Functional Safety considerations in system design - Mark Carter, BAE Systems

Functional Safety Safety Engineering

Practical Aspects of PROFIBUS and PROFINET in Process Seminar

29th June 2015 / Not Protectively Marked

1

29th June 2016, Manchester E&H

Presenters: M Carter MSc CEng FIET

© BAE Systems 2016


2

Terminology

• Functional – ‘To preform a specific Action

or Activity’

• Safe – ‘Freedom from the occurrence of

Risk’ (Harm)

• Risk – ‘The product of a Consequence

(severity) in relation to Probability

(frequency)’.

• Safety – ‘Performance’ or acceptable interval of

Integrity exposure to risk!

Level (SIL) expressed in hours or years

© BAE Systems 2016


3

What is Functional Safety Function

SIL - Performance Risk

Functional

Safety

© BAE Systems 2016

A

B


4

An Example

Customer

To sell my goods

for profit I need to

get from A to B

© BAE Systems 2016


5

An Example

Customer

To sell my goods


get from A to B

A

B

© BAE Systems 2016


6

An Example

Customer

To sell my goods


get from A to B

2hr journey

time All weathers

Derived Requirements

Keep SAFE

Product - CAR

• £££££’s

• Propulsion System 0-60mph

• Carries the goods

• Environmental - Human

• Navigation/Steering System

• Safety Target 6X10-5

Capability Derived Requirements

© BAE Systems 2016


7

Functional

Safety

Safety Goals • The Car must be able to be controlled.

• Provide a Safe Environment for personnel.

• The car must not cause harm to third parties

or the environment.

Safety Roles • The Car must be able to be controlled.

• Ability to Navigate its Environment Provide.

• Ability to Stop.

• Ability to view the road ahead.

• Provide a Safe Environment for personnel. • Provide fresh air.

• Provide temperature control.

• Third Parties or Environment. • Material Safety.

© BAE Systems 2016


8

Functional

Safety

Safety Goals

The Car must

be able to be

controlled.

Provide a Safe

Environment

for personnel.

Not cause

harm to third

parties or the

environment.

Ability to

Navigate.

Safety Roles

Stop.

View the

road

ahead.

Provide

Fresh Air.

Provide

Temp

Contrl.

Material

Safety.

Functionally Safe

Functional

Justification

System

Justification

© BAE Systems 2016


9

How’s that

work in Practice

Top Level Goal

The Car cannot

be controlled. The

Environment

is not Safe for

personnel.

Causes harm

to third parties

or the

environment.

Cannot

Navigate. Cannot

Stop.

Cannot

View

ahead.

Handbrake Footbrake

Acceptably

‘SAFE’

Breaking

Function

© BAE Systems 2016


10

How’s that

work in Practice

Top Level Goal

The Car cannot

be controlled. The

Environment

is not Safe for

personnel.

Causes harm

to third parties

or the

environment.

Cannot

Navigate. Cannot

Stop.

Cannot

View

ahead.

Handbrake Footbrake

Acceptably

SAFE

Breaking

Function

PRODUCT

System System

Function

Component

HAZARD

Top Level Event

EVENT

High Level

EVENT

Low Level

EVENT

Root Cause

© BAE Systems 2016


11

How’s that

work in Practice

Handbrake Footbrake

• Cable failure

• Handbrake linkage

• Foot pedal linkage

• Hydraulic leak

Failure Modes

• Brake calliper's

• Brake calliper's

© BAE Systems 2016


12

Failure Mode Hazard Prob Pre –

Class

Control(s) Post –

Class

Cable Failure Loss of

navigation

Handbrake

linkage

Loss of

navigation

Foot pedal Loss of

navigation

Hydraulic leak Loss of

navigation

Brake Callipers Loss of

navigation

Risk Safety Performance

Target 6X10-5

Analysis

© BAE Systems 2016


13


Class

Control(s) Post –

Class


navigation

Handbrake

linkage

Loss of

navigation

Foot pedal Loss of

navigation


navigation


navigation


Target 6X10-5

λ = Failure Rate = MTBF

1

λ x λ

1X10-6

λ+ λ

Analysis

© BAE Systems 2016


14


Class

Control(s) Post –

Class


navigation

1X10-6

Handbrake

linkage

Loss of

navigation

1X10-6

Foot pedal Loss of

navigation

1X10-6


navigation

1X10-6


navigation

1X10-6


Target 6X10-5

Analysis

First-Aid

incident Death

FREQ

INCREB

© BAE Systems 2016


15


Class

Control(s) Post –

Class


navigation

1X10-6

Handbrake

linkage

Loss of

navigation

1X10-6

Foot pedal Loss of

navigation

1X10-6


navigation

1X10-6


navigation

1X10-6


Target 6X10-5

Analysis

1. Auto-brake

2. Airbag

© BAE Systems 2016


16


Class

Control(s) Post –

Class


navigation

1X10-6

Handbrake

linkage

Loss of

navigation

1X10-6

Foot pedal Loss of

navigation

1X10-6


navigation

1X10-6


navigation

1X10-6


Target 6X10-5

Analysis

First-Aid

incident Death

FREQ

INCREB

© BAE Systems 2016


17


Class

Control(s) Post –

Class


navigation

1X10-6

Handbrake

linkage

Loss of

navigation

1X10-6

Foot pedal Loss of

navigation

1X10-6


navigation

1X10-6


navigation

1X10-6


Target 6X10-5

Analysis

1. Auto-brake

2. Airbag

© BAE Systems 2016


18


Class

Control(s) Post –

Class


navigation

1X10-6

Handbrake

linkage

Loss of

navigation

1X10-6

Foot pedal Loss of

navigation

1X10-6


navigation

1X10-6


navigation

1X10-6


Target 6X10-5

Analysis

1. Auto-brake

2. Airbag

© BAE Systems 2016


19

In Summary

• Stakeholder Engagement

• Customers Capability

• Safety Goals

• Safety Roles

• Failure Modes & Relationship

• Identify Probabilities

• Manage Risks

Thank you Contact: [email protected]

Website: www.profibusgroup.com

Acceptably

SAFE

© BAE Systems 2016

mailto:[email protected]

Date post:	13-Apr-2017
Category:	Engineering
Upload:	profibus-and-profinet-internationai-pi-uk
View:	359 times
Download:	2 times