BS EN 61508-6:2010
$215.11
Functional safety of electrical/electronic/ programmable electronic safety related systems – Guidelines on the application of IEC 61508-2 and IEC 61508-3
| Published By | Publication Date | Number of Pages |
| BSI | 2010 | 116 |
IEC 61508-6:2010 contains information and guidelines on IEC 61508-2 and IEC 61508 3. Annex A gives a brief overview of the requirements of IEC 61508-2 and IEC 61508-3 and sets out the functional steps in their application. Annex B gives an example technique for calculating the probabilities of hardware failure and should be read in conjunction with 7.4.3 and Annex C of IEC 61508-2 and Annex D. Annex C gives a worked example of calculating diagnostic coverage and should be read in conjunction with Annex C of IEC 61508-2. Annex D gives a methodology for quantifying the effect of hardware-related common cause failures on the probability of failure. Annex E gives worked examples of the application of the software safety integrity tables specified in Annex A of IEC 61508-3 for safety integrity levels 2 and 3. This second edition cancels and replaces the first edition published in 1998. This edition constitutes a technical revision. It has been subject to a thorough review and incorporates many comments received at the various revision stages. NEW! Also available: /2, containing all parts, together with a commented Redline version. Changes made in this 2nd edition are highlighted and commented by a leading world expert. This publication is of high relevance for Smart Grid.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 6 | English CONTENTS |
| 10 | INTRODUCTION |
| 12 | 1 Scope |
| 13 | Figures Figure 1 – Overall framework of the IEC 61508 series |
| 14 | 2 Normative references 3 Definitions and abbreviations |
| 15 | Annex A (informative) Application of IEC 61508-2 and of IEC 61508-3 |
| 19 | Figure A.1 – Application of IEC 61508-2 |
| 20 | Figure A.2 – Application of IEC 61508-2 (Figure A.1 continued) |
| 22 | Figure A.3 – Application of IEC 61508-3 |
| 23 | Annex B (informative) Example of technique for evaluating probabilities of hardware failure |
| 24 | Figure B.1 – Reliability Block Diagram of a whole safety loop |
| 28 | Figure B.2 – Example configuration for two sensor channels |
| 29 | Tables Table B.1 – Terms and their ranges used in this annex (applies to 1oo1, 1oo2, 2oo2, 1oo2D, 1oo3 and 2oo3) |
| 31 | Figure B.3 – Subsystem structure |
| 32 | Figure B.4 – 1oo1 physical block diagram |
| 33 | Figure B.5 – 1oo1 reliability block diagram |
| 34 | Figure B.6 – 1oo2 physical block diagram Figure B.7 – 1oo2 reliability block diagram |
| 35 | Figure B.8 – 2oo2 physical block diagram Figure B.9 – 2oo2 reliability block diagram Figure B.10 – 1oo2D physical block diagram |
| 36 | Figure B.11 – 1oo2D reliability block diagram Figure B.12 – 2oo3 physical block diagram |
| 37 | Figure B.13 – 2oo3 reliability block diagram |
| 38 | Table B.2 – Average probability of failure on demand for a proof test interval of six months and a mean time to restoration of 8 h |
| 39 | Table B.3 – Average probability of failure on demand for a proof test interval of one year and mean time to restoration of 8 h |
| 40 | Table B.4 – Average probability of failure on demand for a proof test interval of two years and a mean time to restoration of 8 h |
| 41 | Table B.5 – Average probability of failure on demand for a proof test interval of ten years and a mean time to restoration of 8 h |
| 42 | Figure B.14 – Architecture of an example for low demand mode of operation Table B.6 – Average probability of failure on demand for the sensor subsystem in the example for low demand mode of operation (one year proof test interval and 8 h MTTR) |
| 43 | Table B.7 – Average probability of failure on demand for the logic subsystem in the example for low demand mode of operation (one year proof test interval and 8 h MTTR) Table B.8 – Average probability of failure on demand for the final element subsystem in the example for low demand mode of operation (one year proof test interval and 8 h MTTR) |
| 44 | Table B.9 – Example for a non-perfect proof test |
| 47 | Table B.10 – Average frequency of a dangerous failure (in high demand or continuous mode of operation) for a proof test interval of one month and a mean time to restoration of 8 h |
| 48 | Table B.11 – Average frequency of a dangerous failure (in high demand or continuous mode of operation) for a proof test interval of three month and a mean time to restoration of 8 h |
| 49 | Table B.12 – Average frequency of a dangerous failure (in high demand or continuous mode of operation) for a proof test interval of six month and a mean time to restoration of 8 h |
| 50 | Table B.13 – Average frequency of a dangerous failure (in high demand or continuous mode of operation) for a proof test interval of one year and a mean time to restoration of 8 h |
