Electrical, electronic and programmable electronic systems, such as emergency shut down systems and railway signalling systems, increasingly carry out safety functions to guard workers and the public against injury or death and the environment against pollution. The international standard IEC 61508 has been developed as a generic standard that applies to all these systems irrespective of their application.IEC 61508 is seen by many professionals as complex. This book overcomes that complexity by introducing the standard in the context of safety in general before moving on to provide practical advice about implementing it and obtaining certification. It also explains how IEC 61508 relates to second tier standards and related guidance, such as IEC 61511, 61513, UKOOA, ISA S84.01 and DIN standards, among others. Throughout the text, the authors illustrate their explanations with examples to which the answers are supplied in the appendix. Four case studies with further exercises set the information in context. Templates and checklists for drawing up your own implementation plan and information on self-certification are also provided.As Functional Safety, the standard, is applicable to many industries, Functional Safety, the book, in its previous edition has proved to be an invaluable reference for professionals from a variety of industries, such as project/instrumentation/design/control engineers as well as safety professionals in oil and gas, chemical, rail, power generation, nuclear, aircraft, and automotive industries.The new edition includes a new chapter on IEC 61511, the process sector standard, published since the first edition. The text has been updated throughout in light of the authors' recent experience and two case studies have been added.Dr. David J Smith, BSc, PhD, CEng, FIEE, HonFSaRS, FIQA, MIGasE, has been directly concerned with reliability, safety and software quality for 30 years. He has written a number of books on the subject as well as numerous papers. His PhD thesis was on the subject of reliability prediction accuracy and common cause failure. He chairs the IGasE panel which develops its guidelines on safety-related systems (now in its third edition). He has also made contributions to IEC 61508.Kenneth G. L. Simpson, MPhil, FIEE, FInstMC, MIGasE, has been associated with safety-related systems design and also with their assessment for 25 years. He is a member of the IEC 61508 drafting committee and also of the I Gas E panel which writes the gas industry guidance. Following a career in aerospace, Ken has spent 20 years in the control system industry and is a Director of Silvertech International plc, a leading designer of safety and control systems. He has written a number of papers on the topic and gives frequent talks. * A practical guide to achieving functional safety standards in safety-critical systems* Makes a complex standard easy to follow and sets it in the context of risk and safety* Provides support for those undertaking self-assessment, which can save money spent on large consultancy fees
Author(s): David J. Smith Kenneth G. L. Simpson
Edition: 2
Year: 2004
Language: English
Pages: 280
Cover......Page 1
Functional Safety: A Straightforward Guide to applying IEC 61508 and Related Standards......Page 4
Contents......Page 6
A Quick Overview......Page 10
Acknowledgements......Page 12
1.1 Risk and the need for safety targets......Page 16
1.2 Quantitative and qualitative safety targets......Page 20
1.3 The life-cycle approach......Page 24
1.4 Basic steps in the assessment process......Page 27
1.5.2 Savings......Page 29
1.6 The seven parts of IEC 61508......Page 30
2.1.1 Functional Safety Capability assessment......Page 38
2.1.2 Competency......Page 39
2.1.3 Independence of the assessment......Page 42
2.2.1 Quantitative approach......Page 43
2.2.2 The risk graph approach......Page 47
2.2.3 ‘Not safety-related’......Page 49
2.2.4 Environment and loss of production......Page 50
2.3 Applying ALARP......Page 51
3 Meeting IEC 61508 Part 2......Page 55
3.1 Organising and managing the life-cycle......Page 56
3.2 Requirements involving the specification......Page 57
3.3.1 Features of the design......Page 59
