Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Fault tolerance redundancy

Device safety manual requirements Fault tolerance (redundancy and voting)... [Pg.224]

Several of FM s Loss Prevention Data Publications (1, 17B, 17C) discuss the concept of triply-redundant, fault-tolerant, high-reliability hardware/software systems for manufacturing operations. Risk analysis and systems reliability research is currently underway to develop better guidelines for the design and application of reliable process control systems. [Pg.132]

Reliability Robust, redundant, and fault-tolerant systems will enable organizations to increase... [Pg.1467]

Fault-tolerance (including single failure criterion) SPINLINE 3 can meet any redundancy requirements. [Pg.23]

The international working group that prepared lEC 61508 considered the above factors and specified the extent of fault tolerance required in lEC 61508-2. In preparing this sector-specific standard for the process sector it was considered that the requirements for fault tolerance of field devices and non PE logic solver could be simplified and the requirements in lEC 61511-1 ANSI/ISA-84.00.01-2004 Part 1 (lEC 61511-1 Mod) could be applied as an alternative. It should be noted that subsystem designs may require more component redundancy than what is stated in Tables 5 and 6 in order to satisfy availability requirements. [Pg.40]

The requirements for hardware fault tolerance can apply to individual components or subsystems required to perform a SIF. For example, in the case of a sensor subsystem comprising a number of redundant sensors, the fault tolerance requirement applies to the sensor subsystem in total, not to individual sensors. [Pg.41]

After equipment is selected, the next step in the conceptual design process is the decision to use multiple instruments to serve the same purpose -redundancy. Redundancy is configured to provide continued system operation even though one or more specific instruments may fail - fault tolerance. Some redundant architectures provide fault tolerance against a... [Pg.94]

Problem A set of non-redundant (hardware fault tolerance = 0) safety equipment is used to perform a safety instrumented function in continuous demand mode. Diagnostic time is given as one second. The following failure rate data is obtained when adding the failure rates of the categories of all components ... [Pg.103]

ANSl/lSA-84.00.01-2004 (lEC 61511 Mod) has a requirement for nainimum levels of "hardware fault tolerance" as a function of SIL level. This means that redundancy for purposes of achieving the safety function must be done depending on the SIL level target of the SIF. For field instruments and non-programmable logic solvers, the chart is shown in Figure 7-6. [Pg.103]

Sometimes the hardware fault tolerance is confused with redimdancy. They are not necessarily the same thing. Sometimes redundant instruments are used to maintain process operation, not to perform the safety function. In those cases, redundancy is not the same as hardware... [Pg.109]

The 3051S SIS has a 61508 assessment certificate states that the product can be used in SIL 2 applications as a single transmitter and SIL 3 applications if more than one transmitter is used in an identical redundant (hardware fault tolerance > 0) architecture. This helps point out the differences between random and systematic failures. The design process used to create the transmitter and its software met the more rigorous criteria of SIL 3. The chance of a systematic fault is lower. [Pg.136]

The Yokogawa EJX is another popular transmitter (Figure 9-9) that has received hill lEC 61508 assessment during 2004. It has been assessed to SIL 2 using a single transmitter and SIL 3 for identical fault tolerant architectures. As before, this tells us that the product design and test process met the more strenuous requirements of SIL 3 so that identical redundancy designs are acceptable. [Pg.136]

To iUustrate some common misconceptions, a few examples of compliant and noncompliant industrial-type components are discussed in the next sections. Fault-tolerant components, that have been EU type-approved for proper classification, such as positive opening, guarded actuator, redundancy, cross-monitoring, or fault detection, are preferred and in some cases mandatory. Testing nonapproved components (CE is not an approval) to verify their conformity or nonconformity is the higher risk (of failure) alternative and usually costs considerably more time and money. [Pg.118]

Whitney J. Townsend, Jacob A. Abraham, and Earl E. Swartz-lander, Jr. Quadruple Time Redundancy Adders, 18th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, pp. 250-256, Cambridge, MA, November 3-5, 2003... [Pg.189]

A good base to evaluate system robustness and fault tolerance generally is Probabilistic Safety Assessment (PSA). It considers not only substitutability of different automatic actions, but also different technological systems and redundancy of manual actions. In particular l C systems reliability assessment we should proceed in the similar way. Usually asked is a reliable performance of the automated function with the expected lowest reliability (conservative approach). The importance of that function is used to be classified according regular standards (e.g. lEC 61226, 2005). [Pg.1297]

