How to develop E/E/PESs to IEC 61508?

E/E/PES is: electrical/electronic/programmable electronic system

IEC 61508-4 subclause 3.3.3

What is the safety question?

How to make a product safe,

or How to make a safe product?

What is safety?

How do you measure it?

Safety: freedom from unacceptable risk

Harm to:
people

probability of occurrence

property

environment
safety people property environment

severity of occurrence

What is a Risky System?

A system with an unacceptable combination of: probability of occurrence of harm

and
the severity of that harm.

IEC 61508 safety theory is - remove systematic defects

IEC 61508 implies:

ad hoc or non-safety processes non-safety products

non-safety processes systematic defects safety processes

safety processes safety products safety processes + functional safety assessment IEC 61508 compliance

The Safety Equation

MTBF = MTBRF + MTBSF

PFD = PRFD + PSFD

safety integrity = hardware safety integrity + systematic safety integrity

MTBF - Mean Time Between Failure PFD - Probability of Failure on Demand

MTBRF - Mean Time Between Random Failure PRFD - Probability of Random Failure on Demand

MTBSF - Mean Time Between Systematic Failure PSFD - Probability of Systematic Failure on Demand

Safety Measurements
MTBF = 1/(failure rate)
failure rate = RHF + SHF + SSF

SIL 1/(failure rate)

SIL 1/(RHF + SHF + SSF)
RHF - Random Hardware Failure SHF - Systematic Hardware Failure SSF Systematic Software Failure SIL - Safety Integrity Level

See IEC 61508-1, Tables 2 and 3

Relationship of IEC 61508 to failure type

random hardware failure (RHF) systematic hardware failure (SHF) systematic software failure (SSF)

see IEC 61508-2 see IEC 61508-2 see IEC 61508-3

Systematic defects
Systematic defects are removed during the product development lifecycle The product development lifecycle is depicted graphically with the V-model

The V-model for software development is shown in Figure 5 of IEC 61508-3

The Parts of IEC 61508

IEC 61508-1 Part 1: General requirements IEC 61508-2 Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems IEC 61508-3 Part 3: Software requirements IEC 61508-4 Part 4: Definitions and abbreviations IEC 61508-5 Part 5: Examples of methods for the determination of safety integrity levels IEC 61508-6 Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 IEC 61508-7 Part 7: Overview of techniques and measures

Non-complex or Complex system?

Non-complex deterministic system
A deterministic system has a unique output for each specific input

Complex non-deterministic system A non-deterministic system means that the system output is a function of the current input and the previous output.

IEC 61508-3 Software Requirements Example

From the E/E/PES hardware development processes, it has been determined that a microcontroller is required to implement the complex logic in software, (See IEC 61508-3 Figure 1) and SIL 3 has been determined
IEC 61508-3, clause 7.2, Software safety requirements specification, points to IEC 61508-3, Table A.1
IEC 61508-3, Table A.1, Software safety requirements specification, points to IEC 61508-7, Technique/Measure B.2.4 IEC 61508-7, Technique/Measure B.2.4, describes Computer-aided specification tools

WHY NOT ENGINEERING

www.whynotengineering.com