Submit Search
Upload
Embedded & ic - fs risk analysis
•
5 likes
•
2,032 views
Cefriel
Follow
La presentazione fatta da Enrico Silani
Read less
Read more
Education
Report
Share
Report
Share
1 of 32
Recommended
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
CISEC
S.steele functional safety ppt
S.steele functional safety ppt
Simon Steele
IEC 62061 introduction
IEC 62061 introduction
KoenLeekens
W09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-sils
Vo Quoc Hieu
Complying with New Functional Safety Standards
Complying with New Functional Safety Standards
Design World
Introduction to functional safety
Introduction to functional safety
Cefriel
Functional safety standards_for_machinery
Functional safety standards_for_machinery
ie-net ingenieursvereniging vzw
T89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachinery
Vo Quoc Hieu
More Related Content
What's hot
ISO 26262 introduction
ISO 26262 introduction
KoenLeekens
Tdoct0713a eng
Tdoct0713a eng
Vo Quoc Hieu
Shb900 rm001 -en-p
Shb900 rm001 -en-p
Vo Quoc Hieu
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
Bernhard Kaiser
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
Tonex
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
Vo Quoc Hieu
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
Bernhard Kaiser
TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architectures
Torben Haagh
Autonomous Industry Feedback
Autonomous Industry Feedback
amitgangwar2010
55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
Safety Instrumentation
Safety Instrumentation
Living Online
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
IEC 61511 introduction
IEC 61511 introduction
KoenLeekens
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
John Kingsley
Functional integrity certification exida
Functional integrity certification exida
KoenLeekens
Understanding sil
Understanding sil
rajesh kumar ramaswamy
ISO 26262 2nd Edition
ISO 26262 2nd Edition
Cedric Heller
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
Torben Haagh
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?
Embitel Technologies (I) PVT LTD
What's hot
(20)
ISO 26262 introduction
ISO 26262 introduction
Tdoct0713a eng
Tdoct0713a eng
Shb900 rm001 -en-p
Shb900 rm001 -en-p
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architectures
Autonomous Industry Feedback
Autonomous Industry Feedback
55419663 burner-management-system
55419663 burner-management-system
Safety Instrumentation
Safety Instrumentation
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
IEC 61511 introduction
IEC 61511 introduction
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Functional integrity certification exida
Functional integrity certification exida
Understanding sil
Understanding sil
ISO 26262 2nd Edition
ISO 26262 2nd Edition
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?
Similar to Embedded & ic - fs risk analysis
Sil explained in valve actuators
Sil explained in valve actuators
John Kingsley
Iec61508 guide
Iec61508 guide
ronnyalex2013
Abb technical guide no.10 revd
Abb technical guide no.10 revd
Cesar Enrique Gutierrez Candia
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
Kenji Taguchi
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL Certification
ISA Boston Section
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
Vincenzo De Florio
Sis training course_1
Sis training course_1
Gino Pascualli
Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.ppt
ssuserba01d94
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
InfinIT - Innovationsnetværket for it
Mynd company presentation
Mynd company presentation
Davide Enrico Arnoldi
Safety system
Safety system
jafarhosseini123
Vortrag LWS Schweiz
Vortrag LWS Schweiz
Michael Rumpler
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1
dnunez1984
Safety of machinery
Safety of machinery
Vo Quoc Hieu
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
IRJET Journal
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment
CISEC
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
Vincenzo De Florio
Vijeo citect quick start tutorial - part 1 ver d
Vijeo citect quick start tutorial - part 1 ver d
Abdul Budiman
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
evatjohnson
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
Intland Software GmbH
Similar to Embedded & ic - fs risk analysis
(20)
Sil explained in valve actuators
Sil explained in valve actuators
Iec61508 guide
Iec61508 guide
Abb technical guide no.10 revd
Abb technical guide no.10 revd
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL Certification
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
Sis training course_1
Sis training course_1
Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.ppt
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Functional Safety, high demand/low demand mode med fokus på de funktioner, so...
