Add to collection(s) Add to saved
  1. No category
Uploaded by Abdullah Jaber

Eaton MTL FSM Poster 010916

advertisement 
Functional Safety Management
Eaton’s MTL FSM poster
IEC 61508 & SAFETY LIFECYCLE
CASS SCHEME
Overall framework of the IEC 61508 series
WHAT IS FUNCTIONAL SAFETY?
In the process industries, safety can be defined as being protected from unacceptable risk of injury or
damage to people, property or the environment. Functional Safety relates to the part of overall safety that
depends upon the correct operation of an electrical/electronic/programmable electronic safety instrumented
system, SIS. The requirements for such a SIS are defined in the IEC 61508 group of standards.
Overall safety lifecycle
Technical Requirements
Part 0
Functional safety and
IEC 61508
Other
Requirements
Part 1
Development of the overall safety
requirements (concept, scope,
definition, hazard and risk analysis)
IEC 61508
Functional safety of E/E/PE
safety-related systems
Part 5
Example of methods for
the determination of safety
integrity levels
7.1 to 7.5
7.6
IEC 61511
Process industry
sector
IEC 61513
Nuclear power
plants
IEC 62061
Safety of machinery
E/E/PES
ISO 13849
Safety of simple
machinery
Part 1
Specification of the system safety
requirements for the E/E/PE
safety-related systems
IEC 61800-5-2
Power
Drives
Part 2
Realisation phase
for E/E/PE safetyrelated systems
release the potential of E/E/PE technology to improve both safety and economic performance;
enable technological developments to take place within an overall safety framework;
provide a technically sound, system based approach, with sufficient flexibility for the future;
provide a risk-based approach for determining the required performance of safety-related systems;
provide requirements based on common underlying principles to facilitate:
- improved efficiencies in the supply chain for suppliers of subsystems and components to
various sectors
- improvements in communication and requirements (i.e. to increase clarity of what needs to
be specified),
- the development of techniques and measures that could be used across all sectors, increasing available resources,
- the development of conformity assessment services if required.
IEC 61508
Part 1
Functional safety
assessment
Clause 8
E/E/PE system safety lifecycle (in realisation phase)
A basic requirement of the standards is that all aspects of the safety lifecycle activities demonstrate
Functional Safety Management. As well as concerns for equipment, this includes management of
personnel competency, covering the end-user, contractors, suppliers and sub-contractors.
10.2
10
E/E/PE system safety
validation planning
One E/E/PE safety lifecycle
for each E/E/PE safetyrelated system
10.3
E/E/PE system design &
development including ASICs
& software
10.4
E/E/PE system integration
10.6
E/E/PE system installation,
commissioning, operation &
maintenance procedures
DEFINITION
61508:2010
IEC 61508:2010
safety
integrity relating to random hardware
failures in a
• Hardware safety integrity; that part of IEC
dangerous mode of failure. It may be necessary to use redundant architectures to achieve adequate
hardware safety integrity.
Safety Integrity Level
(SIL)
• Systematic safety integrity; that part of safety integrity relating to systematic failures in a
dangerous mode of failure. Techniques such as redundant channels of identical hardware, which are
very effective at controlling random hardware failures, are of little use in reducing systematic failures
such as software errors.
SIL
Devices, elements and systems may be Type A or Type B.
Type A is when the components required to perform a specified function meet all of the following:
a) The failure modes of all components are well defined; and
b) The behaviour of the device under fault conditions can be completely determined; and
c) There is sufficient dependable failure data to show that the claimed failure rates for detected and
undetected dangerous failures are met.
