safety-intro.pdf
TRANSCRIPT
-
7/28/2019 safety-intro.pdf
1/25
Introduction to safety engineering
Michal Sojka
VUT v Praze,Fakulta Elektrotechnick,
Katedra dic techniky
December 13, 2012
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
2/25
Outline I
1 What is safety?
2 System safety
3 Functional safety
4 Standards
5 Achieving safety
http://find/ -
7/28/2019 safety-intro.pdf
3/25
What is safety?
http://find/ -
7/28/2019 safety-intro.pdf
4/25
What is safety?
One definition
Freedom from those conditions that can cause death, injury,occupational illness, damage to or loss of equipment or property, ordamage to the environment.
http://find/ -
7/28/2019 safety-intro.pdf
5/25
What is safety?
One definition
Freedom from those conditions that can cause death, injury,occupational illness, damage to or loss of equipment or property, ordamage to the environment.
Safety vs. security
Source: TU Wien
http://find/ -
7/28/2019 safety-intro.pdf
6/25
How to start with safety?
Hard to say
Safety is not a set of facts
It is a wide range of knowledge that needs to be related
This relation happens at multiple (all) levels
Everybody starts with naive concepts of safety
http://find/ -
7/28/2019 safety-intro.pdf
7/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, and
cost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
http://find/ -
7/28/2019 safety-intro.pdf
8/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, andcost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
Why management? Because experience has shown that many failuresare not due to systems being built the wrong way but actually thewrong systems having been built. With other words management isthere to make sure that engineering actually is doing the right thing(in all aspects).
http://find/http://goback/ -
7/28/2019 safety-intro.pdf
9/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, andcost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
Safety is not checklist
It is necessary to interpret the principles
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
10/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, andcost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
What is acceptable risk?
100% guarantee is never achieved!
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
11/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, andcost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
Perfect technical solution is not always possible.
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
12/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, andcost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
When we are done with system safety?
When it went through all life-cycles stages:
Initial requirementsDesignImplementationServiceDecommissioningDisposal
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
13/25
System safety
The application of engineering and management principles, criteria,and techniques to achieve acceptable mishap risk, within theconstraints of operational effectiveness and suitability, time, andcost, throughout all phases of the system life cycle. [DODMIL-STD 882D Clause 3.2.13]
http://find/ -
7/28/2019 safety-intro.pdf
14/25
What is a system?
DOD MIL-STD 882D Clause 3.2.12:
An integrated composite of people, products, and processes thatprovide a capability to satisfy a stated need or objective.
ECSS-P-001A Rev A 1997 Clause 3.144:System: Set of interdependent elements constituted to achieve agiven objective by performing a specified function (IEC 50:1992).NOTE: The system is considered to be separated from the
environment and other external systems by an imaginary surfacewhich cuts the links between them and the considered system.Through these links, the system is affected by the environment, isacted upon by external systems, or acts itself on the environment orthe external systems.
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
15/25
What is a system?
IEC 61508-1 3.3.1:
Set of elements which interact according to a design, where anelement of a system can be another system, called a subsystem,which may be a controlling system or a controlled system and may
include hardware, software and human interaction
MOD 00-58 Clause 4.1.23:
A bounded physical entity that achieves in its environment adefined objective through interactions of its part.
NASA SP 6105 Rev1 2007:
A construct or collection of different elements that togetherproduce results not obtainable by the elements alone
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
16/25
What is a system?
RTCA DO 178C Annex B:
A collection of hardware and software components organized toaccomplish a specific function or set of functions.
SAE ARP 4754a RevA 2010:
A combination of inter-related items arranged to perform a specific
function(s)
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
17/25
Is terminology important?
Safety is about communication at all levels.
engeneers, managers, computer networks
Goal: Establish common understanding of concepts.
