Estimation of average hazardous-event-frequency for allocation of safety-integrity levels

One of the fundamental concepts of the draft international standard, IEC 61508, is target failure measures to be allocated to Electric/Electronic/Programmable Electronic Safety-Related Systems, i.e. Safety Integrity Levels. The Safety Integrity Levels consist of four discrete probabilistic levels for specifying the safety integrity requirements or the safety functions to be allocated to Electric/Electronic/Programmable Electronic Safety-Related Systems. In order to select the Safety Integrity Levels the draft standard classifies Electric/Electronic/Programmable Electronic Safety-Related Systems into two modes of operation using demand frequencies only. It is not clear which modes of operation should be applied to Electric/Electronic/Programmable Electronic Safety-Related Systems taking into account the demand-state probability and the spurious demand frequency. It is essential for the allocation of Safety Integrity Levels that generic algorithms be derived by involving possible parameters, which make it possible to model the actuality of real systems. The present paper addresses this issue. First of all, the overall system including Electric/Electronic/programmable Electronic Safety-Related Systems is described using a simplified fault-tree. Then, the relationships among demands, demand-states and proof-tests are studied. Overall systems are classified into two groups: a non-demand-state-at-proof-test system which includes both repairable and non-repairable demand states and a constant-demand-frequency system. The new ideas such as a demand-state, spurious demand-state, mean time between detections, rates of d-failure and h-failure, and an h/d ratio are introduced in order to make the Safety Integrity Levels and modes of operation generic and comprehensive. Finally, the overall system is simplified and modeled by fault-trees using Priority-AND gates. At the same time the assumptions for modeling are described. Generic algorithms to estimate hazardous-event frequencies are derived based on the fault-trees. Thus, new definitions regarding modes of operation for the allocation of Safety Integrity Levels and shortcut methods for estimation of hazardous-event frequencies are proposed.