[SystemSafety] HFT and systematic capability in IEC 61508 and IEC 61511

Matthew Squair mattsquair at gmail.com
Wed Sep 11 10:10:33 CEST 2013


Is a 'second <independent> systemic fault'  implied in the requirement? If
not it doesn't really make sense I think

On Tuesday, 10 September 2013, RICQUE Bertrand (SAGEM DEFENSE SECURITE)
wrote:

> Dear all,****
>
> ** **
>
> I want to submit here an issue on clause 11.5.2.5 of IEC61511 that states:
> ****
>
> ** **
>
> “For a device that has been assessed as having SC N based on compliance
> with requirements within IEC 61508, where a systematic fault of that device
> does not cause a failure of the specified SIF but does so only in
> combination with a second systematic fault of another device that has been
> assessed as having SC N, then the combination of the two devices can be
> treated as having SC (N + 1) ....”****
>
> ** **
>
> If I understand well the clause, from a propositional logic point of view,
> it can be rephrased:****
>
> ** **
>
> IF [A(SCn) and B(SCn) and HFT(A,B)=1] then AB(SCn+1)****
>
> ** **
>
> This clearly interlocks the systematic capability property of devices, as
> well as of sub-assemblies (not to say subsystems) with the property of HFT
> (of sub-assemblies obviously) and rises IMHO some questions about the
> consequences of such an interlocking.****
>
> ** **
>
> The first one is raised by the fact that HFT is related to the function of
> an assembly of devices, and thus is not a fixed definition (same issue as
> unstable sub-system definition). What happens in a 2oo3 arrangement for
> instance ?****
>
> ** **
>
> The second one is related to the HFT itself. Does the used in the above
> equation is the same that the HFT of clause 11.4.5. In other words you
> build and architecture for SCn+1, but you have only A(SCn) and HFT=0 so you
> add B(SCn) so that you can claim AB(SCn+1) as requested. But does  the fact
> of having two SCn equipment (satisfying thus SCn+1 requirement), satisfies
> also the HFT requirement of clause 11.4.5 (1 for example).****
>
> ** **
>
> If yes, it means that we have this table:****
>
> ** **
>
> SIL                                          1
> 2(low demand)                2
> 3                             4****
>
> HFT                                        0
> 0                                             1
> 1                             2****
>
> Usual design                      SC1
> SC2                                        SC2+SC2
> SC3+SC3              SC4+SC4+SC4****
>
> Clause 11.5.2.5                 SC1
> SC1+SC1                              SC1+SC1
> SC2+SC2              SC3+SC3+SC3****
>
> ** **
>
> The consequence of clause of 11.5.2.5 is to make strictly equivalent a
> "subsystem" made of SCn devices and a subsystem made of SCn+1 devices. This
> undermines totally the combined expected efficiency of HFT AND SC as if SC
> was no more important.****
>
> ** **
>
> What is then the purpose of buying “SC3” equipments for SIL 3 when you
> have the same result with “SC2” ?****
>
> ** **
>
> Shouldn't the two properties be decorrelated?****
>
> ** **
>
> Souldn't a requirement be added to compensate (for instance say that for
> clause 11.5.2.5 require HFT +1 on the top of clause 11.4.5).****
>
> ** **
>
> Wouldn’t a mandatory diversity be a solution ?****
>
> ** **
>
> *Bertrand RICQUE*****
>
> Program Manager, Optronics and Defense Division****
>
>  ****
>
> *T* +33 (0)1 58 11 96 82****
>
> *M* +33 (0)6 87 47 84 64****
>
> 23 avenue Carnot ****
>
> 91300 MASSY - FRANCE ****
>
> *http://www.sagem-ds.com*
>
> * *
>
> [image: Description : cid:image002.jpg at 01CCD767.029CDE20] ****
>
> ** **
>
> #
> " Ce courriel et les documents qui lui sont joints peuvent contenir des
> informations confidentielles ou ayant un caractère privé. S'ils ne vous
> sont pas destinés, nous vous signalons qu'il est strictement interdit de
> les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce
> soit le contenu. Si ce message vous a été transmis par erreur, merci d'en
> informer l'expéditeur et de supprimer immédiatement de votre système
> informatique ce courriel ainsi que tous les documents qui y sont attachés."
> ******
> " This e-mail and any attached documents may contain confidential or
> proprietary information. If you are not the intended recipient, you are
> notified that any dissemination, copying of this e-mail and any attachments
> thereto or use of their contents by any means whatsoever is strictly
> prohibited. If you have received this e-mail in error, please advise the
> sender immediately and delete this e-mail and all attached documents from
> your computer system."
> #
>


-- 
Matthew Squair
MIEAust CPEng
www.criticaluncertainties.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130911/3a1d529a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1835 bytes
Desc: not available
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130911/3a1d529a/attachment.jpg>


More information about the systemsafety mailing list