: key message 4. Tools to help 5. Example 6. Takeaway
More informationFUNCTIONAL SAFETY: SIL DETERMINATION AND BEYOND A CASE STUDY FROM A CHEMICAL MANUFACTURING SITE
FUNCTIONAL SAFETY: SIL DETERMINATION AND BEYOND A CASE STUDY FROM A CHEMICAL MANUFACTURING SITE Jasjeet Singh and Neil Croft, HFL Risk Services Ltd, Manchester, UK Industrial chemical processes increasingly
More informationMINE SAFETY TARGETED ASSESSMENT PROGRAM. Ground or strata failure NSW metalliferous mines. April
MINE SAFETY TARGETED ASSESSMENT PROGRAM Ground or strata failure NSW metalliferous mines April 2017 www.resourcesandenergy.nsw.gov.au Document control Publication title: Ground or strata failure NSW metalliferous
More informationDeZURIK. KGC Cast Knife Gate Valve. Safety Manual
KGC Cast Knife Gate Valve Safety Manual Manual D11036 August 29, 2014 Table of Contents 1 Introduction... 3 1.1 Terms... 3 1.2 Abbreviations... 4 1.3 Product Support... 4 1.4 Related Literature... 4 1.5
More informationIntrinsic safety 101 hazardous locations
Intrinsic safety 101 hazardous locations Protection methods, containment, segregation, and prevention By Robert Schosker This article answers the question, Why worry about hazardous locations? The area
More informationUltima. X Series Gas Monitor
Ultima X Series Gas Monitor Safety Manual SIL 2 Certified " The Ultima X Series Gas Monitor is qualified as an SIL 2 device under IEC 61508 and must be installed, used, and maintained in accordance with
More informationSUBJECT: Board Approval: 4/29/04
1255 Imperial Avenue, Suite 1000 San Diego, CA 92101-7490 619/231-1466 FAX 619/234-3407 Policies and Procedures No. 38 SUBJECT: Board Approval: 4/29/04 OUT-OF-DIRECTION BUS ROUTINGS PURPOSE: To establish
More informationAUSTRIAN RISK ANALYSIS FOR ROAD TUNNELS Development of a new Method for the Risk Assessment of Road Tunnels
- 204 - ABSTRACT AUSTRIAN RISK ANALYSIS FOR ROAD TUNNELS Development of a new Method for the Risk Assessment of Road Tunnels Kohl B. 1, Botschek K. 1, Hörhan R. 2 1 ILF, 2 BMVIT In Austria, in the past
More informationCritical Systems Validation
Critical Systems Validation Objectives To explain how system reliability can be measured and how reliability growth models can be used for reliability prediction To describe safety arguments and how these
More informationHydraulic (Subsea) Shuttle Valves
SIL SM.009 0 Hydraulic (Subsea) Shuttle Valves Compiled By : G. Elliott, Date: 11/3/2014 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant Standards
More informationAeronautical studies and Safety Assessment
Aerodrome Safeguarding Workshop Cairo, 4 6 Dec. 2017 Aeronautical studies and Safety Assessment Nawal A. Abdel Hady ICAO MID Regional Office, Aerodrome and Ground Aids (AGA) Expert References ICAO SARPS
More informationCodex Seven HACCP Principles. (Hazard Identification, Risk Assessment & Management)
Codex Seven HACCP Principles (Hazard Identification, Risk Assessment & Management) Logic sequence for application of HACCP Assemble the HACCP team Describe product Identify intended use Construct a flow
More informationSession: 14 SIL or PL? What is the difference?
