Design of a system with a higher safety integrity level out of components with an insufficient safety integrity level

Aim. Technical systems are becoming more and more complex. An increasing number of technical systems contains electronic equipment and software, thus their functional safety is of utmost importance. The safety integrity level is defined by a discrete number that characterizes the set of measures against random and systematic failures depending on the specified risk reduction requirements. The concept of safety integrity levels (SIL) was developed as part of various systems of standards. While the safety architecture of a system is considered, the main question arises: how systems with higher SIL are made out of components and subsystems with low SIL. The answer to that question will allow using existing and certified components in the development of systems with specified safety integrity levels, probably with higher SIL than the SIL of the components. Methods. The paper analyzes and compares the existing rules of system combination with safety integrity levels set forth in various functional safety standards, e.g. EN 50126/8/9, ISO 26262, IEC 61508, DEF-STAN-00-56, SIRF and the Yellow Book. Beside the tolerable failure rates, the system design requirements must make provisions for combining low SIL subsystems to make higher SIL systems. The widest set of methods is defined for SIL 4 compliance. However, this set of methods cannot be reworked for all possible systems into a simple rule for the combination of systems with lower SIL into systems with higher SIL. In general, the combination of systems into a serial structure will make a system with the safety integrity level equivalent to the lowest subsystem safety integrity level. Tentatively, we can assume that by combining two subsystems with the same safety integrity level we can create a system with a safety integrity level one step higher. Results. It is shown that the general SIL allocation rule established in the DEF-STAN-00-56, the Yellow Book or the SIRF standards cannot be recommended for all countries and any situations. Failure rate and/or observation intervals must be taken into consideration. Its is proven that general rules can only be given for subsystems connected in parallel and some SIL combinations (see e.g. the Yellow Book, SIRF). In each case common failures must be taken into consideration. The general rule may be as follows: in order to achieve system SIL one level higher than the initial level, two component subsystems with the SIL one level lower must be connected in parallel. Other system architectures must be thoroughly studied. 

1. DEF-STAN 0056 (1996) Safety management requirements for defence systems. Part 1: General requirements. Part 2: Guidelines. Issue 2, 13.2.1996.

2. EN 50126 – GOST R IEC 62278 Railway Applications. The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS); 2008.

3. EN 50128 – STB IEC 62279 Railway applications. Communication, signalling and processing systems. Software for railway control and protection systems; 2011.

4. EN 50129 – STB IEC 62425 Railway applications. Communication, signalling and processing systems. Safety related electronic systems for signalling; 2011.

5. Gräfling S, Schäbe H. The agri-motive safety performance integrity level – Or how do you call it? In: proceedings of the 11th International Probabilistic Safety Assessment and Management Conference and the Annual European Safety and Reliability Conference 2012. Helsinki (Finland): Curran Associates, Inc.; 2012. p. 6091-6100.

6. IEC 61508 (2010) Functional safety of electrical, electronic, programmable electronic safety-related systems. Parts 1-7; 2010.

7. Schäbe H. Definition of Safety Integrity Levels and the Influence Assumptions, Methods and Principles Used. In: Spitzer C, Schmocker U, Dang VN, editors. Proceedings of the International Conference on Probabilistic Safety Assessment and Management PSAM 7 / ESREL 2004. Berlin (Germany): Springer-Verlag London Ltd; 2004. p. 1020-1025.

8. Schäbe H, Jansen H. Computer architectures and safety integrity level apportionment. In: Sciutto G, editor. Safety and Security in Railway Engineering. WIT Press; 2010. p. 19-28.

9. SIRF (2011), Vehicle safety policy, version 1,1.6.2011.

10. Engineering Safety Management (The Yellow Book), Volumes 1 and 2. Fundamentals and Guidance, issue 4. 2007.

11. Note: the Yellow Book has been replaced with the CSMREA application guide.