SIST EN 61165:2007

6/29(16., 6,67(1

67$1'$5'
MDQXDU
8SRUDEDWHKQLN0DUNRY,(&
LVWRYHWHQ(1
$SSOLFDWLRQRI0DUNRYWHFKQLTXHV,(&
,&6 5HIHUHQþQDãWHYLOND

6,67(1HQ
!"#$%&’( )&!*+,%- .

---------------------- Page: 1 ----------------------

EUROPEAN STANDARD
EN 61165

NORME EUROPÉENNE
July 2006
EUROPÄISCHE NORM

ICS 03.120.01; 03.12.30; 21.020


English version


Application of Markov techniques
(IEC 61165:2006)


Application des techniques de Markov Anwendung des Markoff-Verfahrens
(CEI 61165:2006) (IEC 61165:2006)




This European Standard was approved by CENELEC on 2006-07-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, the Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels


© 2006 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61165:2006 E

---------------------- Page: 2 ----------------------

EN 61165:2006 - 2 -
Foreword
The text of document 56/1096/FDIS, future edition 2 of IEC 61165, prepared by IEC TC 56,
Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 61165 on 2006-07-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2007-04-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2009-07-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 61165:2006 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
IEC 60812 NOTE  Harmonized as EN 60812:2006 (not modified).
IEC 61078 NOTE  Harmonized as EN 61078:2006 (not modified).
__________

---------------------- Page: 3 ----------------------

- 3 - EN 61165:2006
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

IEC 60050-191 1990 International Electrotechnical Vocabulary - -
(IEV)
Chapter 191: Dependability and quality of
service


1) 2)
IEC 60300-3-1 - Dependability management EN 60300-3-1 2004
Part 3-1: Application guide - Analysis
techniques for dependability - Guide on
methodology


IEC 61508-4 1998 Functional safety of EN 61508-4 2001
+ corr. April 1999 electrical/electronic/programmable electronic
safety-related systems
Part 4: Definitions and abbreviations




1)
Undated reference.
2)
Valid edition at date of issue.

---------------------- Page: 4 ----------------------

NORME CEI
INTERNATIONALE
IEC



61165
INTERNATIONAL


Deuxième édition
STANDARD

Second edition

2006-05


Application des techniques de Markov

Application of Markov techniques

 IEC 2006 Droits de reproduction réservés  Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any
utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including
électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from
microfilms, sans l'accord écrit de l'éditeur. the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
CODE PRIX
V
PRICE CODE
Commission Electrotechnique Internationale
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
Pour prix, voir catalogue en vigueur
For price, see current catalogue

---------------------- Page: 5 ----------------------

61165  IEC:2006 – 3 –
CONTENTS
FOREWORD.7
INTRODUCTION.11

1 Scope.13
2 Normative references .13
3 Terms and definitions .13
4 Symbols and abbreviations.17
4.1 Symbols for state transition diagrams.17
4.2 Other symbols and abbreviations.19
4.3 Example .21
5 General description .21
6 Assumptions and limitations .23
7 Relationship with other analysis techniques.25
7.1 General .25
7.2 Fault Tree Analysis (FTA).25
7.3 Reliability Block Diagram (RBD) .27
7.4 Petri nets.27
8 Development of state transition diagrams .27
8.1 Prerequisites .27
8.2 Rules for development and representation.29
9 Evaluation .31
9.1 General .31
9.2 Evaluation of reliability measures .33
9.3 Evaluation of availability and maintainability measures.33
9.4 Evaluation of safety measures.35
10 Documentation of results .35

Annex A (informative) Basic mathematical relationships for Markov techniques .37
Annex B (informative) Example: Development of state transition diagrams .43
Annex C (informative) Example: Numerical evaluation of some reliability, availability,
maintainability and safety measures for a 1-out-of-2 active redundant system .53

Bibliography.63

Figure 1 – Diagram of transition probabilities in time interval (t,t+Δt), for arbitrary value
of t and small Δt, for a non-restorable one-element system with constant failure rate λ .21
Figure 2 – State transition diagram of a non-restorable one-element system.21
Figure 3 - Interpretation of failure and restoration times in different contexts .33
Figure B.1 – State transition diagram for a restorable one-element system .43
Figure B.2 – State transition diagram with three states for a one-element system .43
Figure B.3 – State transition diagram when restorations may be made from state 2 for
a one-element system.43

---------------------- Page: 6 ----------------------

61165  IEC:2006 – 5 –
Figure B.4 – State transition diagram when direct transition is considered for a one-
element system.45
Figure B.5 – State transition diagram for the evaluation of reliability of a one-element
system .45
Figure B.6 – State transition diagram for a 1-out-of-2 active redundant system with no
restorable elements .45
Figure B.7 – State transition diagram for a 1-out-of-2 active redundant system with
restorable elements, two restoration teams and no restoration limitations .47
Figure B.8 – State transition diagram for a 1-out-of-2 active redundant system with
restorable elements, two restoration teams and common cause for a system failure .47
Figure B.9 – State transition diagram for a 1-out-of-2 active redundant system with
only one restoration team and restoration priority as first-in/first-out .49
Figure B.10 – Reliability block diagram for a 2-out-of-4 active redundant system .51
Figure B.11 – Aggregated state transition diagram for reliability computation of the
system in Figure B.10 .51
Figure C.1 – State transition diagram for 1-out-of-2 active redundant system with
different elements and two restoration teams .53
Figure C.2 – State transition diagram for a 1-out-of-2 active redundant system with
identical elements, two restoration teams and unlimited restoration resources .53
Figure C.3 – Numerical example for unavailability.57
Figure C.4 – Numerical example for dangerous failure rate.61

---------------------- Page: 7 ----------------------

61165  IEC:2006 – 7 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
___________

APPLICATION OF MARKOV TECHNIQUES


FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61165 has been prepared by IEC technical committee 56:
Dependability.
This second edition cancels and replaces the first edition published in 1995, and constitutes a
technical revision. The revision was necessary in order to facilitate the application of this
standard for safety analysis as well as the increased importance of numerical solutions
compared to analytical solutions of Markov techniques.
The main changes with respect to the previous edition are the following:
• additional annexes with application examples have been removed.
• the mathematical terminology and symbols have been updated.
• terminology has been harmonised.

