Versions Compared

Old Version 4

changes.mady.by.user Unknown User (lundteig)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (lundteig)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A collection of formulas is updated after each lectureduring the semester. This collection may be brought to the exam.

...

Introduction to
applicable
software tools:
Maple
(GRIF software for solving PetriNets will be covered by Yiliu Liu later in relation to his lectures). 
  • Problems Chapter 1: 2,5,8,9
    • Problems Chapter 2: 1, 11, 12, 19Problems chapter 2: 21, 22, NEW (on
    risk graph calibration)
    WeekDate

     

    Subject
    area

    		Lectured topicsMotivationLecturerTutorials
    3419 & 20.8All

    1st hour:

    • Introduction to the course
    • Organization of student groups
      (3 persons per group) 

    2nd-3rd hours

    • Introduction to two case studies
    • Group work and summary in
      plenum

    Inform the students about the course objectives, intended learning outcomes, and practicalities.

    • Give a more thorough introduction to two systems (A SIS and a windmill) where the lectured models and methods
      may be applicable.
    • Explain and discuss the technologies involved, with focus on attributes like
      reliability, availability, maintenance, and safety
    • Group work and summary in plenum

    Mary Ann

    and Jørn

    3526.-27.81

    Safety-critical systems:
    Key concepts and
    requirements

    (Textbook: chapter 2,3, and 7) 

    IEC 61508 is a key standard on design of safety-critical systems, when the technology used include electrical,
    electronic, and programmable electronic systems. Many authority regulations Petroleum, railway, nuclear,
    automotive, etc) refer to this standard, or standards that are under the "umbrella" of this standard.
    The standard introduces several key concepts including equipment under control (EUC), safety integrity level (SIL),
    safety lifecycle, functional safety, risk reduction factor, and many more.  Safety design principles, such as
    fail-safe design and architectural constraints, are also discussed.

    		Mary Ann

    See http://www.ntnu.edu/web/ross/books/sis/problems

    362.-3.91

    Safety-critical systems:
    Development of SIL
    requirements

    (chapter 2, plus supplemented material:
    IEC 61511-3) 

    		The mentioned IEC standard(s) require a structured process for defining SIL requirements. Methods like layers of protection
    analysis (LOPA) and risk graph are often used for this purpose. Risk graph is used with many applications, such as for
    machinery and process industry, whereas LOPA is mainly used in the process industry. In the oil and gas industry,
    for example, it is common to have LOPA-sessions/workshops in an early planning of new systems. A special case of defining
    SIL requirements is the minimum SIL, advocated in a Norwegian guideline for offshore oil and gas facility, Norsk Olje og Gass
    guideline 070. This approach builds on principles called GALE or GAMAB.     		Mary Ann

    See http://www.ntnu.edu/web/ross/books/sis/problems

    37    		9.-10.91Safety-critical systems:
    Quantification of reliability
    for systems operating
    on demand - Extending the
    simplified formulas
    (Textbook chapter 8) 

    Students that take this course are familiar with simplified formulas for calculating the average probability of failure on demand (PFD).
    The deriving of these formulas is not repeated here, but extensions are discussed, including:

    • IEC 61508-6 formulas
    • PDS method
    • if time: Fault tree analysis (compensating for the Schwartz' inequality)
    		Mary Ann
    • A SIL verification of a 1oo2 and a 1oo3 system: Comparing the results when using different approaches.
    3816.-17.91

    Safety-critical systems:
    Quantification of reliability
    for systems operating
    on demand - introducing
    PetriNets 

    (Textbook chapter 5 and 8)

    PetriNets is an alternative approach for calculating the the the average probability of failure on demand (PFD).
    PetriNets have not been much used for this particular purpose, but the approach is widely used in many
    other application areas such as the modeling of communication and software. In our context,
    PetriNets have got increased attention as the newest version of IEC 61508 and a new technical guideline published by ISO, the
    ISO/TR 12489) mention and give application examples.  

    Yiliu

    (Mary Ann
    at ESREL) 

    Selected

    problems3923.-24.91Safety-critical systems: Modeling
    Quantification of CCFs and determining
    of the value of the beta
    factor.reliability
    for systems operating in the high
    demand mode
    (Textbook chapter 109

    Common cause failures (CCFs) are often the main contributor to the probability of failure for redundant systems. The students
    are already familiar with the beta factor model, and this model is therefore not lectured here. The focus in this lecture
    will be on:

    • Main attributes of CCFs, including root causes and coupling factors
    • The multiple-beta factor model and its application with e.g. the PDS method.
    • Methods used to determine the value of beta (checklists and similar)
    		Mary AnnNot all safety-critical systems operate on demand. For example, many machinery safety functions
    are always or so often demanded that the PFD is no longer a useful reliability measure. Another
    example is railway signaling systems controlling the setting of light signals and position of
    rails switches. In this case, another reliability measure is suggested in standards like IEC 61508,
    called failure frequency (PFH). This lecture explains how the PFH is calculated for typical
    system architectures. 

