Information Technology Reference
In-Depth Information
6
Assignment of Frequencies to Accident Categories
In order to derive design targets for technical systems where functional failure
has direct consequences, mapping from the class ID to the tolerable frequen-
cies of the scenario is necessary. The generalisation from RAC-TS, which
corresponds to class ID E, to other severity classes, can be done by extrapo-
lation or by examples of design criteria for technical systems. In this context,
also effects such as risk aversion have to be taken into account.
In such a mapping, two fixed points exist: the tolerable hazard rate of
10
−
9
per operating hour per function of a technical system (from RAC-TS)
relates to class ID E and the assignment of a hazard rate of less than
10
−
5
to
class ID A, as it is generally accepted that, if an accident scenario does not
lead to injuries also no safety requirements should then be demanded from
the function of the technical system. Thus, an even decadal assignment of
rates to severity classes is not possible as the frequency bandwidth is at least
one order of magnitude too wide.
Now, risk aversion can be taken into account which means that more
severe safety requirements should be imposed on functions that may result
in more severe consequences. This means in this context that the spread of
the frequency bandwidth may be wider for lower severity and narrower for
higher severity. Thus, it is proposed to use a decadal proportion for the upper
severity classes and a more relaxed proportion for the lower severity classes
(see Table 6).
Tabl e 6 . Proposed risk matrix
HR A
B
C
D
E
10
−
5
/h
10
−
5
/h
>
intolerable
3
·
10
−
7
/h
10
−
8
/h tolerable
10
−
9
/h
RAC-TS
In practice, for the allocation of HR to hazards, only the diagonal of
the risk matrix is necessary, so it may also be represented as a risk table (see
Table 7). As a further plausibility check, the corresponding SIL is also stated.
However, it should be noted that this SIL would only apply if there were no
credible risk reduction factors or barriers at all, so that the accident would
directly occur whenever the hazard occurs.
7
Examples
In some cases, like =LGB from Table 2, RAC-TS is directly applicable. The
main hazard would be that the status of points would be determined wrongly