| 51 | Figure B.15 – Architecture of an example for high demand or continuous mode of operation Table B.14 – Average frequency of a dangerous failure for the sensor subsystem in the example for high demand or continuous mode of operation (six month proof test interval and 8 h MTTR) |
| 52 | Table B.15 – Average frequency of a dangerous failure for the logic subsystem in the example for high demand or continuous mode of operation (six month proof test interval and 8 h MTTR) Table B.16 – Average frequency of a dangerous failure for the final element subsystem in the example for high demand or continuous mode of operation (six month proof test interval and 8 h MTTR) |
| 53 | Figure B.16 – Reliability block diagram of a simple whole loop with sensors organised into 2oo3 logic |
| 54 | Figure B.17 – Simple fault tree equivalent to the reliability block diagram presented on Figure B.1 Figure B.18 – Equivalence fault tree / reliability block diagram |
| 56 | Figure B.19 – Instantaneous unavailability U(t) of single periodically tested components |
| 57 | Figure B.20 – Principle of PFDavg calculations when using fault trees |
| 58 | Figure B.21 – Effect of staggering the tests Figure B.22 – Example of complex testing pattern |
| 60 | Figure B.23 – Markov graph modelling the behaviour of a two component system |
| 61 | Figure B.24 – Principle of the multiphase Markovian modelling |
| 62 | Figure B.25 – Saw-tooth curve obtained by multiphase Markovian approach Figure B.26 – Approximated Markovian model |
| 63 | Figure B.27 – Impact of failures due to the demand itself Figure B.28 – Modelling of the impact of test duration |
| 64 | Figure B.29 – Multiphase Markovian model with both DD and DU failures |
| 65 | Figure B.30 – Changing logic (2oo3 to 1oo2) instead of repairing first failure Figure B.31 – “Reliability” Markov graphs with an absorbing state |
| 67 | Figure B.32 – “Availability” Markov graphs without absorbing states |
| 68 | Figure B.33 – Petri net for modelling a single periodically tested component |
| 71 | Figure B.34 – Petri net to model common cause failure and repair resources |
| 72 | Figure B.35 – Using reliability block diagrams to build Petri net and auxiliary Petri net for PFD and PFH calculations |
| 73 | Figure B.36 – Simple Petri net for a single component with revealed failures and repairs |
| 74 | Figure B.37 – Example of functional and dysfunctional modelling with a formal language |
| 75 | Figure B.38 – Uncertainty propagation principle |
| 78 | Annex C (informative) Calculation of diagnostic coverage and safe failure fraction – worked example |
| 80 | Table C.1 – Example calculations for diagnostic coverage and safe failure fraction |
| 81 | Table C.2 – Diagnostic coverage and effectiveness for different elements |
| 82 | Annex D (informative) A methodology for quantifying the effect of hardware-related common cause failures in E/E/PE systems |
| 84 | Figure D.1 – Relationship of common cause failures to the failures of individual channels |
| 90 | Table D.1 – Scoring programmable electronics or sensors/final elements |
| 91 | Table D.2 – Value of Z – programmable electronics Table D.3 – Value of Z – sensors or final elements |
| 92 | Table D.4 – Calculation of βint or βD int |
| 93 | Table D.5 – Calculation of β for systems with levels of redundancy greater than 1oo2 |
| 94 | Table D.6 – Example values for programmable electronics |
| 95 | Figure D.2 – Implementing shock model with fault trees |
| 97 | Annex E (informative) Example applications of software safety integrity tables of IEC 61508-3 |
| 98 | Table E.1 – Software safety requirements specification |
| 99 | Table E.2 – Software design and development – software architecture design |
| 100 | Table E.3 – Software design and development – support tools and programming language |
| 101 | Table E.4 – Software design and development – detailed design |
| 102 | Table E.5 – Software design and development – software module testing and integration Table E.6 – Programmable electronics integration (hardware and software) |
| 103 | Table E.7 – Software aspects of system safety validation Table E.8 – Software modification |
| 104 | Table E.9 – Software verification Table E.10 – Functional safety assessment |
| 106 | Table E.11 – Software safety requirements specification Table E.12 – Software design and development – software architecture design |
| 107 | Table E.13 – Software design and development – support tools and programming language |
| 108 | Table E.14 – Software design and development – detailed design Table E.15 – Software design and development – software module testing and integration |
| 109 | Table E.16 – Programmable electronics integration (hardware and software) |
| 110 | Table E.17 – Software aspects of system safety validation Table E.18 – Modification |
| 111 | Table E.19 – Software verification Table E.20 – Functional safety assessment |
| 112 | Bibliography |
