The basic techniques used by ClearSy consultants to conduct safety analyses are: peliminary risk analysis (PRA), failure mode analysis of effect and criticality (AMDEC or FMAEC)…
The basic techniques used by ClearSy consultants to conduct safety analyses are:
> Preliminiary Risk Analysis (PRA)
> Failure Mode Aanalysi of Effect and Criticality (AMDEC or FMAEC)
> Analysis of Software Error Effects (ASEE)
> Fault Tree Analysis (FTA)
> Failure Combination Method
ClearSy consultants have contributed improvements to these well-know methods referred to as follows:
> Formal Failure Mode Analysis of Effects and Criticality (FFMAEC)
> Formal Fault Tree Analysis (FFTA)
Formal Failure Mode Analysis of Effects and Criticality
This approach presents at least three advantages:
> The analysis process is found within the system’s formal model and not the analyst’s mind. It can therefore be used again. It may be added to by taking into account ne failure modes and/or system changes.
> The level of confidence that can be attributed to this analysis process is much greater than that of an FMAEC, as each of the steps is the subject of proven reasoning, which requires an expression of operational hypotheses.
> The method does not simply consist in the examination of a simple failure and its consequences, but it is a true failure and effect combination method.
This system analysis method feature:
> The construction of a hierarchical formal model of the system in its nominal operational mode(s). This model follows the hierarchical division of the system into sub-systems and elements.
> The construction of this model is proven, in other words, under normal operations, the properties sought (specifically the safety properties), referred to in our jargon as invariants, are preserved.
> The intrusion of failures into the model occurs one after the other at the level of the system’s basic components and cause a breakdown to the formal coherence of the model (it can no longer be provable).
> The coherence of the model is restored by progressively incorporating the unwanted properties, in other words, the effects of the failure at all system levels (element, sub-systems and system).
> The result is a formal model of the system, with planned failures and the effects of these failures.