Mynd company presentation
Mynd company presentation
Safety system
Safety system
Vortrag LWS Schweiz
Vortrag LWS Schweiz
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery - Application of standard EN ISO 13849-1
Safety of machinery
Safety of machinery
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
Vijeo citect quick start tutorial - part 1 ver d
Vijeo citect quick start tutorial - part 1 ver d
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
More from Cefriel
How to assess Social Engineering 2.0 attacks using SDVAs. The experience of t...
How to assess Social Engineering 2.0 attacks using SDVAs. The experience of t...
Cefriel
Social media e istituzioni culturali
Social media e istituzioni culturali
Cefriel
BotDCAT-AP: An Extension of the DCAT Application Profile for Describing Datas...
BotDCAT-AP: An Extension of the DCAT Application Profile for Describing Datas...
Cefriel
Infrastrutture, piattaforme digitali e nuovi ecosistemi
Infrastrutture, piattaforme digitali e nuovi ecosistemi
Cefriel
Il ruolo delle API per lo sviluppo di nuovi Ecosistemi Digitali
Il ruolo delle API per lo sviluppo di nuovi Ecosistemi Digitali
Cefriel
Le politiche per l'innovazione
Le politiche per l'innovazione
Cefriel
Gamification e risk checklist applicati ai processi di identificazione e anal...
Gamification e risk checklist applicati ai processi di identificazione e anal...
Cefriel
Success and Impact in Innovation Programs
Success and Impact in Innovation Programs
Cefriel
Bridging the Gap between Research and Industrial Practice
Bridging the Gap between Research and Industrial Practice
Cefriel
Deployment and Enactment - CHOReVOLUTION
Deployment and Enactment - CHOReVOLUTION
Cefriel
Mobi health2016 - Driving forces shaping healthcare
Mobi health2016 - Driving forces shaping healthcare
Cefriel
Safer security day 2016
Safer security day 2016
Cefriel
La chiusura del cerchio
La chiusura del cerchio
Cefriel
Dai trend futuribili alle applicazioni concrete
Dai trend futuribili alle applicazioni concrete
Cefriel
Inno vision paper: digital media e istituzioni culturali
Inno vision paper: digital media e istituzioni culturali
Cefriel
DeepSec: Social driven vulnerability assessment
DeepSec: Social driven vulnerability assessment
Cefriel
CEFRIEL General meeting 2014
CEFRIEL General meeting 2014
Cefriel
Modelli e percorsi di Innovazione nelle imprese
Modelli e percorsi di Innovazione nelle imprese
Cefriel
Alto Apprendistato
Alto Apprendistato
Cefriel
IOE: Time to act
IOE: Time to act
Cefriel
More from Cefriel
(20)
How to assess Social Engineering 2.0 attacks using SDVAs. The experience of t...
How to assess Social Engineering 2.0 attacks using SDVAs. The experience of t...
Social media e istituzioni culturali
Social media e istituzioni culturali
BotDCAT-AP: An Extension of the DCAT Application Profile for Describing Datas...
BotDCAT-AP: An Extension of the DCAT Application Profile for Describing Datas...
Infrastrutture, piattaforme digitali e nuovi ecosistemi
Infrastrutture, piattaforme digitali e nuovi ecosistemi
Il ruolo delle API per lo sviluppo di nuovi Ecosistemi Digitali
Il ruolo delle API per lo sviluppo di nuovi Ecosistemi Digitali
Le politiche per l'innovazione
Le politiche per l'innovazione
Gamification e risk checklist applicati ai processi di identificazione e anal...
Gamification e risk checklist applicati ai processi di identificazione e anal...
