Overview of a Complete Hardware Safety Integrity Verification According to IEC 61508 for the CERN Next Generation of Radiation Monitoring Safety System

In the framework of the in-house developed CERN Radiation Monitoring Electronic System (CROME), a reliability analysis is necessary to ensure compliance with the legal requirements regarding safety integrity, defined as Safety Integrity Level (SIL) 2 for the Safety Instrumented Functions (SIF) of the system. Given the high expectations for the reliability of the CROME system, its development process is supported by an extensive dependability study according to the IEC 61508 standard. This paper presents the verification of the hardware safety integrity and focuses on one possible approach using the CROME system as an example. The paper exposes the various steps needed to verify the hardware safety integrity, which includes the calculation of the Probability of dangerous Failure per Hour (PFH) and the evaluation of the architectural constraints by calculating the Safe Failure Fraction (SFF) as well as considering the Hardware Fault Tolerance (HFT) of the system. Following the presented approach, these calculations are based on a failure rate prediction with the FIDES standard, a Failure Modes, Effects and Diagnostic Analysis (FMEDA) and a Fault Tree Analysis (FTA). The results of the final CROME system qualification prototype (PQ) show that the hardware safety integrity complies with SIL 2 requirements.