1、Probabilistic risk analysis of technological systems Estimation of final event rate at a given initial state PD IEC/TR 63039:2016 BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06National foreword This Published Document is the UK implementation of IEC/TR 63039:2016.
2、 The UK participation in its preparation was entrusted to Technical Committee DS/1, Dependability. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are res
3、ponsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 92982 3 ICS 03.120.01; 03.120.30 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the auth
4、ority of the Standards Policy and Strategy Committee on 31 July 2016. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD IEC/TR 63039:2016 IEC TR 63039 Edition 1.0 2016-07 TECHNICAL REPORT Probabilistic risk analysis of technological systems Estimation of final e
5、vent rate at a given initial state INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 03.120.01; 03.120.30 ISBN 978-2-8322-3511-9 Registered trademark of the International Electrotechnical Commission Warning! Make sure that you obtained this publication from an authorized distributor. colour inside PD IE
6、C/TR 63039:2016 2 IEC TR 63039:2016 IEC 2016 CONTENTS FOREWORD . 5 INTRODUCTION . 7 1 Scope 9 2 Normative references. 10 3 Terms, definitions and abbreviated terms . 10 3.1 Terms and definitions 10 3.2 Abbreviated terms . 17 4 Difference between frequency and rate of final event 17 5 Final event fre
7、quency and final event rate at a given initial state . 19 5.1 General . 19 5.2 Classification of final events 19 5.3 Final event frequency in a steady state 20 5.4 Final event rate at a given initial state and at a recognised state 22 5.5 Relationship between final event rate and frequency at a give
8、n initial state 22 6 Procedure for probabilistic risk analysis and flow to reach risk profile . 23 7 Techniques for quantitative analysis of the occurrence of a final event 24 7.1 Graphical symbols for three types of final events . 24 7.1.1 General . 24 7.1.2 Repeatable final event . 24 7.1.3 Unrepe
9、atable final event resulting in a renewable final state . 30 7.1.4 Unrepeatable final event resulting in an unrenewable final state 30 7.2 Analytical example of an unrepeatable final event 31 7.2.1 General . 31 7.2.2 Average final event frequency 32 7.2.3 Final event rate at a given initial state 34
10、 8 Final event rate at a recognised state and recognised group state 40 8.1 General . 40 8.2 Example of recognised (group) states 40 9 Analysis of multiple protection layers . 43 9.1 General . 43 9.2 Frequency and rate for repeatable events 45 9.2.1 General . 45 9.2.2 Independent of event sequence 4
11、5 9.2.3 Depending on event sequence . 47 9.3 Final protection layer arranged in a 1-out-of-1 architecture system . 51 9.3.1 General . 51 9.3.2 Final event rate at initial state (0, 0) for unrepeatable final event . 51 9.3.3 Final event rate at recognised state (x, y) . 53 9.3.4 Final event rate at a
12、 recognised group state . 54 9.4 Final protection layer arranged in a 1-out-of-2 architecture system . 56 9.4.1 General . 56 9.4.2 Independent failure parts of the 1-out-of-2 architecture system . 57 9.4.3 Fault tree for independent undetected and detected failures 58 9.4.4 Final event rate at a giv
13、en initial state owing to independent failures . 58 9.4.5 Recognised states at each part 59 PD IEC/TR 63039:2016IEC TR 63039:2016 IEC 2016 3 9.4.6 Recognised (group) states and final states for the overall system 60 9.5 Common cause failures between protection layers and complexity of a system 61 9.
14、6 Summary and remarks 61 Annex A (informative) Risk owing to fault recognised only by demand . 62 A.1 Demand, detection and failure logic . 62 A.2 Final event rate at a given initial state 64 A.3 Comparison between new and conventional analyses 65 A.4 Further development . 67 A.5 Summary and remarks
15、 68 Annex B (informative) Application to functional safety . 69 B.1 Risk-based target failure measures in functional safety 69 B.2 Safe/dangerous system states and failures 70 B.3 Complexity of safety-related systems . 72 B.4 Comparison between conventional and new analyses 73 B.5 Splitting up mode
16、of operation . 74 B.6 Tolerable hazardous/harmful event rate and residual risk . 75 B.7 Procedure for determining the safety integrity level (SIL) of an item . 75 B.8 Summary and remarks 76 Bibliography . 77 Figure 1 Antecedent state, final event, final state and renewal event . 18 Figure 2 Time to
17、final event (TTFE) and time to renewal event (TTRE) 19 Figure 3 State transition models with various final states 21 Figure 4 Procedure for analysis of repeatable/unrepeatable final events . 24 Figure 5 FT for an unrepeatable final event resulting in an unrenewable final state 31 Figure 6 State tran
18、sition model resulting in an unrenewable final state 32 Figure 7 FT for an unrepeatable final event resulting in a renewable final state . 35 Figure 8 State transitions resulting in a renewable final state 35 Figure 9 FT for unintended inflation of an airbag due to failure of control . 38 Figure 10
19、State transition model of unintended inflation of an airbag . 39 Figure 11 Event tree of a demand source, int. PL and FPL for a risk . 44 Figure 12 Failure of int. PL independent of event sequence 46 Figure 13 FT for failure of int. PL through sequential failure logic 49 Figure 14 FT for an unrepeat
20、able final event at initial state (0,0) . 53 Figure 15 State transition model for an unrepeatable final event at initial state (0,0) 53 Figure 16 FT for an unrepeatable final event for recognised state (0,1) . 54 Figure 17 State transition model for recognised state (0,1) 54 Figure 18 FT for an unre
21、peatable final event for recognised group state G1 55 Figure 19 State transition model for recognised group state G1. 56 Figure 20 RBD of FPL arranged in a 1-out-of-2 architecture system 57 Figure 21 RBD of the independent parts of Ch 1 and Ch 2 57 Figure 22 RBD equivalent to that in Figure 21 . 58