Success and Impact in Innovation Programs
Success and Impact in Innovation Programs
Bridging the Gap between Research and Industrial Practice
Bridging the Gap between Research and Industrial Practice
Deployment and Enactment - CHOReVOLUTION
Deployment and Enactment - CHOReVOLUTION
Mobi health2016 - Driving forces shaping healthcare
Mobi health2016 - Driving forces shaping healthcare
Safer security day 2016
Safer security day 2016
La chiusura del cerchio
La chiusura del cerchio
Dai trend futuribili alle applicazioni concrete
Dai trend futuribili alle applicazioni concrete
Inno vision paper: digital media e istituzioni culturali
Inno vision paper: digital media e istituzioni culturali
DeepSec: Social driven vulnerability assessment
DeepSec: Social driven vulnerability assessment
CEFRIEL General meeting 2014
CEFRIEL General meeting 2014
Modelli e percorsi di Innovazione nelle imprese
Modelli e percorsi di Innovazione nelle imprese
Alto Apprendistato
Alto Apprendistato
IOE: Time to act
IOE: Time to act
Recently uploaded
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
Celine George
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
iammrhaywood
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
raviapr7
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
MYDA ANGELICA SUAN
Latin American Revolutions, c. 1789-1830
Latin American Revolutions, c. 1789-1830
Dave Phillips
General views of Histopathology and step
General views of Histopathology and step
obaje godwin sunday
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptx
SaurabhParmar42
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Katherine Villaluna
3.21.24 The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
mary850239
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
raviapr7
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
Dr. Santhosh Kumar. N
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
raviapr7
How to Print Employee Resume in the Odoo 17
How to Print Employee Resume in the Odoo 17
Celine George
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
Conquiztadors- the Quiz Society of Sri Venkateswara College
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17
Celine George
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
Celine George
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
EduSkills OECD
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
Conquiztadors- the Quiz Society of Sri Venkateswara College
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
MohonDas
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
Celine George
Recently uploaded
(20)
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
Latin American Revolutions, c. 1789-1830
Latin American Revolutions, c. 1789-1830
General views of Histopathology and step
General views of Histopathology and step
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
3.21.24 The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
How to Print Employee Resume in the Odoo 17
How to Print Employee Resume in the Odoo 17
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
Embedded & ic - fs risk analysis
1.
© CEFRIEL 2013;
FOR DISCUSSION PURPOSES ONLY: ANY OTHER USE OF THIS PRESENTATION- INCLUDING REPRODUCTION FOR PURPOSES OTHER THAN NOTED ABOVE, MODIFICATION OR DISTRIBUTION - WITHOUT THE PRIOR WRITTEN PERMISSION OF CEFRIEL IS PROHIBITED Functional Safety Hazard & Risk Analysis MILANO - April, 23rd 2013 Embedded - IC & Automation Fortronic
2.
This presentation was
prepared exclusively for the benefit and internal use of the customer and does not carry any right of publication or disclosure to any other party. No right to publish or distribute this document is neither expressly nor implicitly allowed to third party. The present original document was produced by CEFRIEL and no third party may claim any right or paternity on it. No part of this document may be reproduced. The entire document or part of it may not be used for any personal interest without any previous written authorization from CEFRIEL. © copyright CEFRIEL - Milan, Italy - 2013. All rights reserved in accordance with rule of law and international agreements. Disclaimer © copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
3.
CEFRIEL OVERVIEW December 2011 ©
copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
4.
Center of excellence
for research, innovation and education in What is CEFRIEL? Independent, super-partes and not-for-profit organization Information & Communication Technologies Established in 1988 © copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
5.
Bridging the gap
between industries and academia to boost innovation Our mission Research Innovation Market Delivery LowMediumMediumHighHighLow CEFRIEL Academic universities Industrial companies CEFRIEL Unique Value Proposition © copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
6.
Our activities Education Knowledge and
IP Sharing Innovation Knowledge and IP Application Research Knowledge and IP Creation © copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
7.
