Electronic Safety-related Systems Research Articles

Economic shipping policies for assuring safety integrity level of E/E/PE safety-related software

Electrical/electronic/programmable electronic (E/E/PE) safety-related systems are widely applied in several industrial fields due to noticeable technical growth of information processing technologies. In the design and development for the E/E/PE safety-related software, safety assessment is required by following IEC 61508, which is the international basic standard for the E/E/PE safety-related systems. And, quantitative safety assessment technologies is useful for enhancing and validating their safety for the hardware as well as for the software of the E/E/PE safety-related systems. Especially for the E/E/PE safety-related software, the manager pays a lot of attention for quantitative software safety assessment technologies, which have not provided by IEC 61508, and for realizing economic software development with their safety objective. This article discusses mathematical approaches for conducting quantitative safety assessment for the E/E/PE safety-related software and mathematical software release problem for supporting decision making on when to release the E/E/PE safety-related software economically with assuring a certain safety objective.

A Functional Safety Assessment Methodology for Explosion Protection with Application to a Variable Frequency Drive System

Modern explosion protection equipment, protected by traditional explosion protection technology (as defined by the international electrotechnical commission (IEC) publication IEC60079-ff series standards) and electrical/electronic/programmable electronic (E/E/PE) safety-related systems, is becoming ever more complex in coal mine development and petrochemical industry; thus, the possibility of failures in their operation is also growing. It is well-known that E/E/PE safety-related systems can be used to actively control dangerous sources, with real and expected levels of reliability, if they have been qualified according to the IEC61508-ff series standards. To uniformly evaluate the safety integrity level (SIL) of the explosion protection function of traditional explosion protection technology and E/E/PE safety-related system technology, this study analyzed the ability of these types of protection to remove the ignition risk residual, evaluating the failure rates of safety devices. The key objective of this paper is the presentation of a new equipment protection level (EPL) assessment method for explosion protection equipment based on a functional safety assessment. The method is applied to a variable frequency drive (VFD) system, and the results show that the EPL of the explosion protection equipment evaluated by this method is consistent with the EPL corresponding to the traditional explosion protection type of the IEC60079-ff series standard. Meanwhile, the flexible configuration of explosion protection safety devices and E/E/PE safety-related systems enables explosion protection equipment of different EPL levels to be designed.

Mathematical Approaches in Functional Safety Assessment for E/E/PE Safety-Related Software

Safety integrity level (SIL)-based functional safety assessment is widely required in designing safety functions and checking their validity of electrical/electronic/programmable electronic (E/E/PE) safety-related systems after being issued IEC 61508 in 2010. For the hardware of E/E/PE safety-related systems, quantitative functional safety assessment based on target failure measures is needed for deciding or allocating the level of SIL. On the other hand, IEC 61508 does not provide any quantitative safety assessment method for allocating SIL for the software of E/E/PE safety-related systems because the software failure is treated as a systematic failure in IEC 61508. We discuss the needfulness of quantitative safety assessment for software of E/E/PE safety-related systems and propose mathematical fundamentals for conducting quantitative SIL-based safety assessment for the software of E/E/PE safety-related systems by applying the notion of software reliability modeling and assessment technologies. We show numerical examples for explaining how to use our approaches.

Functional safety evaluation of battery anagement system based on probability of failure per hour

In order to identify functional safety property of battery management system, safety integrity level of BMS research is performed by average frequency of a dangerous failure of the safety function. The result shows that: currently, functional safety has been research at home and abroad, through evaluation system of road vehicle and electrical, electronic, programmable electronic safety-related systems. So, safety integrity level could be analyzed quantitatively by a functional relation, which is established among tolerable hazard frequency, demand rate on safety-related protection system, dangerous failure of average frequency and safety integrity level. Based on tolerable hazard frequency and the demand rate on safety-related protection system, safety integrity level of a BMS is evaluated as level II.

Reliability Model and Sensitivity Analysis for Electrical/ Electronic/Programmable Electronic Safety-Related Systems

Nowadays, different industries such as nuclear, automotive, process, chemical, and oil and gas industry must meet specific requirements in order to keep and reduce safety risks to as low as reasonably practicable level. As a result, the number of electrical/electronic/programmable electronic safety-related systems (E/E/PES) to control, prevent, and mitigate hazardous events has increased. Moreover, new guidelines and procedures have been developed to guarantee the availability and function of safety systems over their service life. Based on Markov processes, this article discusses a reliability model to assess the integrity and verify the design of E/E/PES safety-related systems. The average probability of failure on demand and safety integrity level are used to determine the reliability performance of an E/E/PES in a low-demand mode of operation in accordance with the functional safety principles of the IEC 61508 and IEC 61511 standards.

