Dealing adequately with technical uncertainties

Statistics, RAMS & Quality Management
Search this site:
Sitemap
Safety vs. Reliability
  Functional Safety: Introduction
  Safety vs. Reliability
  IEC 61508
  ISO 13849
  IEC 61508 vs. ISO 13849
 
  Conclusions

There is no distinct line between reliability and safety. Most systems must be both reliable and safe, however, the requirements going along with reliability and safety can be very different and - given fixed total cost cost - are usually mutually exclusive.
In theory, safe systems may be unreliable, while reliable systems may be unsafe. Nevertheless, systems can be designed in order to be both safe and reliable, but it is very rare that both requirements are equally important.


The following examples are intended for clarification

Example 1: Safe but unreliable
A smoke detector producing many false alarms. As long as potentially dangerous smoke is detected reliably, the smoke detector can be considered safe.
By producing many false alarms, the smoke detector is considered unreliable because it announces dangerous situations while in reality everything is safe.
The sensor element of this smoke detector may be too sensitive, and therefore a slight sensitivity reduction may improve reliability without affecting safety.

Example 2: Reliable, but unsafe
An old hedge trimmer. There is only one switch to operate the hedge trimmer. If pressed, the trimmer starts
immediately with full speed.
Due to its simplicity, the electrical part of such a hedge trimmer would be more reliable than those trimmers available today.
Today's hedge trimmers have at least two switches. Both switches must be activated in order to operate the trimmer, and the switch positions are such that you will need both hands in order to activate them. Additionally,
modern hedge trimmers have a soft start which inherently serves as an announcement function for the operator.
Beyond any reasonable doubt, these features make modern hedge trimmers safe. The downside effect is that, due to more electrical parts involved, modern trimmers are relatively unreliable.


Example 3: Reliable and safe
Railroad crossing, controlled by three independent and redundant controllers. Each controller would be able to handle the railway crossing on it's own. Under normal conditions, all three controllers yield identical outputs from input data. If one controller fails, there are still two controllers left in order to keep the railroad crossing in a safe state.
The operation philosophy is as follows:
This system is safe and reliable at the same time:
For highly safety relevant systems, the following (partially mutually exclusive) strategies are currently in use:
  1. Simplicity. Only switches and cabling, and probably some mechanical components. There is neither active electronics nor software. 
  2. Periodic diagnostic tests and proof tests. 
  3. Redundant and/or fault tolerant design (with or without diagnostics)
All three strategies are state of the art, with the first being the most important. The higher the required safety level, the more likely the safety related system being technologically simple (without active electronics and software). 
Technological complexity can be scaled as follows (simple first):
  1. Mechanics only
  2. Electro-mechanics (switches, cabling, relays)
  3. Passive electronics
  4. Active electronics
  5. Programmable logic (Firmware, not configurable by end user)
  6. Software (configurable by end user)
A good reason for simplicity is the fact that with increasing system complexity, both development effort and safety case become disproportionately high.
For example, there is a huge difference in the safety case whether or not a system has an integrated circuit.

While safety and reliability use the same methodological spectrum for quantitative analysis (MTBF calculation, FMEA, Fault Trees, Markov, statistical methods, finite elements, ...) ,there are significant differences on the qualitative side: 
While reliability relies mainly on failure rates and probabilities, safety requires even more. Apart from architectural constraints, it is mainly the requirements for the development process that makes the difference. Safe products need to be designed as such from the very beginning.
There is some similarity with ISO 9001: This quality management standard does not address quality explicitly, however, if the business processes are in line with ISO 9001, the resultant product or service is likely to be of good quality.

Next


Privacy Policy