Professional Documents
Culture Documents
Introduction
William Goble
William Goble has over 30 years of professional experience. His areas of expertise include safety and high availability automation systems, automation probabilistic analysis, new product development and market analysis. He developed many of the techniques used for probabilistic evaluation of safety and high availability automation systems. He was formerly Director, Critical Systems at Moore Products where job duties included marketing, design and development and engineering project management. He has written three books on topics of safety and reliability modeling. He is a fellow member of ISA. He has published many papers and magazine articles. Dr. Goble has a BSEE from Penn State, a MSEE from Villanova and a PhD from Eindhoven University of Technology in Eindhoven, Netherlands.
Safety Certification
ANSI/ISA 84.01-2004
IEC 61511
IEC 61508 Parts 1,2,4
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006
ISA S84.01-1996 Published
Year
Is your company implementing or planning on implementing the ISA 84.01 Functional Safety Standard?
Alternative for safety integrity justification IEC 61508 Full Certification The end result of the certification process is a certificate listing the SIL level for which a product is qualified and the standards that were used for the certification. A good certification assessment will demonstrate high design quality for hardware, software and high manufacturing quality. A good certification assessment will check to see that proper end user documentation is provided The Safety Manual
15 10 5 0
0' 2 96 97 98 99 00 01 03 04 05 06 20 19 19 19 19 20 20 20 20 20 20 20 07
4. Product - Meet design process requirements for target SIL, systematic fault avoidance
5. Produce Safety Manual for User
Hardware Analysis
Based of warranty data analysis or field failure data analysis Industry
Product Database COMPONENT DATABASE Product Product Failure Modes Diagnostic Coverage Failure Mode Distribution Compare
Draft Component s
FMEDA
An FMEDA is an analysis technique used in IEC 61508 Certification. It is a detailed, systematic review of the design looking at every part in the design.
Copyright exida 2001..2008
What are the results of the FMEDA ? Failure Rates: lS (Failure rate of all safe failures)
lSD (Failure rate of all safe detected failures) lSU (Failure rate of all safe undetected failures)
lD (Failure rate of all dangerous failures) lDD (Failure rate of all dangerous detected failures) lDU (Failure rate of all dangerous undetected failures)
Calculation of SFF
Assessment Plan
Complete Safety Case Checklist
Application Safety Requirements Milestones Role allocation + Competence System FMEA Partitioning + Safety Criticality Software + IC On-Chip Redundancy Physical & Logical Independence Common Cause Requirements Tracking FMEDA & Fault Insertion Tests Test Specification Safety Manual Implementation of procedures Competence
Experience
Design Quality? Does everyone pass? NO a majority fail initial audits
Hardware A transmitter has shipped over 25,000 units and has been shipping for nearly 5 years. The FMEDA analysis quickly showed that when the microprocessor clock stops, the 4 20 mA output freezes! Hardware A valve has been shipping for nearly two years. The tool verification check showed that mechanical tolerances were incorrectly translated by a CAD tool revision such that the valve would bind at high temperatures! Hardware A transmitter has shipped over 200,000 units and has been shipping for nearly 3 years. A Fault Injection Test showed that diagnostics simply did nothing. Component failures in the transmitter could cause drifting outputs and this situation would not be revealed. Hardware A valve manufacturer has been making a particular ball valve design for thirty years. The product is clearly field proven. A purchasing agent changed vendors on a critical part. The new part was not quite the same material and many field failures resulted. IEC 61508 requires that the design specify exact parts with a qualification procedure needed for all changes including a new vendor.
Experience
Design Quality? Does everyone pass? NO a majority fail initial audits
Software a major transmitter supplier created a strong IEC 61508 complaint software process. It was to be used ONLY on SIL products as the documentation and testing BURDEN were so high. After experiencing fewer problems at final test and fewer field problems the IEC 61508 design process is being used for all software. Software the computing power and operating systems inside a transmitter of today is clearly comparable to the DCS Main Processor of 1990. Field instruments today are sophisticated and complicated.
Valves
19
21
Read more about Functional Safety ISA and others have several best sellers for automation safety and reliability
Questions?