Session: 14 SIL or PL? What is the difference? Stewart Robinson MIET MInstMC Consultant Engineer, Pilz Automation Technology UK Ltd. EN ISO 13849-1 and EN 6061 Having two different standards for safety
More informationThe IEC61508 Operators' hymn sheet
The IEC61508 Operators' hymn sheet A few key points for those Operators of plant or equipment that involve SIL rated safety functions*, trips or interlocks by The 61508 Association SAFETY INSTRUMENTED
More informationWorkshop Functional Safety
Workshop Functional Safety Nieuwegein 12 March 2014 Workshop Functional Safety VDMA 4315 Part 1 page 1 Agenda VDMA Working Group on Functional Safety Functional Safety and Safety Lifecycle Functional Safety
More informationBespoke Hydraulic Manifold Assembly
SIL SM.0003 1 Bespoke Hydraulic Manifold Assembly Compiled By : G. Elliott, Date: 12/17/2015 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant
More informationDetermination of Safety Level for the Train Protection System at Ringbanen in Copenhagen
Determination of Safety Level for the Train Protection System at Ringbanen in Copenhagen Søren Randrup-Thomsen & Lars Wahl Andersen, RAMBØLL, Bredevej 2, 2830 Virum Bent Nygaard, Banestyrelsen, Banehuset,
More informationPL estimation acc. to EN ISO
PL estimation acc. to EN ISO 3849- Example calculation for an application MAC Safety / Armin Wenigenrath, January 2007 Select the suitable standard for your application Reminder: The standards and the
More informationSection 1: Multiple Choice
CFSP Process Applications Section 1: Multiple Choice EXAMPLE Candidate Exam Number (No Name): Please write down your name in the above provided space. Only one answer is correct. Please circle only the
More informationHealth and Safety Inspection Procedure
Template v4 WILTSHIRE POLICE FORCE PROCEDURE Health and Safety Inspection Procedure Effective from: 25.03.2012 Last Review Date: 10.05.2015 Version: 2.0 Next Review Date: 10.05.2018 TABLE OF CONTENTS PROCEDURE
More informationSolenoid Valves For Gas Service FP02G & FP05G
SIL Safety Manual SM.0002 Rev 02 Solenoid Valves For Gas Service FP02G & FP05G Compiled By : G. Elliott, Date: 31/10/2017 Reviewed By : Peter Kyrycz Date: 31/10/2017 Contents Terminology Definitions......3
More informationName Phone Logo
External Assessment Specifications Document Curriculum Code Qualification Title NQF Level QCTO 653401000 Occupational Certificate: Mechanic Bicycle 4 Name Email Phone Logo Assessment Quality Partner Wholesale
More informationCONTENTS OF THE PCSR CHAPTER 1 - INTRODUCTION AND GENERAL DESCRIPTION
PAGE : 1 / 8 CONTENTS OF THE PCSR CHAPTER 1 - INTRODUCTION AND GENERAL DESCRIPTION SUB-CHAPTER 1.1 INTRODUCTION SUB-CHAPTER 1.2 GENERAL DESCRIPTION OF THE UNIT SUB-CHAPTER 1.3 COMPARISON WITH REACTORS
More informationTraffic Calming Policy
Article I. Purpose and Goal. The purpose of this policy is to establish criteria and procedures the City will use to evaluate requests for, and if appropriate, implement traffic calming measures. Neighborhood
More informationgaf traffic 2015 capability statement
gaf traffic 2015 capability statement www.gaftraffic.com.au INTRODUCING GAF TRAFFIC GAF Traffic is a people-centred traffic engineering consultancy serving new and existing projects in Western Australia.
More informationOur Approach to Managing Level Crossing Safety Our Policy
Our Approach to Managing Level Crossing Safety Our Policy Our policy towards managing level crossing risk is: that we are committed to reducing the risk at level crossings where reasonably practicable
More information1.0 PURPOSE 2.0 REFERENCES
Page 1 1.0 PURPOSE 1.1 This Advisory Circular provides Aerodrome Operators with guidance for the development of corrective action plans to be implemented in order to address findings generated during safety
More informationHazard Operability Analysis
Hazard Operability Analysis Politecnico di Milano Dipartimento di Energia HAZOP Qualitative Deductive (search for causes) Inductive (consequence analysis) AIM: Identification of possible process anomalies
More informationRelease: 1. UEPOPL002A Licence to operate a reciprocating steam engine
