| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 8<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 1 Scope <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 2 Normative references 3 Terms and definitions 4 Abbreviations <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 5 Safety process 5.1 Hourglass model for risk assessment and hazard control <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | Figure 1 \u2014 The Hourglass Model 5.2 A. Risk assessment 5.2.1 General <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 5.2.2 Conducting risk assessment 5.3 B. Outcome of the risk assessment 5.4 C. Hazard control <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | Figure 2 \u2014 Illustration of hazards with respect to the system boundary 5.5 D. Revision of risk assessment <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 5.6 Responsibilities 6 Safety demonstration and acceptance 6.1 Introduction 6.2 Safety demonstration and safety acceptance process <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | Figure 3 \u2014 Example of safety acceptance processes <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 6.3 Responsibility in managing the Safety Case 6.4 Modifications after safety acceptance 6.5 Dependencies between Safety Cases <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | Figure 4 \u2014 Examples of dependencies between safety cases 6.6 Relationship between safety cases and system architecture <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 7 Organisation and Independence of Roles 7.1 General 7.2 Early phases of the lifecycle (phases 1 to 4) <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | Figure 5 \u2014 Independence of Roles in the early phases (phases 1 to 4) of the lifecycle 7.3 Later phases of the lifecycle (starting from phase 5) <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | Figure 6 \u2014 Independence of Roles in later phases of the lifecycle (starting from phase 5) 7.4 Personnel Competence <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 8 Risk assessment 8.1 Introduction 8.2 Risk Analysis 8.2.1 General 8.2.2 The risk model <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | Figure 7 \u2014 An example of risk model <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | Table 1 \u2014 Examples of hazards <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 8.2.3 Techniques for the consequence analysis 8.2.4 Expert Judgement <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 8.3 Risk acceptance principles and risk evaluation 8.3.1 Use of Code of Practice 8.3.2 Use of a reference system <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 8.3.3 Use of Explicit Risk Estimation <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 8.4 Application of explicit risk estimation 8.4.1 Quantitative approach 8.4.1.1 General <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | Figure 8 \u2014 Tolerable rates in an example of risk model 8.4.1.2 Accident safety targets <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 8.4.1.3 Tolerable Hazard Rate (THR) 8.4.1.4 Responsibilities <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 8.4.2 Variability using quantitative risk estimates 8.4.2.1 General 8.4.2.2 \u201cWorst possible scenario\u201d <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 8.4.2.3 \u201cReasonable estimates\u201d 8.4.2.4 \u201cReasonable worst case\u201d 8.4.3 Qualitative and semi-quantitative approaches 9 Specification of System Safety Requirements 9.1 General <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 9.2 Safety requirements 9.3 Categorization of Safety Requirements 9.3.1 General <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | Figure 9 \u2014 requirements classification 9.3.2 Functional safety requirements <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 9.3.3 Technical safety requirements 9.3.4 Contextual safety requirements <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 10 Apportionment of functional Safety Integrity requirements 10.1 Introduction 10.2 Functional safety integrity for electronic systems 10.2.1 General 10.2.2 Apportioning safety requirements <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | Figure 10 \u2014 Apportionment of functional safety requirements <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 10.2.3 Safety Integrity Factors 10.2.4 Functional safety integrity and random failures 10.2.5 Systematic aspect of functional safety integrity 10.2.6 Balanced requirements controlling random and systematic failures <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Figure 11 \u2014 Categorisation of Safety Integrity measures 10.2.7 The SIL table <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | Table 2 \u2014 SIL quantitative and qualitative measures 10.2.8 SIL allocation 10.2.9 Apportionment of TFFR after SIL allocation 10.2.10 Demonstration of quantified targets <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 10.2.11 Requirements for Basic Integrity <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 10.2.12 Prevention of misuse of SILs 10.3 Safety Integrity for non-electronic systems \u2013 Application of CoP <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 11 Design and implementation 11.1 Introduction 11.2 Causal analysis <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 11.3 Hazard identification (refinement) 11.4 Common cause analysis <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | Figure 12 \u2014 Common Cause Failures (CCF) Figure 13 \u2014 Impact of functional dependence in a fault-tree analysis <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | Annex A (informative) ALARP, GAME, MEM A.1 ALARP, GAME, MEM as methods to define risk acceptance criteria Table A.1 \u2014 Overview of ALARP, GAME, MEM <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | A.2 ALARP (As Low As Reasonably Practicable) A.2.1 General <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | A.2.2 Tolerability and ALARP A.3 Globalement Au Moins Equivalent (GAME) principle A.3.1 Principle <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | A.3.2 Using GAME A.3.2.1 General A.3.2.2 Basic principles A.3.2.3 Using GAME to construct a qualitative safety argument A.3.2.4 GAME using quantitative risk targets <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | A.4 Minimum Endogenous Mortality MEM Figure A.1 \u2014 Differential risk aversion <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | Annex B (informative) Using failure and accident statistics to derive a THR <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | Annex C (informative) Guidance on SIL Allocation <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | Annex D (informative) Safety target apportionment methods D.1 Analysis of the system and methods D.2 Example of qualitative apportionment method D.2.1 General <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | Figure D.1 \u2014 Example of qualitative apportionment method D.2.2 Example of qualitative\/semi-quantitative method for barrier efficiency <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | Table D.1 \u2014 Efficiency based on the component\u2019s failures Table D.2 \u2014 Efficiency based on the component\u2019s knowledge Table D.3 \u2014 Efficiency based on the use of the component <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | Table D.4 \u2014 Efficiency based on the maintenance of the component D.3 Example of quantitative apportionment method D.3.1 Introduction <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | Figure D.2 \u2014 Interpretation of failure and repair times D.3.2 Functions with independent failure detection and negation mechanisms <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | Figure D.3 \u2014 Combination of two functions with independent failure detection and negation mechanism <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | Figure D.4 \u2014 Allocation of Safety Integrity requirements D.3.3 Function and independent barrier acting as failure detection and negation mechanism <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | Figure D.5 \u2014 Combination of Function and independent barrier acting as failure detection and negation mechanism D.3.4 Apportionment of a probability safety target <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | D.3.5 Apportionment of a \u201cper hour\u201d safety target Figure D.6 \u2014 Example of quantified apportionment <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | Annex E (informative) Common mistakes in quantification E.1 General E.2 Mixing failure rates with probabilities Figure E.1 <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | E.3 Using formulas out of their range of applicability <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | Annex F (informative) Techniques \/ methods for safety analysis Table F.1 \u2014 Techniques \/ Methods for safety analysis <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | Table F.2 \u2014 Techniques \/ Methods for BI and SILs <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | Annex G (informative) Key system safety roles and responsibilities Table G.1 \u2014 Role specification for Designer <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | Table G.2 \u2014 Role specification for Verifier Table G.3 \u2014 Role specification for Validator <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | Table G.4 \u2014 Role specification for Independent Safety Assessor <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | Table G.5 \u2014 Role specification for Project Manager <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" BS IEC 62278-2 Railway applications \u2014 Specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) – Part 2: Systems approach to safety<\/b><\/p>\n |