Safety Integrity and Random Failures

Abstract

Safety integrity is the property of a system that provides safety-relevant operations, describing their resilience to dangerous failures. In functional safety, each safety function that is defined needs to comply with the safety integrity requirements, which are based on the safety integrity level allocated to the safety function following the hazard analysis and risk assessment. This chapter lays out typical safety integrity requirements, concerning two big groups: safety integrity against random failures and safety integrity against systematic failures. Safety integrity against random failures is then thoroughly introduced, including the definition of all relevant metrics for quantification, such as failure probability, reliability, failure rate, mean time to failure (MTTF), etc.

Appendices

Exercise 7

One of the safety functions prescribed for your system needs a relay switch as an actuator to cut off the power and bring your system into the safe state. Your company evaluated the relay switch component for reliability, performing the accelerated life testing (ALT) on the sample of 10,000 switches over the course of 3 weeks. It is expected that the switch is activated once per hour during the system runtime, being that the function of the system for which the safety function is prescribed executes in the on-demand mode, once per hour. During ALT, the test is performed by activating the relay switch once every 10 seconds, and logging the total number of failed switches every 10,000 cycles, as shown in the ALT log.

Cycles tested	Switches failed
10,000	2156
20,000	1134
30,000	1108
40,000	543
50,000	22
60,000	11
70,000	33
80,000	14
90,000	20
100,000	31
110,000	41
120,000	39
130,000	352
140,000	1450
150,000	2113
<160,000	933

Based on the ALT results, define a burn-in testing interval using a bathtub curve principle, and estimate the constant failure rate of the relay switch for the release, as well as its MTTF, approximating it with an e-system. Evaluate whether the switch is suitable for the application requiring automotive safety integrity level (ASIL) A of 1000 FIT, and also for ASIL C of 100 FIT. Calculate the reliability and failure probability of the relay switch (after release, approximated as e-system) after the runtime of 100,000 h in the previously described use case.

Your Tasks for the Exercise

• Perform all calculations using the Excel sheet provided as a supplement.

• Calculate the failure rate upon each testing interval; make sure to convert the units properly according to the safety function on-demand frequency.

• Plot the failure rate curve and notice the DFR/CFR and IFR zones as in the bathtub curve.

• Estimate the constant failure rate by averaging failure rates from the CFR zone.

• Calculate MTTF.

• Compare the obtained failure rate with the values required for ASIL A and ASIL C and discuss.

• Calculate the failure probability and reliability of the relay switch after the runtime of 100,000 h.

To-Do List

• Perform the exercise individually or with your peers. One can share the screen and keep notes, all contribute.

• Compare the results you obtained with your peers or your instructor.

• Discuss your solution and share it with others.

Note: Digital files for this exercise are available at sfs7.ex.nit-institute.com

Exercise 7 Solution

The failure rate per each inspection interval of 10,000 cycles can be calculated by dividing the number of failed units from column 3 by the number of surviving units from column 2. To calculate the failure rate in proper units (per hour), considering that one cycle happens each hour, we need to divide the obtained failure rate from column 4 by 10,000 to get the results shown in column 5.

If we now plot the obtained failure rates, we get a graph similar to the bathtub curve:

Finally, we can approximate the constant failure rate by averaging the middle part of the bathtub curve. Comparing that with prescribed failure rate targets for ASIL levels, we conclude the potential compliance with ASIL A. From the failure rate, by using the aforementioned formulae, we can easily get the MTTF, as well as reliability and failure probability after 100,000 h of operation using the approximated constant failure rate.

This solution is also available as a digital spreadsheet at sfs7.ex.nit-institute.com.

Key Recap Questions

Considering the project you finalized within Chapter 6, now think about the safety functions defined and:

• Recall their SIL requirements.

• On top of which unit they are executed?

• What kind of safety integrity requirements need to be addressed?

• Try to quantify random failures of the hardware.

• How the probability of failure is expressed?

• What is the MTTF of the safety-related system?

• How the obtained value is plugged back into the SIL requirement?

Self-assessment

Now take the time to self-assess your knowledge by taking the quiz below. Each listed statement is either correct or incorrect. Please mark your answer and then check in the key at the end of the book.

1. 1.

   Safety integrity level is always defined for a complete system.

2. 2.

   To verify the compliance of a safety function with the prescribed safety integrity level, it is enough to assess random dangerous failures of that function and compare them with the prescribed values.

3. 3.

   The level of resistance against systematic failures can be quantified by using reliability theory (e.g., failure rate, MTTF).

4. 4.

   Failure probability of a system is a probability of a system failing at exactly the time t.

5. 5.

   If the reliability of the system after 1 year in operation is 0.9, we can expect that out of ten deployed systems, nine are still working.

6. 6.

   The failure rate for a system is always a constant value.

7. 7.

   System A is always more reliable than System B in the case the failure rate of System A at MTTF, h_a(MTTF_a), is lower than the failure rate of System B at MTTF, h_b(MTTF_b).

8. 8.

   E-systems are always defined by a constant failure rate, which can be used to assess the safety integrity of the system against the level prescribed by the appropriate safety standard.

9. 9.

   Reliability at MTTF is always the same for any e-system.

10. 10.

    The manufacturer provides a resistor documented by its constant failure rate λ = 5 FIT. The failure probability of this resistor after the system runtime does not depend on the use case or system configuration and is always the same.

Self-assessment Key

1. 1.

   False

2. 2.

   False

3. 3.

   False

4. 4.

   False

5. 5.

   True

6. 6.

   False

7. 7.

   False

8. 8.

   True

9. 9.

   True

10. 10.

    False