RE: [sc] SIL ranges in ENV50129, prEN50129 and Yellow Book 3



Date view Thread view Subject view Author view

Spiker, Rolf (spiker(at)YIS.NL)
Thu, 10 Jan 2002 15:59:09 +0100


Hi Jens Braband, You mention in your mail "a paper by Karl-Erik Sundvall from Bombardier, which can be downloaded from www.esss.org. Is that the right address? I get a server hit table or something like that? Best Regards, Rolf Rolf Spiker ˇ Principal Application Manager Safety Systems ˇ Senior Safety Consultant Yokogawa Industrial Safety Systems P.O. Box 20020 7302 HA Apeldoorn The Netherlands Phone: +31-55-5389664 Fax: +31-55-5389514 E-mail: spiker(at)yis.nl http://www.yokogawa-iss.com -----Original Message----- From: Braband Jens [mailto:Jens.Braband(at)ts.siemens.de] Sent: Thursday, January 10, 2002 3:06 PM To: safety-critical(at)cs.york.ac.uk Subject: AW: [sc] SIL ranges in ENV50129, prEN50129 and Yellow Book 3 I think we have to go back to the starting point in order not to get lost in this discussion and that is safety. Safety is defined by IEC as "freedom from unacceptable risk", whereas risk is the "combination of the probability of occurrence of harm and the severity of that harm". Usually it is harder to reduce the severity, so we strive to reduce the probability of accidents. Unfortunately the term probability is often used without reference to what it is related, but what counts in the real world is the probability per time unit or the frequency of hazards, not whether the artefacts we build operate in demand od continuous mode. So in my opinion there should be only one way to define safety requirement (not two ambiguous ways!) and it should directly be related to real time. This is the main backgound argument behind the decision of CENELEC prEN 50129. The argument has been given in full length in a paper by Karl-Erik Sundvall from Bombardier, which can be downloaded from www.esss.org. The other one is that prEN 50129 should comply with IEC 61508 (prEN 50129 is indeed a sector-specific adaptation of IEC 61508 and will also become an IEC standard itself) and for this (formal) reason the numeric values have been taken over from IEC 61508 without any further discussion. The former ENV 50129 is outdated and superseded by the prEN 50129. Last but not least I think it is advisable for IEC to revise this issue taking into account the findings by CENELEC. Best Regards Jens Braband Siemens AG TS RA SD RAMSS P. O. Box 3327 D-38023 Braunschweig E-Mail: jens.braband(at)siemens.com > -----Ursprüngliche Nachricht----- > Von: Dr. Wolfgang Ehrenberger > [SMTP:Wolfgang.D.Ehrenberger(at)Informatik.fh-fulda.de] > Gesendet am: Mittwoch, 5. Dezember 2001 18:20 > An: safety-critical(at)cs.york.ac.uk > Betreff: RE: [sc] SIL ranges in ENV50129, prEN50129 and Yellow Book 3 > > The contribution of Simon Hughes raises at point that is also > important for IEC 61508. The mentioned aspect is among the items > the maintenance group of the standard is presently discussing. The > new version of 61508 should be more clear than the old one. > > A solution might start from: The number of failures is > independent from the view - continuous or demand - an therefore > it roughly holds: > > failure_rate*time = failure_probability*number_of_demands. > > In all cases the most serious type of failure would have to be > considered. > > However, any other view would also be wellcome for discussion. > Any good suggestion could be taken into the new version of the > standard. > > Wolfgang > > Professor Wolfgang Ehrenberger > Software Engineering > University of Applied Science > Fulda, Germany


Date view Thread view Subject view Author view