捷運技術半年刊 第43 期                                             63





            and the fail-safe concept. It then goes on to define a management process based on a system life

            cycle that has a total of 14 phases, from Concept to De-commissioning and Disposal, with detailed
            descriptions of the objectives, inputs, requirements, deliverables and verification of each phase. The

            system life cycle as defined in EN 50126 is shown in the typical V-shape curve.





































                                              Figure 2cCENELEC Phases


                 In defining and apportion System Requirements (phases 4 and 5) it was required, that the

            concept of Safety Integrity Levels (SIL’s) shall be used and that the overall SIL for the entire Metro

            shall be four. The relationship among SIL and Tolerable Hazard rate (THR) is described by the table
            below.


                                                   Table 2  SIL Levels
                                Tolerable Hazard Rate                Safety Integrity Level
                                       (THR)                                 (SIL)
                                 per hour and function


                                     -9
                                  10  ≤ THR < 10 -8                           4
                                  10  ≤ THR < 10 -7                           3
                                     -8
                                  10  ≤ THR < 10 -6                           2
                                     -7

                                     -6
                                  10  ≤ THR < 10 -5                           1