    (Guest lecture was added here)     		Mary AnnProblems chapter 10: 3 (excluding c)), NEW PROBLEM: Application of the Humphrey's method for determining beta.
    4030.9-1.101Safety-critical systems

    Continue high-demand systems

    Choice of reliability data

    		Mary Ann
    417.-8.101Safety-critical systems:
    Quantification of reliability
    for systems operating on
    demand with
    focus on partial and imperfect
    testing
    (Textbook chapter 11)     		It is not always realistic that the proof tests and the associated repair actions are "perfect", meaning
    that the system is restored to an as good as new state after each test. One reason may be that it
    is not safe to simulate a real "demand" (would you test fire detectors by putting fire to a room?).
    The simulated test (pressing a test-button) may not be so extensive, and some failures
    may be left undiscovered also after the test. Another reason may be that it is not desired to
    carry out a perfect test. Testing of valves, for example, require that the valve is operated
    from opened to closed position (or visa versa), but this may require a full stop of the plant.
    Instead, it may be suggested to replace some perfect tests with partial tests, so that the valve
    is just operated some %, and then returned to its initial position. This lecture focus on how to account
    for such factors in the quantification of PFD.     		Mary Ann
    • Selected
      problems
    		417.-8.101Safety-critical systems:
    Quantification of reliability
    for systems operating in the high
    demand mode
    (Textbook chapter 9) 
    Not all safety-critical systems operate on demand. For example, many machinery safety functions
    are always or so often demanded that the PFD is no longer a useful reliability measure. Another
    example is railway signaling systems controlling the setting of light signals and position of
    rails switches. In this case, another reliability measure is suggested in standards like IEC 61508,
    called failure frequency (PFH). This lecture explains how the PFH is calculated for typical
    system architectures.     		Mary Ann
    • Selected
      problems
    		4214.-15.101Safety-critical systems:
    Quantification of spurious trips
    (Textbook chapter 10) 

    A fail-safe design of a safety-critical system favors a transition to the safe state, which in most
    cases is to stop the system being protected. For example, a failure in a railway
    signaling system will usually result in a stop of all train traffic, while waiting on an investigation
    of why the failure occurred. So, often the result is "the more safe, the more disturbances caused by
    the system. It is therefore of interest to also quantify what we refer to as the spurious trip rate,
    to ensure that this rate is balanced against the PFD or PFH. This lecture presents primarily the
    analytical formulas for quantifying PFHspurious trip rate

    		Mary Ann
    • Selected
      problems
    4321-22.102Spare-part optimizationSpare parts may be costly to have on the stock, but at the same time it is costly not to have a spare part available
    when it is needed. This topic concern how to calculate the probability of running out of spares, using simple formulas
    and Markov analyses. The use of PetriNets for this purpose is also shown. This topic may not be some relevant for very 
    specialized systems, where it is not possible to acquire a spare within short time. For a manufacturer that develops
    products, such as sensors, in a large scale to e.g. the oil and gas industry, it may be relevant to find the optimal number
    of spare parts for warranty and repair services. 

    Yiliu

    		 
    4427&28.102Maintenance interval optimization and related issues

    The main objective of the lectures on maintenance interval optimization is to understand a set of classical mathematical models for maintenance interval optimization. In the introduction course in maintenance four failure models were introduced, (i) gradual failure progression, (ii) fast failure progression, (iii) non-observable failure progression and (iv) shock type failures. For all four situations the standard cost function to minimize will be developed. Essential in the modelling is the understanding of the effective failure rate¸ and how to calculate it given reliability parameters like MTTF, aging parameter, PF-interval and so on.

    In this lecture the classical age, block, and minimal repair policies are introduced as a motivation for the modelling. Next we discuss how these models align to the general modelling framework, and the concept of effective failure rate.

    Special emphasise will be paid on the calculation of the effective failure rate in various situations. This involves use of renewal theory, use of the law of total probability, and Markov methods.

    		JørnSelected problems from http://frigg.ivt.ntnu.no/ross/elearning/maintop/exercises/
    454&5.112Maintenance interval optimization and related issues (continued)The second lecture on interval optimization completes the presentation of the four failure models introduced. In the standard cost functions the cost of preventive maintenance is fixed, and not influenced by other tasks. In reality preventive maintenance cost could be reduced by coordination of various maintenance tasks. Models for maintenance grouping are introduced to formulate the optimization problem in such situations. A distinction is made between static and dynamic grouping. The optimization problem now deals both with forming the groups, and determining when to execute each group of activity. Some heuristics are introduced for selected situations.JørnSelected problems from http://frigg.ivt.ntnu.no/ross/elearning/maintop/exercises/
    4611&12.112Degradation modeling and condition based maintenance

    This lecture is an introduction to condition based maintenance, that is to say maintenance which is based on a degradation indicator of the system. It mainly concerns preventive maintenance actions which are triggered before failure, in order to avoid failure costs. This kind of maintenance actions are relevant when the failure cost is high compared with the maintenance costs and when at least one degradation indicator is available for the system. This lecture aims at i) giving an overview of useful tools to model degradation (especially continuous state space degradation, e.g. crack propagation), ii) showing how such models can be used for failures prognosis and condition based maintenance optimization.

     

    Anne

     

    47

    18.&19.11

    		N/AStudent presentations
    (also using tutorial hours)     		Summary lectureStudents get the possibility to reflect on the lectured
    topics and in particular to see how these are related to
    their specialization project, and how they may be
    applicable for their master project.      		Mary Ann
     4826.11 Summary (in tutorial hours, due
    to IPK traveling on 24-25.11)     		 Mary Ann