Engineering the safety system hardware

Chapter 8 Engineering the safety system hardware. An examination of two... 

Although many engineers provide only the minimum adequate vessel design to minimize costs, it is inherently safer to minimize the use of safety interlocks and administrative controls by designing robust equipment. Passive hardware devices can be substituted for active control systems. For example, if the design pressure of the vessel system is higher than the maximum expected pressure, an interlock to trip the system on high pressure or temperatures may be unnecessary. 

This model of accident causation is described further in Figure 1.3. This represents the defenses against accidents as a series of shutters (engineered safety systems, safety procedures, emergency training, etc.) When the gaps in these shutters come into coincidence then the results of earlier hardware or human failures will not be recovered and the consequences will occur. Inap-... 

The fault hazard analysis (FHA)—also referred to as the functional hazard analysis—method follows an inductive reasoning approach to problem solving in that the analysis concentrates primarily on the specific and moves toward the general (TAI 1989). The FHA is an expansion of the FMEA (Stephenson 1991). As demonstrated in the previous chapter, the FMEA is concerned with the critical examination and documentation of the possible ways in which a system component, circuit, or piece of hardware may fail and the effect of that failure on the performance of that element. The FHA takes this evaluation a step further by determining the effect of such failures on the system, the subsystem, or personnel. In fact, when a FMEA has already been completed for a given system and information on the adverse safety effect of component or human failures is desired for that system, the safety engineer can often utilize the data from the FMEA as an input to the FHA. 

The system is the combination or interrelation of hardware, software, people, and the operating environment. In system safety engineering, you must look at the system from cradle to grave. In other words, the system life cycle is the design, development, test, production, operation, maintenance, expansion, and retirement (or disposal) of the system. A nuclear power plant is one large system with operators, pressure subsystems, electrical and mechanical subsystems, structural containment, safety systems, etc. A far simpler example is a boy riding his bike. The bike, the boy, the street (with all its traffic conditions), the weather, the time of day, and even other children make up the system of boy on his bike. 

In recent years it has become necessary to develope techniques to ensure the safety of computer embedded systems controlling potentially dangerous processes. Some works published last years showed that reliability and safety improvements could be achieved by using FTA 4,5 and FMEA 6 (Failure Mode and Effect Analysis) techniques. This paper attemts to apply and evaluate the FTA method in a software embedded system. Such an application will enable the safety engineer to use one method for the system as a whole without separating the software from the hardware. 

The examination of the pipeline control system was done in two parts a purely computer specific examination and a systems engineering examination. The computer exaoaination aimed to show that the hardware and particular parts of the software fulfilled the requirements that were made not only for safety, but also for ergonomic reasons. All these examinations were practical tests performed directly on the computer system (black box tests). 

---