Release: 1 UEPOPL002A Licence to operate a reciprocating steam engine UEPOPL002A Licence to operate a reciprocating steam engine Modification History Not applicable. Unit Descriptor Unit Descriptor 1)
More informationSolenoid Valves used in Safety Instrumented Systems
I&M V9629R1 Solenoid Valves used in Safety Instrumented Systems Operating Manual in accordance with IEC 61508 ASCO Valves Page 1 of 7 Table of Contents 1 Introduction...3 1.1 Terms and Abbreviations...3
More informationThe RCM Analyst - Beyond RCM
The RCM Analyst - Beyond RCM darylm@strategic-advantages.com About the Author: Daryl Mather was originally trained in RCM in 1991, after which he was involved in the application of the method through a
More informationDeZURIK. KSV Knife Gate Valve. Safety Manual
KSV Knife Gate Valve Safety Manual Manual D11035 August 29, 2014 Table of Contents 1 Introduction... 3 1.1 Terms... 3 1.2 Abbreviations... 4 1.3 Product Support... 4 1.4 Related Literature... 4 1.5 Reference
More informationAdvanced LOPA Topics
11 Advanced LOPA Topics 11.1. Purpose The purpose of this chapter is to discuss more complex methods for using the LOPA technique. It is intended for analysts who are competent with applying the basic
More informationSafety-critical systems: Basic definitions
Safety-critical systems: Basic definitions Ákos Horváth Based on István Majzik s slides Dept. of Measurement and Information Systems Budapest University of Technology and Economics Department of Measurement
More informationSafety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*
Safety Manual Process pressure transmitter IPT-1* 4 20 ma/hart Process pressure transmitter IPT-1* Contents Contents 1 Functional safety 1.1 General information... 3 1.2 Planning... 4 1.3 Instrument parameter
More informationA GUIDE TO RISK ASSESSMENT IN SHIP OPERATIONS
A GUIDE TO RISK ASSESSMENT IN SHIP OPERATIONS Page 1 of 7 INTRODUCTION Although it is not often referred to as such, the development and implementation of a documented safety management system is an exercise
More informationIntroduction to Machine Safety Standards
Introduction to Machine Safety Standards Jon Riemer Solution Architect Safety & Security Functional Safety Engineer (TÜV Rheinland) Cyber Security Specialist (TÜV Rheinland) Agenda Understand the big picture
More informationDistributed Control Systems
Unit 41: Unit code Distributed Control Systems M/615/1509 Unit level 5 Credit value 15 Introduction With increased complexity and greater emphasis on cost control and environmental issues, the efficient
More informationSafety Manual VEGAVIB series 60
Safety Manual VEGAVIB series 60 Contactless electronic switch Document ID: 32002 Contents Contents 1 Functional safety... 3 1.1 General information... 3 1.2 Planning... 4 1.3 Adjustment instructions...
More informationKnowledge, Certification, Networking
www.iacpe.com Knowledge, Certification, Networking Page :1 of 71 Rev 01 Sept 2016 IACPE No 19, Jalan Bilal Mahmood 80100 Johor Bahru Malaysia The International of is providing the introduction to the Training
More informationSPR - Pneumatic Spool Valve
SIL SM.008 Rev 7 SPR - Pneumatic Spool Valve Compiled By : G. Elliott, Date: 31/08/17 Contents Terminology Definitions:... 3 Acronyms & Abbreviations:... 4 1.0 Introduction... 5 1.1 Purpose & Scope...
More information'Dipartimento di Ingegneria Elettrica, Universita di Genova Via all 'Opera Pia, lla Genova, Italy
Safety specification and acceptance in ship control systems: a novel approach based on dynamic system modelling Gian Francesco D'Addio*, Pierluigi Firpo\ Stefano Savio* & Giuseppe Sciutto^ "Centra di Ricerca
More informationDevelopment, implementation and use of the All Level Crossing Risk Model (ALCRM) Alan Symons Network Rail Infrastructure Ltd Great Britain
Development, implementation and use of the All Level Crossing Risk Model (ALCRM) Alan Symons Network Rail Infrastructure Ltd Great Britain 1 Level Crossing Facts (Great Britain) Over 7000 in active use
More informationUsing what we have. Sherman Eagles SoftwareCPR.
