Real-Time & Embedded Systems
|
|
- Elaine Summers
- 5 years ago
- Views:
Transcription
1 Real-Time & Embedded Systems Agenda Safety Critical Systems Project 6 continued
2 Safety Critical Systems Safe enough looks different at 35,000 feet. Bruce Powell Douglass The Air Force has a perfect operating record everything we put in the air has come back down. - Unknown
3 Ubiquity of Control Systems Electro-mechanical devices are migrating to softwaredriven systems Automobiles Planes Home Appliances Medical Equipment Nuclear Power Plants
4 Software Failures Therac-25 Radiation therapy device Software-driven Bugs allowed massive radiation overdoses Killed 3 people, contributed to the death of a fourth
5 Software Failures Patriot Missiles Clock drift reduced their effectiveness from 95% to 13% Allowed a SCUD missile through defense perimeter Killed 29, injured 97 Aegis tracking system Failure contributed to shooting down an Iranian Airline flight 290 lives lost
6 Software Failures 8080-based factory control software Mistakenly stacked large boulders 80 feet high Crushed cars and damaged a building Robotics Stray EM interference blamed for 19 deaths Cardiac pacemakers Low-energy radiation reprogrammed Caused several deaths
7 Software Failures Medical Database Software Incorrectly informed woman she had incurable syphilis and had passed it on to her children She strangled one, attempted to kill another and herself Sunlight Filtering Software Failed to remove false missile detections based on sunlight reflecting off clouds A Soviet Commander averted nuclear war based on a funny feeling in my gut.
8 Terms Reliability the measure of up-time, or availability of a system The probability that a task will complete before the system fails Measured in Mean Time Between Failures (MTBF) Security permitting access to only authorized and authenticated persons of systems Safety does not incur too much risk to person or property Risk the chance that something bad will happen Common-mode failure a single failure results in the failure of multiple control paths
9 Fundamental Hazards Release of energy Release of toxins Interference of life-support functions Supplying misleading information to safety personnel or control systems Failure to alarm when hazardous conditions arise Failure to limit or act when unwanted events occur, inputs are flawed or outputs are outside correct levels
10 System Issues Safety is a system issue Multiple solutions may address a concern Interlocks Redundant hardware Redundant software The interaction of the components determines the safety of the system
11 Software Failures Software does not fail Failures represent a change in the capability of the system Broken switch Failed component Bad sensor If software does something wrong, it does it every time! Software may respond poorly to failures
12 Single-point Failures A device is considered safe if a single failure in the system does not result in an unsafe condition Single-point assessments tree:
13 Fail-Safe State A condition a safety-critical system must attain with an unrecoverable fault. Emergency Stop Partial Shutdown Hold Manual Control Restart Driven by the problem domain needs
14 Fail-Safe states An airliner jet engine fails? Unmanned space vehicle launch? Attended medical devices? Hazardous area robotics? Unmanned aircraft control failure? Cruise ship rudder failure?
15 Achieving Safety Separation of safety channels from non-safety channels Firewall pattern Any component failure in the channel fails the entire channel Isolation of safety systems from non-safety systems is common and justifiable Redundancy Small or large scale Homogenous or diverse
16 Achieving Safety Homogenous Channels are replicated verbatim Detects only faults, not errors Inexpensive Diverse A different channel is implemented Detects faults and errors More expensive
17 Achieving Safety Diverse redundancy is stronger Protects against systemic faults / errors Data corruption detection Parity bit Hamming codes (parity bits) Checksums CRCs Redundant storage
18 Achieving Safety Reasonableness checks A second algorithm validating the results of the first Usually much simpler Feedback error detection Identify potential fault conditions May cause a fail-safe transition Feedback error correction Identify and correct potential fault conditions Attempts to keep the system operating, and may reduce capability
19 Safety Architectures Single-Channel Protected Design A single flow of control A break in the channel induces a failure Safeguards are added to ensure correct fail-safe behavior A single point of failure Multi-channel Voting Pattern An odd number of redundant channels Each channel votes on the task Majority rules Homogenous or diverse
20 Safety Architectures Homogenous Redundancy Pattern Identical channels run in parallel If an odd number of channels: Majority channels detect and correct minority channels Must be fully redundant Inexpensive to implement Detects only faults, not errors May be expensive due to redundant hardware
21 Safety Architectures Diverse Redundancy Pattern Redundant, but uniquely implemented channels Different but equal Lightweight redundancy Separation of monitoring and actuation
22 Safety Architectures Watchdog Pattern A secondary process monitors the primary process Primary process periodically feeds the secondary process Secondary process can alarm or restart should the primary process fail May include a periodic test suite
23 Safety Architectures Safety Executive Pattern A centralized coordinator for monitoring safety A really smart watchdog Watchdog timeouts Software error assertions Continuous or periodic built-in tests Faults indentified by monitors
24 Safety Architecture Monitor-actuator pattern Separation of algorithms Actuation performs the actions Monitoring tracks the actions Additional cost and complexity
25 Eight Steps to Safety Identify the hazards Determine the risks Dfine the safety measures Create safe requirements Create safe designs Implement safety Assure the safety process Test, test, test (Peer Reviews!)