The aim of the first steps of designing a dependable control system consists in determining the best instrumentation, that is to say, a set of sensors and actuators that, with the lowest cost, allows the system to perform its mission despite the failure of one or several of its components. This activity is generally complex, because two antagonist aspects have to he taken into account (Conrard and Bayart, 2003) The system has to be inexpensive thanks to the minimisation of the number of components and it has to be fault tolerant which generally implies hardware redundancies. [Pg.1322]

The rehabdity modeling of fault-tolerant aircraft systems using SyRelAn can be divided into two modeling levels, one mapping the system architecture, the other defining the redundancy management. Therefore the SyRelAn tool uses ReUabdity Block Diagrams for the definition of the nominal system architecture. To map the multi-state behavior of different components Concurrent Finite State Machines are implemented. [Pg.1524]

This contribution has shown the recent advancements of the software tool S yRelAn and underlying methodology, which can be utilized in the pre-design of fault-tolerant systems within the context of rehability analysis and redundancy management. The hybrid system model forms the basis of this reliabihty analysis, consisting of an upper-level Reliability Block Diagram and a lower-level Concurrent Finite State Machine environment. [Pg.1530]

Rehage, D, Carl, U. B., Vahl, A. 2005, Redundancy Management of Fault Tolerant Aircraft System Architectures -Reliability Synthesis and Analysis of Degraded System States. Aerospace Science and Technology, Volume 9, Issue 4, pp. 337-347. [Pg.1530]

Tolerate the Hazard. The design needs to be fault tolerant. That means, in the presence of a hardware/software fault, the software still provides continuous correct execution. Consider hazard conditions to software logic created by equipment wear and tear, or unexpected failures. Consider alternate approaches to minimize risk from hazards that cannot be eliminated. Such approaches include interlocks, redundancy, fail-safe design, system protection, and procedures. [Pg.53]

Hardware fault tolerance Systems must have a certain level of resilience to random hardware faults, depending on the SIL specification. This may be achieved using a combination of redundant components and sub-systems, frequent manual testing and repair and computer-automated testing ( diagnostics ). [Pg.235]

NOTE 3 It is important to note that the hardware fault tolerance requirements represent the minimum component or subsystem redundancy. Depending on the application, component failure rate and proof-testing interval, additional redundancy may be required to satisfy the SIL of the SIF according to 11.9. [Pg.59]

Sharing BPCS field devices with the SIS to achieve a redundant configuration may be acceptable, but requires additional analysis (e.g., ANSI/ISA-84.00.01-2004-1, Clause 11.2.10) to determine whether the shared devices are initiating causes for the hazard scenario under evaluation. Further, the fault tolerance requirements of ANSI/ISA-84.00.01-2004, Clause 11.4, should be examined. If the device is a potential initiating cause for the hazard scenario, it should not be used to meet the fault tolerance requirements. For example, SIL 3 requires a minimum fault tolerance of 1 for the final elements when other criteria of ANSI/ISA-84.00.01-2004, Clause 11.4.4.4, are met, yielding the requirement for a 1oo2 architecture. The control valve cannot be used to meet the fault tolerance requirement, if it is the initiating cause for the hazard scenario under consideration. [Pg.125]

One very effective barrier against random device failures is to implement redundancy. Fault tolerance is provided using multiple devices in voting configurations that are appropriate for the SIL. If one device breaks down, another device is available to provide the safety action. Since failures occur randomly, it is less likely that multiple devices fail at the same time. [Pg.135]

See other pages where Fault tolerance redundancy is mentioned: [Pg.170]    [Pg.170]    [Pg.119]    [Pg.241]    [Pg.264]    [Pg.869]    [Pg.132]    [Pg.10]    [Pg.209]    [Pg.253]    [Pg.104]    [Pg.38]    [Pg.95]    [Pg.104]    [Pg.36]    [Pg.16]    [Pg.183]    [Pg.1524]    [Pg.1]    [Pg.6]    [Pg.282]    [Pg.291]    [Pg.216]    [Pg.23]    [Pg.80]    [Pg.123]    [Pg.136]    [Pg.140]   
See also in sourсe #XX -- [ Pg.60 , Pg.814 , Pg.815 ]



SEARCH



Fault tolerance

Fault tolerance hardware redundancy

Fault tolerance software redundancy

Fault tolerant

Redundancy

Redundant

© 2024 chempedia.info