New series provides guidance on Common Cause Failure (CCF)


What is a common cause failure (CCF)? CCF is a term that has much more significance in the new AS 4024.1 series. A good description of CCF can be found from a very trusted reference...TV! If you have ever watched Air Crash Investigation then you may be familiar with the 'Swiss Cheese Model'.


From this Swiss cheese model, it can be seen that if the holes in the multiple layers of cheese line up then a single path through the layers can exist and thus the safety critical system has failed. CCF is an example of this occurring in machine safety systems. If we think of a dual channel system; a CCF would be both channels failing at the same time due to a common event, for example:
  • Two independent switches on a guard failing because the ambient temperature is above their rating
  • Two independent safety channels having erroneous signals induced on them from the same source of electromagnetic noise
  • Two mechanical switches on a guard fracturing due to the one impact event of that guard door
The above explanation shows how threatening common cause failure can be to a safety system. We will generally design machine safety systems with two channels when the risk of the application is high; this provides redundancy so the system can tolerate a fault on a single channel. However if the system hasn't been designed to avoid CCF, then there is a real chance that a certain event will defeat both channels and the system will fail.

For this reason, whether you are designing systems to categories (AS 4024.1501) or performance levels (AS 4024.1503) CCF should be a consideration for any multiple channel architecture. Unfortunately the previous version of AS 4024.1 didn't have any usable process to avoid CCF, however this has been rectified in the new version of the series released in 2014.

AS 4024.1503:2014 Annex F contains a test for common cause failure that can be used to determine if the safety system has been designed to avoid CCF to an acceptable level. I would recommend any machine safety system designed to architectures cat. 2, 3 or 4 should be analysed with the process from Annex F. This is the only usable guidance in the AS 4024.1 series for designing safety control systems to avoid CCF.

Other parts in the 2014 version of AS 4024.1 also provide guidance on designing to avoid CCF for common safety functions. For example, AS 4024.1602:2014 Clause 8.3, provides excellent guidance on how to prevent common cause failures in interlock guard functions.

This is an example of the improvements that have been made with the new 2014 version of AS 4024.1 series. We will be exploring some of the new features of AS 4024.1 in many of the safety blog topics this year. If you missed our last topic Safety Systems Must Be Designed For Productivity, be sure to to check it out as this topic explored how the 2014 version of AS 4024.1602 can help you design interlock guards that operators won't defeat.

Don't be a Robbo or Danny boy, protect yourself from common cause failure.


Posted by No comments:
Labels: , , , , , , , , , , , , ,
Location: Australia

Published: 12 February 2015

Subscribe to: Posts (Atom)