26 Identify the Hazards Identify the hazard Determine the level of risk Determine the tolerance time Determine the source of the hazrd: The fault leading to the hazard The likelihood of the fault The fault detection time The means by which the hazard is handled: The means The fault reaction (exposure time)
27 Identify the Hazards Patient Ventilator Example:
28 Fault Analysis Fault-tree analysis (FTA) Identify the hazards Work backward from the hazard to identify the causal conditions Diagram with a boolean flow chart UML Activity diagram Failure mode effect analysis (FMEA) Identify potential faults Work forward to the consequences
29 Determine the Risks FDA levels of concern Minor not expected to result in injury or death Moderate results in minor to moderate injury Major result in major injury or death German TUV characterization (S) Severity of the risk (E) Duration of the period of exposure (G) Prevention of the danger (W) Probability of occurrence
30 Determine the Risks German TUV characterization
31 Determine the Risks German TUV Example
32 Define the Safety Measure Obviation make the hazard physically impossible Education User training Alarming Announce the haard so action can be taken Interlocks removed via secondary device or logic to interceded Internal Checking the system detects and handles the malfunction prior to an incident Safety Equipment goggles, gloves, etc Restriction of access access to potential hazards is restricted to trained personnel Labeling High Voltage, do not touch
33 Create Safe Requirements Consider the requirements from a safety perspective Specify the negations The system shall not move hardware before user input
34 Create Safe Designs Work from safe requirements Adopt a safe architecture Revisit, revise the hazard analysis during development Select measures that provide appropriate levels of detection and correction Ensure independent channels lack common-mode failures Adopt consistent strategies for handling faults Include POST and periodic run-time tests
35 Implementing Safety Language Choice Strong compile-time checking Strong run-time checking Support for encapsulation and abstration (but not just because ) Exception handling Safe language constructs Void*?
36 Assure the Safety Process Continuously track against hazard analysis Utilize peer reviews to assure quality Verify design adherence Verify coding standards Identify how each hazard is handled
37 Test, test, test Black box testing White box testing Monkey testing Fault seeding Load testing Simulations System testing Unit testing
Safety Critical Systems
Safety Critical Systems Mostly from: Douglass, Doing Hard Time, developing Real-Time Systems with UML, Objects, Frameworks And Patterns, Addison-Wesley. ISBN 0-201-49837-5 1 Definitions channel a set of
More informationUsing what we have. Sherman Eagles SoftwareCPR.
Using what we have Sherman Eagles SoftwareCPR seagles@softwarecpr.com 2 A question to think about Is there a difference between a medical device safety case and any non-medical device safety case? Are
More informationBasic STPA Tutorial. John Thomas
Basic STPA Tutorial John Thomas How is STAMP different? STAMP Model (Leveson, 2003); (Leveson, 2011) Accidents are more than a chain of events, they involve complex dynamic processes. Treat accidents as
More informationSTPA Systems Theoretic Process Analysis John Thomas and Nancy Leveson. All rights reserved.