3.3.2 Architecture (i.e. safe failure fraction)......Page 61
3.3.3 Random hardware failures......Page 64
3.5 Operations and maintenance......Page 65
3.7 Modifications......Page 66
3.9 'Proven in use'......Page 67
Conformance Demonstration Template......Page 68
4 Meeting IEC 61508 Part 3......Page 74
4.1 Organising and managing the software engineering......Page 75
4.3.1 Features of the design......Page 78
4.3.2 Detailed design......Page 79
4.4.1 Software module testing and integration......Page 80
4.5 Validation......Page 81
4.7.1 Static analysis......Page 82
4.7.2 Use of ‘formal’ methods......Page 83
4.7.4 Software reuse......Page 84
4.7.5 Software metrics......Page 85
4.8 'Proven in use'......Page 86
Conformance Demonstration Template......Page 87
5 Meeting IEC 61511......Page 93
5.1 Organising and managing the life-cycle......Page 94
5.2 Requirements involving the specification......Page 96
5.3.1 Selection of components and sub-systems......Page 97
5.3.2 Architecture (i.e. safe failure fraction)......Page 98
5.3.4 Software......Page 99
5.4 Integration and test......Page 100
5.7 Installation and commissioning......Page 101
5.9 Presenting the results......Page 102
6.1 Failure rate and unavailability......Page 106
6.2.1 Block diagram analysis......Page 107
6.2.2 Common cause failure (CCF)......Page 111
6.2.3 Fault tree analysis......Page 116
6.3 Taking account of auto-test......Page 117
6.4 Human error/human factors......Page 120
7.1 Data accuracy......Page 125
7.2 Sources of data......Page 128
7.2.1 Electronic failure rates......Page 129
7.2.2 Other general data collections......Page 130
7.3 Data ranges and confidence levels......Page 131
7.4 Conclusions......Page 133
8.1 Overview......Page 138
8.2 The quantitative tables (Annex B)......Page 139
8.3 The software safety-integrity tables (Annex E)......Page 144
9.1 IEC 61511 (Process)......Page 145
9.3 UKOOA (Offshore)......Page 146
9.4 ISA S84.01 (Instrumentation)......Page 149
9.6 EN 50126 (Railways)......Page 150
9.7 UK MOD (Defence)......Page 153
9.9 MISRA C Code guidelines......Page 155
9.10 IEC 61513 (Nuclear)......Page 156
9.11 EEMUA guidelines......Page 158
9.13 DIN V Standards......Page 159
9.14 Documents related to machinery......Page 160
9.15 NPL Software guidelines......Page 161
9.16 SEMSPLC (Programmable controllers)......Page 162
9.17 Q124 Demonstration guidelines......Page 163
10.1 Demonstrating conformance......Page 164
10.2 The current framework for certification......Page 165
10.3.1 Functional Safety Capability as part of the Quality Management System......Page 167
10.3.3 Rigour of assessment......Page 168
10.4.2 Factory Mutual (USA)......Page 170
10.5 Preparing for assessment......Page 171
10.6 Summary......Page 172
11.1 The unprotected system......Page 176
11.2 Protection system......Page 177
11.4 Reliability block diagram......Page 178
11.5 Failure rate data......Page 179
11.7 Proposed design and maintenance modifications......Page 180
11.8 Modelling common cause failure (pressure transmitters)......Page 181
11.9 Quantifying the revised model......Page 182
11.11 Architectural constraints......Page 183
12 Burner control assessment (example)......Page 184
12.2 Integrity requirements......Page 186
12.3.2 General......Page 187
12.4.1 Random hardware failures......Page 188
1 Requirements......Page 191
2 Design and language......Page 192
5 Design review......Page 193
7 Integrity assessment......Page 194
12.4.3 ALARP......Page 195
12.5 Failure rate data......Page 196
Annex I Fault tree details......Page 198
13.1 A problem involving EUC/SRS independence......Page 202
13.2 A handheld alarm intercom, involving human error in the mitigation......Page 204
13.3 Maximum tolerable failure rate involving alternative propagations to fatality......Page 205
13.4 Hot/cold water mixer integrity......Page 206
13.5 Scenario involving high temperature gas to a vessel......Page 208
ALARP......Page 210
14.1 The systems......Page 211
14.2 The SIL targets......Page 212
14.3 Assumptions......Page 213
14.5.1 Primary braking system (high demand)......Page 214
14.5.2 Emergency braking system (low demand)......Page 217
14.6 Overall safety-integrity......Page 220
Appendices......Page 224
Index......Page 274
