Systematic failure

Systematic failures are due to mistakes or errors made in the SIF design and management and cause the SIF to fail every time a particular set of conditions occurs. Because it is not feasible to test the SIF under every possible combination of operating conditions, faults may remain hidden until a particular set of circumstances arises and the SIF fails to function or fails spuriously. 

There are three important types of errors that can lead to systematic failure  

No reproduction or networking permitted without license from IHS 

---

Pressure to continuously improve ESH performance and stop taking continuous corrective action by correcting the underlying systematic failure. Another aspect of this is the tendency to continuously rework the same issues over and over again. Well-designed management systems should prevent this. 

The possibility that only certain of these combinations, AJB, were foimd in nature or were capable of preparation in the laboratory could only arise after the attempt had been made to prepare a large number of them. The concept of valence is first of all a limiting law. It enunciates that, out of the possibilities predicted by existing laws, only a limited number can in fact be realized. In Whittaker s phrase, it is a Principle of Impotence, and such a principle can only be developed after repeated and systematic failures to achieve an end previously conceived as possible. 

As a practical matter, the PCB, lead, and asbestos violations are the low hanging fruit for EPA inspectors looking for violations. On the other hand, these same violations are the ones most easily addressed by the regulated community, and lapses may demonstrate a systematic failure to have effective compliance programs. 

Diverse separation offers the additional benefit of reducing the probability of systematic failures (a factor especially important in SIL 3 and SIL 4 applications) and reducing common cause failures. 

This subclause allows the hardware fault tolerance of all subsystems except PE logic solvers to be reduced by one on certain conditions. These conditions will apply to devices such as valves or smart transmitters and reduce the likelihood of systematic failures such that the requirements are aligned to the requirements of lEC 61508-2 for non PE devices. 

Two fundamentally different categories of failures exist physical failures (often called random failures) and functional failures (often called systematic failures). (See Figure 3-1). Random failures are relatively well understood. A random failure is almost always permanent and attributable to some component or module. For example, a system that consists of a programmable electronic controller module fails. The controller output de-energizes and no longer supplies current to a solenoid valve. The controller diagnostics identify a bad output transistor component. 

Other failures are called systematic failures. A systematic failure occurs when the system is capable of operating but does not perform its intended... 

If an engineer programming a safety function entered an incorrect logic block such that a safety instrumented function would not perform its protective function, that failure would also be considered a systematic failure. Again, the hardware is fully capable of executing the programmed logic, no random failure has occurred, but the safety instrumented function would not work. 

Systematic failure sources are almost always design faults, usually due to inadequate procedures or training. Occasionally however, a maintenance error or an installation error causes a systematic failure. The exact source of a systematic failure can be obscure. Often the failure will occur when the system is asked to perform some unusual function, or perhaps the system receives some combination of input data that was never tested. 

Some of the most obscure failures involve combinations of stored information, elapsed time, input data, and function performed. Systematic failures may be permanent or may be transient in nature. Up to the present, failure rate data for systematic failures has been difficult to acquire. However, possibilities exist for better data acquisition in the future. 

Current functional safety standards, lEC 61508 and ANSl/lSA-84.00.01-2004 (lEC 61511 Mod), (Ref. 1 and 2) state that probabilistic evaluation using failure rate data be done only for random failures. To reduce the chance of systematic failures, the standards include a series of "design rules" in the form of specific requirements. These requirements state that the safety instrumented system designer must check a wide range of things in order to detect and ehcninate systematic failures. 

A software bug causes a logic solver to fail in an unpredictable and apparently random manner. Will this failure be considered a random failure or systematic failure ... 

The concept of random failures versus systematic failures was presented in Chapter 3. One must understand the differences in order to understand failure rate data. For safety instrumented function verification... 

