CN114971367A - Method, system and terminal for identifying safety requirements of full-automatic operation system - Google Patents
Method, system and terminal for identifying safety requirements of full-automatic operation system Download PDFInfo
- Publication number
- CN114971367A CN114971367A CN202210672711.8A CN202210672711A CN114971367A CN 114971367 A CN114971367 A CN 114971367A CN 202210672711 A CN202210672711 A CN 202210672711A CN 114971367 A CN114971367 A CN 114971367A
- Authority
- CN
- China
- Prior art keywords
- safety
- automatic operation
- operation system
- full
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000006870 function Effects 0.000 claims abstract description 115
- 238000004458 analytical method Methods 0.000 claims abstract description 44
- 230000009467 reduction Effects 0.000 claims description 14
- 230000015556 catabolic process Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 238000006731 degradation reaction Methods 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 5
- 208000027418 Wounds and injury Diseases 0.000 claims description 4
- 230000006378 damage Effects 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 4
- 208000014674 injury Diseases 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 206010003497 Asphyxia Diseases 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000004880 explosion Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 231100000572 poisoning Toxicity 0.000 claims description 3
- 230000000607 poisoning effect Effects 0.000 claims description 3
- 230000005855 radiation Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 abstract description 3
- 238000001514 detection method Methods 0.000 description 26
- 239000000779 smoke Substances 0.000 description 17
- 239000000284 extract Substances 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 231100000817 safety factor Toxicity 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0631—Resource planning, allocation, distributing or scheduling for enterprises or organisations
- G06Q10/06315—Needs-based resource requirements planning or analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
- G06Q50/265—Personal security, identity or safety
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Marketing (AREA)
- Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Primary Health Care (AREA)
- General Health & Medical Sciences (AREA)
- Game Theory and Decision Science (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a method, a system and a terminal for analyzing safety requirements of a full-automatic operation system, wherein the method comprises the following steps: extracting functions required to be realized by the full-automatic operation system, and analyzing potential failure modes of the extracted functions and reasons for causing failures one by one; determining an accident which is possibly generated by the potential fault of the function and the severity of the accident, and determining the safety integrity level of the function according to the severity of the accident and whether a risk protection measure exists; the targeted functional safety requirements are set according to the cause of the fault. The invention analyzes all functions of the full-automatic operation system one by one and distributes functional safety requirements and safety integrity levels, and safety analysis personnel can identify the safety requirements of the full-automatic operation system only by simple information confirmation without complex logic judgment.
Description
Technical Field
The invention relates to the field of subway full-automatic operation systems, in particular to a method, a system and a terminal for identifying safety requirements of a full-automatic operation system.
Background
At present, the full-automatic operation of the urban rail transit in China is just started, and in order to meet the requirements of a full-automatic operation system on a GOA4(UTO) level, the full-automatic operation system needs to realize new functions of barrier detection, smoke and fire detection, derailment detection, emergency evacuation handle monitoring under the unattended condition, automatic linkage of each core subsystem after the condition occurs, and the like.
In a traditional CBTC (train control based communication) project, for a function which needs to be realized by combining a plurality of systems, an urban rail transit operation unit is realized from a technical perspective as an integrated party coordination interface. However, currently, when an integrator performs security analysis for some functions, a systematic analysis method is not formed, and in most cases, the system is performed in a special conference mode, and the participants perform security analysis according to past experience. Although the method collects the views of most people and forms an analysis conclusion which is commonly agreed by all parties, the analysis conclusion is often limited by the experience of the conference participants. For parts of very complex functions or new functions that have not been developed before, there may be situations where some key safety factors are not analyzed. In addition, the traditional CBTC project only has a relatively complete safety guarantee and safety assessment system for signal specialties, and other specialties (such as vehicles and platform doors) do not have too much knowledge and experience of safety guarantee, and may cause insufficient conclusion of safety analysis when cross-speciality combined safety analysis is performed.
