diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index 75b4003..ed45d8f 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -28,16 +28,15 @@ The four main current FMEA variants are described and we develop %conclude by d the concepts that underlie the usage and philosophy of FMEA. % -We return to the overall process of FMEA -and model it using UML. +We return to the overall process of FMEA and model it using UML. % -By using UML %we define -relationships between the FMEA data objects -are defined. % at the start of this chapter. +By using UML +the entities needed to implement FMEA +are defined. % The act of defining relationships between the data objects -in FMEA raise questions about the nature of the process +in FMEA raises questions about the nature of the process and allows us to analytically discuss its strengths and weaknesses. @@ -1222,6 +1221,14 @@ FMEDA is a modern extension of FMEA, in that it recognises the effect of self checking features on safety, and provides detailed recommendations for computer/software architecture. % % +% +FMEDA is the fundamental methodology of the statistical (safety integrity level) +type standards (EN61508/IOC5108). +The end result of an EN61508 analysis is an % provides a statistical +overall `level~of~safety' known as a Safety Integrity level (SIL), for an installed system. +% +It has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest). +% These SIL levels are broadly linked to the concept of an acceptance of given probabilities of dangerous failures against time, as shown in table~\ref{tbl:sil_levels}. @@ -1229,24 +1236,14 @@ failures against time, as shown in table~\ref{tbl:sil_levels}. The philosophy behind this is that is recognised that no system can have a perfect safety integrity, but risk and criticality can be matched to acceptable, or realistic levels of risk. -% -FMEDA is the fundamental methodology of the statistical (safety integrity level) -type standards (EN61508/IOC5108). -The end result of an EN61508 analysis is an % provides a statistical -overall `level~of~safety' known as a Safety Integrity level (SIL), for a system. -% -It has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest). -% %There are currently four SIL `levels', one to four, with four being the highest level. % -It allows diagnostic mitigation for self checking circuitry. % - SIL levels are intended to classify the statistical safety of installed plant: salesmen’s terms such as a `SIL~3~sensor' or other `device' given a SIL level, are meaningless. % -SIL analysis is concerned with `safety~loops', not individual modules. +SIL analysis is concerned with `safety~loops', not individual modules, sensors, computing devices or actuators. % In control engineering terms, the safety~loop is the complete path from sensors to signal~processing to actuators for a given function @@ -1265,9 +1262,11 @@ In EN61508 terminology, a safety~loop is known as a Safety Instrumented Function % FMEDA requires %does force the analyst to consider all hardware components in a system -by requiring that an MTTF value is assigned for each base component failure~mode; +and requires that an MTTF value is assigned for each {\bc} {\fm}; the MTTF may be statistically mitigated (improved) -if it can be shown that self-checking will detect its failure modes. +if it can be shown that self-checking measures will not only detect it within the SIF, but +also react in a safe way. +That is that the SIF can recognise that it has a fault condition and can take appropriate action. % The MTTF value for each component {\fm} is denoted using the symbol `$\lambda$'. %