FUNCTIONAL SAFETY: (Brief)
Introduction December 2011 © copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
8.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Introduction to Functional Safety What is Functional Safety? What is Functional Safety about? • IEC 61508 Definition: • Safety is the freedom from unacceptable risk of physical injury or of damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment. • Risk is a combination of the probability of occurrence of harm and the severity of that harm. • Functional Safety is part of the overall safety that depends on a system or equipment operating correctly (i.e. perform a safety function) in response to its inputs. • Functional Safety is thus about achieving “absence of unreasonable risk due to hazards (potential source of harm) caused by malfunctioning behavior of the electrical/electronic/programmable electronic (E/E/PE) systems”. • Failures are the main impairment to safety: • Systematic Failures: failure related in a deterministic way to a certain cause that can only be eliminated by a change of the design or of the manufacturing process, operational procedures, documentation or other relevant factors ROBUST PROCESS • Random HW Failures: failure that can occur unpredictably during the lifetime of a hardware element and that follow a probability distribution ROBUST DESIGN April 23, 2013
9.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Functional Safety standards INDUSTRIAL AUTOMATION [IEC 61508] MEDICAL [IEC 60601, IEC 62304] PROCESS INDUSTRY [IEC 61511] TRANSPORTATION [EN 50126. EN 50128, EN 50129] MACHINERY [IEC 62061] NUCLEAR [IEC 61513, IEC 60880, IEC 60987, IEC 61226] AUTOMOTIVE [ISO 26262] Introduction to Functional Safety April 23, 2013
10.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Risk Reduction Introduction to Functional Safety • The risk emerging from the EUC (Equipment Under Control) is classified according to its tolerability • A risk is at a tolerable level, if the involved persons (the society) can accept it • Standards and rules describe methods to determine the limits of acceptance • If such a risk is not tolerable, it must be reduced by means of suitable measures (standards and rules describe measures to reduce risk to an accepted level): • E/E/PE measures • Other technology measures (e.g., mechanic, hydraulic, …) • External risk reduction measures or facilities (e.g., instructions, labels, safety fences, …) Rising Risk Necessary risk reduction Actual risk reduction Non tolerable riskResidual risk Tolerable risk Partial risk covered by other technology Partial risk covered by E/E/PE measures Partial risk covered by external measures Risk reduction achieved by all safety-related systems and external risk reduction facilities April 23, 2013
11.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Risk Reduction - Example Introduction to Functional Safety Rising RiskNecessary risk reduction Actual risk reduction Non tolerable riskResidual risk Tolerable risk Partial risk covered by other technology Partial risk covered by external measures Partial risk covered by other technology Partial risk covered by E/E/PE measures Partial risk covered by external measures Partial risk covered by E/E/PE measures Partial risk covered by external measures SYSTEM CONVENTIONAL BRAKE (mechanics, hydraulics) ELECTRO HYDRAULIC BRAKE (hydraulic backup) ELECTRO MECHANIC BRAKE (no hydraulic backup) April 23, 2013
12.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Safety Function vs Safety Integrity Introduction to Functional Safety • Key Concepts in IEC 61508 standard are RISK and SAFETY FUNCTION • Risk is a function of frequency (or likelihood) of the hazardous event and the event consequence severity • Risk is reduced to a tolerable level by applying safety function. • The SIL (Safety Integrity Level) is the measure of the “risk reduction level” of the Safety Function. SAFETY FUNCTION SAFETY INTEGRITY Function, which is intended to achieve or maintain a safe state for the equipment under control (EUC) in respect to a specific hazardous event. • Probability of a safety-related system satisfactorily performing the required safety function under all stated conditions within a stated period of time (process safety time) • Four Level of safety integrity (SIL 1 to 4) • Consider all causes of failures (random HW faults and systematic failures) which lead to an unsafe state SAFETY-RELATED SYSTEM Designated system that both: • Implements the required safety functions necessary to achieve and maintain a safe state for the EUC • Is intended to achieve, on its own or with other E/E/PE safety-related systems, other technology safety-related systems or external risk reduction facilities, the necessary safety integrity for the required safety functions April 23, 2013