The full-automatic operation system is a complex system consisting of a plurality of core subsystems such as a signal system, a vehicle, a platform door, comprehensive monitoring and the like. The full-automatic operation system does not need excessive participation of operators when operating under the working condition of GOA 4. In the past, some management measures for guaranteeing operation safety, which are made according to operation experience, of units in charge of urban rail transit operation may not be implemented, so that a full-automatic operation system is required to bear some safety responsibilities more, and the hazards generated in the full-automatic operation need to be completely identified in a system engineering mode, so that all the hazards are controlled to an acceptable degree.
Disclosure of Invention
The invention provides a method, a system and a terminal for identifying the safety requirement of a full-automatic operation system based on a system engineering theory in order to overcome the defects of the existing analysis method, the safety requirement of the full-automatic operation system can be identified without complex logic judgment of safety analysis personnel, and the problem that the safety analysis is not comprehensive enough due to excessive dependence on the experience of conference participants in the existing analysis method is solved.
In order to achieve the above object, the present invention provides a method for analyzing the safety requirement of a fully automatic operation system, comprising the following steps:
extracting functions required to be realized by the full-automatic operation system, and analyzing potential failure modes of the extracted functions and reasons for causing failures one by one;
determining an accident possibly generated by the potential fault of the function and the severity of the accident, and determining the safety integrity level of the function according to the severity of the accident and whether a risk protection measure is taken;
the targeted functional safety requirements are set according to the cause of the fault.
Further, functions to be implemented by the full-automatic operation system are extracted according to a scene description file, which describes each normal, fault and emergency scene in the full-automatic operation process from the perspective of the full-automatic operation system, including but not limited to: scene description, basic flow and functional requirement content.
Further, the method for extracting the functions to be implemented by the fully-automatic operation system according to the scene description file comprises the following steps: and automatically identifying and extracting functions needing to be analyzed through a function distribution field in the function requirement content in the scene description file.
Further, the extracted functions are analyzed based on the failure mode and the influence analysis method.
Further, the potential failure modes of the functions include: system non-output, system early output, system late output, system error output; the causes of the induced failure include: system failure and/or human error.
Further, the method for determining an accident that may be caused by a potential failure of a function includes: and judging according to the functional fault mode, and selecting one accident type from the accidents possibly occurring in the urban rail transit field which can be expected at present as a potential accident generated when the fault mode occurs.
Further, possible accidents in the urban rail transit field include: train collision, derailment, fire, flood, electric shock, explosion, high temperature, poisoning, abnormal radiation, passenger falling, clamping injury, suffocation.
Further, the method of determining the severity of an accident comprises: and determining the severity grade of the accident according to the casualty condition caused by the accident and the degree of influence on the environment.
Further, the method for determining the safety integrity level of the function comprises the following steps: an acceptable level of failure of the function is calculated based on the severity of the incident and a safety integrity level to be met by the functional safety requirements is calculated.
Further, the method for determining the safety integrity level of the function further includes: and selecting a risk reduction coefficient according to whether a risk protection measure exists currently to degrade the acceptable failure level of the function, and then re-evaluating the safety integrity level of the function.
Further, the safety integrity level is defined as four levels, and the acceptable failure levels (TFFR) of the corresponding functions are 10 respectively -6 ≤TFFR≤10 -5 、10 -7 ≤TFFR≤10 -6 、10 -8 ≤TFFR≤10 -7 、10 -9 ≤TFFR≤10 -8 (ii) a And determining the acceptable failure level of the function according to the corresponding relation between the acceptable failure level of the current function and the safety integrity level.
Further, the risk reduction coefficient can reduce the frequency of accidents according to risk protection measures, and is divided into 5 grades, which are respectively: 1. 10, 10 2 、10 3 、10 4 (ii) a Acceptable failure level of the function after degradation is the acceptable failure level of the function x risk reduction coefficient.
Further, still include: the method comprises the steps of identifying whether functions needing to be realized by the full-automatic operation system are safe and relevant, and assigning a safety integrity level to the safe and relevant functions.
