[SystemSafety] words you cannot use at GM

Rolle, Ingo ingo.rolle at vde.com
Thu May 22 15:28:22 CEST 2014 

for those of you who can understand some German, a link to some information about the new edition of IEC 61511: www.vde.com/61508, then at the right side

Ingo Rolle

-----Ursprüngliche Nachricht-----
Von: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] Im Auftrag von RICQUE Bertrand (SAGEM DEFENSE SECURITE)
Gesendet: Donnerstag, 22. Mai 2014 15:19
An: Maier, Thomas; Peter Bernard Ladkin; systemsafety at lists.techfak.uni-bielefeld.de
Betreff: Re: [SystemSafety] words you cannot use at GM

Hello Thomas,

1 - Your assumption about what is currently discussed within the frame of the revision of 61511 is right.

2 - I am not allowed to disclose working documents outside the working groups and the national committees. I find this stupid because I feel that it is a good thing to share the opinions of a maximum of persons, but dura lex sed lex.

3 - 61511:2003 is paradoxaly (but not surprisingly) now inconsistent with 61508:2010 and as you cannot apply 61511 without 61508, I just consider that between 2010 and the date 61511 edition 2 will be officialised there is a black hole. So I don't care anymore about 61511:2003.

4 - My understanding of what is currently pushed by our US colleagues with very shy opposition (if any) from our german and French colleagues (most of them end-users) is even more pessimistic than the example given by Peter as I even don't see the if then else !


Bertrand Ricque
Program Manager
Optronics and Defence Division
Sights Program
Mob : +33 6 87 47 84 64
Tel : +33 1 58 11 96 82
Bertrand.ricque at sagem.com



-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Maier, Thomas
Sent: Thursday, May 22, 2014 2:33 PM
To: Peter Bernard Ladkin; systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] words you cannot use at GM

As I am currently travelling too, I allow myself to also respond quickly at this point: the suggested implementation of the SIF referred to as "SF", whose safety integrity shall be SIL1, is not in compliance with SIL 1 per IEC 61511:2003.
I hear there are modiications underway in the emerging next edition, which may allow such an implementation. I have only informal & high-level information about this however, not enough to make any statement on compliance.
Before I find time for a more detailed answer, for which I also would need some further clarifications from your side,  I wpould like to ask Bertrand Rique, who appears to have detailed knowledge on both current and emerging editions of 61511, to provide his comment both regarding compliance with IEC 61511:2003 and the upcoming edition.

Med venlig hilsen / Best regards / Mit freundlichen Grüßen

Thomas Maier
E: Thomas.Maier at ul.com
T: +45 42 13 74 52


-----Oprindelig meddelelse-----
Fra: Peter Bernard Ladkin [mailto:ladkin at rvs.uni-bielefeld.de]
Sendt: 22. maj 2014 12:33
Til: Maier, Thomas; systemsafety at lists.techfak.uni-bielefeld.de
Emne: Re: SV: [SystemSafety] words you cannot use at GM



On 2014-05-21 10:14 , Maier, Thomas wrote:
> A correction regarding IEC 615011:
>
> That minimum failure rate per IEC 61511 is specified in Part 1 clause
> 8.2.2: “The dangerous failure rate of a BPCS (which does not conform 
> to IEC 61511) that places a demand on a protection layer shall not be assumed to be better than *10^-5 per hour*.”

I grant you that my point was badly expressed, a disadvantage of responding quickly while multitasking on the train. But there is no correction to be made. Bertrand's response to you is abstract but correct.

Let me be more concrete. Suppose you have a safety function SF with SIL 1, which functionality is also provided by the BPCS. The function the BPCS provides, call it BCPS-SF, is by definition not a safety function.

Suppose you implement code in your SIS which does the following.

* 1. Monitors the conditions under which SF should activate in the BCPS;
* 2. Monitors whether BCPS-SF executes successfully;
* 3. Contains SIS-Supplementary-SF, which executes SF.

Now, how reliable does this safety-related code SIS-Supplementary-SF have to be?

Here is the reasoning. The required safety function is SF. The executing code implementing SF is

SF: IF <conditions> THEN BPCS-SF ELSE SIS-Supplementary-SF

The safety-related code here consists of SIS-Supplementary-SF (BPCS-SF is not safety-related by definition). The function SF gets SIL 1. <conditions> is determined by code part 1 above; the test for ELSE by code part 2. Let's assume they are perfect. You may assume that the rate at which the THEN fails is at most 10^(-5), and you need 10^(-6) overall. So....

.... all you need to demonstrate concerning SIS-Supplementary-SF is 10^(-1) reliability. QED.

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de





This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

More information about the systemsafety mailing list