 |
|
 |
|
|
The nomenclature for system structures describes the possible degradation behaviour after fault detection and fault localisation for the central processing units. Variations are possible due to different implementation possibilities. This table shall give a first guideline.
In the I/O area different degradation mechanisms are possible and implemented on the different systems.
| Fault-free system |
Degradation 1 |
Degradation 2 |
Degradation 3 |
System Structure |
|
2oo4 |
1oo2 |
1oo1* |
shutdown |
safety-related and fault tolerant
*with time restriction |
|
2oo4 |
1oo2 |
shutdown |
|
safety-related and fault tolerant |
|
1oo3 |
shutdown |
|
|
safety-related |
|
2oo3 |
1oo2 |
1oo1* |
shutdown |
safety-related and fault tolerant
*with time restriction |
|
2oo3 |
1oo2 |
shutdown |
|
safety-related and fault tolerant |
|
1oo2D |
1oo1D |
shutdown |
|
safety-related and fault tolerant
with time restriction |
|
1oo2 |
shutdown |
|
|
safety-related |
|
2oo2 |
1oo1 |
shutdown |
|
safety-related and fault tolerant |
|
1oo1 |
shutdown |
|
|
safety-related |
Part 4 of the IEC 61508 gives the defintion of
MooN : M out of N channel architecture (for example 1oo2 is 1 out of 2 architecture, where either of the two channels can perform the safety function)
MooND : M out of N channel architecture with diagnostic
|
|
|
 |
|
 |
Produkte und Systeme