The invention also provides a system for identifying the safety requirement of the full-automatic operation system, so as to realize the method for identifying the safety requirement of the full-automatic operation system, wherein the system for identifying the safety requirement of the full-automatic operation system comprises the following components:
the information extraction module is used for identifying and extracting key information in the scene description file;
the safety analysis module is used for analyzing a fault mode and a fault reason of the function realized by the full-automatic operation system according to the extracted information;
the safety interaction module is used for a safety analysis worker to confirm whether the fault mode and the fault reason are correct or not and fill functional safety requirements;
and the calculation module is used for calculating the safety integrity grade of the corresponding function according to the accident severity grade, the risk acceptance matrix and the risk reduction coefficient.
Further, the safety analysis module analyzes the extracted functions according to the fault mode and the fault reason based on a fault mode and influence analysis method.
The invention also provides a safety requirement identification terminal of the full-automatic operation system, which comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the safety requirement identification method of the full-automatic operation system.
The invention has the following beneficial effects:
according to the invention, all functions of the full-automatic operation system are analyzed one by one and functional safety requirements and safety integrity levels are distributed based on the fault mode and the influence analysis method, safety analysis personnel only need simple information confirmation and do not need to perform complex logic judgment to identify the safety requirements of the full-automatic operation system, and the problem that the safety analysis is not comprehensive enough due to excessive dependence on the experience of conference participants in the existing analysis method is solved.
Drawings
Fig. 1 is a flowchart of a method for identifying security requirements of a fully automatic operation system.
Detailed Description
The invention is described in further detail below with reference to the figures and specific examples. Advantages and features of the present invention will become apparent from the following description and from the claims. It is to be noted that the drawings are in a very simplified form and are all used in a non-precise ratio for the purpose of facilitating and distinctly aiding in the description of the embodiments of the invention.
The invention provides a safety requirement identification system of a full-automatic operation system, which can automatically extract all functions of the full-automatic operation system, and can completely identify the functional safety requirement of the full-automatic operation system and the safety integrity level requirement of the corresponding function without complex logic analysis of safety analysis personnel. The full-automatic operation project is provided with a scene description file formulated by an urban rail transit operation unit. The scene description file describes each normal, fault and emergency scene in the full-automatic operation process from the perspective of the full-automatic operation system, including but not limited to the contents of scene description, basic flow, functional requirements and the like.
Specifically, the safety requirement identification system of the full-automatic operation system comprises:
the information extraction module is used for identifying and extracting key information in the scene description file;
the safety analysis module is used for analyzing a fault mode and a fault reason of the function realized by the full-automatic operation system according to the extracted information;
the safety interaction module is used for a safety analysis worker to confirm whether the fault mode and the fault reason are correct or not and fill functional safety requirements;
and the calculation module is used for calculating the safety integrity level of the corresponding function according to the accident severity level, the risk acceptance matrix and the risk reduction coefficient.
And the information extraction module automatically identifies and extracts the functions realized by the full-automatic operation system according to the distribution fields in the function requirement content in the scene description file.
Failure modes of the function include: system non-output, system early output, system late output, system false output. The fault reasons include: system failure and/or human error.
The invention also provides a safety requirement identification method of the full-automatic operation system, which analyzes and distributes functional safety requirements and safety integrity levels one by one for functions to be realized by the full-automatic operation system based on the fault mode and the influence analysis method. Specifically, as shown in fig. 1, the present invention provides a method for identifying a safety requirement of a fully automatic operation system, comprising the following steps:
and S1, extracting functions required to be realized by the full-automatic operation system according to the scene description file.
The scene description file describes each normal, fault and emergency scene in the full-automatic operation process from the perspective of the full-automatic operation system, including but not limited to: scene description, basic flow, functional requirements and the like. The normal scene refers to the situation that the system runs in full function according to a preset plan so as to ensure normal operation; the fault scene refers to the situation that partial equipment fails, but basic operation can still be maintained; the emergency scene refers to a situation that in a degradation mode or due to an external sudden factor (such as fire), a dispatcher needs to make a quick response and arrange related personnel for treatment so as to avoid the situation from further worsening and bring potential danger to passengers or equipment. The function requirement content describes the functions required to be realized by the full-automatic operation system; the content of the basic flow describes risk protection measures. And automatically identifying and extracting functions needing to be analyzed through a function distribution field in the function requirement content in the scene description file.