3
E/E/PE safety-related systems
11
Other risk reduction measures
4
4
3
≥ 10-8 to < 10-7
2
1
≥ 10-7 to < 10-6
≥ 10-6 to < 10-5
www.61508.org
12
Overall installation and
commissioning
13
Overall safety validation
Component
Assessment
EN45011
Certification
Bodies
14
Overall operation, maintenance
and repair
16
Decommissioning or disposal
15
Clients
Scope of
IEC 61508-2
Software safety
requirements
Programmable
electronic hardware
Non-programmable
hardware
Software design &
development
Programmable
electronics design &
development
Non-programmable
hardware design &
development
A
B
< 60 %
60 % - < 90 %
90 % - < 99 %
≥ 99 %
Hardware fault tolerance
0
1
2
SIL 1
SIL 2
SIL 3
SIL 3
SIL 2
SIL 3
SIL 4
SIL 4
SIL 3
SIL 4
SIL 4
SIL 4
Type B Safety System
Safe failure fraction of an element
< 60 %
60 % - < 90 %
90 % - < 99 %
≥ 99 %
Safety
Requirements
Assessment
Operations and
Maintenance
Assessment
T4
T3
Technical Committees
T1
T2
Sub-system
Supplier
T2a
Engineering
Function/System
Integrator
End user/
Operator
Abbreviation
AC/DC
AIChE
Full expression
Alternating current/direct current
American institute of chemical engineers
Abbreviation
LVL
MooN
ALARP
ANSI
ASIC
BPCS
CCF
CPLD
CCPS
DC
(E)EPLD
As Low As Reasonably Practicable
American National Standards Institute
Application Specific Integrated Circuit
Basic process control system
Common Cause Failure
Complex Programmable Logic Device
Center for chemical process safety
Diagnostic Coverage
(Electrically) Erasable Programmable Logic
Device
Electrical/Electronic/Programmable
Electronic
Electrical/Electronic/Programmable
Electronic System
Electrically Erasable Programmable ReadOnly Memory
Erasable Programmable Read-Only Memory
Electro-magnetic compatibility
Equipment Under Control
Factory acceptance testing
Field Programmable Gate Array
Fixed program language
Functional safety assessment
Fault tree analysis
Full variability language
Generic Array Logic
Hazard & risk assessment
MooND
MTBF
MTTR
MRT
NP
PAL
PE
PES
PFD
Full expression
Limited variability language
M out of N channel architecture (for example 1oo2 is 1 out
of 2 architecture, where either of the two channels can
perform the safety function)
M out of N channel architecture with Diagnostics
Mean Time Between Failures
Mean Time To Repair
Mean Repair Time
Non-programmable
Programmable Array Logic
Programmable Electronic
Programmable electronic system
Probability of Dangerous Failure on Demand
PFDavg
Average Probability of dangerous Failure on Demand
PFH
Average frequency of dangerous failure [h-1]
PLA
Programmable Logic Array
E/E/PE
E/E/PE system integration
Safe failure fraction of an element
Integrated
System
Assessment
Definitions and abbreviations
Overall modification
and retrofit
E/E/PE system architecture
Sub-system
Assessment
T5
TERMINOLOGIES & ABBREVIATIONS
Back to appropriate
overall safety
lifecycle phase
Hardware fault tolerance
0
1
2
Not Allowed
SIL 1
SIL 2
SIL 3
SIL 1
SIL 2
SIL 3
SIL 4
SIL 2
SIL 3
SIL 4
SIL 4
While every effort has been made to ensure that the information contained within this document is accurate and up to date, Eaton makes no warranty, representation or
undertaking whether expressed or implied, nor does it assume legal liability, whether direct or indirect, or responsibility for the accuracy, completeness, or usefulness of
any information.
Eaton Electric Limited,
Great Marlings, Butterfield, Luton, Beds, LU2 8DL, UK.
Tel: +44 (0)1582 723633
Fax: +44 (0)1582 422283
Functional Safety Management (FSM)
UKAS
Component
Supplier
www.iec.ch/functionalsafety www.cass.uk.net
www.hse.gov.uk
Technical Design
Authority
Relationship between CASS assessment types
Test Houses
Type A Safety System
SIL for Low Demand Mode
Safety Integrity Level
Average probability of
(SIL)
a dangerous failure on
demand of the
safety function
(PFDavg)
4
≥ 10-5 to < 10-4
3
≥ 10-4 to < 10-3
2
≥ 10-3 to < 10-2
1
≥ 10-2 to < 10-1
61508:2010
IEC 61508:2010
Type B isIEC
simply
when one or more of the components
required to perform a specified function is not
Type A.
Governing Body
E/E/PE
(system)
EEPROM
Average frequency of a
dangerous failure of the
safety function [h-1]
(PFH)
≥ 10-9 to < 10-8
Feedback
Members
Specification and Realisation
To Box 14 in
‘Overall Safety
Lifecycle’
SIL for High Demand Mode
2
10
Programmable
electronics integration
(hardware & software)
SAFETY INTEGRITY LEVELS
1
E/E/PE system safety
requirements specification
Hardware safety requirements
specification
Scope of
IEC 61508-3
E/E/PE system safety validation
Certificate No. CASS 00015/01
Safety integrity is considered to be composed of the following two elements:
9
E/E/PE system design
requirements specification
To Box 12 in
‘Overall Safety
Lifecycle’
SIL
Overall safety requirements
allocation
E/E/PE system design
requirements specification
Approved Company
SIL
5
The CASS
Scheme Ltd
Realisation
C E RT I F I C AT I O N S E RV I C E
SIL
Overall safety requirements
Relationship between & scope of IEC 61508-2 & IEC 61508-3
(see E/E/PE system
safety lifecycle)
10.5
Note that a safety integrity level is a property of a safety function rather than of a
system or any part of a system.