STPA Systems Theoretic Process Analysis 1 Agenda Quick review of hazard analysis Quick review of STAMP Intro to STPA hazard analysis 2 Hazard Analysis vs. Accident Model Dates back to Hazard Analysis Method
More informationThree Approaches to Safety Engineering. Civil Aviation Nuclear Power Defense
Three Approaches to Safety Engineering Civil Aviation Nuclear Power Defense Civil Aviation Fly-fix-fly: analysis of accidents and feedback of experience to design and operation Fault Hazard Analysis: Trace
More informationSIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION
SIL explained Understanding the use of valve actuators in SIL rated safety instrumented systems The requirement for Safety Integrity Level (SIL) equipment can be complicated and confusing. In this document,
More informationUnderstanding safety life cycles
Understanding safety life cycles IEC/EN 61508 is the basis for the specification, design, and operation of safety instrumented systems (SIS) Fast Forward: IEC/EN 61508 standards need to be implemented
More informationWell-formed Dependency and Open-loop Safety. Based on Slides by Professor Lui Sha
Well-formed Dependency and Open-loop Safety Based on Slides by Professor Lui Sha Reminders and Announcements Announcements: CS 424 is now on Piazza: piazza.com/illinois/fall2017/cs424/home We must form
More informationValve Communication Solutions. Safety instrumented systems
Safety instrumented systems Safety Instrumented System (SIS) is implemented as part of a risk reduction strategy. The primary focus is to prevent catastrophic accidents resulting from abnormal operation.
More informationSystems Theoretic Process Analysis (STPA)
Systems Theoretic Process Analysis (STPA) 1 Systems approach to safety engineering (STAMP) STAMP Model Accidents are more than a chain of events, they involve complex dynamic processes. Treat accidents
More informationEvery things under control High-Integrity Pressure Protection System (HIPPS)
Every things under control www.adico.co info@adico.co Table Of Contents 1. Introduction... 2 2. Standards... 3 3. HIPPS vs Emergency Shut Down... 4 4. Safety Requirement Specification... 4 5. Device Integrity
More informationSIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6
ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases SIL Safety Manual Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6 ULTRAMAT 6F 7MB2111, 7MB2117, 7MB2112, 7MB2118 ULTRAMAT 6E
More informationFailure Management and Fault Tolerance for Avionics and Automotive Systems
Failure Management and Fault Tolerance for Avionics and Automotive Systems Prof. Nancy G. Leveson Aeronautics and Astronautics Engineering Systems MIT Outline Intro to Fault Tolerance and Failure Management
More informationCT433 - Machine Safety
Rockwell Automation On The Move May 16-17 2018 Milwaukee, WI CT433 - Machine Safety Performance Level Selection and Design Realization Jon Riemer Solution Architect Safety & Security Functional Safety
More informationPROCEDURE. April 20, TOP dated 11/1/88
Subject: Effective Date: page 1 of 2 Initiated by: Failure Modes and Effects Analysis April 20, 1999 Supersedes: TOP 22.019 dated 11/1/88 Head, Engineering and Technical Infrastructure Approved: Director
More informationPL estimation acc. to EN ISO
PL estimation acc. to EN ISO 3849- Example calculation for an application MAC Safety / Armin Wenigenrath, January 2007 Select the suitable standard for your application Reminder: The standards and the
More informationD-Case Modeling Guide for Target System
D-Case Modeling Guide for Target System 1/32 Table of Contents 1 Scope...4 2 Overview of D-Case and SysML Modeling Guide...4 2.1 Background and Purpose...4 2.2 Target System of Modeling Guide...5 2.3 Constitution
More informationSafety-Critical Systems
Software Testing & Analysis (F22ST3) Safety-Critical Systems Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3) 2 What Are
More informationHazard analysis. István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems
Hazard analysis István Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems Hazard analysis Goal: Analysis of the fault effects and the evolution of hazards
More informationCritical Systems Validation
Critical Systems Validation Objectives To explain how system reliability can be measured and how reliability growth models can be used for reliability prediction To describe safety arguments and how these
More informationPartial Stroke Testing. A.F.M. Prins
Partial Stroke Testing A.F.M. Prins Partial Stroke Testing PST in a safety related system. As a supplier we have a responsibility to our clients. What do they want, and what do they really need? I like
More informationTHE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS
THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS J.E. HARBER, M.K. KATTAN Atomic Energy of Canada Limited 2251 Speakman Drive, Mississauga, Ont., L5K 1B2 CA9900006 and M.J. MACBETH Institute for
More informationSolenoid Valves used in Safety Instrumented Systems
I&M V9629R1 Solenoid Valves used in Safety Instrumented Systems Operating Manual in accordance with IEC 61508 ASCO Valves Page 1 of 7 Table of Contents 1 Introduction...3 1.1 Terms and Abbreviations...3
More informationHydraulic (Subsea) Shuttle Valves
SIL SM.009 0 Hydraulic (Subsea) Shuttle Valves Compiled By : G. Elliott, Date: 11/3/2014 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant Standards
More informationBasic STPA Exercises. Dr. John Thomas
Basic STPA Exercises Dr. John Thomas Chemical Plant Goal: To produce and sell chemical X What (System): A chemical plant (production), How (Method): By means of a chemical reaction, a catalyst,. CATALYST
More informationSafety-Critical Systems. Rikard Land
Safety-Critical Systems Rikard Land Critical Systems Safety Critical Systems Failure may injure or kill people, damage the environment Example: nuclear and chemical plants, aircraft (Example: Weapon industry.
