SIL Attachment Paradigm from the Perspective of Quantitative Hazard Rates

Abstract

Safety requirements aim avoidance and control of systematic faults as well as control of random faults. For demonstrating that random faults are kept under the tolerable rates, quantitative hazard analyses are performed. Paramount importance shall be attached to the definition of tolerable hazard rates (THR) since the definition of what the hazard rate is allocated to influences the expected outcomes and the correct operation of the safety-critical system. In this paper, two approaches used in railway industry are discussed by mentioning technical specifications and referencing railway standards. It is found that there are misinterpretations for the quantitative hazard rates and use cases are provided to show the results of different approaches. Moreover, safety integrity level (SIL) of the human-machine interface (HMI) related functions for on-board and trackside applications are investigated, and their drawbacks are explained for the mission-critical systems. Finally, some findings of tool usage for fulfilling SIL requirements are detailed. Beside theoretical information, this paper includes field experiences gained during the development of safety-critical on-board and trackside interlocking (IXL) projects.