Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reliability targets in functional specifications

Published byPaul Harrington Modified over 6 years ago

Similar presentations

Presentation on theme: "Reliability targets in functional specifications"— Presentation transcript:

1 Reliability targets in functional specifications
Miriam Blumenschein

2 Overview Introduction
What is a functional specification? Why is this topic important? SIL, PIL or yet sth. else? Explanation of the guideline “how to define reliability targets in functional specifications” Purpose of the guideline Explanation of the guideline Example Discussion

3 1.1 What is a functional specification
VDI 2221: workflow development process At CERN/ at University Functional specification/ Requirement list What and for which purpose Contains all the requirements for a certain product Engineering specification/ Functional Specification How are the requirements fulfilled How are the requirements realized

4 1.2 Why is this topic important?
Common approach for reliability specifications doesn’t exist CERN guideline is needed What has been used so far? SIL PIL IEC 61508: Functional safety of electrical/ electronical/ programmable electronic safety related systems Extensive standard comprising 7 parts Not adapted to accelerators Certification required Confusion: Different standards It is referred to it in: CERN: Functional specification: safe machine parameters. 2009 CERN: CIBDS Functional Specification Filippini, R.: Dependability Analysis of a Safety Critical System: The LHC Beam Dumping System at CERN. Ph.D. Thesis, 2006 Todd, B.: A Beam Interlock System for CERN High Energy Accelerators. Ph.D. Thesis, 2006 Machine Protection System Lifecycle Examples: Kwiatkowski, M: Methods for the application of programmable logic devices in electronic protection systems for high energy particle accelerators. Ph.D. Thesis, Warsaw University of technology, 2013 SIL adapted to CERN

5 1.3 SIL, PIL or yet sth. else? Maciej Kwiatkowski: Machine protection system lifecycle General high level reliability chapter in functional specification System details are at that point not yet known SIL/ PIL concerns only safety and protection functions Example of high level reliability specification: LBDS: 1 asynchronous dump per beam per year

6 2.1 Purpose of the guideline
Reliability chapter in functional specifications Definition of the system’s failure modes and consequences Target values for future reliability studies Common approach for all systems at CERN, for machine protection systems and non machine protection systems No new standard, but a softer guideline in CERN language Short and easy to understand

7 «How to define reliability targets»
2.2 Ideas and Input Reliability workshop IMA Uni Stuttgart William Vigano Rüdiger Schmitt Maciej Kwiatkowski: Protection Integrity Level IEC 61508 Benjamin Todd Miriam Blumenschein Jan Uythoven Andrea Apollonio Guideline: «How to define reliability targets» FMEA + Carrot + Matrix Odei Rey

8 2.2 Overview Guideline “How to define reliability targets in functional specifications”
1 What are the system’s failure modes and effects? 2 Which risk matrix is suitable for the system? 3 4 Which risk is acceptable in the given context? What is the reliability target for each system FM? Unacceptable FM n FM 1 FM 2 Acceptable

9 2.2 Guideline “How to define reliability targets in functional specifications”
1 What are the system’s failure modes and effects? Title: What to do: Objective: System elements and system structure Structure tree of the system and the hierarchically higher system Block diagram containing the system, the system’s boundary and input and output variables Develop understanding of the system’s environment Graphical overview, show relationship of the blocks, determine the boundary, interfaces Functions and function structure Define the functions of the structure tree’s elements Entire understanding of the system in it’s environment Failure analysis Determine all potential failure modes within the system boundary + input and output Create a causal link of failure modes and their effects Become aware of the failure modes and their causal relationship

10 2.2 Guideline “How to define reliability targets in functional specifications”
Which risk matrix is suitable for the system? Title: What to do: Objective: Select one of the available risk matrixes if the consequences are comparable OR Adapt a risk matrix to the use case if no risk matrix is applicable Define a criterion or criteria which describe the risk Define reasonable categories of consequences in terms of the criterion or the criteria Define reasonable categories of frequencies Define risk in terms of consequence and probability Risk matrix

11 2.2 Guideline “How to define reliability targets in functional specifications”
3 Which risk is acceptable in the given context? Title: What to do: Objective: Zero risk can’t be reached. Which risk is deemed to be reasonable? Define the areas of acceptable and unacceptable risk Acceptable risk Unacceptable Acceptable

12 2.2 Guideline “How to define reliability targets in functional specifications”
4 What is the risk target for each system failure mode? Title: What to do: FR Define for each system failure mode the target position in the “acceptable risk area” The failure rate of a failure mode of the system corresponds to the combined failure rates of all subsystems which contribute to it Summarize all performed steps and the reasoning in a reliability specification System FM Risk target System sub-system sub-system sub-system FR FR FR FM n FM 1 FM 2

13 2.2 Example: central water heating system
1 What are the system’s failure modes and effects? Title: What to do: Objective: System elements and system structure Structure tree of the system, the hierarchically higher system Block diagram containing the system, the system boundary and input and output variables Develop understanding of the system’s environment Graphical overview, show relationship of the blocks, determine the boundary, interfaces Office Central water heating system Fuel Window Water Water heating Fan heat

14 2.2 Example: central water heating system
1 What are the system’s failure modes and effects? Title: What to do: Objective: Functions and function structure Define the functions of the structure tree’s elements Entire understanding of the system in it’s environment Office F1: Provide suitable work environment for human beings F2: Ensure safety of human beings and objects Central water heating system F1: Maintain temperature between 19 and 22 °C

15 2.2 Example: central water heating system
1 What are the system’s failure modes and effects? Title: What to do: Failure analysis Determine all potential failure modes within the system boundary + input and output Create a causal link of failure modes and their effects Office F1: Provide suitable work environment for human beings C 1: Unhealthy temperature F2: Ensure safety of human beings and objects C 2: Workplaces are destroyed C 3: Data and results are lost C 4: People are killed Central water heating system F: Maintain temperature between 19 and 22 °C FM1: Overcooling FM2: Overheating FM3: Water leaks FM4: Fire

