Publications
-
A simplified MooN model for safety functions
Do engineers really need calculators to estimate probability of safety function failure?
-
MooN Safety Function Calculation Tool
The MoonSIF workbook can be used to evaluate performance of safety functions with any chosen ‘M out of N’ voting architecture with N up to and including 7.
-
MooN Safety Function Failure Probability Model
The purpose of this document is to explain the failure probability model used in the MoonSIF workbook
-
Architectural constraints and proven-in-use
How can manufacturers apply route 2H if they cannot usually obtain proven-in-use reliability data for the exact same version of the devices?
-
High Demand vs Low Demand
What is the difference between low demand, high demand and continuous modes of operation in automated safety functions?
-
Safety Function Performance Comparison Spreadsheet
This spreadsheet has exercises that reveal the simple truth about what matters in safety function performance.
-
Practical Application of Bayes’ Theorem for Functional Safety
This paper reviews how Bayesian techniques might be applied in practice for functional safety and describes simple techniques that can be useful
-
Dealing With Uncertainty
Typical levels of variability in safety function performance suggest that a factor of x3 should be applied as a design margin
-
The Myth of Proof Testing and Mission Time
There’s a story going around that we can make up for limited proof test coverage of automated safety functions by reducing device mission time. It’s a convincing story, but is (almost) totally wrong.
-
New Approach to SIL Verification
SIL verification calculations are meaningless if systematic failures are not actively and effectively controlled.
-
Prevent Preventable Failures
This paper discusses the reasons for the wide variability and uncertainty in measured failure rates. It draws conclusions on how failure rates and failure probability can be controlled in practice.
-
Reassessing Failure Rates
Failure probability calculations are based on the assumption that failure rates are fixed and constant. That assumption is completely invalid, but the calculations are still useful.
-
Failure Probability of Composite SIFs
In a safety instrumented system how should we calculate risk reduction for a set of safety functions that shares a common final element?