New statistical formulations for determination of qualification test plans of safety instrumented systems (SIS) subject to low/high operational demands

This paper aims to develop new statistical formulations to design efficient reliability demonstration test (RDT) plans for electrical/electronic and programmable electronic (E/E/ES) safety instrumented systems (SIS) subject to requirements of IEC 61508-1 (2010) standard.11IEC 61508-1:2010. Functional safety of electrical/electronic/programmable electronic (E/E/ES) safety-related systems. Source: http://www.iec.ch/functionalsafety/standards/ A case study is presented to show how the proposed statistical formulations can be employed to design RDT plans to validate whether SIS target mission reliability (TMR) can be met under a specified confidence level. Discussions includes trade-offs between test duration and number of units on test and sensitivity studies showing how the demonstrated reliability at end of mission life is impacted by SIS operational mode and key statistical parameters. The major contributions that this research offers are: (i) A framework to guide reliability practitioners in applying the proposed statistical formulations to design optimum RDT plans and articulate mission reliability statements (MRS) to support regulatory certification of new SIS designs. (ii) A methodology, demonstrated by a practical case study, to show how RDT plans can be designed to meet targets set by the applicable standards. The developed framework is robust and can support certification of safety systems in a wide variety of industrial applications.

Application of Safety Instrumented System (SIS) approach in older nuclear power plants

In order to remain economically effective and financially profitable, the modern industries have to take their safety culture to a higher level and consider production losses in addition to simple accident prevention techniques. Ideally, compliance with safety requirements start during early design stages, but in some older facilities provisions for Safety Instrumented Systems (SIS) may not have been originally included. In this paper, a case study of a Reheater Drains (RD) system is used to illustrate such an example. Frequent failures of tank level controller lead to transients where the operation of shutting down RD pumps requires operators to manually isolate the quenching water and to close the main steam admission valves. Water in this system is at saturation temperature for the reheater steam side pressure, and any manual operation of the system is highly undesirable due to hazards of working with wet steam at approximately 758kPa(g) pressure, preheated to 237°C. Additionally, losses of inventory are highly undesirable as well and challenge other systems in the plant. In this paper, it is suggested that RD system can benefit from installation of an independent SIS system in order to address current challenges. This idea is being explored using IEC 61508 framework for “Functional safety of electrical/electronic/programmable electronic safety-related systems” to provide assurance that the SIS will offer the necessary risk reduction required to achieve required safety for the equipment.

Egypt National Railways: ICT Can Save Egyptian Lives

Since 1992, the Egyptian National Railways (ENR) has been encountering tremendous losses in lives and revenues. The losses were due to the lack of a proper IT infrastructure, making the network unqualified to handle the millions who use its railways every day. The safety measures along ENR’s 6,700 kilometers of railways network have been managed by human operations, which makes railway transportation too risky. When he came into office as Minister of Transport in 2010, Alaa Fahmy put safety as the highest priority. The intention of this research case is to investigate and showcase how ICT centric short term strategic actions combined with ICT centric long term strategies and reforms can be adopted to solve the eminent problems of safety and efficiency in the Egyptian railway sector. A one year longitudinal participant observation methodology has been adopted in this research case data collection process where the study was conducted in an uncontrolled observational manner to minimize any interference or manipulation to the real-life setting. Investigation has revealed that by focusing on ICT centric strategic actions that enhance the sources of the competitive advantage of the transport sector in Egypt, in addition to implementing long term strategies that are expected to boost the competitive advantage of the transportation sector in Egypt; a tenth of a minute operation risk factor of 0.01%0.001% has been realized. This factor is in compliance with the IEC international standard for electrical, electronic and programmable electronic safety-related systems. Furthermore, safety measures, reflected by the very low reported number of causalities during the study period, was ultimately improved

Emergency protection: Theory, standards, and practice of PLC system

The current practice of the SRS design is analyzed, and noncompliance with the GOST R IEC 61508-2007 standard is detected. The paper introduces a configuration of a PLC SRS meeting the requirements of the standard of functional safety of electrical/ electronic/programmable electronic safety-related systems (GOST R IEC 61508-2007).

The Automotive Standard ISO 26262, the Innovative Driver for Enhanced Safety Assessment & Technology for Motor Cars

Abstract In view of the evidence of about 1,3 million victims/year worldwide [1] caused by road traffic, the automotive industry is under pressure to provide new and improved vehicle safety systems, ranging from airbag systems to extremely complex advanced driver assistance systems (ADAS) with accident prediction and avoidance capabilities. The inaugurated international Standard ISO-26262 as an adaptation of the generic Standard IEC 61508: “Functional safety of electrical/electronic/programmable electronic safety-related systems” for the automotive industry represents an effective risk-informed guidance for advanced vehicle design, production and maintenance. The paper illuminates the very voluminous international standard based on the intention that today's safety engineers and the automotive industry should be aware of it. They should take actions to understand fully the intention and content of the Standard, the risk-informed requirements for design of the vehicles, and the confirmation that the requirements are met.