The concept of the "well designed system" was also presented in Chapter 3. A simplistic definition of such a system would be one where aU the techniques and measures presented in our functional safety standards to prevent systematic failures are followed. These techniques and measures are planned to significantly reduce the chance of a systematic fault to a tolerable level. Therefore, systematic failure rates caused by human error including failures due to installation errors, failures due to calibration errors and failures due to choosing equipment not suited for purpose are not included in the calculation. 

This is not to say that systematic errors cannot happen. It is clearly recognized that these failures do occur and that they do impact safety integrity. One field failure study done by one of the authors traced instrument failure reports to specific end user sites. The results showed that failure rates for the same instrument varied by over an order of magnitude from site to site. There is no doubt that this is significant. But the site specific and even person specific variables preclude an "average" probabilistic approach. That is why it is so important to understand and follow all the procedures, techniques and measures presented in the functional safety standards to avoid and control systematic failures. It is so important to have a "well designed system" for any safety instrumented function. 

Lack of distinction between systematic failures and random failures,... 

Generally, less specific data turns out to be more conservative and that is appropriate for safety verification purposes following the rule that "the less one knows, the more conservative one must be." Remember that industry databases may include systematic failures, multiple technology classes, wear out failures and possible multiple reports per failure. These issues naturally cause the numbers from such sources to be high. 

The 3051S SIS has a 61508 assessment certificate states that the product can be used in SIL 2 applications as a single transmitter and SIL 3 applications if more than one transmitter is used in an identical redundant (hardware fault tolerance > 0) architecture. This helps point out the differences between random and systematic failures. The design process used to create the transmitter and its software met the more rigorous criteria of SIL 3. The chance of a systematic fault is lower. 

Quality of instrument manufacturer to reduce systematic failures... 

Systematic failures, e.g. failures that relate to the inherent design of the system rather than random hardware failures. 

Step lb is therefore based on the application of a lessons learned checklist, an example of which is contained in Table 6.1. Its purpose is to identify potential sources of systemic errors (which could lead to systematic failures). It considers the possibility of requirement, design and implementation errors (as weU as reasonably anticipated crew errors after the failure occurrence of a failure condition). The checklist may be applied to consider system architecture vulnerabilities as well as physical installation vnlnerabilities in the ZSA (see Chapter 8). 

Errors in this case are taken to include both mistakes and omissions. Vulnerability to systemic errors can be introduced during any part of the life cycle, and its realisation comes into effect during manufacture, installation, maintenance or operation (where the blame is then allocated under the umbrella term of Human Factors). These systematic failures may not all be derivable from assessments such as the FHA or FTA, and many are best identified from service experience. 

This table assesses the vulnerability of the system to systematic failures. Systematic failures are due to systemic errors in the design, build, maintenance or operation of the system. The likelihood of many of these errors can be reduced by careful design. 

Where there is lack of independence, the assessors need to update all apphcable qualitative/quantitative assessments to reflect the remaining presence of any common mode events or systematic failures. 

Systematic failures occur whenever a set of particular conditions is met and are therefore repeatable (i.e. items subjected to the same set of conditions wiU fail consistently) and thus apply to both hardware and software. It is difficult to quantify the rate at which systematic failures will occur and a quahtative figure based on the robustness of the development/build process is normally used. 

However, estimating failure rates for more complex systems is much more difficult because the failure rates are dominated by systematic failures, which do not lend themselves to prediction like random failure rates do. ... 

The behavioural nature and probability of such systematic errors of events are not easily predictable or quantifiable in numerical terms because they do not relate to the normal properties of reliability or wear-out typically modelling by failure probability distributions. For this reason modelling their probability density function is very difficult. They relate to a lack of knowledge (and thus uncertainty) in the existence of the fault and the resulting behaviour. Hence, systematic failures are not random. Systematic failures are repeatable though, although knowledge of the internal and external conditions required to repeat them may be difficult to detennine for some unintuitive faults. 

Systematic Failure Systematic Failures are produced by design and implementation Faults caused by Errors made by Developers (i.e. humans or tools) during System development or manufacture, or by human Error during operation or maintenance. 

---