More informationProposed Abstract for the 2011 Texas A&M Instrumentation Symposium for the Process Industries
Proposed Abstract for the 2011 Texas A&M Instrumentation Symposium for the Process Industries Focus Area: Automation HMI Title: Author: Shared Field Instruments in SIS: Incidents Caused by Poor Design
More informationSection 1: Multiple Choice
CFSP Process Applications Section 1: Multiple Choice EXAMPLE Candidate Exam Number (No Name): Please write down your name in the above provided space. Only one answer is correct. Please circle only the
More informationSystems Theoretic Process Analysis (STPA)
Systems Theoretic Process Analysis (STPA) Systems approach to safety engineering (STAMP) STAMP Model (Leveson, 2012) Accidents are more than a chain of events, they involve complex dynamic processes. Treat
More informationSafety Manual VEGAVIB series 60
Safety Manual VEGAVIB series 60 NAMUR Document ID: 32005 Contents Contents 1 Functional safety... 3 1.1 General information... 3 1.2 Planning... 4 1.3 Adjustment instructions... 6 1.4 Setup... 6 1.5 Reaction
More informationSection 1: Multiple Choice Explained EXAMPLE
CFSP Process Applications Section 1: Multiple Choice Explained EXAMPLE Candidate Exam Number (No Name): Please write down your name in the above provided space. Only one answer is correct. Please circle
More informationEUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS
ICAO EUR DOC 016 INTERNATIONAL CIVIL AVIATION ORGANIZATION EUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS - First Edition - 2004 PREPARED BY THE
More information4. Hazard Analysis. Limitations of Formal Methods. Need for Hazard Analysis. Limitations of Formal Methods
4. Hazard Analysis We have seen limitations of formal verification of computer systems. Formal methods don t take into consideration hardware aspects. E.g. that the wires in a railway signalling system
More informationSafety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*
Safety Manual Process pressure transmitter IPT-1* 4 20 ma/hart Process pressure transmitter IPT-1* Contents Contents 1 Functional safety 1.1 General information... 3 1.2 Planning... 4 1.3 Instrument parameter
More informationSafety Manual VEGAVIB series 60
Safety Manual VEGAVIB series 60 Contactless electronic switch Document ID: 32002 Contents Contents 1 Functional safety... 3 1.1 General information... 3 1.2 Planning... 4 1.3 Adjustment instructions...
More informationEMERGENCY SHUT-DOWN RELIABILITY ADVANTAGE
Your partner in Fluid Control Solutions EMERGENCY SHUT-DOWN RELIABILITY ADVANTAGE George Cao 06 May, 2011 1. ESD Overview Why Do You Need ESD Solution? Safety! Safety!! Safety!!! Safety Is a Must! The
More informationXVII Congreso de Confiabilidad
APPLICATION OF HEALTH AND USAGE MONITORING SYSTEM (HUMS) TO IMPROVE THE FLIGHT SAFETY IN A FLIGHT CONTROL ELECTRO- MECHANICAL ACTUATOR (EMA) Ricardo de Arriba RAMS & ILS Engineer Alberto Gallego Product
More informationFP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions
SIL SM.018 Rev 1 FP15 Interface Valve Compiled By : G. Elliott, Date: 30/10/2017 FP15/L1 FP15/H1 Contents Terminology Definitions......3 Acronyms & Abbreviations...4 1. Introduction...5 1.1 Scope.. 5 1.2
More informationIntroduction to Machine Safety Standards
Introduction to Machine Safety Standards Jon Riemer Solution Architect Safety & Security Functional Safety Engineer (TÜV Rheinland) Cyber Security Specialist (TÜV Rheinland) Agenda Understand the big picture
More informationEutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions
SIL SM.015 Rev 0 Eutectic Plug Valve Compiled By : G. Elliott, Date: 19/10/2016 Contents Terminology Definitions......3 Acronyms & Abbreviations...4 1. Introduction..5 1.1 Scope 5 1.2 Relevant Standards
More informationA systematic hazard analysis and management process for the concept design phase of an autonomous vessel.