Implementation = transformation of concepts to actionsIf concepts differ but actions are coupled => problems
Terminology is not about finding the true meaning
It teaches us to be sensitive to imprecision when
communicating abstract conceptsSystems safety is about mitigation of problems arising fromapplication of non-matching concepts
http://find/ -
7/28/2019 safety-intro.pdf
18/25
Types of safety
System safety
Already covered
Functional safety
Part of the overall safety relating to the EUC and the EUC controlsystem that depends on the correct functioning of the E/E/PEsafety-related systems and other risk reduction measures. [IEC
61508-7/Ed.2, clause 3.1.12]EUC equipment under control
http://find/ -
7/28/2019 safety-intro.pdf
19/25
What are safety standards?
DIN 820 Part 1
Standardization is the collaborative unification of material andimmaterial objects by interested parties for the good of the generalpublic.
Standards are created because there is a need for them.
By industry, governments or international bodies.
The need arises because something went wrong without thestandard (incompatibility etc.).
Standards are here to help you.
They contain useful knowledge that is hard (or painful) togain. The knowledge was gained from failures in the past.
Safety standards should not be followed without thinking.
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
20/25
Liability
MOD Def Stan 00-74 Part 1 Preface (or any other Def Stan)
Compliance with this Defence Standard shall not in itselfrelieve any person from any legal obligations imposed upon
them.This standard has been devised solely for the use of theMinistry of Defence (MOD) and its contractors in theexecution of contracts for the MOD. To the extent permittedby law, the MOD hereby excludes all liability whatsoever andhowsoever arising (including, but without limitation, liabilityresulting from negligence) for any loss or damage howevercaused when the standard is used for any other purpose.
http://find/ -
7/28/2019 safety-intro.pdf
21/25
Hierarchy of safety standards
Source: FH Campus Wien
http://find/ -
7/28/2019 safety-intro.pdf
22/25
Hierarchy of safety standards
MIL-STD-882D high-level standard (good overview of safety)https://acc.dau.mil/adl/en-US/255833/file/40632/MIL-STD-882D.pdf
IEC 61508 generic standard
This International Standard sets out a generic approach for all safety lifecycle
activities for systems comprised of electrical and/or electronic and/orprogrammable electronic (E/E/PE) elements that are used to perform safetyfunctions. This unified approach has been adopted in order that a rational andconsistent technical policy be developed for all electrically-based safety-relatedsystems. A major objective is to facilitate the development of applicationsector standards.
. . .
enables application sector international standards, dealing with E/E/PEsafety-related systems, to be developed; the development of applicationsector international standards, within the framework of this standard,should lead to a high level of consistency (for example, of underlying
principles, terminology etc.) both within application sectors and acrossapplication sectors; this will have both safety and economic benefits;
More terminology
https://acc.dau.mil/adl/en-US/255833/file/40632/MIL-STD-882D.pdfhttps://acc.dau.mil/adl/en-US/255833/file/40632/MIL-STD-882D.pdfhttp://find/ -
7/28/2019 safety-intro.pdf
23/25
More terminologySafety Integrity Level
Reliability the system operates as expected
Reliability of the safety functions
The safety functions perform as expectedSafety Integrity Level measure for reliability of safety function
Safety integrity High demand or continuous mode of operationlevel (Probability of a dangerous failure per hour)
4 109 to < 108
3 108 to < 107
2 107 to < 106
1 106 to < 105
[IEC 61508-1 Ed1]
b l
http://goforward/http://find/http://goback/ -
7/28/2019 safety-intro.pdf
24/25
Traceability
Evidence that the low level requirements were translated to
Source CodeEvidence that no code was added that does not stem from arequirement
Traceability means that yo can answer the question Why isthis code here in this form for every line I point at.
R f
http://find/ -
7/28/2019 safety-intro.pdf
25/25
References
Nicholas McGuire, Safety Manuals
Dr. Andreas Gerstinger, Safety Engineering Course Slides, TUWien
Gregor Pokorny, Safety Related Systems Slides, FH CampusWien
http://find/