4
Accredited Certification for Safety Systems... to IEC 61508
and related standards
E/E/PE safety-related systems
10.1
(In the UK see also guidance from HSE’ “Managing competence for safety-related systems”.)
Safety integrity is the ability of the SIS to perform the required safety function
as and when required. Four levels of safety integrity are defined, each
corresponding to a range of target likelihood of failures of a safety function.
Safety integrity level 4 (SIL4) is the highest level of safety integrity and safety
integrity level 1 (SIL1) is the lowest level.
Hazard and risk analysis
7.15 - 7.17
Functional Safety Management
011
3
(see E/E/PE system
safety lifecycle)
Part 1
Operation, maintenance, repair,
modification and retrofit,
decommissioning or disposal of
E/E/PE safety-related systems
Box 10 in
‘Overall Safety
Lifecycle’
Functional Safety
Overall scope definition
Realisation
commissioning
planning
7.13 - 7.14
2
Overall
safety
validation
planning
Overall
8 installation
and
Part 7
Overview of
techniques and
measures
Part 1
Installation, commissioning &
safety validation of E/E/PE safetyrelated systems
7
Part 1
Management of
functional safety
Clause 6
Part 3
Realisation phase
for safety-related
software
IEC 61508 aims to:
•
•
•
•
•
6
Part 6
Guidelines for the
application of Parts
2&3
7.10
Overall planning
Overall
operation and
maintenance
planning
Concept
RULES
Part 1
Documentation
Clause 5 &
Annex A
1
IEC 61508
Part 1
Allocation of the safety
requirements to the E/E/PE
safety-related systems
Part 4
Definitions &
abbreviations
CASS is a scheme for assessing the compliance of safety related systems with the requirements of IEC 61508 and associated
standards. It provides a systematic approach to be used by certification bodies and others when assessing compliance at all stages
from the specification of safety requirements through the design, development and manufacture of system components to integration,
commissioning, operation and maintenance.
EPROM
EMC
EUC
FAT
FPGA
FPL
FSA
FTA
FVL
GAL
H&RA
HFT
IEC
IEV
ISA
ISO
PLC
SAT
SC
SFF
SIF
SIL
SIS
SRS
UON
ls or lsafe
ld or
ldangerous
ldd
Hardware Fault Tolerance
ldu
International Electrotechnical Commission
lsu
International Electrotechnical Vocabulary
Instrumentation, Systems & Automation Society lsd
International Organization for Standardization
AUSTRALIA
Tel: +61 1300 308 374
Fax: +61 1300 308 463
CHINA
Tel: + 86 21 2899 3817
Fax: + 86 21 2899 3992
GERMANY
Tel: +49 (0)22 73 98 12 - 0
Fax: +49 (0)22 73 98 12 - 2 00
ITALY
Tel: +39 02 959501
Fax: +39 02 95950759
NORWAY
Tel: +47 66 77 43 80
Fax: +47 66 84 55 33
SINGAPORE
Tel: +65 6 645 9888
Fax: +65 6 487 7997
UNITED ARAB EMIRATES
Tel: +971 2 44 66 840
Fax: +971 2 44 66 841
BeNeLux
Tel: +31 (0)418 570290
Fax: +31 (0)418 541044
FRANCE
Tel: +33 (0)4 37 46 16 53
Fax: +33 (0)4 37 46 17 20
INDIA
Tel: +91 (0)44 24501660/24501857
Fax: +91 (0)44 24501463
JAPAN
Tel: +81 (0)3 6430 3128
Fax: +81 (0)3 6430 3129
RUSSIA
Tel: +7 (495) 981 3770
Fax: +7 (495) 981 3771
SOUTH KOREA
Tel: +82 6380 4805
Fax: +82 6380 4839
UNITED KINGDOM
Tel: +44 (0)1582 723633
Fax: +44 (0)1582 422283
AMERICAS
Tel: +1 281-571-8065
Fax: +1 281-571-8069
Programmable logic controller
Site acceptance test
Systematic capability
Safe failure fraction
Safety instrumented function
Safety integrity level
Safety instrumented system
Safety requirement specification
Unless otherwise noted
Failure rate of all safe failures
Failure rate of all dangerous failures
Failure rate of all dangerous detected failures
Failure rate of all dangerous undetected failures
Failure rate of all safe undetected failures
Failure rate of all safe detected failures
www.mtl-inst.com
mtlenquiry@eaton.com
For technical advice or further information call:
+44 (0)1582 723633
ZL-P-FSM-EN-0916
Related documents
Looking for a reliable electronic switch for your Safety Instrumented
Looking for a reliable electronic switch for your Safety Instrumented
Click here - Russell M. Richards
Click here - Russell M. Richards
Standards and IEC61508 - School of Computing Science
Standards and IEC61508 - School of Computing Science
Download
advertisement