Using what we have Sherman Eagles SoftwareCPR seagles@softwarecpr.com 2 A question to think about Is there a difference between a medical device safety case and any non-medical device safety case? Are
More informationA quantitative software testing method for hardware and software integrated systems in safety critical applications
A quantitative software testing method for hardware and software integrated systems in safety critical applications Hai ang a, Lixuan Lu* a a University of Ontario Institute of echnology, Oshawa, ON, Canada
More informationReview and Assessment of Engineering Factors
Review and Assessment of Engineering Factors 2013 Learning Objectives After going through this presentation the participants are expected to be familiar with: Engineering factors as follows; Defense in
More informationSafety Manual VEGAVIB series 60
Safety Manual VEGAVIB series 60 NAMUR Document ID: 32005 Contents Contents 1 Functional safety... 3 1.1 General information... 3 1.2 Planning... 4 1.3 Adjustment instructions... 6 1.4 Setup... 6 1.5 Reaction
More informationCycle traffic and the Strategic Road Network. Sandra Brown, Team Leader, Safer Roads- Design
Cycle traffic and the Strategic Road Network Sandra Brown, Team Leader, Safer Roads- Design Highways England A Government owned Strategic Highways Company Department for Transport Road Investment Strategy
More informationCT433 - Machine Safety
Rockwell Automation On The Move May 16-17 2018 Milwaukee, WI CT433 - Machine Safety Performance Level Selection and Design Realization Jon Riemer Solution Architect Safety & Security Functional Safety
More informationSIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6
ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases SIL Safety Manual Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6 ULTRAMAT 6F 7MB2111, 7MB2117, 7MB2112, 7MB2118 ULTRAMAT 6E
More informationHazard Identification
Hazard Identification Bureau of Workers Comp PA Training for Health & Safety (PATHS) PPT-072-01 1 Hazard Detection & Inspection What is a hazard? What should I look for? How do I perform the inspection?
More informationFailure Modes, Effects and Diagnostic Analysis
Failure Modes, Effects and Diagnostic Analysis Project: Solenoid Drivers KFD2-SL2-(Ex)1.LK.vvcc KFD2-SL2-(Ex)*(.B).vvcc Customer: Pepperl+Fuchs GmbH Mannheim Germany Contract No.: P+F 06/09-23 Report No.:
More informationDeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual
Double Block & Bleed (DBB) Knife Gate Valve Safety Manual Manual D11044 September, 2015 Table of Contents 1 Introduction... 3 1.1 Terms... 3 1.2 Abbreviations... 4 1.3 Product Support... 4 1.4 Related
More informationMiscalculations on the estimation of annual energy output (AEO) of wind farm projects
Available online at www.sciencedirect.com ScienceDirect Energy Procedia 57 (2014 ) 698 705 2013 ISES Solar World Congress Miscalculations on the estimation of annual energy output (AEO) of wind farm projects
More informationCONTINUING REVIEW CRITERIA FOR RENEWAL
1. POLICY Steering Committee approved / Effective Date: 9/2/15 The IRB conducts continuing review of research taking place within its jurisdiction at intervals appropriate to the degree of risk, but not
More informationThe following gives a brief overview of the characteristics of the most commonly used devices.
SAFETY RELATED CONTROL SYSTEMS In a previous article we discussed the issues relating to machine safety systems focusing mainly on the PUWER regulations and risk assessments. In this issue will take this
More informationSafety Manual OPTISWITCH series relay (DPDT)
Safety Manual OPTISWITCH series 5000 - relay (DPDT) 1 Content Content 1 Functional safety 1.1 In general................................ 3 1.2 Planning................................. 5 1.3 Adjustment
More informationSignificant Change to Dairy Heat Treatment Equipment and Systems
Significant to Dairy Heat Treatment September 2008 Page 1 Significant to Dairy Heat Treatment Equipment and Systems September 2008 1 Background Requirements for the assessment of dairy heat treatment equipment
More informationSafety Standards Acknowledgement and Consent (SSAC) CAP 1395
Safety Standards Acknowledgement and Consent (SSAC) CAP 1395 Contents Published by the Civil Aviation Authority, 2015 Civil Aviation Authority, Aviation House, Gatwick Airport South, West Sussex, RH6 0YR.
More informationReliability of Safety-Critical Systems Chapter 4. Testing and Maintenance
Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no RAMS Group Department of Production and Quality Engineering NTNU
More informationCHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS
Applied R&M Manual for Defence Systems Part C - Techniques CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS Page 1 Introduction 2 2 Causes of Dependent Failures 3 3 Solutions 4 Issue 1 Page 1 Chapter 28
More informationINTERIM ADVICE NOTE 150/12. Guidance for Alternative Temporary Traffic Management Techniques for Relaxation Schemes on Dual Carriageways.
INTERIM ADVICE NOTE 150/12 Guidance for Alternative Temporary Traffic Management Techniques for Relaxation Schemes on Dual Carriageways Summary Guidance for temporary traffic management (TTM), on the approach
More informationSafety of railway control systems: A new Preliminary Risk Analysis approach
Author manuscript published in IEEE International Conference on Industrial Engineering and Engineering Management Singapour : Singapour (28) Safety of railway control systems: A new Preliminary Risk Analysis
More information