A systematic hazard analysis and management process for the concept design phase of an autonomous vessel. Osiris A. Valdez Banda ᵃᵇ, Sirpa Kannos, Floris Goerlandt ᵃ, Piet er van Gelder ᵇ, Mart in Bergst
More informationThe Safety Case. Structure of Safety Cases Safety Argument Notation
The Safety Case Structure of Safety Cases Safety Argument Notation Budapest University of Technology and Economics Department of Measurement and Information Systems The safety case Definition (core): The
More informationFMEA- FA I L U R E M O D E & E F F E C T A N A LY S I S. PRESENTED BY: AJITH FRANCIS
FMEA- FA I L U R E M O D E & E F F E C T A N A LY S I S. PRESENTED BY: AJITH FRANCIS 1 OBJECTIVES What is FMEA? Why is an FMEA important? History of FMEA Benefits of FMEA Limitations of FMEA How to conduct
More informationPneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions
SIL SM.0010 1 Pneumatic QEV Compiled By : G. Elliott, Date: 8/19/2015 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant Standards 5 1.3 Other
More informationC. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS
C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS Chinnarao Mokkapati Ansaldo Signal Union Switch & Signal Inc. 1000 Technology Drive Pittsburgh, PA 15219 Abstract
More informationImplementing IEC Standards for Safety Instrumented Systems
Implementing IEC Standards for Safety Instrumented Systems ABHAY THODGE TUV Certificate: PFSE-06-607 INVENSYS OPERATIONS MANAGEMENT What is a Safety Instrumented System (SIS)? An SIS is designed to: respond
More informationBasic Design for Safety Principles
Basic Design for Safety Principles 1 Designing to Prevent Accidents Standards and codes of practice contain lessons learned from the past Standard precedence Try to eliminate hazards from the design Identify
More information1309 Hazard Assessment Fundamentals
1309 Hazard Assessment Fundamentals Jim Marko Manager, Aircraft Integration & Safety Assessment 14 November 2018 Presentation Overview Fail-safe design concept Safety Assessment principles for hazard classification
More informationNew Thinking in Control Reliability
Doug Nix, A.Sc.T. Compliance InSight Consulting Inc. New Thinking in Control Reliability Or Your Next Big Headache www.machinerysafety101.com (519) 729-5704 Control Reliability Burning Questions from the
More informationHigh Integrity Pressure Protection Systems HIPPS
High Integrity Pressure Protection Systems HIPPS HIPPS > High Integrity Pressure Protection Systems WHAT IS A HIPPS The High Integrity Pressure Protection Systems (HIPPS) is a mechanical and electrical
More informationBespoke Hydraulic Manifold Assembly
SIL SM.0003 1 Bespoke Hydraulic Manifold Assembly Compiled By : G. Elliott, Date: 12/17/2015 Contents Terminology Definitions......3 Acronyms & Abbreviations..4 1. Introduction 5 1.1 Scope 5 1.2 Relevant
More informationDATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report
DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report Number: Approval Date: 20160106 AMSC Number: N9616 Limitation: No DTIC Applicable: Yes GIDEP Applicable: Yes Defense
More informationCh.5 Reliability System Modeling.
