64                           Andrea Colini 系統保證歐規與美規之介紹





                 Safety Integrity Levels give estimation of system’s integrity against systematic failure while

            Failure Rates are related to Random failures and addressed in the RAM process. Both are linked
            as shown in the previous table and allow to give adequate set of methods and tools to the relative

            functions.









































                               Figure 3cSafety Integrity Level (SIL) and failure Rates (FR)

                 Following SILs definition, an Hazard and risk analyses and classification is employed to

            identify adequate lower-level SIL’s to subsystems and/or safety functions. The methodology used

            to apportion SIL’s to safety functions/sub-systems is derived from the CENELEC standards and has

            been performed according to the following steps:
                 a. Functional Analysis of the overall Metro to identify all safety related functions.

                 b. Identification of the required level of safety/SIL assignment to safety related functions.

                 c. Assignment of each safety related function to safety systems.

                 d. Identification, where applicable, of external risk reduction facilities.
            Figure 4 shows the flow of activities aiming to define Safety Integrity Level.

                 h The process starts with the identification of Hazard Risks and their respective Tolerable

                    Hazard rates (THR).

                 h In a first phase of the causal analysis the tolerable hazard rate (THR) for each hazard is