Safety Assessment Safety Integrity Levels ITV Modelbased Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P Ravn Aalborg University September ID: 770433
Download Presentation The PPT/PDF document "Safety Assessment:" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Safety Assessment:Safety Integrity Levels ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University September 2011
Safety Assessment Find hazards that may lead to incidents or mishaps, analyze their relations, and estimate their consequences. May involve probabilistic reasoning (Reliability Engineering). Is PFH < 10 -6 per hour (h -1 ) ?
Process & Documents
System Analysis and Definition
Model the contextProblem domain: That part of a context that is administrated, monitored, or controlled by a system Application domain: The organization that administrates, monitors, or controls a problem domain Hazards!
System Definition (FACTOR) Functionality : The system functions that support the application-domain tasks. Application domain: Those parts of an organization that administrate, monitor, or control a problem domain.Conditions: The conditions under which the system will be developed and used. Technology: Both the technology used to develop the system and the technology on which the system will run. Objects : The main objects in the problem domain. Responsibility : The system’s overall responsibility in relation to its context.
Determining the Hazards and risks
Hazard DeterminationHAZOP ( hazard and operability) -study
Determine Event SequencesFault Trees Primary Events : Basic event – fault in atomic component Undeveloped Event – fault in composite component (may be analyzed later) External event – expected event from environment Intermediate event: Nodes inside a fault-tree
Fault Tree - Gates ... ... condition Inhibit gate
Determining the SIL
MethodsALARP (As Low As Resonably Possibble) with Quantitative method (Appendix C, D) Risk Graphs (Appendix E) LOPA (Layer of Protection Analysis) (Appendix F)Hazardous Event Severity Matrix (Appendix G)
ALARP – Frequency and Consequence
ALARP – to SIL C a weight of the consequence, eg on a scale [0,1]. F np frequency in h-1 or y -1 . F p (F t ) tolerable frequency = PFH avg F np
Risk Graphs - SIL
Data for Risk Graph