From the
Desk of
Sandeep
Patalay
CENELEC Standard: Faults and Effects
Effects of single faults
It is necessary to ensure that the
system/sub-system/equipment meets its THR in the event of single random fault.
It is necessary to ensure that SIL 3 and SIL 4 systems remain safe in the event
of any kind of single random hardware fault which is recognized as possible.
Faults whose effects have been demonstrated to be negligible may be ignored.
This principle, which is known as fail-safety, can be achieved in several different
ways:
1) Composite fail-safety
With this technique, each safety-related function is
performed by at least two items. Each of these items shall be independent from
all others, to avoid common-cause failures. Non-restrictive activities are
allowed to progress only if the necessary number of items agree. A hazardous
fault in one item shall be detected and negated in sufficient time to avoid a
co-incident fault in a second item.
2) Reactive fail-safety
This technique allows a safety-related function to be
performed by a single item, provided its safe operation is assured by rapid
detection and negation of any hazardous fault (for example, by encoding, by
multiple computation and comparison, or by continual testing). Although only
one item performs the actual safety-related function, the
checking/testing/detection function shall be regarded as a second item, which
shall be independent to avoid common-cause failures.
3) Inherent fail-safety
This technique allows a safety-related function to be
performed by a single item, provided all the credible failure modes of the item
are non-hazardous. Any failure mode which is claimed to be incredible (for
example, because of inherent physical properties) shall be justified using the
procedure defined in Annex C. Inherent fail-safety may also be used for certain
functions within Composite and Reactive fail-safe systems, for example to
ensure independence between items, or to enforce shut-down if a hazardous fault
is detected.
Whichever technique or combination of techniques is used,
assurance that no single random hardware component failure mode is hazardous
shall be demonstrated using appropriate structured analysis methods. The
component failure modes to be considered in the analysis shall be identified
using the procedures defined in Annex C.
In systems containing more than one item whose
simultaneous malfunction could be hazardous, independence between items is a
mandatory precondition for safety concerning single faults. Appropriate rules
or guidelines shall be fulfilled to ensure this independence. The measures
taken shall be effective for the whole life-cycle of the system. In addition,
the system/sub-system design shall be arranged to minimize potentially
hazardous consequences of loss-of-independence caused by, for example, a
Systematic design fault, if it could exist.
Detection of
single faults
A first fault (single fault) which could be hazardous,
either alone or if combined with a second fault, shall be detected and a safe
state enforced (i.e.: negated) in a time sufficiently short to fulfill the
specified quantified safety target. Demonstration of this shall be achieved by
a combination of Failure Modes and Effects Analysis (FMEA) and quantified
assessment of Random Failure Integrity.
In the case of Composite fail-safety, this requirement
means that a first fault shall be detected, and a safe state enforced, in a
time sufficiently short to ensure that the risk of a second fault occurring
during the detection-plus-negation time is smaller than the specified
probabilistic target. In the case of Reactive fail-safety, this requirement
means that the maximum total time taken for detection-plus-negation shall not
exceed the specified limit for the duration of a transient, potentially hazardous,
condition.
Effects of multiple faults
A multiple fault (for example, a double or triple fault)
which could be hazardous, either directly or if combined with a further fault,
shall be detected and a safe state enforced (i.e.: negated) in a time sufficiently
short to fulfill the specified safety target. A suitable method, for example
Fault Tree Analysis (FTA), shall be used to demonstrate the effects of multiple
faults. The techniques used to achieve detection-plus-negation of multiple
faults within the permitted time shall be shown, including supporting
calculations.
Metronet Credit Solution is the best in terms of credit repair. I had many negative items on my credit report that were holding me back. I had late payments, inquiries collections, charge-offs and card debts which I had totally paid off and I am not sure of the others but they were all 3 years old. I filed bankruptcy a year ago and settled all of these. I was so surprised when I found out they were still on my reports. I recently got referred by my sister to hire Metronet via (METRONETCREDITSOLUTION at GMAIL dot COM) which I did and he helped me fix my credit report. I’m recommending him for anyone in need of credit repair. He is just the best.
ReplyDeleteI had built my credit score painstakingly over the past 3years with intention of getting a home loan by January 2023. My credit went down drastically when I went through a repossession which dropped my credit by almost 97pts; different negative items began to creep in. With my dream shattered I sought for help everywhere, and came across METRONET CREDIT SOLUTION. I contacted them after a careful review about their jobs. They helped boost my credit score across board to an excellent credit fix. I have been pre-approved for a home loan. You can reach them via customer service on WHATSAPP: +16265140620 or EMAIL: METRONETCREDITSOLUTION at GMAIL dot COM.
ReplyDeleteAre you in great need of credit rebuild? In order to get better rates/ low interest loans. I strongly recommend JERRYLINK CREDIT GROUP. They are top notch in terms of credit fix. They helped me delete negative items on my report, and my score rose to excellent. They can be reached via mail: jerrylinkgroup@gmail.com
ReplyDelete