Safety Assessment: Safety Integrity Levels ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University September 2011
Safety Assessment Find hazards that may lead to incidents or mishaps, analyze their relations, and estimate their consequences. May involve probabilistic reasoning (Reliability Engineering). Is PFH < 10-6 per hour (h-1 ) ?
Process & Documents
System Analysis and Definition
Model the context Hazards! Problem domain: That part of a context that is administrated, monitored, or controlled by a system Application domain: The organization that administrates, monitors, or controls a problem domain Hazards!
System Definition (FACTOR) Functionality: The system functions that support the application-domain tasks. Application domain: Those parts of an organization that administrate, monitor, or control a problem domain. Conditions: The conditions under which the system will be developed and used. Technology: Both the technology used to develop the system and the technology on which the system will run. Objects: The main objects in the problem domain. Responsibility: The system’s overall responsibility in relation to its context.
Determining the Hazards and risks
Hazard Determination HAZOP (hazard and operability) -study
Determine Event Sequences Fault Trees Primary Events: Basic event – fault in atomic component Undeveloped Event – fault in composite component (may be analyzed later) External event – expected event from environment Intermediate event: Nodes inside a fault-tree
Fault Tree - Gates ... ... condition Inhibit gate
Determining the SIL
Methods ALARP (As Low As Resonably Possibble) with Quantitative method (Appendix C, D) Risk Graphs (Appendix E) LOPA (Layer of Protection Analysis) (Appendix F) Hazardous Event Severity Matrix (Appendix G)
ALARP – Frequency and Consequence
C a weight of the consequence, eg on a scale [0,1]. ALARP – to SIL C a weight of the consequence, eg on a scale [0,1]. Fnp frequency in h-1 or y-1. Fp (Ft) tolerable frequency = PFHavg Fnp
Risk Graphs - SIL
Data for Risk Graph