Estimation of Average Hazardous-Event Rate for Steady-State Demands and Determination of SIL

The international standard on functional safety, IEC 61508, requires to specify safety integrity levels (SILs), i. e., target failure measures for safety functions of electrical/electronic/programmable electronic safety-related systems (SRSs), taking account of the necessary risk reduction achieved by SRSs. In order to reflect SIL to the risk reduction through designing and operation of the SRS, it is essential that the relationships between a number of systems characteristics involving the SRS and the achieved-risk reduction should be explored. In the present paper, generalized modes of operation are recommended for the proposition that risk reduction ratios and average hazardous event rates should be made use of as target failure measures instead of the conventional ones, i.e., the average probability of failure on demand and dangerous failure rate. Thus, SILs are assigned to SRSs more easily and reasonably.

Functional safety concept for hazardous systems and new challenges

Selected issues associated with the functional safety analysis according to the international standards IEC 61508 and IEC 61511 are presented. Determining the safety integrity level (SIL) of electric/electronic/programmable electronic (E/E/PE) safety-related systems is outlined. The importance of quantitative probabilistic modeling of these systems in verifying SIL is emphasized. Some aspects concerning the functional safety analysis of systems for detecting the combustible or toxic gases in relation to a CENELEC draft standard prEN 50402 are shortly discussed. Basic principles of methodology for the functional safety assessment of protective systems for potentially explosive atmospheres proposed in a CEN draft standard prEN 15233 are addressed.

Formulation for Determining SIL using Sequential Failure Logic

Recently computer systems have been widely applied to safety-related systems for achievement of safety functions. This general trend forced IEC to compile IEC 61508 as a standard related to functional safety of electrical/electronic/programmable electronic safety-related systems, i.e., E/E/PE SRS (SRS). Currently JIS includes the translated standard of IEC 61508, JIS C 0508. In accordance with the standard, an SRS is specified with its safety function (s) and safety integrity level (s) (SIL) and the SILs to be allocated to the SRS are specified with four levels of safety integrity. The standard requires assessing the risk reduction achieved by SRS using appropriate probabilistic techniques for allocation of SILs to SRS. However, the relationships among SILs, operation modes and hazardous event frequencies are not always cleared up yet. This paper presents a new model using two Sequential Failure Logics in order to describe causation of hazardous events in the overall system composed of equipment under control (EUC), EUC control system (BCS) and SRS. The SRS is assumed to implement a safety function in a dynamic demand state and assumed to have no automatic self-diagnosis functions. Then, the relationship among a dangerous undetected failure of SRS, demands for actuation of SRS and hazardous events brought about in the overall system is formulated based on the model. Moreover, new demand modes of operation and estimations of Hazardous Event Frequencies are proposed for allocation of SILs to SRS.

機能安全規格IEC61508と物流機械への応用(建設機械と物流機械の安全,故障診断,予知,メンテナンス,OS4 安全,故障診断,予知,メンテナンス)

Related to the IS012100: Safety of machinery-Basic concepts, general principles for design, the position and the ripple effect of the IEC61508: Functional safety of electrical/electronic/programmable electronic safety-related systems is to be considered, when the software is applied to the control. Specially, the logistic system or the large-scale product system, such as the automobile industry and the semiconductor industry, the application of safe programmable controller should be required from the efficient viewpoint in future. Then, the safety management for all the life cycles and the product design meeting the functional safety should be necessary. After product has already been established logically and technically, it is authenticated by third party and applied to the actual working place. Because the functional safety standard is in the high level and the comprehensive scale, the proper consensus between the user side and the establishment side should be created at the introduction of each field.

Comparing safety analysis techniques

Abstract In process industry Safety Instrumented Systems (SIS) and Emergency Shutdown Systems (ESD) are very important for the management/reduction of risk. In new standards (e.g. Ref. [1] ) on functional safety of electrical/electronic/programmable electronic safety-related systems a quantification of the achieved safety is often required. These new standards do not prescribe how to calculate the achieved safety. Only guidelines and recommendations are given. The problem with this approach is that all kinds of different analysis techniques will be used and in industry the results of the analysis will be compared. These different analysis techniques all use different methodologies and assumptions, which implies that the results may not be comparable. In this paper an approach for comparing different analysis techniques and the qualitative and quantitative results from this comparison are described. The author suggests that, because of the differences in the analysis techniques, one analysis technique is to be preferred. The Enhanced Markov Analysis technique, described in this paper, could be used for this purpose because it covers most aspects relevant for quantification of safety.

