![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0177.jpg)
The industry has conceived these “best practices” as a series of steps that must be performed before putting
one of these systems into operation (design, installation and commissioning). This paper will describe the two
areas:
·
Product Design and Implementation of the Commercial Off-the-Shelf (COTS) Product
·
Application Design
3.1. Reducing Common Cause Failures by Design
Traditionally or historically, Systems designed for SIS functions have relied on physical separation and
redundancy [4] to reduce common cause failures. The authors identified technology changes across multiple
generations of SIS over a period of 30 years. However over the same time frame the industry applied lessons
learned from incidents to develop best practices in design and implementation of systems, the international
industry standards used more often are IEC61508 and IEC61511 [5] (Figure 2).
3.2. Hardware Fault Tolerance (1
st
Generation SIS)
1
st
Generation systems rely on Hardware Fault Tolerance or redundancy to achieve reliability and availability as
required for these applications, this practice is rooted in the late 1970s and early 1980s technology. As the
majority of these systems were designed prior to the release of the Functional Safety standards, they do not
follow the best practices found with regards to design, documentation and testing found in those standards.
3.3. 2
nd
Generation Systems
As the standards became available (mid 1990s), vendors started to apply the design best practices and to
pursue certification to those standards. This generation of systems was produced having third party assessment
and certification but continued to rely on Hardware Fault Tolerance to satisfy the performance requirements.
The authors found that a large portion of the systems applied as SIS in the market today, although designed to
satisfy Functional safety standards haven’t change dramatically in their use of hardware fault tolerance and
basic software and hardware diagnostics.
3.4. Diverse Architecture and Implementation of a 3
rd
Generation Systems
A more recent and different type of system, uses diverse redundancy, diverse implementation and active
diagnostics [6] and can deliver not only reliability and availability required for the application while minimizing
common cause failures found by the use of the same technology but also introduce additional protection to
systematic failures normally related to human factors.
3.4.1 Hardware Design – Diverse Hardware
This newer generation of systems use diverse processing hardware (multiple technologies) such as diverse
operating systems and diverse hardware and diverse redundancy, both enhanced with diverse implementation
(different implementation teams).