13.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Safety Integrity Level Introduction to Functional Safety • According to IEC 61508: • The Safety Integrity Level describes the level for the required risk reduction • Scale with 4 levels (SIL 1 to SIL 4): SIL 1 = low, SIL 4 = high • Identification by approved measures (Risk analysis) • Derivation of requirements and measures for the risk reduction depending on the SIL • According to ISO 26262: • The Automotive Safety Integrity Level describes the level for the required risk reduction • Scale with 4 levels (ASIL A to ASIL D): SIL A = low, SIL D = high • Identification by the method proposed in the standard IEC 61508 ISO 26262 - QM SIL 1 ASIL A SIL 2 ASIL B SIL 3 ASIL C ASIL D SIL 4 April 23, 2013
14.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Development of Safety Function Introduction to Functional Safety • The development of Safety Functions requires the following main steps: • Identify and analyze the risks • Determine the tolerability of each risks • Determine the risk reduction necessary for each intolerable risk • Specify the safety requirements for each risk reduction, including their Safety Integrity Level • Design the Safety Functions to meet the safety requirements • Implement the safety functions • Validate the safety function • The safety lifecycle specifies all aspects related to the development process of safety related systems • Management of the process itself • Definition of system • Specification of the system and sub-systems • Documentation and configuration management • Architectural design • Hardware & software design • Hardware & software development • Test & validation planning • Operation, maintenance and decommissioning planning April 23, 2013
15.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Safety Lifecycle according to IEC 61508 Introduction to Functional Safety Concept Overall scope definition Hazard and risk analysis Overall safety requirements Safety requirements allocation Realisation E/E/PE Safety lifecycle Software safety lifecycle Overall operation and maintenance planning Overall safety validation planning Overall installation and commissioning planning Overall planning Overall installation and commissioning Overall safety validation Overall operation, maintenence and repair Decommissioning or disposal Overall modification and retrofit Safety related systems Other technology Realisation External risk reduction facilities Realisation 1 2 3 4 5 6 7 8 9 Safety related systems E/E/PE 10 11 12 13 14 16 15 April 23, 2013
16.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy April 29, 2013 Safety Lifecycle according to ISO 26262 Introduction to Functional Safety 2.5 Overall safety management 2.6 Safety management during item development 2.6 Safety management after release for production 1. Vocabulary 2. Management of functional safety 3. Concept phase 4. Product development: system level 5. Product development: hardware level 5. Product development: software level 7. Production and operation 8. Supporting processes 9. ASIL-oriented and safety-oriented analyses 10. Guidelins on ISO 26262 (Informative) 3.5 Item definition 3.6 Initiation of the safety lifecycle 3.7 Hazard analyses and risk assesment 3.8 Functional safety concept 5.5 Initiation of product development at hardware level 5.6 Specification of hardware safety requirements 5.8 Hardware architetcural metrics 5.7 Hardware design 5.9 Evaluation of violation of the safety goal due to hardware random failures 8.5 Interfaces within distributed developments 6.5 Initiation of product development at software level 6.6 Specification of software safety requirements 6.7 Software architectural design 6.8 Software unit design and implementation 6.9 Software unit testing 6.10 Software integration and testing 6.11 Verification of software safety requirements 7.5 Production 7.6 Operation, service and decommiissioning 4.5 Initiation of product development at systemlevel 4.6 Specification of the technical safety requirements 4.7 System design 4.8 System integration and testing 4.9 Safety validation 4.11 Release for production 4.10 Functioanl safety assesment 9.5 Requirement decomposition with respect to ASIL tailoring 9.6 Criteria for coexistence of elements 9.7 Analysis of dependent failures 9.9 Safety analyses 8.9 Verification 8.12 Qualification of software components 8.6 Specification & management of safety requirements 8.10 Documentation 8.13 Qualification of hardware components 8.7 Configuration management 8.11 Qualification of software tools 8.14 Proven in use argument 8.8 Change management
17.
