Functional safety: matching the complexity of methods with the complexity of systems

TL;DR

This paper compares four different methods for assessing the safety integrity of low-demand systems in line with IEC 61508, highlighting their similarities, differences, and suitability based on system complexity and analysis goals.

Contribution

It provides a comparative analysis of four modeling methods for functional safety assessment, guiding analysts in selecting appropriate techniques based on system and project needs.

Findings

All methods yield similar PFDavg estimates within standard requirements.

Choice of method depends on modeling effort, goals, and system properties.

Discussion of benefits and limitations aids in method selection.

Abstract

In line with the IEC 61508 functional safety standard, it is required to assess the safety integrity of a system due to random hardware failures. For a rarely used function (operating in a low demand mode), the measurement used is average probability of a dangerous failure on demand (PFDavg). In this paper, four methods have been applied to different configurations of a case study: failure tree analysis with the software GRIF/Tree, multi-phase Markov graphs with the software GRIF/Markov, stochastic Petri nets with predicates with the software GRIF/Petri, and approximate equations (developed by DNV and different from those given in the IEC 61508 standard) using the software OrbitSIL. It is shown that all these methods can lead to similar results for the estimating of the PFDavg, taking into account the required characteristics of the standard. The choice of method must be made without bias, based on an agreement between the modelling efforts, goals, and the system properties. To assist the analyst in this task, a discussion of the benefits and limitations of each of these methods is presented.