Functional Safety Suite 7.0
User’s Guide

Meaning

An event related to an →element. The basic events of a Markov model form the →edges, the basic events of a reliability block diagram are the →blocks, the basic events of an event tree are the →cases (of a →condition).

The common cause factor of an occurrence rate or probability.

In a fault tree: The part of the tree that is below the event including the event itself (including the special case that the event is a basic event and therefore the branch is just the basic event).

The representation of a basic event or a reference in a reliability block diagram.

The representation of a basic event in an event tree. This is one out of one or multiple values that a →condition can take. Each case can be true or false, defined by a probability (typically an →unavailability).

A technical unit that can have several failure modes.

In an event tree: A constraint that can take at least two →cases.

A basic event that is characterized by a probability (typically an unavailability), but no occurrence rate.

duty cycle

In an event tree: The final state that can be reached in case of a hazard, characterized by its severity.

The representation of a basic event in a Markov model.

Any →component, human behavior or environmental condition that influences the behavior of the system with respect to the →top event.

Equipment under Control, see definition in [EN 61508].

A situation or a state that can occur related to an element, system or sub-system.

The →unreliability.

Fault tree

Fault tree analysis

The probabilistic model that describes the occurrence or existence of a basic event. It is stored in a library and thus can be used in multiple models.

A possible damage, defined within one event tree, saved in the .etf file.

The occurrence rate (also: occurrence frequency) with unit 1/h. If h belongs to an event describing a failure, it is called (conditional) ‘failure frequency’ or (conditional) ‘failure intensity’ (CFI).

Mean repair time. If the overall system (i. e. the “EUC” in terms of [EN 61508]) is taken out of service immediately after detection of a failure, it is zero. If the overall system is still operated for a certain time (e. g. with only one channel instead of two) or if the overall system isn’t shut down at all, it is to be considered.

Mean time to detect. Necessary for all kinds of dormant failures.

Mean time to failure, and also the mean operation time between two failures.

Mean time to restoration. Includes the →MTTD and the →MRT.

Probability of Failure on Demand, see definition in [EN 61508]. It is identical to the (mean) →unavailability .

Probability of Failure per Hour, see definition in [EN 61508]. It is identical to the (mean) failure frequency, and thus the (mean) occurrence rate →.

Short for ‘Process Fault Tolerance Time’, i. e. the time period for which the process (→EUC) can be operated with wrong control actions before it gets out-of-control (“point of no return”).

Short for ‘Prime Implicant’, the equivalent of a minimal cut-set for incoherent fault trees. For coherent fault trees, the prime implicants are identical to the minimal cut-sets. Please see relevant literature for more information.

The →unavailability.

Reliability block diagram

In a Markov model: A state that a system can take.

A fault tree or a branch of a fault tree that is referred by a TRANSFER-IN gate in a (higher-level) fault tree. A sub-tree may contain references to lower-level sub-trees. Dividing a fault tree in several fault trees is useful, when a fault tree is too large to be displayed on one page, or if a branch of a tree is needed more than once.

The (mean) lifetime of the system in scope. Needed to calculate some values of complex components (see 10), for some basic event models (see 4), and as stop time for transient evaluation.

Tolerable Function Failure Rate, the result of a THR apportionment and thus the safety requirement for a high demand or continuous mode safety (sub-)function of a (sub-)system. Also called “Tolerable Probability of Failure per Hour” (TPFH).

Tolerable Hazard Rate, the result of a risk analysis for each identified hazard. If given in 1/h, it is mathematically the same as the →TPFH, but not each failure is a hazard.

The topmost gate of a fault tree, describing the (undesired) state that the system can enter due to the occurrence of one or several basic events.

Tolerable Probability of Failure on Demand, the result of a THR apportionment and thus the safety requirement for a low demand mode safety (sub-)function of a (sub-)system.

Tolerable Probability of Failure per Hour, the result of a THR apportionment and thus the safety requirement for a high demand or continuous mode safety (sub-)function of a (sub-)system. Also called “Tolerable Function Failure Rate” (TFFR).

The probability Q(t) that an →element or system wouldn’t perform as intended, when it would be needed at time t (“on demand”). For non-repairable systems, the unavailability Q(t) is identical to the unreliability F(t), and both are called “failure probability”. For repairable systems (modeled e. g. by basic events of type repairable or cyclic), unavailability Q(t) and unreliability F(t) are completely different values, since the unavailability becomes zero with each (complete) test or repair, whereas the unreliability increases monotonously.

The probability F(t₁,t₂) that an →element or system doesn’t perform as intended over a certain time interval t₁ …t₂. Usually t₁=0 is assumed, thus F(t₁,t₂) is shortened to F(t) with t being t₂-t₁=t.

The (unconditional) occurrence density considering restoration. In contrary to h it is unconditional with respect to whether the component is still available at time t. However it is not a ‘probability density’ (such as f(t)), since its integral over infinite time is greater than 1 in general. Its unit is 1/h.
Note: Up to version 3.3 of this program, the symbol w has been used for the conditional occurrence frequency, which is now named h in coherence with most literature.