Previous chapters have discussed safety as an inherent part of the design process - AS IT MUST BE. These include elements such as making stops normally closed, starts normally open, systems return to safe inherently, programs that are predictable, etc. There are a variety of systems for evaluating and managing safety issues from a range of groups including NASA, DOD, and many more.
30.7.1 IEC 61508/61511 safety standards
These standards cover electrical, electronic, and programmable electronic systems. Three categories of software languages covered by the standard
FPL (Fixed Programming Language) - a very limited approach to programming. For example the system is programmed by setting parameters.
LVL (Limited Variability Language) - a language with a strict programming model, such as ladder logic.
FVL (Full Variability Language) - a language that gives full access to a systems, such as C.
Dangers can be estimated using a Safety Integrity Level (SIL) - the safety requirements for a function in a system. These estimates of failure can be calculated using individual component reliability, historical data, and some careful consideration. Typical probabilities of failure by type of system are given below.
level 4: P = 10^-4 to 10^-5
level 3: P = 10^-3 to 10^-4
level 2: P = 10^-2 to 10^-3
level 1: P = 10^-1 to 10^-2
High Demand or continuous mode:
level 4: P = 10^-8 to 10^-9
level 3: P = 10^-7 to 10^-8
level 2: P = 10^-6 to 10^-7
level 1: P = 10^-5 to 10^-6
System safety levels are defined with one of the three categories below.
SIF (Safety Instrumented Function) - The SIL for each function is chosen to ensure an overall system functionality.
SIS (Safety Instrumented System) - A combined system with one or more logic processors.
SFF (Safe Failure Fraction) - the ratio of safe and dangerous detected failures to the total failures.
To calculate the SFF and/or overall system failure probability there is a need to refer to the relevant statistical theory. Some of the common approaches are listed.
- do an FMEA for each system component in the system
- classify failure modes as safe or dangerous
- calculate the probabilities of safe/dangerous failures (S/D [0, 1])
- estimate the fraction of the failures that can be detected (F [0, 1])