190 likes | 449 Views
Detailed comparison of AS4024 and ISO13849-1. Measuring compliance against each standard True to life examples of managing, assessing and achieving compliance of a typical automated control system
E N D
Detailed comparison of AS4024 and ISO13849-1 Measuring compliance against each standard True to life examples of managing, assessing and achieving compliance of a typical automated control system Prepared scenario allowing students to assess, design and validate a safety system, while applying legal and regulatory framework, reasonably practicable concepts, hierarchy of control, and standards Sistema Workshop – Guided examples of how to use software evaluation tool for functional safety on machines. Includes 4 or more examples as time permits.
Agenda • What are Performance Levels? • How are they calculated? • Why is this better or worse than Categories (AS4024)? • Who is using PL?
What are Performance Levels? Airbags (Fault Tolerance) Category (Fault Tolerance) ABS(Fault Detection) DCavg (Fault Detection) Crumple Zones (Reliability) MTTFd (Reliability) Stability Control (Avoidance) CCF (Avoidance) ANCAP Star Rating Performance Level PLa - PLe
Functional Safety • Evolution not revolution • Still one common failure cause – human error
Performance Level is the quality of the safety implementation measured as Probability of Dangerous Failures per Hour (PFH) • Eg: PL d = 0.0000001 to 0.000001 dangerous failures per hour OR one failure every 3000 years.
Category (Fault Tolerance) DCavg (Fault Detection) MTTFd (Reliability) CCF (Avoidance) Performance Level Quantitive measure of level of safety
Risk Assessment PLr PL
Categories Designated architectures describe structures which have already been analysed, upon which the models and analysis rules of the standard are based.
MTTFd • The mean time to dangerous failure (MTTFd) is a mean value for the duration of operation before a component fails in a manner which gives rise to a dangerous situation. Its value is based upon data for the frequency of failures within a specified period of time, and can be calculated from the reciprocal of the failure rate (dangerous failures [FIT]). The MTTFd enables the (finite) reliability of individual subsystems, blocks and elements to be quantified and their behaviour predicted under the influence of the forces typically encountered in use. • For the purpose of simplification, the MTTFd has been divided into the ranges low, medium and high. B10d • Alternatively (for example in the case of pneumatic and electromechanical components), the MTTFd value of elements can be determined from the B10d value and the number of cycles per year (nop). The quotient B10d/nop, also referred to as T10d, describes the mean time which passes before 10% of the components have failed in a dangerous manner. This value limits the operating time of the element. Ensure therefore that this value is not lower than that of 20 years specified in the standard
CCF • CCF (common cause failure) describes failures of a control system of redundant design which are attributable to a common cause (e.g. contamination, electromagnetic interference, heat, etc.). Such failures are relevant only on two-channel subsystems (as in Category 2, 3 or 4). • The standard provides a pragmatic, points-based method for the quantitative assessment of measures against CCF
Mission Time • The mission time refers to the period which limits the operating time of a component for its intended use. The actual operating time of a component should never exceed the mission time. Ensure that the component is replaced in time.
Simplified SIL? Typical SIL Determination