| Popis: |
In most cases, Model Based Safety Analysis (MBSA) of critical systems focuses only on the process and not on the control system of this process. For instance, to assess the dependability attributes of power plants, only a model (Fault Tree, Markov chain...) of the physical components of the plant (pumps, steam generator, turbine, alternator...) is used. In this paper, we claim that for repairable and/or phased-mission systems, not only the process but the whole closed-loop system Process/Control must be considered to perform a relevant MBSA. Indeed, a part of the control functions aims to handle the dynamical mechanisms that change the mission phase as well as manage repairs and redundancies in the process. Therefore, the achievement of these mechanisms depends on the functional/dysfunctional status of the control components, on which these functions are implemented. A qualitative or quantitative analysis method which considers both the process and the control provides consequently more realistic results by integrating the failures of the control components that may lead to the non-achievement of these mechanisms. This claim is exemplified on an industrial study case issued from a power plant. The system is modeled by a BDMP (Boolean logic Driven Markov Process), assuming first that the control components are faultless, i.e. only the faults in the process are considered, and afterwards that they may fail. The minimal cut sequences of the system are computed in both cases. The comparison of these two sets of minimal cut sequences shows the benefit of the second approach. |