And S2, analyzing the potential failure modes of the extracted functions and the causes of the failures one by one.
The functions extracted in step S1 are analyzed one by one for the failure mode and the cause of the failure based on the failure mode and the influence analysis method. The failure mode and impact analysis (FMECA) method is a safety analysis technology which is strongly recommended by European standard EN50126 technical specifications and proofs of reliability, availability, maintainability and safety of railway applications and is applied to safety critical systems.
The safety requirement recognition system of the full-automatic operation system outputs fault modes to the extracted functions according to the types of common functional errors, and for each fault mode, the safety requirement recognition system of the full-automatic operation system automatically lists two possible reasons: system failure or human error as shown in table 1. Common types of functional errors include: system non-output, system early output, system late output, system false output. If the firework detection function is adopted, the failure mode output by the recognition system is that firework detection is not output, firework detection is output early, firework detection is output late, and firework detection is output in error. The safety analyst only needs to confirm that both or only one of the two causes of failure apply. If the smoke and fire detection is not output, the smoke and fire detection system can not be output due to system faults, and can also not be output due to human misoperation, and safety analysis personnel only need to simply confirm according to the functional description. Like the emergency evacuation handle monitoring function, since the function has no manual operation mode, only the possibility of system failure exists, and the safety analysis personnel can quickly confirm the function only according to the function description.
TABLE 1 failure modes and causes of failures
| Function(s) | Failure mode | Reason | Potential accident | Functional safety requirements |
And S3, according to the cause of the fault, proposing a targeted functional safety requirement.
For a fault mode which may cause the above-mentioned accident, the safety analyst may put forward the corresponding functional safety requirements according to the cause of the fault. The functional requirement is met through the structural design of the system, the risk that the function breaks down can be reduced to an acceptable degree, and the safe operation requirement of the full-automatic operation system is met. Like the smoke detection function, possible failure modes include no smoke detection output, false smoke detection output, etc. The cause of this failure may be a failure of the smoke and fire detection system. Thus, the corresponding functional safety requirements may be directed to the safety side output after failure of the smoke and fire detection system.
And S4, analyzing possible accidents of the function under the condition of fault occurrence according to the fault mode, and determining the severity of the accidents.
The safety requirement identification system of the full-automatic operation system exhaustively lists the possible accidents in the urban rail transit field which can be expected at present, and comprises the following steps: train collision, derailment, fire, flood, electric shock, explosion, high temperature, poisoning, abnormal radiation, passenger falling, clamping injury, suffocation. According to the analysis conclusion in table 1, the safety analyst only needs to make a simple judgment according to the failure modes of the functions and then select one of the accident types, so that the potential accidents generated by each function when various failure modes occur can be obtained. If the fire detection is not output, the fire of the train can be not detected, and the safety analysis personnel can select the fire as a potential accident which can be caused by the fault mode according to the prompt of the identification system.
According to the definition of the severity level of the accident in the european standard EN50126 technical specifications and certification for reliability, availability, maintainability and safety of railway applications (see table 2), the safety analyst can determine the severity level of the potential accident that may be caused after a functional failure. If the fire detection fails to output, which may result in train fire, the train fire may cause injury and death of a large number of train passengers, and the security analyst selects the severity level I from the several levels defined by the system.
TABLE 2 severity of Accident grades
And S5, determining the safety integrity level of the function according to the severity degree of the accident and whether risk prevention measures are taken.
By the requirement and realization of the safety integrity level of the function, the safety function failure level of the full-automatic operation system can be reduced to an acceptable degree, and the requirement of the full-automatic operation system on safety operation is met.
The step S5 specifically includes the following steps:
and S5.1, calculating the acceptable failure level of the function according to the severity of the accident, and calculating to obtain the safety integrity level required to be met by the functional safety requirement.