Certified Reliability Engineer. Ch.5 Reliability System Modeling. Industrial Engineering & Management System Research Center. - 1 - Reliability Data. [CRE Primer Ⅵ 2-6] Sources of Reliability Data. Successful
More informationFailure modes and models
Part 5: Failure modes and models Course: Dependable Computer Systems 2007, Stefan Poledna, All rights reserved part 5, page 1 Failure modes The way a system can fail is called its failure mode. Failure
More informationSolenoid Valves For Gas Service FP02G & FP05G
SIL Safety Manual SM.0002 Rev 02 Solenoid Valves For Gas Service FP02G & FP05G Compiled By : G. Elliott, Date: 31/10/2017 Reviewed By : Peter Kyrycz Date: 31/10/2017 Contents Terminology Definitions......3
More informationFailure Mode and Effect Analysis (FMEA) for a DMLC Tracking System
Failure Mode and Effect Analysis (FMEA) for a DMLC Tracking System Amit Sawant 1, Sonja Dieterich 1, Michelle Svatos 2 and Paul Keall 1 1 Stanford University, Stanford, CA 2 Varian Medical Systems, Palo
More information(C) Anton Setzer 2003 (except for pictures) A2. Hazard Analysis
A2. Hazard Analysis In the following: Presentation of analytical techniques for identifyin hazards. Non-formal, but systematic methods. Tool support for all those techniques exist. Techniques developed
More informationA study on the relation between safety analysis process and system engineering process of train control system
A study on the relation between safety analysis process and system engineering process of train control system Abstract - In this paper, the relationship between system engineering lifecycle and safety
More informationLecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016
Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Lecture 04 (02.11.2015) Hazard Analysis Christoph Lüth Jan Peleska Dieter Hutter Where are we? 01: Concepts of Quality 02: Legal Requirements:
More informationInstrumented Safety Systems
Instrumented Safety Systems Engineered Valve Systems for Control and Safety Applications HIPPS Final Elements DINO OLIVIERI Mokveld Agent AIS ISA Giornata di studio HIPPS Agenda The loop Final Elements
More informationThe Safety Case. The safety case
The Safety Case Structure of safety cases Safety argument notation Budapest University of Technology and Economics Department of Measurement and Information Systems The safety case Definition (core): The
More informationOIL & GAS. MTS DP Committee. Workshop in Singapore Session 4 Day 2. Unwanted Thrust
OIL & GAS MTS DP Committee Workshop in Singapore 2018 Session 4 Day 2 Unwanted Thrust Unwanted Thrust - Definition Unwanted Thrust Thrust magnitude not what has been ordered by DP (Particularly too high
More informationTable 1: Safety Function (SF) Descriptions
Table 1: Safety Function (SF) Descriptions NOTE: all safety s are individual safety s TUV NORD? Pressing the Estop PB on the pendant 1 or the Estop (if using the Estop Safety Input configured for Estop)
More informationFIRE PROTECTION. In fact, hydraulic modeling allows for infinite what if scenarios including:
By Phil Smith, Project Manager and Chen-Hsiang Su, PE, Senior Consultant, Lincolnshire, IL, JENSEN HUGHES A hydraulic model is a computer program configured to simulate flows for a hydraulic system. The
More informationHazard Identification
Hazard Identification Most important stage of Risk Assessment Process 35+ Techniques Quantitative / Qualitative Failure Modes and Effects Analysis FMEA Energy Analysis Hazard and Operability Studies HAZOP
More informationSession One: A Practical Approach to Managing Safety Critical Equipment and Systems in Process Plants
Session One: A Practical Approach to Managing Safety Critical Equipment and Systems in Process Plants Tahir Rafique Lead Electrical and Instruments Engineer: Qenos Botany Site Douglas Lloyd Senior Electrical
More informationPROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511
PROCESS AUTOMATION Manual Safety Integrity Level SIL Edition 2005 IEC 61508/61511 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of
More informationImplementing Emergency Stop Systems - Safety Considerations & Regulations A PRACTICAL GUIDE V1.0.0
Implementing Emergency Stop Systems - Safety Considerations & Regulations A PRACTICAL GUIDE V1.0.0 ~ 2 ~ This document is an informative aid only. The information and examples given are for general use
More informationTHE IMPROVEMENT OF SIL CALCULATION METHODOLOGY. Jinhyung Park 1 II. THE SIL CALCULATION METHODOLOGY ON IEC61508 AND SOME ARGUMENT
THE IMPROVEMENT OF SIL CALCULATION METHODOLOGY Jinhyung Park 1 1 Yokogawa Electric Korea: 21, Seonyu-ro45-gil Yeongdeungpo-gu, Seoul, 07209, Jinhyung.park@kr.yokogawa.com Safety Integrity Level (SIL) is
More informationWhy do I need dual channel safety? Pete Archer - Product Specialist June 2018
Why do I need dual channel safety? Pete Archer - Product Specialist June 2018 To answer this, we need some basic background information. First why is safety needed? Here are 4 good reasons. 1. To Protect
More informationThe Best Use of Lockout/Tagout and Control Reliable Circuits
Session No. 565 The Best Use of Lockout/Tagout and Control Reliable Circuits Introduction L. Tyson Ross, P.E., C.S.P. Principal LJB Inc. Dayton, Ohio Anyone involved in the design, installation, operation,
More information18-642: Safety Plan 11/1/ Philip Koopman
18-642: Safety Plan 11/1/2017 Safety Plan: The Big Picture for Safety Anti-Patterns for Safety Plans: It s just a pile of unrelated documents It doesn t address software integrity You don t link to a relevant
More informationSPR - Pneumatic Spool Valve
SIL SM.008 Rev 7 SPR - Pneumatic Spool Valve Compiled By : G. Elliott, Date: 31/08/17 Contents Terminology Definitions:... 3 Acronyms & Abbreviations:... 4 1.0 Introduction... 5 1.1 Purpose & Scope...
More informationDeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual
Double Block & Bleed (DBB) Knife Gate Valve Safety Manual Manual D11044 September, 2015 Table of Contents 1 Introduction... 3 1.1 Terms... 3 1.2 Abbreviations... 4 1.3 Product Support... 4 1.4 Related
More informationFail Operational Controls for an Independent Metering Valve
Group 14 - System Intergration and Safety Paper 14-3 465 Fail Operational Controls for an Independent Metering Valve Michael Rannow Eaton Corporation, 7945 Wallace Rd., Eden Prairie, MN, 55347, email:
More informationElectrical, electronic and control engineering at the operational level
STCW Code Table A-III/6 Specification of minimum standard of for electro-technical officers Ref: https://www.edumaritime.net/stcw-code Source: IMO Function: Electrical, electronic and control engineering
More informationAUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF. SEMS HAZARD ANALYSIS TRAINING September 29, 2011
AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF SEMS HAZARD ANALYSIS TRAINING September 29, 2011 Purpose The purpose of this meeting is to provide guidelines for determination of hazard
More informationIntroducing STAMP in Road Tunnel Safety
Introducing STAMP in Road Tunnel Safety Kostis Kazaras National Technical University of Athens, Mechanical Engineering School, Greece Contact details: kkazaras@gmail.com kkaz@central.ntua.gr Problem illustration
More informationGuidelines on Surveys for Dynamic Positioning System
Guidelines on Surveys for Dynamic Positioning System (2002) BEIJING 1 CONTENTS Chapter 1 GENERAL 1.1 General requirements 1.2 Class notation 1.3 Definitions 1.4 Plans and documents 1.5 Failure mode and
More informationCommissioning and safety manual
Commissioning and safety manual CNL35L DNL35L SIL2 LOREME 12, rue des Potiers d'etain Actipole BORNY - B.P. 35014-57071 METZ CEDEX 3 Phone 03.87.76.32.51 - Telefax 03.87.76.32.52 Contact: Commercial@Loreme.fr
More informationSafety Manual OPTISWITCH series relay (DPDT)
Safety Manual OPTISWITCH series 5000 - relay (DPDT) 1 Content Content 1 Functional safety 1.1 In general................................ 3 1.2 Planning................................. 5 1.3 Adjustment
More informationWorkshop Information IAEA Workshop
IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Safety Assessment of General Design Aspects of NPPs (Part 2) Lecturer Lesson Lesson III III 1_2 1_2 Workshop Information IAEA
More informationAdaptability and Fault Tolerance
Adaptability and Fault Tolerance Rogério de Lemos University of Kent, UK Context: self-* and dependability; Focus: adaptability and fault tolerance; State of the art; Conclusions; Rogério de Lemos ICSE
More informationRESILIENT SEATED BUTTERFLY VALVES FUNCTIONAL SAFETY MANUAL
Per IEC 61508 and IEC 61511 Standards BRAY.COM Table of Contents 1.0 Introduction.................................................... 1 1.1 Terms and Abbreviations...........................................
