1. Safety Critical Systems

5. SILs and Dangerous Failure Probability

7. (Old) Interlocking Systems Mechanical / Electromechanical Systems

11. Hazard Severity Level (Example) Category Id. Definition CATASTROPHIC I General : A hazard, which may cause death, system loss, or severe property or environmental damage. CRITICAL II General : A hazard, which may cause severe injury, major system, property or environmental damage. MARGINAL III General : A hazard, which may cause marginal injury, marginal system, property or environmental damage. NEGLIGIBLE IV General : A hazard, which does not cause injury, system, property or environmental damage.

12. Hazard Probability Level (Example) Level Probability [h -1 ] Definition Occurrences per year Frequent P ≥ 10 -3 may occur several times a month More than 10 Probable 10 -3 > P ≥ 10 -4 likely to occur once a year 1 to 10 Occasional 10 -4 > P ≥ 10 -5 likely to occur in the life of the system 10 -1 to 1 Remote 10 -5 > P ≥ 10 -6 unlikely but possible to occur in the life of the system 10 -2 to 10 -1 Improbable 10 -6 > P ≥ 10 -7 very unlikely to occur 10 -3 to 10 -2 Incredible P < 10 -7 extremely unlikely, if not inconceivable to occur Less than 10 -3

13. Risk Classification Scheme (Example) Hazard Severity Hazard Probability CATASTROPHIC CRITICAL MARGINAL NEGLIGIBLE Frequent A A A B Probable A A B C Occasional A B C C Remote B C C D Improbable C C D D Incredible C D D D

14. Risk Class Definition (Example) Risk Class Interpretation A Intolerable B Undesirable and shall only be accepted when risk reduction is impracticable. C Tolerable with the endorsement of the authority. D Tolerable with the endorsement of the normal project reviews.

16. Risk Tolerability Hazard Severity Probability Risk Risk Criteria Tolerable? No Risk Reduction Measures Yes

23. Layers of Diversity