The fully automatic operation system safety requirement identification system automatically calculates the failure level TFFR acceptable for the function according to the risk acceptance matrix (see table 3) of the European standard EN50126, namely the accident occurrence frequency acceptable for the function, and comprises the following steps: frequent, sometimes, rare, and nearly impossible. As with the smoke detection function, according to the description above, the smoke detection does not output a potentially-induced accident severity level of I, then the acceptable level of failure of the smoke detection function is F: is almost impossible.
TABLE 3 Risk acceptance matrix
The safety requirement identification system of the full-automatic operation system calculates the safety integrity level required to be met by the functional safety requirement according to the accident occurrence frequency definition recommended by the European standard EN51026 (see Table 4) and the corresponding relation between the functionally acceptable failure level TFFR and the safety integrity level SIL (see Table 5). As with the smoke detection function, the acceptable frequency of occurrence of accidents for this function is F: almost impossible, the functionally acceptable accident rate according to table 4 corresponds to a time frequency of: less than 10 -9 h -1 According to table 6, the frequency of occurrence of accidents of the smoke and fire detection function corresponds to a time frequency already lower than the highest safety integrity level SIL requirement level 4, so the smoke and fire detection function automatically assigns the safety integrity level SIL 4.
TABLE 4 accident frequency rating
TABLE 5 safety integrity rating
| Functionally acceptable failure level (TFFR) | Safety Integrity Level (SIL) |
| 10 -9 <=TFFR<10 -8 | 4 |
| 10 -8 <=TFFR<10 -7 | 3 |
| 10 -7 <=TFFR<10 -6 | 2 |
| 10 -6 <=TFFR<10 -5 | 1 |
S5.2, judging whether a risk protection measure exists at present, selecting a risk reduction coefficient to degrade the acceptable failure level of the function, and then re-evaluating the safety integrity level of the function.
Whether the risk protection measures exist currently or not is judged to confirm whether the related risk reduction measures exist currently or not so as to reduce the frequency of accidents. The safety requirement identification system of the full-automatic operation system automatically extracts the basic flow contents in the operation scene description file of the full-automatic operation system, and safety analysis personnel confirm whether risk protection measures exist in the current flow according to the basic flow. If the smoke and fire detection function is adopted, according to the description in the basic flow, the passenger can report the fire alarm of the carriage through emergency talkback, and the mode can be used as a risk protection measure for reporting the train fire condition of the dispatcher when the smoke and fire detection fault is not output.
The safety analyst may select the corresponding risk reduction factor RRF, see table 6, based on whether the current risk is present, with a degraded functionally acceptable failure level (TFFR) (degradation) ) TFFR RRF, degraded functionally acceptable failure level (TFFR) (degradation) ) And calculating the acceptable failure level of the final function corresponding to the function according to the table 5 to obtain the safety integrity requirement which needs to be met by the function. If the smoke and fire detection function is adopted, according to the description above, the passenger can report the fire alarm of the carriage through the emergency talkback, the mode can be used as a risk protection measure, the safety analysis personnel selects the reduction coefficient to be C according to the system prompt, and the degraded TFFR is obtained (degradation) Is less than 10 -6 h -1 The system automatically calculates the acceptable safety integrity level of the function as level 2, taking into account risk safeguards, according to table 5.
TABLE 6 Risk reduction coefficients
Based on the same invention concept, the invention also provides a terminal for identifying the safety requirement of the full-automatic operation system, which comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the method for identifying the safety requirement of the full-automatic operation system.
The invention analyzes all functions of the full-automatic operation system one by one and allocates functional safety requirements and safety integrity levels based on the fault mode and the influence analysis method, safety analysis personnel only need simple information confirmation and do not need to carry out complex logic judgment to identify the safety requirements of the full-automatic operation system, and the problem that the safety analysis is not comprehensive enough due to excessive dependence on the experience of meeting personnel in the existing analysis method is solved.
While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.
Claims (16)
1. A safety requirement identification method of a full-automatic operation system is characterized by comprising the following steps:
extracting functions required to be realized by the full-automatic operation system, and analyzing potential failure modes of the extracted functions and reasons for causing failures one by one;
determining an accident possibly generated by the potential fault of the function and the severity of the accident, and determining the safety integrity level of the function according to the severity of the accident and whether a risk protection measure is taken;
the targeted functional safety requirements are set according to the cause of the fault.
