TUNE YOUR LOOP:  Questions to keep you sharp.

Tune Your Loop is a series of posts consisting of questions from ISA Training Courses.

1. How should a redundant system respond upon detection of a dangerous fault?

[ordered_list style=”lower-alpha”]
  1. Fail dangerously
  2. Shut down safely
  3. Continue operating with no time limit
  4. Continue operating as long as the fault is repaired within a specified time[/ordered_list]

2. The standard allows testing of systems either end-to-end or in parts. What are the pros and cons of testing in parts?

What are your answers before you read ahead?

1. How should a redundant system respond upon detection of a dangerous fault?

d. Continue operating as long as the fault is repaired within a specified time

 2. The standard allows testing of systems either end-to-end or in parts. What are the pros and cons of testing in parts?

Testing in parts is acceptable because different devices have different failure rates, failure modes and levels of diagnostics, therefore their performance varies widely. Less reliable and safe devices need to be tested more often. More reliable devices do not need to be tested as often (as long as the target performance is maintained), thereby saving money.

The drawback of testing in parts is that some interfaces might not get tested. There have been cases of individual devices all working when tested, but not working as a complete system.

From the ISA course EC54 Advanced Design and SIL Verification pre-instructional survey.

Pin It on Pinterest

Shares