22、Figure 23 FT for UD failure of Ch 1, D failure of Ch 2 and demand 58 Figure 24 State transitions due to UD failure of Ch 1, D failure of Ch 2 and demand 59 PD IEC/TR 63039:2016 4 IEC TR 63039:2016 IEC 2016 Figure A.1 Reliability bock diagram with independent and common cause failures . 62 Figure A.2
23、 Fault tree of unrepeatable final event due to DU failures 63 Figure A.3 State transition model for unrepeatable final event caused by DU failures 64 Figure A.4 Comparison between analyses of r( M ) and . 67 Figure B.1 Comparison between conventional and new analyses 74 Table 1 Events and associated
24、 risks . 9 Table 2 Symbols newly introduced for event tree and fault tree analyses . 25 Table 3 Symbols and graphical representation for a repeatable (final) event 26 Table 4 Symbols and graphical representation for a renewable final state . 27 Table 5 Symbols and graphical representation for an unr
25、enewable final state 29 Table 6 Symbols and graphical representation for the FER at recognised state 3 41 Table 7 Symbols and graphical representation for FER at recognised group state G 42 Table B.1 Relationship between failure modes, hazards, and safe/dangerous failures 72 Table B.2 Safety integri
26、ty levels (SILs) in IEC 61508 (all parts) . 76 PD IEC/TR 63039:2016IEC TR 63039:2016 IEC 2016 5 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ PROBABILISTIC RISK ANALYSIS OF TECHNOLOGICAL SYSTEMS ESTIMATION OF FINAL EVENT RATE AT A GIVEN INITIAL STATE FOREWORD 1) The International Electrotechnical Comm
27、ission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
28、in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee
29、interested in the subject dealt with may participate in this preparatory work. International, governmental and non- governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accorda
30、nce with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all inter
31、ested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsi
32、ble for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence b
33、etween any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of
34、 conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
35、 members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publicat
36、ion or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publicat
37、ion may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical committees is to prepare International Standards. However, a technical committee may propose the publication of a Technical Report when it has coll
38、ected data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC TR 63039, which is a Technical Report, has been prepared by IEC technical committee 56: Dependability. The text of this Technical Report is based on the following do
39、cuments: Enquiry draft Report on voting 56/1655/DTR 56/1684/RVC Full information on the voting for the approval of this Technical Report can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. PD IEC/TR 6
40、3039:2016 6 IEC TR 63039:2016 IEC 2016 The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC website under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be reco
41、nfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a later date. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours which are considered to be useful for the correct understand
42、ing of its contents. Users should therefore print this document using a colour printer. PD IEC/TR 63039:2016IEC TR 63039:2016 IEC 2016 7 INTRODUCTION This document defines the basic properties of events from the perspective of probabilistic risk analysis and use of dependability-related techniques f
43、or the analysis of occurrence of the final event that results in a final state in which the final consequences of a risk may appear (see 3.1.1, 3.1.10 and 3.1.17). Techniques that are applied to risk analysis such as checklists, what-if/analysis, hazard and operability (HAZOP) studies, event tree an
44、alysis (ETA), fault tree analysis (FTA), were originated in the field of system safety and have been highly developed by bringing those fields of dependability and system safety into connection for many years 1114173435 36 1 . The analytical techniques described in IEC 61025, IEC 61165 and IEC 62502
45、 are well defined and systematised for dependability analysis. However it should be considered that there are significant differences between the dependability and probabilistic risk analyses. Firstly, states of an item such as the up, down, operating and non-operating states as well as those events
46、 of failure and restoration are usually brought into focus in the dependability analysis 57. The probabilistic risk analysis is often concerned with not only those aspects of the states and events related to the down and up but also states of demand and non- demand, and initial, intermediate and fin
47、al states, as well as such additional events as demand, completion, final and renewal events (see 3.1.3, 3.1.8, 3.1.10, 3.1.11, 3.1.17 and 3.1.20). Secondly, types of the final event should be considered for the probabilistic risk analysis because systemic dependencies between items are often domina
48、nt over the occurrence of the final event. Namely, the final events are categorised into the repeatable and unrepeatable from the perspective of probabilistic risk analysis (see 3.1.18 and 3.1.19). In addition the sequence of occurrences of events should be taken into account because the event seque
49、nce often dominates the occurrence of the final event (see 7.2, 9.2, 9.3 and 9.4). The quantitative measures targeted by the dependability analysis are mainly the failure rate, failure frequency, repair rate, reliability, availability and maintainability, etc. of an item. Not only those target measures but also additional measures such as rates and frequency of those events of demand, completion and renewal, as well as risk
