Monday night third bash
This commit is contained in:
Robin Clark
parent
66fcffa97e
commit
e977502eb7
@ -346,15 +346,15 @@ The following gives an outline of the procedure.
|
||||
|
||||
|
||||
\subsubsection{Two statistical perspectives}
|
||||
he Statistical Analysis method is used from two perspectives,
|
||||
FMEDA is a statistical analysis methodology is used from one of two perspectives,
|
||||
Probability of Failure on Demand (PFD), and Probability of Failure
|
||||
in continuous Operation, Failure in Time (FIT).
|
||||
in continuous Operation, or Failure in Time (FIT).
|
||||
\paragraph{Failure in Time (FIT).} Continuous operation is measured in failures per billion ($10^9$) hours of operation.
|
||||
For a continuously running nuclear powerstation
|
||||
we would be interested in its operational FIT values.
|
||||
|
||||
\paragraph{Probability of Failure on Demand (PFD).} For instance with the anti-lock system on a automobile braking
|
||||
system, we would be interested in PFD.
|
||||
\paragraph{Probability of Failure on Demand (PFD).} For instance with an anti-lock system in
|
||||
automobile braking, we would be interested in PFD.
|
||||
That is to say the ratio of it failing
|
||||
to succeeding on demand.
|
||||
|
||||
@ -364,44 +364,47 @@ to succeeding on demand.
|
||||
The first stage is to apply FMEA to the SYSTEM.
|
||||
%
|
||||
Each component is analysed in terms of how its failure
|
||||
would affact the system.%
|
||||
would affect the system.
|
||||
Failure rates of individual components in the SYSTEM
|
||||
are calculated based on component type and
|
||||
environmental conditions.
|
||||
%
|
||||
Statistical data exists for most component types \cite{mil1992}.
|
||||
%
|
||||
This phase is typically implemented on a spreadsheet. Along with a components
|
||||
type, placing in the system, part number, environmental stress factors etc.
|
||||
This phase is typically implemented on a spreadsheet
|
||||
with rows representing each component. A typical component spreadshet row would
|
||||
comprise of
|
||||
component type, placing in the system, part number, environmental stress factors, MTTF etc.
|
||||
%will be a determination of whether the component failing will lead to a `safe'
|
||||
%or `unsafe' condition.
|
||||
|
||||
\paragraph{Overall SYSTEM failure rate.}
|
||||
Product failure rate is the sum of all component
|
||||
failure rates. This is the sum of safe and unsafe
|
||||
failures.
|
||||
The product failure rate is the sum of all component
|
||||
failure rates.
|
||||
%This is the sum of safe and unsafe
|
||||
%failures.
|
||||
|
||||
\paragraph{Self Diagnostics}
|
||||
We next evaluate the SYSTEMS’s self-diagnostic ability.
|
||||
We next evaluate the SYSTEM's self-diagnostic ability.
|
||||
|
||||
Each component’s failure modes and failure rate are now available.
|
||||
%Each component’s failure modes and failure rate are now available.
|
||||
Failure modes are now classified as safe or dangerous.
|
||||
This is done by taking a component failure mode and determining
|
||||
how it will react with any other components in the SYSTEM and taking a decision
|
||||
based on hueristics.
|
||||
how it may react with any other components in the SYSTEM, and taking a final decision
|
||||
based on hueristics or field data.
|
||||
Detectable failure probabilities are labelled `$\lambda_D$' (for
|
||||
dangerous) and `$\lambda_S$' (for safe) \cite{EN61508}.
|
||||
|
||||
\paragraph{Determine Detectable and Undetecable Failures}
|
||||
Each safe and dangerous failure mode is now
|
||||
determined as detectable or un-detectable by the SYSTEMS’s
|
||||
determined as detectable or un-detectable by the SYSTEM’s
|
||||
self checking features.
|
||||
%
|
||||
This gives us four failure mode classifications:
|
||||
This gives us four level failure mode classifications:
|
||||
Safe-Detected (SD), Safe-Undetected (SU), Dangerous-Detected (DD) or Dangerous-Undetected (DU),
|
||||
and the failure rate of each classification
|
||||
and the probablistic failure rate of each classification
|
||||
is represented by lambda variables
|
||||
($\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
|
||||
(i.e. $\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
|
||||
|
||||
Because some failure modes may not be discovered theoretically during the static
|
||||
analysis, the
|
||||
@ -409,11 +412,11 @@ analysis, the
|
||||
% and guess how it will affect an ENTIRE complex SYSTEM
|
||||
next step is to investigate using an actual working SYSTEM.
|
||||
|
||||
Failures are deliberately caused (by physical intervetion), and any new SYSTEM level
|
||||
Failures are deliberately caused (by physical intervention), and any new SYSTEM level
|
||||
failures are added to the model.
|
||||
Hueristics and MTTF failure rate for the components
|
||||
Hueristics and MTTF failure rates for the components
|
||||
are used to calculate probabilities for these new failure modes
|
||||
according to their saefty and detectability classifications (i.e.
|
||||
along with their safety and detectability classifications (i.e.
|
||||
$\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
|
||||
These new failures are added to the model.
|
||||
%SD, SU, DD, DU.
|
||||
@ -441,7 +444,7 @@ $$ SF = \frac{\Sigma\lambda_SD}{\Sigma\lambda_S} $$
|
||||
\paragraph{Safe Failure Fraction.}
|
||||
A key concept in FMEDA is Safe Failure Fraction (SFF).
|
||||
This is the ratio of safe and dangerous detected failures
|
||||
against the safe and dangerous failure probabilities.
|
||||
against all safe and dangerous failure probabilities.
|
||||
Again this is usually expressed as a percentage.
|
||||
|
||||
$$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$
|
||||
@ -476,20 +479,26 @@ have threshold bands beoming stricter for each level.
|
||||
Software techniques and constraints are
|
||||
also become stricter for each SIL level.
|
||||
|
||||
FMEDA uses MTFF and other statistical models to determine the probability of
|
||||
failures occurring, and provide an adaquate risk level.
|
||||
Thus FMEDA uses statistical methods to determine
|
||||
a safety level (SIL), typically used to meet an acceptable risk
|
||||
value, specified for the environment the SYSTEM must work in.
|
||||
|
||||
%the probability of
|
||||
%failures occurring, and provide an adaquate risk level.
|
||||
%
|
||||
%A component failure mode, given its MTTF
|
||||
%the probability of detecting the fault and its safety relevant validation time $\tau$,
|
||||
%contributes a simple risk factor that is summed
|
||||
%in to give a final risk result.
|
||||
%
|
||||
Thus a statistical
|
||||
Thus an FMEDA
|
||||
model can be implemented on a spreadsheet, where each component
|
||||
has a calculated risk, a fault detection time (if any), an estimated risk importance
|
||||
and other factors such as de-rating and environmental stress.
|
||||
With one component failure mode per row,
|
||||
all the statistical factors for SIL rating can be produced\footnote{A SIL rating will apply to an installed plant, i.e. A complete SYSTEM. SIL ratings for individual components or sub-systems are meaningless, and the nearest equivalent would be the FIT/PFD and SFF and diagnostic coverage figures}.
|
||||
all the statistical factors for SIL rating can be produced\footnote{A SIL rating will apply
|
||||
to an installed plant, i.e. A complete SYSTEM. SIL ratings for individual components or
|
||||
sub-systems are meaningless, and the nearest equivalent would be the FIT/PFD and SFF and diagnostic coverage figures.}.
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user