Integrating RAMS engineering and management with the safety life cycle of IEC 61508

https://doi.org/10.1016/j.ress.2009.06.005Get rights and content

Abstract

This article outlines a new approach to reliability, availability, maintainability, and safety (RAMS) engineering and management. The new approach covers all phases of the new product development process and is aimed at producers of complex products like safety instrumented systems (SIS). The article discusses main RAMS requirements to a SIS and presents these requirements in a holistic perspective. The approach is based on a new life cycle model for product development and integrates this model into the safety life cycle of IEC 61508. A high integrity pressure protection system (HIPPS) for an offshore oil and gas application is used to illustrate the approach.

Introduction

Safety instrumented systems (SIS) are used in many industry sectors to reduce the risk to human lives, environment, and material assets. A SIS is installed to detect and respond to the onset of hazardous events by the use of electrical, electronic, or programmable electronic (E/E/PE) technology. In cars, the airbag systems and the anti-lock braking systems (ABS) are two examples of SIS applications. When a sensor detects that the car collides, the airbag is activated.The ABS prevents the wheels from locking during heavy braking, so that the driver can maintain control of the car. In the process industry, SISs are used to stop flow and isolate electrical equipment upon detected high pressures, high temperatures, fires, and gas leakages. One such SIS application is the high integrity pressure protection system (HIPPS) which is used to prevent over-pressure in vessels and pipelines.

Producers of SIS components and complete SIS applications must comply with a number of requirements, such as regulatory requirements, customer requirements, producer requirements, and technical requirements [14], [40]. Regulatory requirements prescribe what the SIS shall do and how well it must perform for a particular application. In addition, regulatory requirements may address product safety, that is, how the product must be designed to minimize risk to those designing, constructing, transporting, operating, and maintaining the product. Customer requirements may reflect many aspects of the regulatory requirements as it is in the interest of the customer to develop safe and reliable products. However, customers may add requirements for operational availability, maintainability, and maintenance support. Corporate requirements reflect the producer's own objectives, policy, and business goals. Technical requirements may be addressed in all the previous categories of requirements, or identified during the detailing of SIS design and development. Many of these requirements are related to the reliability, availability, maintainability, and safety (RAMS) aspects of the SIS.

For design and operation of SIS, many national authorities make reference to the IEC 61508 [21] and related standards, such as IEC 61511 [22] (process industry), IEC 62061 [24] (machinery control systems), IEC 61513 [23] (nuclear power plants), IEC 60601 [20] (medical equipment), and ISO/CD 26262 [30] (automotive systems). It is therefore important that the SIS producers follow key requirements from these standards in their product development.

IEC 61508 and related standards use the safety life cycle approach as framework for structuring SIS requirements. For SIS producers, it may be advantageous to use this framework as basis for their product development. Unfortunately, the standards are not very detailed about the product development phases as seen from the producer's perspective. In addition, producers must have a holistic approach to the specification and adoption of RAMS requirements that go beyond the scope of IEC 61508 and related standards, so that also customer requirements, corporate requirements, and technical requirements are sufficiently accounted for.

Many authors address product development models and product development challenges [44], [3], [38], [31], [7], [16], [17], [40]. Product development may be viewed from different angles; producer perspective, consumer perspective, or a combination of the two. Unfortunately, none of the models have a holistic approach to the specification and adoption of RAMS requirements, which is an important aspect of SIS development. Papadopoulos & McDermid [44] compare three safety standards, including IEC 61508, and specify a new safety process for system development which fit into the framework of the standards. However, maintainability, availability, and product safety are not discussed. The product development model proposed by Jackson et al. [31], addresses reliability, availability, and maintainability, but has limited focus on safety related requirements. Murthy et al. [40] suggest a life cycle framework for decision making regarding product reliability, and indicate that the model may be suited for a large range of applications, including SIS development.

The main incentive for writing this article is that the product development model in IEC 61508 and related standards can benefit from being structured according to the model of Murthy et al. [40]. The article illustrates how these two models can be integrated for product development, and suggests how producers may take RAMS into account during their product development. To illustrate the application of the new model, we describe the design and development of a HIPPS.

The HIPPS is an example of a custom-built product that is used in the oil and gas industry. Custom-built products are products manufactured to a specific request from a customer, and include specialized defense and industrial products [40]. Another category is standard products. Standard products are manufactured in anticipation of a subsequent demand. Standard products include all non-durable (short life) products and durable (long life) products and most commercial and industrial products. This may be a new version of a programmable logic controller or a new type of pressure transmitter. Standard products and custom-built products may be produced in small or large quantities. A HIPPS is usually tailor-made for one particular target application, for example a subsea oil and gas installation.

The first part of the article discusses important concepts regarding RAMS engineering and management and SIS, before presenting the safety life cycle of IEC 61508. The main part of the article describes the model of Murthy et al. [40] and important RAMS activities when developing SISs. The article concludes that the development process of SISs can benefit from implementing the model of Murthy et al. [40], because it represents a holistic and structured approach focussing on RAMS performance, rather than safety alone as in IEC 61508.

Section snippets

RAMS requirements

Good product quality influences business success through satisfied customers, improved market share, and higher productivity [4]. For producers of SISs or SIS components, the most important dimensions of product quality are reliability, availability, safety, and maintainability. A producer must therefore identify and ensure proper adoption of all relevant RAMS requirements.

