The bow tie methodology, originally developed by ICI in the late 1970’s, has seen increasing industry adoption over the last 20 years. Bow tie diagrams build on the “Swiss Cheese Model” of hazard escalation and causation popularized by James Reason. They provide a powerful means for visualizing how a…
In today’s day and age, functional safety certificate and certification programs are becoming common. There are many to choose from with their own set of requirements and expectations.
So how do we know which one to choose?
The…
What is Stiction?
Stiction is the resistance to the start of motion usually measured as the difference between the external force being applied in order to overcome the static friction and the force to maintain movement between the two contacting or working surfaces.
It can…
You may be wondering why this question is being asked? Isn’t it obvious that systematic issues are important and need to be considered? It may be that some of you reading this blog may not even understand what is meant by systematic issues. In which case, it may surprise you to know…
A cycle test is done on a set of products (>20) until 10% of the units under test fail.
The number of cycles is converted to a time period by knowing the cycles per hour in any particular application.
A failure rate is calculated by dividing the 10% failure…
The “ISO 26262 Road vehicles – Functional safety” specification defines the concepts of “Independence”, “Interference” and other terms which can be a little confusing. This discussion will try to make the concepts clearer.
Let’s talk about “Independence” and associated concepts first. “Independence” is a concept used within Dependent…
The B10 method uses cycle test data to predict failure rates.
A cycle test is done on a set of products (>20) until 10% of the units under test fail. The number of cycles until failure is called the B10 point.
The B10 number of cycles is converted to a…
From an operations point of view, one of the significant parts of the ISA-18.2 and IEC 62682 alarm management standards is the endorsement of alarm response procedures. An alarm response procedure, otherwise known as “Alarm Help” or “Alarm Response Manual”, is defined as guidance for response to an alarm (e.g., operator…
Safe Failure Fraction (SFF) is defined as the ratio of the average rate of safe failures plus dangerous detected failures of the subsystem to the total average failure rate of the subsystem. It is defined for a single channel (no redundancy, 1oo1).
It is a measurement of the likelihood of…
After careful planning and development of your system, the last thing you want to worry about is the credibility of your certification. Although it may seem like a given for your certification to be well accepted by your customers, it is never a bad idea to dig a little…
Route 2H is one of two Architectural constraints options made available in the standards IEC 61508-2 and IEC 61511. Route 1H . Both Route 1H and Route 2H are limitations that impose the hardware selected to implement a safety-instrumented function, regardless of the performance calculated for a subsystem.
What exactly is Route 2H…
US Chemical Safety Board cites lack of Alarm Philosophy, Alarm Rationalization, and State-Based Alarming as Contributing Factors to Blowout in Oklahoma
On January 22, 2018, a blowout and rig fire at the Pryor Trust gas well killed five workers, who were inside the…
Route 1H is one of two Architectural constraints options made available in the standards IEC 61508-2 and IEC 61511. Route 1H . Both Route 1H and Route 2H are limitations that impose the hardware selected to implement a safety-instrumented function, regardless of the performance calculated for a subsystem.
Route 1H is…
We all know that an FMEDA is only as good as the assumptions made regarding typical design engineering practices and the database used for the failure rates. Here is the catch, not all products are designed and manufactured per the same rules! Many manufacturers boast that their…
Alarm floods are periods of alarm activity during which the alarm rate is greater than the operator can effectively manage (e.g., when the operator receives ≥10 alarms in 10 minutes). During a flood situation awareness is compromised and alarms are likely to be missed. In the eleven minutes prior to the explosion…