|
Common Cause Factor Estimator - Sensor/Final
Element
|
|
|
Item
|
Sensors
and final elements
|
Technique
|
|
|
XSF
|
YSF
|
Applied?
|
|
|
Separation
|
|
|
Are all signal cables for the channels routed separately at all
positions?
|
1
|
2
|
|
|
|
If the sensors/final elements have dedicated control
electronics, is the electronics for each channel on separate printed-circuit
boards?
|
2.5
|
1.5
|
|
|
|
If the sensors/final elements have dedicated control
electronics, is the electronics for each channel indoors and in separate
cabinets?
|
2.5
|
0.5
|
|
|
|
Diversity/Redundancy
|
|
|
Do the devices employ different physical principles for the
sensing elements, e.g., pressure and temperature, vane anemometer and Doppler
transducer, etc?
|
7.5
|
|
|
|
|
Do the devices employ different electrical principles/designs,
e.g., digital and analogue, different manufacturer (not re-badged) or
different technology?
|
5.5
|
|
|
|
|
Do the channels employ enhanced redundancy with MooN
architecture, where N > M + 2 ?
|
2
|
0.5
|
|
|
|
Do the channels employ enhanced redundancy with MooN
architecture, where N = M + 2 ?
|
1
|
0.5
|
|
|
|
Are separate test methods and people used for each channel
during commissioning?
|
1
|
1
|
|
|
|
Is maintenance on each channel carried out by different people
at different times?
|
2.5
|
|
|
|
|
Complexity/design/application/maturity/experience
|
|
|
Does cross-connection between channels preclude the exchange of
any information other than that used for diagnostic testing or voting
purposes?
|
0.5
|
0.5
|
|
|
|
Is the design based on techniques used in equipment that has
been used successfully in the field for > 5 years?
|
1
|
1
|
|
|
|
Is there more than 5 years experience with the same hardware
used in similar environments?
|
1.5
|
1.5
|
|
|
|
Are inputs and outputs protected from potential levels of
over-voltage and over-current?
|
1.5
|
0.5
|
|
|
|
Are all devices/components conservatively rated (for example, by
a factor of 2 or more)?
|
2
|
|
|
|
|
Assessment/analysis and feedback of data
|
|
|
Have the results of the FMEA or FTA been examined to establish
sources of CCF and have predetermined sources of CCF been eliminated by
design?
|
|
3
|
|
|
|
Were CC failures considered in design reviews with the results
fed back into the design? (Documentary evidence of the design review activity
is required.)
|
|
3
|
|
|
|
Are all field failures fully analysed with feedback into the
design? (Documentary evidence of the procedure is required.)
|
0.5
|
3.5
|
|
|
|
Procedures/human interface
|
|
|
Is there a written system of work to ensure that all component
failures (or degradations) are detected, the root causes established and
other similar items inspected for similar potential causes of failure?
|
0.5
|
1.5
|
|
|
|
Are procedures in place to ensure that: maintenance (including
adjustment or calibration) of any part of the independent channels is
staggered, and, in addition to the manual checks carried out following
maintenance, the diagnostic tests are allowed to run satisfactorily between
the completion of maintenance on one channel and the start of maintenance on
another?
|
2
|
1
|
|
|
|
Do the documented maintenance procedures specify that all parts
of redundant systems (for example, cables, etc.), intended to be independent
of each other, are not to be relocated?
|
0.5
|
0.5
|
|
|
|
Is all maintenance of printed-circuit boards, etc. carried out
off site at a qualified repair centre and have all the repaired items gone
through a full pre-installation testing?
|
0.5
|
1.5
|
|
|
|
Does the system diagnostic tests report failures to the level of
a field-replaceable module?
|
1
|
1
|
|
|
|
Competence/training/safety culture
|
|
|
Have designers been trained (with training documentation) to
understand the causes and consequences of common cause failures?
|
2
|
3
|
|
|
|
Have maintainers been trained (with training documentation) to
understand the causes and consequences of common cause failures?
|
0.5
|
4.5
|
|
|
|
Environmental control
|
|
|
Is personnel access limited (for example locked cabinets,
inaccessible position)?
|
0.5
|
2.5
|
|
|
|
Is the system likely to operate always within the range of
temperature, humidity, corrosion, dust, vibration, etc., over which it has
been tested, without the use of external environmental control?
|
3
|
1
|
|
|
|
Are all signal and power cables separate at all positions?
|
2
|
1
|
|
|
|
Environmental testing
|
|
|
Has the system been tested for immunity to all relevant
environmental influences (for example EMC, temperature, vibration, shock,
humidity) to an appropriate level as specified in recognised standards?
|
10
|
10
|
|
|
|
Results
|
|
|
|
Sensors and final elements
|
|
|
|
|
|
Beta
|
|
|
|
|
| |
|
|
|
|