Appendix A (Normative Appendix) E e PE Safety-related Systems Techniques and Measures 1 Failure Control in Operation
a.1 Overview
This Addendum shall be the same as 74. Used together. It limits the maximum diagnostic coverage of the relevant technologies and measures declared. For each safety integrity level, this appendix recommends techniques and measures for controlling random hardware, systemic, environmental, and operational failures. More information on the architecture and measures can be found in GB T 20438Appendices B and GB T 6 of 2017-20438Appendix A of 7-2017.
It is not possible to list each individual actual cause of failure in complex hardware because of the following two main reasons:
The causal relationship between failure and failure is often difficult to determine
When complex hardware and software are used, the focus of failure shifts from random to systematic.
e e pe failure of safety-related systems can be classified according to the start time as:
Failures caused by failures (e.g., software failures, including specification and program failures) that begin before or during system installation (e.g., software failures; hardware failures, including manufacturing failures and incorrect component selection);
Failures induced by failure or human error (e.g., random hardware failures, or failures caused by incorrect use) that begin after the system has been installed.
In order to avoid and control these failures, a large number of measures are usually required, and the requirements in Appendix A and Appendix B divide the measures into those used to avoid failures at different stages of the E PE safety life cycle (Appendix B) and those used to control failures during operation (Appendix A), which are intrinsic to the safety related systems of E PE.
Diagnostic coverage and safety failure scores are based on Table A1 and the protocol detailed in Appendix C. Table a2 Table a14 Support Table A1, recommended techniques and measures for diagnostic tests, and recommended the highest level of diagnostic coverage achievable when using these techniques and measures. These tables do not supersede any of the requirements of Appendix C. Table a2 Table a14 This is not exhaustive, but other techniques and measures may be used, as long as evidence is provided to support the claimed diagnostic coverage. Once high diagnostic coverage has been declared, at least one of the high diagnostic coverage techniques in each table should be applied.
Again, Table A15 Table a17 Techniques and measures for controlling system failures are recommended for each safety integrity level. Table a15 Holistic measures are recommended for control system failures (see GB T20438.)3)。Table a16 Measures are recommended for the control of environmental failures, Table A17 Measures are recommended for controlling operational failures. Most of the control measures can be compared to Table A18 for grading.
gb/t 20438.Appendix A of 7-2017 gives a description of all the technologies and measures in these tables. gb/t 20438.3 The software technologies and measures required for each security integrity level are given. gb/t 20438.Appendix B of 6-2017 gives guidance for determining the architectures of safety-related systems in E PE.
Compliance with the guidelines in this appendix alone does not guarantee the required security integrity. It is important to consider the following two points:
the consistency of the selected technologies and measures, and how complementary they are;
Which technologies and measures are most suitable for the specific problems encountered in the development of each specific E e PE safety-related system.