Functional safety : a straightforward guide to applying IEC 61508 and related standards

A Quick Overview ix Acknowledgements xi Part A The Concept of Safety-Integrity 1 The meaning and context of Safety-Integrity targets 3 1.1 Risk and the need for safety targets 3 1.2 Quantitative and qualitative safety targets 7 1.3 The life-cycle approach 11 1.4 Basic steps in the assessment process 14 1.5 Costs 16 1.6 The seven parts of IEC 61508 17 Part B The Basic Requirements of IEC 61508 and 61511 2 Meeting IEC 61508 Part 1 25 2.1 Functional safety management and competence 25 2.2 Establishing SIL targets 30 2.3 Applying ALARP 38 3 Meeting IEC 61508 Part 2 42 3.1 Organising and managing the life-cycle 43 3.2 Requirements involving the specification 44 3.3 Requirements for design and development 46 3.4 Integration and test 52 3.5 Operations and maintenance 52 3.6 Validation 53 3.7 Modifications 53 3.8 Acquired sub-systems 54 3.9 ‘Proven in use’ 54 3.10 Presenting the results 55 Conformance Demonstration Template 554 Meeting IEC 61508 Part 3 61 4.1 Organising and managing the software engineering 62 4.2 Requirements involving the specification 65 4.3 Requirements for design and development 65 4.4 Integration and test 67 4.5 Validation 68 4.6 Modifications 69 4.7 Some technical comments 69 4.8 ‘Proven in use’ 73 4.9 Presenting the results 74 Conformance Demonstration Template 74 5 Meeting IEC 61511 80 5.1 Organising and managing the life-cycle 81 5.2 Requirements involving the specification 83 5.3 Requirements for design and development 84 5.4 Integration and test 87 5.5 Validation 88 5.6 Modifications 88 5.7 Installation and commissioning 88 5.8 Operations and maintenance 89 5.9 Presenting the results 89 Part C The Quantitative Assessment 6 Reliability modelling techniques 93 6.1 Failure rate and unavailability 93 6.2 Creating a reliability model 94 6.3 Taking account of auto-test 104 6.4 Human error/human factors 107 7 Failure rate and mode data 112 7.1 Data accuracy 112 7.2 Sources of data 115 7.3 Data ranges and confidence levels 118 7.4 Conclusions 120 Part D Related Issues 8 Some comments on Part 6 of IEC 61508 125 8.1 Overview 125 8.2 The quantitative tables (Annex B) 126 8.3 The software safety-integrity tables (Annex E) 131 9 Second tier and related guidance documents 132 9.1 IEC 61511 (Process) 1329.2 IGEM SR/15 133 9.3 UKOOA (Offshore) 133 9.4 ISA S84.01 (Instrumentation) 136 9.5 OLF-077 (Norwegian) 137 9.6 EN 50126 (Railways) 137 9.7 UK MOD (Defence) 140 9.8 MISRA guidelines (Motor) 142 9.9 MISRA C Code guidelines 142 9.10 IEC 61513 (Nuclear) 143 9.11 EEMUA guidelines 145 9.12 RTCA DO-178B (Civil air) 146 9.13 DIN V Standards 146 9.14 Documents related to machinery 147 9.15 NPL Software guidelines 148 9.16 SEMSPLC (Programmable controllers) 149 9.17 Q124 Demonstration guidelines 150 10 Demonstrating and certifying conformance 151 10.1 Demonstrating conformance 151 10.2 The current framework for certification 152 10.3 Self-certification 154 10.4 Other types of ‘certification’ 157 10.5 Preparing for assessment 158 10.6 Summary 159 Part E Case Studies in the Form of Exercises and Examples 11 Pressure control system (exercise) 163 12 Burner control assessment (example) 171 13 SIL targeting – some practical examples 189 14 Hypothetical rail train braking system (example) 198 Appendix 1 Functional safety capability – template procedure 211 Appendix 2 Assessment schedule (checklist) 230 Appendix 3 Betaplus CCF model, checklists 235 Appendix 4 Assessing safe failure fraction and diagnostic coverage 240 Appendix 5 Answers to examples 245 Appendix 6 References 252 Appendix 7 ‘High and low demand’ 255 Appendix 8 Some terms and jargon of IEC 61508 257 Index 261