We may split RAMS requirements into the following four categories, as illustrated in Fig. 1:

  • (1)

    Functional safety and safety

Product development from the producers’ perspective

SIS producers must align their product development with IEC 61508 and related standards. SIS applications, such as the HIPPS, are often based on the integration of IEC 61508 compliant or proven-in-use components. Then, the design, construction, and operation may follow the requirements in IEC 61511, rather than IEC 61508. Compliance to IEC 61508 means that the manufacturer has obtained some verification or certification of their product for use with a certain SIL. The customer has to document

Integrating product development model with IEC 61508

So far, the article has discussed general challenges when developing a SIS. In the following, we demonstrate how the product development model of Murthy et al. [40] may be used, taking into account RAMS aspects and the main requirements for product development in IEC 61508. To illustrate this implementation, we use the development of a HIPPS as an example. A HIPPS may be implemented in several ways, see for example [2], [34], [51].

A HIPPS is a custom-built product, where the main functionality

Concluding remarks

In this article we have integrated RAMS aspects into the model of Murthy et al. [40], and argued that the approach fits into the framework of the safety life cycle of IEC 61508 [21]. The safety life cycle covers the development of a SIS, including all phases from “cradle to grave”, but the model is not very detailed when it comes to the product development stages. A holistic approach to RAMS requirements is lacking in the standard, but provided by the model presented in this article. Our

Further work

The focus in this article is mostly on custom-built products, like the HIPPS, but it would be useful to describe how the model could be applied in a development process of a standard product for safety applications, for example a pressure transmitter. Originally, the model was developed to help producers’ specify reliability performance of a product. However, whether the model may be suitable for improving the RAMS performance from a customer's perspective, should be further exploited.

Acknowledgments

We would like to thank the anonymous reviewers of this article for well-considered and useful inputs and comments.

References (52)

  • Bak L, Sirevaag R, Stokke H. Experience with the HPHT subsea HIPPS on Kristin. In: Deep offshore technology—conference...
  • B. Bergman et al.

    Quality: from customer needs to customer satisfaction

    (1994)
  • B.S. Blanchard et al.

    Systems engineering and analysis

    (1998)
  • A.C. Brombacher

    Maturity index on reliability: covering non-technical aspects of IEC 61508 reliability certification

    Reliability Engineering and System Safety

    (1999)
  • H. den Ouden et al.

    Quality and reliability problems from a consumer's perspective: an increasing problem overlooked by businesses?

    Quality and Reliability Engineering International

    (2006)
  • Dhudsia V. Guidelines for equipment reliability. Technical report, SEMATECH;...
  • DNV RP A203. Qualification procedures for new technology. Det Norske Veritas (DNV);...
  • European Commission. Directive 94/9/EC of the European Parliament and of the Council of 23 March 1994 on the...
  • European Commission. Directive 1999/92/EC of the European Parliament and of the Council of 16 December 1999 on minimum...
  • European Commission. Directive 2001/95/EC of 3 December 2001 on general product safety. Brussels, Belgium: European...
  • European Commission. Directive 2004/108/EC of the European Parliament and of the Council of 15 March 2004 on the...
  • J.K. Gershenson et al.

    A taxonomy for design requirements from corporate customers

    Research in Engineering Design

    (1999)
  • D.I. Gertman et al.

    Human reliability and safety analysis data handbook

    (1993)
  • J.O. Grady

    System requirements analysis

    (2006)
  • J.O. Grady

    System verification

    (2007)
  • IEC 61160. Design review. Geneva: International Electrotechnical Commission;...
  • Cited by (32)

    • Reliability, Availability, Maintainability (RAM) study, on reciprocating compressors API 618

      2017, Petroleum
      Citation Excerpt :

      Herder at al. (2008) [6] described the feasibility and prerequisites for implementing RAM simulation modelling in industrial practice, by means of developing, implementing and using a RAM simulation model for the GE Plastics Lexan® plant in Bergen op Zoom, The Netherlands. Lundteigen et al. (2009) [7] in their paper outline a new approach to reliability, availability, maintainability, and safety (RAMS) engineering and management. The new approach covers all phases of the new product development process and is aimed at producers of complex products like safety instrumented systems (SIS).

    • An evaluation approach using a HARA and FMEDA for the hardware SIL

      2013, Journal of Loss Prevention in the Process Industries
      Citation Excerpt :

      This approach covers all phases of development for a new product and is aimed at producers of complex systems, which might use SIS. A case study using HIPPS is reported by Lundteigen et al. (2009), and a number of studies have conducted risk assessment and analysis to derive safety requirements, including a proposed risk priority number (RPN) methodology, which adds ordered weighted geometric averaging (OWGA) and decision-making trial and evaluation laboratory (DEMATEL) methodology (Chang, 2009). Vernez and Vuillea (2009) applied an integrated approach, based on a classical failure mode effect and criticality analysis (FMECA), to a railway signalling system.

    • Formal Management-Specifying Approach for Model-Based Safety Assessment

      2023, Journal of Systems Engineering and Electronics
    • A RAM extension to enhance ship planned maintenance system

      2023, Australian Journal of Maritime and Ocean Affairs
    View all citing articles on Scopus
    View full text