Previous chapters have discussed safety as an inherent part of the design process - AS IT MUST BE. These include elements such as making stops normally closed, starts normally open, systems return to safe inherently, programs that are predictable, etc. There are a variety of systems for evaluating and managing safety issues from a range of groups including NASA, DOD, and many more.

30.7.1 IEC 61508/61511 safety standards

These standards cover electrical, electronic, and programmable electronic systems. Three categories of software languages covered by the standard

FPL (Fixed Programming Language) - a very limited approach to programming. For example the system is programmed by setting parameters.

LVL (Limited Variability Language) - a language with a strict programming model, such as ladder logic.

FVL (Full Variability Language) - a language that gives full access to a systems, such as C.

Dangers can be estimated using a Safety Integrity Level (SIL) - the safety requirements for a function in a system. These estimates of failure can be calculated using individual component reliability, historical data, and some careful consideration. Typical probabilities of failure by type of system are given below.

Low demand:

level 4: P = 10^-4 to 10^-5

level 3: P = 10^-3 to 10^-4

level 2: P = 10^-2 to 10^-3

level 1: P = 10^-1 to 10^-2

High Demand or continuous mode:

level 4: P = 10^-8 to 10^-9

level 3: P = 10^-7 to 10^-8

level 2: P = 10^-6 to 10^-7

level 1: P = 10^-5 to 10^-6

System safety levels are defined with one of the three categories below.

SIF (Safety Instrumented Function) - The SIL for each function is chosen to ensure an overall system functionality.

SIS (Safety Instrumented System) - A combined system with one or more logic processors.

SFF (Safe Failure Fraction) - the ratio of safe and dangerous detected failures to the total failures.

To calculate the SFF and/or overall system failure probability there is a need to refer to the relevant statistical theory. Some of the common approaches are listed.

- do an FMEA for each system component in the system

- classify failure modes as safe or dangerous

- calculate the probabilities of safe/dangerous failures (S/D [0, 1])

- estimate the fraction of the failures that can be detected (F [0, 1])