Examination arrangement

Course content

• Definition and interpretation of key concepts and requirements in IEC 61508 and related standards, like IEC 61511. Selected topics from the Norwegian Oil and Gas guideline GL 070 may also be addressed, as an example of a how an industry guideline may be developed with basis in international standards.
• The implementation of functional safety management for safety-critical systems, in design phases as well as in operation

• Relationship between risk acceptance, reliability target measure, and reliability requirement for safety-critical functions.
• Definition and interpretation of safety integrity level (SIL), and the principle distinction between SIL requirement and design according to the SIL requirement.
• Methods for deriving at SIL-requirements, including risk graph, layers of protection analysis (LOPA), and minimum SIL (the latter is the method advocated in GL 070).
• Definition and interpretation of reliability target measures like probability of failure on demand (PFD) and failure frequency (PFH), and their link to SIL requirements.
• Definition and interpretation of specific measures to achieve reliable hardware architectures (architectural constraints).
• Methods and models for preparing for and assessing the reliability of safety-critical functions, including:
  • Functional analysis
  • Failure modes and effects analysis, with focus on the application of FMEDA.
  • Methods and models for quantification of PFDavg and PFHavg, including reliability block diagrams, fault trees, Markov methods. The derivation of formulas that are presented in IEC 61508, part 6, is also included.
  • Estimation and/or selection of values for common cause failures (CCFs) parameters
  • Application of the PDS method, as a special case of reliability assessments
  • Reliability implications of imperfect testing, with focus on the effects of partial stroke testing.
  • Loss of production measures, with focus on models for quantifying the spurious trip rate.
  • Choice of reliability data sources
  • Follow-up of SIL requirements in operation
• Relationship between security analyses, RAM analyses, and SIL analyses
• Requirements to the development of software for application programs.

Learning outcome

Knowledge: The course will give a thorough understanding of concepts, requirements, and methods used in relation to reliability assessments of safety-critical systems, within the frames of standards like IEC 61508. More specifically, the participants will learn about (i) types of safety-critical systems, (ii) key requirements in IEC 61508 and related standards, (iii) methods to use for the derivation of safety-integrity level (SIL) requirements, (iv) constraints for the selection of hardware and software design in light of SIL-requirements, (iii) commonly used methods for reliability assessment, including the selection of data and considerations to uncertainty .

The main case studies used to support the lectured material are taken from the oil and gas industry, and in to some extent also from machinery systems. The participants are welcomed to also introduce other case examples, in light of their working area.

Skills: The participants shall be able to carry out reliability assessments for commonly used architectures of safety-critical systems, including to judge and select among the different methods in light of own competence, system properties and availability of data. If the PDStools is introduced in the course, the participants will get the opportunity to learn the basic features of this tool and how to use it for practical case studies. In addition, the participant will get experience in navigating the standards, including to identify where the key requirements and methods are presented. The participants will also get some experience in selecting and judging the relevance of different data for the assessment (manufacturer data vs OREDA data as an example).

General competence: The participants should after this course have a good understand about how reliability assessments may impact decision-making regarding design and operation of safety-instrumented systems and in addition to understand how the requirements about performance of the systems is related to safety-barrier management for the facility.

Learning methods and activities

The course is split into two separate physical seminars. The first seminar is three days and the second seminar i is two days. In the period between the two seminars, the participants will work on a project, where the aim is to use the lectured theory with a case study of relevance for the participant. In this intermediate period there will also be a one day digital seminar. Some tutorials with solutions are also posted.

The project is completed after the second gathering, so that also lectured material from there can be adapted with project tasks.

The students must bring own computer.

Further on evaluation

Home exam that requires the use of digital aids through the use of the system INSPERA. Weighted 100 out of 100. Support material: A. Form of assessment may be changed to oral in case of a re-sit exam

Specific conditions

Recommended previous knowledge

Grunnleggende kunnskap i sannsynlighetsregning og matematisk modellering. Emnet PK6018 Industriell sikkerhet og pålitelighet eller tilsvarende forkunnskaper gir et godt utgangspunkt.

Required previous knowledge

Course materials

Demonstrating safety of software-dependant systems

Reliability of Safety-Critical Systems - Theory and Applications

Credit reductions