The dynamic flowgraph methodology as a safety analysis tool: programmable electronic system design and verification

The objective of this paper is to demonstrate the use of the Dynamic Flowgraph Methodology (DFM) during the design and verification of programmable electronic safety-related systems. The safety system consists of hardware as well as software. This paper explains and demonstrates the use of DFM, and how DFM can be used to verify the hardware and application software design. DFM is used not only to analyze newly developed software but also to verify existing software. The outcome of the design verification of the safety system is used to define the necessary diagnostic capabilities that are essential to guarantee the correct functioning of the safety functions.

A systematic approach to safety case maintenance

Abstract A crucial aspect of safety case management is the ongoing maintenance of the safety argument through life. Throughout the operational life of any system, changing regulatory requirements, additional safety evidence and a changing design can challenge the corresponding safety case. In order to maintain an accurate account of the safety of the system, all such challenges must be assessed for their impact on the original safety argument. This is increasingly being recognised by many safety standards. However, many safety engineers are experiencing difficulties with safety case maintenance at present, the prime reason being that they do not have a systematic and methodical approach by which to examine the impact of change on safety argument. The size and complexity of safety arguments and evidence being presented within safety cases is increasing. Nowhere is this more apparent than for Electrical, Electronic and Programmable Electronic systems attempting to comply with the requirements and recommendations of software and hardware safety standards such as IEC 61508 [Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. International Electrotechnical Commission, Draft Standard, 1997] and UK Defence Standards 00-54 [MoD. 00-54 Requirements of Safety Related Electronic Hardware in Defence Equipment. Ministry of Defence, Interim Defence Standard, 1999], 00-55 [ MoD. 00-55 Requirements of Safety Related Software in Defence Equipment. Ministry of Defence, Defence Standard, 1997], and 00-56 [MoD. 00-56 Safety Management Requirements for Defence Systems. Ministry of Defence, Defence Standard, 1996 ]. However, this increase in safety case complexity exacerbates problems of comprehension and maintainability later on in the system lifecycle. This paper defines and describes a tool-supported process, based upon the principles of goal structuring, that attempts to address these difficulties through facilitating the systematic impact assessment of safety case challenges.

IEC 61508. Functional safety of electrical/electronic/programmable electronic safety-related systems

IEC 61508. Functional safety of electrical/electronic/programmable electronic safety-related systems

Overview of IEC 61508. Design of electrical/electronic/programmable electronic safety-related systems

This article reviews the principal requirements of the IEC 61508 international standard relating to the specification and design of hardware and software in programmable electronic systems intended for use in safety-related applications.

Estimation of average hazardous-event-frequency for allocation of safety-integrity levels

Abstract One of the fundamental concepts of the draft international standard, IEC 61508, is target failure measures to be allocated to Electric/Electronic/Programmable Electronic Safety-Related Systems, i.e. Safety Integrity Levels. The Safety Integrity Levels consist of four discrete probabilistic levels for specifying the safety integrity requirements or the safety functions to be allocated to Electric/Electronic/Programmable Electronic Safety-Related Systems. In order to select the Safety Integrity Levels the draft standard classifies Electric/Electronic/Programmable Electronic Safety-Related Systems into two modes of operation using demand frequencies only. It is not clear which modes of operation should be applied to Electric/Electronic/Programmable Electronic Safety-Related Systems taking into account the demand-state probability and the spurious demand frequency. It is essential for the allocation of Safety Integrity Levels that generic algorithms be derived by involving possible parameters, which make it possible to model the actuality of real systems. The present paper addresses this issue. First of all, the overall system including Electric/Electronic/programmable Electronic Safety-Related Systems is described using a simplified fault-tree. Then, the relationships among demands, demand-states and proof-tests are studied. Overall systems are classified into two groups: a non-demand-state-at-proof-test system which includes both repairable and non-repairable demand states and a constant-demand-frequency system. The new ideas such as a demand-state, spurious demand-state, mean time between detections, rates of d-failure and h-failure, and an h/d ratio are introduced in order to make the Safety Integrity Levels and modes of operation generic and comprehensive. Finally, the overall system is simplified and modeled by fault-trees using Priority-AND gates. At the same time the assumptions for modeling are described. Generic algorithms to estimate hazardous-event frequencies are derived based on the fault-trees. Thus, new definitions regarding modes of operation for the allocation of Safety Integrity Levels and shortcut methods for estimation of hazardous-event frequencies are proposed.