FUNCTIONAL SAFETY: Hazard
& Risk Analysis December 2011 © copyright CEFRIEL 2013| All rights reserved | Milano, Italy April 23, 2013
18.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Hazard Analysis Hazard & Risk Analysis • In order to perform a risk assessment • The hazards (potential source of harm) of the EUC shall be determined systematically, as well as the event sequences leading to them • Techniques can be used for the extraction of hazards at system level: • Brainstorming • Checklists • Quality history • FMEA • Fault Tree Analysis (FTA) • Event Tree Analysis (ETA) • Product metrics • Field studies • For each identified hazard, risks shall be determined and assessed • If a risk is not tolerable, necessary risk reduction must be evaluated. April 23, 2013
19.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Risk Assessment Hazard & Risk Analysis • In order to determine the necessary level of risk reduction (expressed as SIL, ASIL, …) • Two reference risk levels must be estimated • The EUC risk associated with the Equipment Under Control • The level of risk considered tolerable • Risk assessment is the procedure to evaluate the EUC risk • Risk assessment can be summarized in answering the question: “How likely is the EUC to fail and if it does fail, what is the outcome?” Frequency x Consequence • The EUC risk must be assessed independently from the measures adopted to reduce it • The EUC risk must be assessed separately for each determined hazardous event • Risk assessment techniques can be • Qualitative: provides qualitative risk assessment (used mainly in early risk assessment phase) • Semi-quantitative (semi-qualitative): provides discrete risk "levels" • Quantitative: provides quantitative risk estimates based on formal mathematical models • Several techniques can be adopted • ALARP Model • Risk Graph / Calibrated Risk Graph • Hazardous Event Severity Matrix • Layer of protection analysis (LOPA) April 23, 2013
20.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy ALARP Model Hazard & Risk Analysis • According to this model, risks can be classified into three classes • The risk is so great that it cannot be justified in any ordinary circumstance • The risk is, or has been made, so small as to be insignificant • The risk falls between the two previous classes and has been reduced to the lowest practicable level • When the risk falls in the last class, then it must be reduced to a level which is "ALARP", i.e. • "As Low As Reasonably Practicable" Intolerable region ALARP region: Risk is undertaken only if a benefit is desired Broadly accepted region Risk cannot be accepted except in extraordinary circumstances Risk is tolerable only if further risk redusction is impracticable or disproportionate to the benefits obtained The more the risk is reduced, the less must be spent to reduce it further to satisfy ALARP Negligible risk April 23, 2013
21.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy ALARP Model Hazard & Risk Analysis • According to this model, risks can be classified into three classes • The risk is so great that it cannot be justified in any ordinary circumstance • The risk is, or has been made, so small as to be insignificant • The risk falls between the two previous classes and has been reduced to the lowest practicable level • When the risk falls in the last class, then it must be reduced to a level which is "ALARP", i.e. • "As Low As Reasonably Practicable" Intolerable region ALARP region: Risk is undertaken only if a benefit is desired Broadly accepted region Risk cannot be accepted except in extraordinary circumstances Risk is tolerable only if further risk redusction is impracticable or disproportionate to the benefits obtained The more the risk is reduced, the less must be spent to reduce it further to satisfy ALARP Negligible risk April 23, 2013
22.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy ALARP Model - Example Hazard & Risk Analysis As an example consider the following table where risk classes are – I (lowest risk), II, III, IV (highest risk) The interpretation of risk classes in terms of the ALARP model might be: Frequency Consequence Catastrophic Critical Marginal Negligible Frequent IV IV IV III Probable IV IV III II Occasional IV III II II Remote III II II I Improbable II II I I Incredible I I I I Risk class ALARP Interpretation I Negligible risk II Tolerable risk if the cost of risk reduction would exceed the improvement gained III Undesirable risk. Tolerable only if risk reduction is impracticable or if the costs are grossly disproportionate to the improvement gained. IV Intolerable risk April 23, 2013