16 2.2 Example: central water heating system
Which risk matrix is suitable for the system? Title: What to do: Adapt a risk matrix to the use case if no risk matrix is applicable Define a criterion or criteria which describe the risk Define reasonable categories of consequences in terms of the criterion or the criteria Define reasonable categories of frequencies Risk matrix Per year Catastrophic Major Moderate Low Negligible Repaircost [kCHF] 1000 100 10 1 0.1 Productivity [kCHF] Employees don’t work [months] infinite 12 0.5 0.25 Very frequent Frequent Probable Occasional Remote Improbable 0.01 Not credible 0.001

17 2.2 Example: central water heating system
3 Which risk is acceptable in the given context? Title: What to do: Objective: Define the areas of acceptable and unacceptable risk Acceptable risk Per year Catastrophic Major Moderate Low Negligible Repaircost [kCHF] 1000 100 10 1 0.1 Productivity [kCHF] Employees don’t work [months] infinite 12 0.5 0.25 Very frequent Frequent Probable Occasional Remote Improbable 0.01 Not credible 0.001

18 2.2 Example: central water heating system
4 What is the risk target for each system failure mode? Title: What to do: Define for each system failure mode the target position in the “acceptable risk area” Summarize all performed steps and the reasoning in a reliability specification Risk target System Risk target System Per year Catastrophic Major Moderate Low Negligible Repaircost [kCHF] 1000 100 10 1 0.1 Productivity [kCHF] Employees don’t work [months] infinite 12 0.5 0.25 Very frequent Frequent FM 2: FM 1 Probable Occasional Remote FM 3 Improbable 0.01 Not credible 0.001 FM 4

19 3. Discussion Is this guideline helpful? Does it make sense?
Has it the right format? What could be improved?

Download ppt "Reliability targets in functional specifications"

Similar presentations

Risk Management Introduction Risk Management Fundamentals

Risk Management Introduction Risk Management Fundamentals
6/6/2014 Risk Management for Medical Devices Safe and Effective Products Paul McDaniel ASQ CQM/OE Executive VP Operations and QA Sicel Technologies.

6/6/2014 Risk Management for Medical Devices Safe and Effective Products Paul McDaniel ASQ CQM/OE Executive VP Operations and QA Sicel Technologies.
IEC – IEC Presentation G.M. International s.r.l

IEC – IEC Presentation G.M. International s.r.l
Mahmut Ali GÖKÇEIndustrial Systems Engineering Lecture 2 System Identification ISE102 Spring 2007.

Mahmut Ali GÖKÇEIndustrial Systems Engineering Lecture 2 System Identification ISE102 Spring 2007.
Mechatronics and microprocessor. Outline Introduction System and design of system Control, measurement and feed back system Open and closed loop system.

Mechatronics and microprocessor. Outline Introduction System and design of system Control, measurement and feed back system Open and closed loop system.
Concept & architecture of the machine protection systems for FCC

Concept & architecture of the machine protection systems for FCC
1 Solution proposal Exam 19. Mai 2000 No help tools allowed.

1 Solution proposal Exam 19. Mai 2000 No help tools allowed.
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
1 Instructor: Vincent Duffy, Ph.D. Associate Professor of IE/ABE Lecture 20 – Safety Design Tues. April 10, 2007 IE 486 Work Analysis & Design II.

1 Instructor: Vincent Duffy, Ph.D. Associate Professor of IE/ABE Lecture 20 – Safety Design Tues. April 10, 2007 IE 486 Work Analysis & Design II.
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Lucas Phillips Anurag Nanajipuram FAILURE MODE AND EFFECT ANALYSIS.

Lucas Phillips Anurag Nanajipuram FAILURE MODE AND EFFECT ANALYSIS.
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.

Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
Chapter 11: Testing The dynamic verification of the behavior of a program on a finite set of test cases, suitable selected from the usually infinite execution.

Chapter 11: Testing The dynamic verification of the behavior of a program on a finite set of test cases, suitable selected from the usually infinite execution.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.

Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
The Re-engineering and Reuse of Software

The Re-engineering and Reuse of Software
Risk Analysis for Engineering Design J. M. McCarthy Fall 2003 Definitions Hazard Analysis Hazard Analysis Report Example for Mini Baja Nationally Recognized.

Risk Analysis for Engineering Design J. M. McCarthy Fall 2003 Definitions Hazard Analysis Hazard Analysis Report Example for Mini Baja Nationally Recognized.
Product Safety Consulting, Inc.© www.productsafetyinc.com Failure Mode and Effects Analysis - FMEA.

Product Safety Consulting, Inc.© Failure Mode and Effects Analysis - FMEA.
R.Schmidt Meeting CERN-IMA Stuttgart 21/09/2015 1 Agenda 15:20 Overview of activities in the domain of reliability at CERN, incl. overview of Stuttgart.

R.Schmidt Meeting CERN-IMA Stuttgart 21/09/ Agenda 15:20 Overview of activities in the domain of reliability at CERN, incl. overview of Stuttgart.
Essentials of Machine Safety Standards in Perspective.

Essentials of Machine Safety Standards in Perspective.
FAULT TREE ANALYSIS (FTA). QUANTITATIVE RISK ANALYSIS Some of the commonly used quantitative risk assessment methods are; 1.Fault tree analysis (FTA)

FAULT TREE ANALYSIS (FTA). QUANTITATIVE RISK ANALYSIS Some of the commonly used quantitative risk assessment methods are; 1.Fault tree analysis (FTA)

Similar presentations

Ads by Google