More informationProbability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture
6 th IAASS International Space Safety Conference Probability Risk Assessment Methodology Usage on Space Robotics for Free Flyer Capture Oneil D silva Roger Kerrison Page 1 6 th IAASS International Space
More informationCASE STUDY. Compressed Air Control System. Industry. Application. Background. Challenge. Results. Automotive Assembly
Compressed Air Control System Industry Automotive Assembly Application Savigent Platform and Industrial Compressed Air Systems Background This automotive assembly plant was using over 40,000 kilowatt hours
More informationMinimum standard of competence for electro-technical officers (STCW Reg III/6) Electrical, electronic and control engineering at the operational level
Minimum standard of for electro-technical officers (STCW Reg III/6) Function: Electrical, electronic and control engineering at the operational level Monitor the Basic understanding of the Examination
More informationANNUAL IDOL COMPLIANCE TRAINING
ANNUAL IDOL COMPLIANCE TRAINING Lock Out / Tag Out Refresher SUGAR GROVE FIRE DEPARTMENT 1 TRAINING DIVISION Instructions To complete this independent study program, view the entire program, advancing
More informationHAZARD ANALYSIS PROCESS FOR AUTONOMOUS VESSELS. AUTHORS: Osiris A. Valdez Banda Aalto University, Department of Applied Mechanics (Marine Technology)
HAZARD ANALYSIS PROCESS FOR AUTONOMOUS VESSELS AUTHORS: Osiris A. Valdez Banda Aalto University, Department of Applied Mechanics (Marine Technology) Sirpa Kannos NOVIA University of Applied Science Table
More informationDeZURIK. KGC Cast Knife Gate Valve. Safety Manual
KGC Cast Knife Gate Valve Safety Manual Manual D11036 August 29, 2014 Table of Contents 1 Introduction... 3 1.1 Terms... 3 1.2 Abbreviations... 4 1.3 Product Support... 4 1.4 Related Literature... 4 1.5
More informationGas Network Craftsperson
Gas Network Craftsperson Unit EIAU016 Carrying out Fault Diagnosis on Electrical Equipment and Circuits This assessment specification has been developed as part of the network maintenance craftsperson
More informationFailure Modes, Effects and Diagnostic Analysis
Failure Modes, Effects and Diagnostic Analysis Project: 3051S SIS Pressure Transmitter, with Safety Feature Board, Software Revision 3.0 Customer: Rosemount Inc. Chanhassen, MN USA Contract No.: Ros 02/11-07
More informationLECTURE 3 MAINTENANCE DECISION MAKING STRATEGIES (RELIABILITY CENTERED MAINTENANCE)
LECTURE 3 MAINTENANCE DECISION MAKING STRATEGIES (RELIABILITY CENTERED MAINTENANCE) Politecnico di Milano, Italy piero.baraldi@polimi.it 1 Types of maintenance approaches Intervention Unplanned Planned
More informationFailure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA
Failure Modes, Effects and Diagnostic Analysis Project: 3051C Pressure Transmitter Customer: Rosemount Inc. Chanhassen, Minnesota USA Contract No.: Ros 03/10-11 Report No.: Ros 03/10-11 R001 Version V1,
More informationUser manual CF8-D/W-IN
User manual CF8-D/W-IN General The sensor CF8-D/W-IN is used to measure the carbon dioxide concentration inside incubators. All functions can be modified from a PC with the communication cable. UMA 48
More informationCHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS
Applied R&M Manual for Defence Systems Part C - Techniques CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS Page 1 Introduction 2 2 Causes of Dependent Failures 3 3 Solutions 4 Issue 1 Page 1 Chapter 28
More informationDeZURIK. KSV Knife Gate Valve. Safety Manual
KSV Knife Gate Valve Safety Manual Manual D11035 August 29, 2014 Table of Contents 1 Introduction... 3 1.1 Terms... 3 1.2 Abbreviations... 4 1.3 Product Support... 4 1.4 Related Literature... 4 1.5 Reference
More informationOperating Mode Selection in Conjunction with Functional Safety Safety Integrated https://support.industry.siemens.com/cs/ww/en/view/ 89260861 Siemens Industry Online Support Siemens AG 2017 All rights
More informationSafety Management in Multidisciplinary Systems. SSRM symposium TA University, 26 October 2011 By Boris Zaets AGENDA
Safety Management in Multidisciplinary Systems SSRM symposium TA University, 26 October 2011 By Boris Zaets 2008, All rights reserved. No part of this material may be reproduced, in any form or by any
More informationYT-3300 / 3301 / 3302 / 3303 / 3350 / 3400 /
Smart positioner YT-3300 / 3301 / 3302 / 3303 / 3350 / 3400 / 3410 / 3450 Series SIL Safety Instruction. Supplement to product manual July. 2015 YTC Ver 1.06 1 Table of contents 1 Introduction... 3 1.1
More information