23.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Risk Graph Method Hazard & Risk Analysis • The risk graph method is based on the following equation • R = function of f, C • Where • R is the risk with no safety-related systems in place • f is the frequency of the hazardous event with no safety-related systems in place • C is the consequence of the hazardous event • The frequency is in turn influenced by • Frequency and exposure time in the hazardous zone • Possibility of avoiding the hazardous event • Probability of the hazardous event taking place with no safety-related measures in place but with other risk reduction facilities (probability of unwanted occurrence) • This extends the number of parameters to be considered to four • C = Consequence of the hazardous event S = Severity • F = Frequency and exposure time in the hazardous zone E = Exposure • P = Possibility of failing to avoid the hazardous event C = Controllability • W = Probability of the unwanted occurrence --- ISO 26262 April 23, 2013
24.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Risk Graph Method - Example Hazard & Risk Analysis • The implementation of a risk graph requires • Defining values / levels for each parameter • Defining the relations between parameters and their levels • The values / levels of the parameters, expressed qualitatively or quantitatively as number, must be: • Justified on a rigorous and widely accepted basis • Agreed with all the parties involved Start CA CB CC CD FA FB FA FB FA FB PA PB PA PB PA PB PA PB X1 X2 X3 X4 X5 X6 a SIL 1 SIL 2 SIL 3 SIL 4 b a SIL 1 SIL 2 SIL 3 SIL 4 --- --- a SIL 1 SIL 2 SIL 3 W3 W2 W1 --- No safety requirements a No special safety requirements b Single E/E/PE system not sufficient Using different integrity scales, e.g. W1, W2 and W3 • Allows accounting explicitly for other risk reduction measures • From one scale to another there is an integrity level "shift" C: CA < CB < CC < CD F: FA < FB P: PA < PB W: WA < WB < WC April 23, 2013
25.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy HRA acc. to ISO 26262 - SEVERITY Hazard & Risk Analysis Class S0 S1 S2 S3 Reference for single injuries (from AIS scale) Maximum AIS 0 Damage that cannot be classified safety-related, e.g. bumps with roadside infrastructure Maximum AIS 1-2 more than 10% probability of AIS 1-6 (and not S2 or S3) Maximum AIS 3-4 more than 10% probability of AIS 3-6 (and not S3) Maximum AIS 5-6 more than 10% probability of AIS 5-6 AIS (Abbreviated Injury Scale): The AIS represents a classification of the severity of injuries and is issued by AAAM (Association for the Advancement of Automotive Medicine): • AIS 0: no injuries. • AIS 1: light injuries such as skin-deep wounds, muscle pains, whiplash etc. • AIS 2: moderate injuries such as deep flesh wounds, concussion with up to 15 minutes of unconsciousness, … • AIS 3: severe but not life-threatening injuries such as skull fractures without brain injury, spinal dislocations below the fourth cervical vertebra without damage to the spinal cord, … • AIS 4: severe injuries (life-threatening, survival probable) such as concussion with or without skull fractures with up to 12 hours of unconsciousness, paradoxical breathing. • AIS 5: critical injuries (life-threatening, survival uncertain) such as spinal fractures below the fourth cervical vertebra with damage to the spinal cord, more than 12 hours of unconsciousness including intracranial bleeding,… • AIS 6: extremely critical or fatal injuries such as fractures of the cervical vertebrae above the third cervical vertebra with damage to the spinal cord, extremely critical open wounds of body cavities (thoracic and abdominal cavities),… April 23, 2013
26.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy HRA acc. to ISO 26262 – SEVERITY (Informative examples) Hazard & Risk Analysis Class S0 S1 S2 S3 Informative examples • Pushing over roadside infrastructure • Light collision • Light grazing damage • Damage while entering or leaving a parking space • Leaving the road without collision or rollover Side collision, e.g. crashing into a tree Δv <15km/h 15 < Δv <25 km/h Δv >25 km/h Side collision with a passenger car Δv <15km/h 15 < Δv <35 km/h Δv >35 km/h Rear/front collision between two passenger cars Δv <20km/h 20 < Δv <40 km/h Δv >40 km/h Other collisions Scrape collision with little vehicle to vehicle overlap Roof or side collision with considerable deformation Under riding a truck Without deformation of the passenger cell With deformation of the passenger cell Pedestrian/bicycle accident E.g. during a turning manoeuver inside built-up area Outside built-up area April 23, 2013
27.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy HRA acc. to ISO 26262 – EXPOSURE Hazard & Risk Analysis Class E0 E1 E2 E3 Description Very low probability Low probability Medium probability High probability Definition of duration / probability of exposure Not specified < 1% of average operating time 1% - 10% of average operating time > 10% of average operating time Informative examples - • Pulling a trailer • Driving with roof rack • Driving on a mountain pass with unsecured steep slope • Snow and ice • Driving backwards • Fuelling • Overtaking • Car wash • Tunnels • Hill hold • Night driving on roads without streetlights • Wet roads • Congestion • Accelerating • Braking • Steering • Parking • Driving on highways • Driving on secondary roads • City driving Classes of probability of exposure regarding duration/probability of exposure in initial situations April 23, 2013