2. The method for identifying the safety requirement of the full-automatic operation system according to claim 1, wherein the functions to be implemented by the full-automatic operation system are extracted according to a scene description file, and the scene description file describes each normal, fault and emergency scene in the full-automatic operation process from the perspective of the full-automatic operation system, including but not limited to: scene description, basic flow and functional requirement content.
3. The method for identifying the safety requirement of the full-automatic operation system according to claim 2, wherein the method for extracting the functions to be realized by the full-automatic operation system according to the scene description file comprises the following steps: and automatically identifying and extracting functions needing to be analyzed through a function distribution field in the function requirement content in the scene description file.
4. The method for identifying safety requirements of a fully automatic operation system as claimed in claim 1, wherein the extracted functions are analyzed based on a failure mode and an influence analysis method.
5. The method for identifying safety requirements of a fully automatic operation system as claimed in claim 1, wherein the potential failure modes of the functions comprise: system non-output, system early output, system late output, system error output; the causes of the induced failure include: system failure and/or human error.
6. The method for identifying the safety requirement of the fully automatic operation system according to claim 1, wherein the method for determining the accident which may be caused by the potential fault of the function comprises the following steps: and judging according to the functional fault mode, and selecting one accident type from the accidents possibly occurring in the urban rail transit field which can be expected at present as a potential accident generated when the fault mode occurs.
7. The method for identifying the safety requirement of the full-automatic operation system according to claim 6, wherein the possible accidents in the urban rail transit field comprise: train collision, derailment, fire, flood, electric shock, explosion, high temperature, poisoning, abnormal radiation, passenger falling, clamping injury and suffocation.
8. The method for identifying safety requirements of a fully automatic operation system according to claim 1, wherein the method for determining the severity of an accident comprises: and determining the severity grade of the accident according to the casualty condition caused by the accident and the degree of influence on the environment.
9. The method for identifying the safety requirement of the fully automatic operation system according to claim 1, wherein the method for determining the safety integrity level of the function comprises the following steps: an acceptable level of failure of the function is calculated based on the severity of the incident and a safety integrity level to be met by the functional safety requirements is calculated.
10. The method for identifying the safety requirement of a fully automatic operation system according to claim 9, wherein the method for determining the safety integrity level of the function further comprises: and selecting a risk reduction coefficient according to whether a risk protection measure exists at present to degrade the acceptable failure level of the function, and then reevaluating the safety integrity level of the function.
11. The method according to claim 9, wherein the safety integrity level is defined as four levels, and the acceptable failure level (TFFR) of the corresponding function is 10 respectively -6 ≤TFFR≤10 -5 、10 -7 ≤TFFR≤10 -6 、10 -8 ≤TFFR≤10 -7 、10 -9 ≤TFFR≤10 -8 (ii) a And determining the acceptable failure level of the function according to the corresponding relation between the acceptable failure level of the current function and the safety integrity level.
12. The method for identifying the safety requirement of the fully automatic operation system according to claim 10, wherein the risk reduction coefficient is divided into 5 grades according to the risk protection measure, and the grades are respectively as follows: 1. 10, 10 2 、10 3 、10 4 (ii) a Acceptable failure level of the function after degradation is the acceptable failure level of the function x risk reduction coefficient.
13. The method for identifying the safety requirement of the full-automatic operation system according to claim 1, further comprising: the method comprises the steps of identifying whether functions needing to be realized by the full-automatic operation system are safe and relevant, and assigning a safety integrity level to the safe and relevant functions.
14. The utility model provides a full-automatic operation system safety demand identification system, full-automatic operation system is equipped with scene description file, its characterized in that contains:
the information extraction module is used for identifying and extracting key information in the scene description file;
the safety analysis module is used for analyzing a fault mode and a fault reason of the function realized by the full-automatic operation system according to the extracted information;
the safety interaction module is used for a safety analysis worker to confirm whether the fault mode and the fault reason are correct or not and fill functional safety requirements;
and the calculation module is used for calculating the safety integrity level of the corresponding function according to the accident severity level, the risk acceptance matrix and the risk reduction coefficient.
