Catalogs > Safety Products Catalog > Principles, Standards and Implementation > System Design According to ISO/EN 13849 and SISTEMA
System Design According to ISO/EN 13849 and SISTEMA
| SISTEMA Software PL Calculation Tool |  |
System Structure | |
Reliability Data | |
Methods of Data Determination | |
Diagnostic Coverage | |
Common-Cause Failure | |
Mission Time | |
| Systematic Faults | |
Fault Exclusion | |
Performance Level (PL) | |
Subsystem Design and Combinations | |
Validation | |
Machine Commissioning | |
In most dual channel [i.e. single fault tolerant] systems or subsystems the diagnostic principle is based on the premise that there will not be dangerous failures of both channels at the same time. The term “at the same time” is more accurately expressed as “within the diagnostic test interval.” If the diagnostic test interval is reasonably short [e.g. less than eight hours] it is a reasonable assumption that two separate and unrelated faults are highly unlikely to occur within that time. However the standard makes it clear that we need to think carefully about whether the fault possibilities really are separate and unrelated. For example, if a fault in one component can foreseeably lead to failures of other components then the resulting totality of faults are deemed to be a single failure.
It is also possible that an event that causes one component to fail may also cause the failure of other components. This is termed “common cause failure” (CCF). The degree of propensity for CCF is normally described as the beta [ß] factor. It is very important that subsystem and system designers are aware of the possibilities of CCF. There are many different types of CCF and, correspondingly, many different ways of avoiding it. EN ISO 13849-1 plots a rational course between the extremes of complexity and over simplification. In common with EN/IEC 62061 it adopts an approach that is essentially qualitative. It provides a list of measures known to be effective in avoiding CCF.
Table 11 shows a summary of the scoring process.
| No. | Measure Against CCF | Score |
| 1 | Separation/Segregation | 15 |
| 2 | Diversity | 20 |
| 3 | Design/Application/ Experience |
20 |
| 4 | Assessment/Analysis | 5 |
| 5 | Competence/Training | 5 |
| 6 | Environmental | 35 |
| Table 11: Scoring for Common-Cause Failure | ||
A sufficient number of these measures must be implemented in the design of a system or subsystem. It could be claimed, with some justification, that the use of this list alone may not be adequate to prevent all possibility of CCF. However, if the intent of the list is properly considered it becomes clear that the spirit of its requirement is to make the designer analyse the possibilities for CCF and to implement appropriate avoidance measures based on the type of technology and the characteristics of the intended application. Use of the list enforces consideration of some of the most fundamental and effective techniques such as diversity of failure modes and design competencies. The BGIA SISTEMA tool also requires the implementation of the standard's CCF look up tables and makes them available in a convenient form.