28.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy HRA acc. to ISO 26262 – EXPOSURE Hazard & Risk Analysis Class E0 E1 E2 E3 Description Extremely low probability Low probability Medium probability High probability Definition of frequency of exposure Situations that occur less often than once a year for the great majority of drivers Situations that occur a few time a year for the great majority of drivers Situations that occur once a month or more often for an average driver All situations that occur during almost every drive on average Informative examples • Stop at railway crossing, which requires start of engine • Towing • Jump start • Pulling a trailer, driving with roof rack • Driving on a mountain pass with unsecured steep slope • Driving situation with deviation from desired path • Snow and ice • Fuelling • Overtaking • Tunnels • Hill hold • Car wash • Wet roads • Congestion • Starting • Shifting gears • Accelerating • Braking • Steering • Using indicators • Parking • Driving backwards Classes of probability of exposure regarding frequency in initial situations April 23, 2013
29.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy HRA acc. to ISO 26262 – CONTROLLABILITY Hazard & Risk Analysis Class C0 C1 C2 C3 Description Controllable in general Simply controllable Normally controllable Difficult to control or uncontrollable Definition Controllable in general 99% or more of all drivers or other traffic participants are usually able to avoid a specific harm 90% or more of all drivers or other traffic participants are usually able to avoid a specific harm Less than 90% of all drivers or other traffic participants are usually able, or barely able, to avoid a specific harm. Informative examples • Unexpected increase in radio volume • Situations that are considered distracting • Unavailability of a driver assisting system • When starting the vehicle with a locked steering column, the car can be brought to stop by almost all drivers early enough to avoid a specific harm to persons nearby. • Faulty adjustment of seats while driving can be controlled by almost all drivers by bringing the vehicle to a stop. • Avoid departing from the lane in case of a failure of ABS during emergency braking. • Avoid departing from the lane in case of a motor failure at high lateral acceleration (motorway exit). • Bring the vehicle to a stop in case of a total lighting failure at medium or high speed on an unlighted country road without departing from the lane in an uncontrolled manner. • Avoid hitting an unlit vehicle on an unlit country road. • Wrong steering with high angular speed at medium or high vehicle speed can hardly be controlled by the driver. • Cannot avoid departing from the lane on snow or ice on a bend in case of a failure of ABS during emergency braking. • Cannot bring the vehicle to a stop if a total loss of braking performance occurs. • In the case of faulty airbag release at high or moderate vehicle speed, the driver usually cannot prevent vehicle from departing from the lane. April 23, 2013
30.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy HRA acc. to ISO 26262 – RISK MATRIX Hazard & Risk Analysis Note: If a hazard is assigned to a Severity class S0 or Controllability class C0, or Exposure class E0, no ASIL (SIL) assignment is required. April 23, 2013
31.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy When the required SIL is assessed? Hazard & Risk Analysis Based on the required Safety Integrity Level – Different requirement on the design and the process apply – Different techniques and measures should be used Requirements to the integrity of HW Requirements to the integrity of SW – Requirements to SW design and development (architecture, support tools, programming language, code implementation, testing,…) – Requirements to SW diagnostics to achieve the required HW integrity SIL Low Demand Mode of Operation (PFD probability of failure on demand) e.g., airbag High Demand Mode of Operation (PFH probability of failure per hour) e.g., brake / steer by wire 1 10–2 PFD < 10–1 10–6 PFH < 10–5 1.000 FIT< 10.000 2 10–3 PFD < 10–2 10–7 PFH < 10–6 100 FIT < 1.000 3 10–4 PFD < 10–3 10–8 PFH < 10–7 10 FIT < 100 4 10–5 PFD < 10–4 10–9 PFH < 10–8 1 FIT < 10 April 23, 2013
32.
© copyright CEFRIEL
2013| All rights reserved | Milano, Italy Training Course: An introduction to Functional Safety • Basic course on Functional Safety (2 days) • Info: • Web: www.cefriel.it • Mail: dk@cefriel.it • Tel: 02.239541 For any request related to Functional Safety area: • ENRICO SILANI • Mail: enrico.silani@cefriel.com April 23, 2013