15. The system for identifying safety requirements of a fully automatic operation system of claim 14, wherein the safety analysis module analyzes the extracted functions for failure modes and failure causes based on failure mode and impact analysis methods.
16. A terminal for recognizing the safety requirement of a fully automatic operation system, comprising a processor and a memory, wherein the memory stores a computer program, and the computer program is executed by the processor to implement the method for recognizing the safety requirement of a fully automatic operation system according to any one of claims 1 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210672711.8A CN114971367A (en) | 2022-06-14 | 2022-06-14 | Method, system and terminal for identifying safety requirements of full-automatic operation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210672711.8A CN114971367A (en) | 2022-06-14 | 2022-06-14 | Method, system and terminal for identifying safety requirements of full-automatic operation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114971367A true CN114971367A (en) | 2022-08-30 |
Family
ID=82962837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210672711.8A Pending CN114971367A (en) | 2022-06-14 | 2022-06-14 | Method, system and terminal for identifying safety requirements of full-automatic operation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114971367A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115994362A (en) * | 2023-03-23 | 2023-04-21 | 卡斯柯信号(北京)有限公司 | Safety analysis method and device for full-automatic operation system |
| CN118194203A (en) * | 2024-05-14 | 2024-06-14 | 宏大爆破工程集团有限责任公司 | Intelligent blasting control method based on collaborative management |
-
2022
- 2022-06-14 CN CN202210672711.8A patent/CN114971367A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115994362A (en) * | 2023-03-23 | 2023-04-21 | 卡斯柯信号(北京)有限公司 | Safety analysis method and device for full-automatic operation system |
| CN118194203A (en) * | 2024-05-14 | 2024-06-14 | 宏大爆破工程集团有限责任公司 | Intelligent blasting control method based on collaborative management |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114971367A (en) | Method, system and terminal for identifying safety requirements of full-automatic operation system | |
| CN110203257B (en) | Train operation scheduling method and system under rail transit incident | |
| Jin et al. | Reliability performance of safety instrumented systems: A common approach for both low-and high-demand mode of operation | |
| CN102530027B (en) | High-speed rail risk analysis and control method and high-speed rail risk analysis and control system | |
| CN112765013B (en) | Safety analysis method and system for rail transit interlocking system | |
| CN111332341A (en) | Implementation method for entering route handling of centralized control station based on CTC3.0 | |
| CN113968528B (en) | On-demand maintenance monitoring method and system | |
| WO2024109398A1 (en) | Train safety protection method and system | |
| CN113269404A (en) | Process industry intelligent safety management system based on industrial network | |
| CN105574299A (en) | Safety pre-evaluation method for rail transit signal system | |
| Leifer et al. | Comparative analysis of automated control and information systems for the technical operation of railway crossings | |
| CN113505341A (en) | Method and device for evaluating subway safety risk and emergency capacity based on situation construction | |
| CN113485192A (en) | Central control disk device and control method thereof | |
| CN115140102B (en) | Urban rail transit platform door linkage control fault detection method and device | |
| JP2009288918A (en) | Risk management support method for human error in railroad operation work | |
| CN116187104A (en) | Safety analysis and development method and device for rail transit interlocking system | |
| CN114162187B (en) | Interval water level abnormal linkage protection method and equipment | |
| Kim et al. | A case study for the selection of a railway human reliability analysis method | |
| Braband | Risk assessment in railroad signaling: experience gained and lessons learned | |
| CN115994362B (en) | Safety analysis method and device for full-automatic operation system | |
| CN109193642A (en) | Power dispatching network command issuing method and system | |
| CN111399807B (en) | General embedded function safety guarantee method suitable for railway signal system | |
| Wigger | Experience with Safety Integrity Level (SIL) allocation in railway applications | |
| Lu et al. | Scenarios oriented safety analysis of fully automatic operation metro | |
| Pan et al. | The FTA based safety analysis method for urban transit signal system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |