- Gabi Spencer on The importance of Process Hazard Analysis studies
- Ephraim Gasitene Phonela on The importance of Process Hazard Analysis studies
- Gabi Spencer on ESC’s TÜV Rheinland Cyber Security Training Program
- David Dewdney on ESC’s TÜV Rheinland Cyber Security Training Program
- David Balfour on Functional Safety (FS) for Technicians – Proposed CompEx modules
- May 2022
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- January 2020
- July 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- November 2018
- August 2018
- April 2018
- March 2018
- February 2018
- November 2017
- May 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- August 2015
- June 2015
- May 2015
- February 2015
- November 2014
- September 2014
- July 2014
- April 2014
Part 2 – Safety Critical Systems – A brief history of the development of guidelines and standards
This week ESC is sharing part 2 of the “Safety Critical Systems – A brief history of the development of guidelines and standards” paper which focus on the developments during 1980 – 1990s and the IEC 61508.
“Acknowledgments: In developing the paper, which is the basis of this blog, I was most grateful for the help given to me from the following people; Phil Bennett, Simon Brown, Brian Clarke, John Canning, Rainer Faller, Martin Goose, James Inge, Ken Simpson and David Ward”.
Safety Critical Systems – A brief history of the development of guidelines and standards
2. Developments during 1980 – 1990s
The period 1980 to the mid-1990s established many of the fundamental building blocks and principles for what is now referred to as the discipline of functional safety. It was a period of intense activity and cooperation amongst many different groups within the UK and other countries in Europe and internationally.
At the beginning of this period there was excessive caution in the adoption of programmable electronic elements for safety-related systems and a high level of uncertainty as to how such technology could be used for safety applications and gain acceptance from safety regulators.
At the end of that period there were much higher levels of confidence that reasonable solutions were available, albeit that for many specific areas of functional safety there were gaps that needed filling, and the filling of these gaps depended on professional judgement.
Some of the key building blocks established during the period 1980 to the mid-1990s are now embedded in accepted good practice and include:
- Effective management of functional safety
- A safety lifecycle approach that covered all relevant phases from initial concept until final decommissioning
- The concept of dangerous random hardware failures and dangerous systematic failures and the need to develop measures and techniques to combat both types of failure
- The concept of a Safety Integrity Level (SIL) for the specified Safety Function that was required to deal with dangerous systematic failures
- The concept of the Safety Function contains the specification for:
- the functionality of what must be achieved to prevent the hazardous event; and
- the safety integrity (i.e. SIL) necessary to achieve the required target risk
Note 1: during this period the distinction between a Safety Function and the Safety-Related System was not sufficiently distinguished. With hindsight, the adoption of a Safety Function was a significant building block in achieving functional safety.
- Quantified Target Failure Measures for a Safety Function having a specified SIL
- Competence of persons involved in any safety life-cycle activity that had to be formally addressed and justified
- The need for assurance measures for all safety life-cycle activities including Functional Safety Assessment, Functional Safety Audit, Verification and Validation. Such assurance measures are relevant to both hardware and software
Note 1: it is interesting to note that in the context of IEC 61508 the concept of a Safety Case was not built into the developing standard. To some degree the Safety Case concept was perceived as a “UK” concept (whether this be a fact or not that was the perception within the Working Group developing IEC 61508).
However, several UK industries developed and adapted the concept and the principles of the Safety Case to demonstrate their understanding and management of risks within their business.
Setting the Target Risk for a specified hazardous event was an essential parameter for the design activity. The concept of a Tolerable Risk within the UK facilitated a quantified approach to the Target Risk within the legal framework.
Also, the advent of quantified target failure measures (emerging in the drafts of IEC 61508) for the safety functions facilitated the verification of the design of a safety critical system based on quantified Target Risk criteria.
The use of quantified risk criteria was, and still is, a sensitive issue for many countries (e.g. A maximum risk of death of 1 in 10-3 per annum for workers in any industry was suggested.
- During this period both qualitative and quantitative risk targets were adopted even for consequences having life changing injuries
- The need to base the required safety performance of a safety critical system, in respect of a specific safety function, on all the risk reduction measures and risk parameters related to the specified hazardous event. Although individual elements of this concept existed prior to the application of programmable electronic systems, implementing such systems demanded a more rigorous systematic and holistic approach.
In the period 1980-1990 there were many initiatives and developments relating to the safe use of Programmable Electronic Systems (PESs) although initially the focus was on safety critical software rather than safety critical systems. Some of these initiatives and developments are summarised in Table A.1.
Note: Table A.1 is not intended to be an authoritative catalogue of initiatives and developments during the 1980 to the mid-1990s but provide a snapshot of some of the key issues that are considered of importance to the author and the activities associated with IEC 61508.
The 3rd and final part of the ‘Safety Critical Systems – A brief history of the development of guidelines and standards’ focuses on the standard IEC 61508, some of its key features and the standards influenced by, derived or based on IEC 61508.
If you have any questions or would like more information just leave a message below or contact us here.