---------------------- Page: 8 ----------------------

61165  IEC:2006 – 9 –
The text of this standard is based on the following documents:
FDIS Report on voting
56/1096/FDIS 56/1111/RVD

Full information on the voting for the approval of this standard can be found in the voting
report indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.

---------------------- Page: 9 ----------------------

61165  IEC:2006 – 11 –
INTRODUCTION
Several distinct analytical methods for reliability, availability, maintainability and safety
analysis are available of which the Markov technique is one. IEC 60300-3-1 gives an overview
of available methods and their general characteristics.
This standard defines the basic terminology and symbols for the application of Markov
techniques. It describes ground rules for the development, representation and application of
Markov techniques as well as assumptions and limitations of this approach.

---------------------- Page: 10 ----------------------

61165  IEC:2006 – 13 –
APPLICATION OF MARKOV TECHNIQUES



1 Scope
This International Standard provides guidance on the application of Markov techniques to
model and analyze a system and estimate reliability, availability, maintainability and safety
measures.
This standard is applicable to all industries where systems, which exhibit state-dependent
behaviour, have to be analyzed. The Markov techniques covered by this standard assume
constant time-independent state transition rates. Such techniques are often called
homogeneous Markov techniques.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60050(191):1990, International Electrotechnical Vocabulary (IEV) – Chapter 191:
Dependability and quality of service
IEC 60300-3-1: Dependability management – Part 3-1: Application guide – Analysis techniques
for dependability: Guide on methodology
IEC 61508-4:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 4: Definitions and abbreviations
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050(191):1990
and the following apply.
NOTE To facilitate the application of this standard for safety evaluations, the terminology from IEC 61508 is used
where appropriate.
3.1
system
set of interrelated or interacting elements
[ISO 9000, 3.2.1]
NOTE 1 In the context of dependability, a system will have a defined purpose expressed in terms of intended
functions, stated conditions of operation/use, and defined boundaries.
NOTE 2 The structure of a system may be hierarchical.
3.2
element
component or set of components, which function as a single entity
NOTE An element can usually assume only two states: up or down (see 3.4 and 3.5). For convenience the term
element state will be used to denote the state of an element.

---------------------- Page: 11 ----------------------

61165  IEC:2006 – 15 –
3.3
system state
X(t)
particular combination of element states
NOTE X(t) is the state of the system at time t. There are other factors that may have an effect on the system state
(e. g. mode of operation).
3.4
up state
system (or element) state in which the system (or element) is capable of performing the
required function
NOTE A system can have several distinguishable up states (e.g. fully operational states and degraded states).
3.5
down state
system (or element) state in which the system (or element) is not capable of performing the
required function
NOTE A system can have several distinguishable down states.
3.6
hazard
potential source of physical injury or damage to the health of people or property
[IEC 61508-4, 3.1.2, modified]
3.7
dangerous failure
failure which has the potential to put the safety-related system in a hazardous state or fail-to-
function state
[IEC 61508-4, 3.6.7, modified]
NOTE 1 Whether or not the potential is realised may depend on the architecture of the system.
NOTE 2 The term unsafe failure or hazardous failure is also commonly used in this context.
3.8
safe failure
failure which does not have the potential to put the safety-related system in a hazardous state
or fail-to-function state
[IEC 61508, modified]
3.9
transition
change from one state to another state
NOTE Transition takes place usually as a result of failure or restoration. A transition may also be caused by other
events such as human errors, external events, reconfiguration of software, etc.
3.10
transition probability
P (t)
ij
conditional probability of transition from state i to state j in a given time interval (s, s+t) given
that the system is in state i at the beginning of the time interval
NOTE 1 Formally P (s, s+t) = P(X(s+t) = j | X(s) = i). When the Markov process is time-homogeneous, then P (s,
ij ij
s+t) does not depend on s and is designated as P (t).
ij
NOTE 2 For an irreducible Markov process (i.e. if every state can be reached from every other state) it holds that
P (∞)=P , where P is the asymptotic and stationary or steady-state probability of state j.
ij j j

---------------------- Page: 12 ----------------------

61165  IEC:2006 – 17 –
3.11
transition rate
q
ij
limit, if it exists, of the ratio of the conditional probability that a transition takes place from
state i to state j within a given time interval (t, t+Δt) and the length of the interval Δt, when Δt
tends to zero, given that the system is in state i at time t
NOTE p or c are also used in this context.
ij ij
3.12
initial state
system state at time t = 0
NOTE Generally, a system starts its operation at t = 0 from an up state in which all elements of the system are
functioning and transits towards the final system state, which is a down state, via other system up states having
progressively fewer functioning elements.
3.13
absorbing state
state which once entered, cannot be left (i. e. no transitions out of the state are possible)
3.14
restorable system
system containing elements which can fail and then be restored to their up state without
necessarily causing system failure
NOTE Repairable is also used in this context.
3.15
non-restorable system
system the state transition diagram of which contains only transitions in the direction towards
system failure states
NOTE Non-repairable is also used in this context.
4 Symbols and abbreviations
4.1 Symbols for state transition diagrams
Markov techniques are graphically represented by state transition diagrams or by transition
rate diagrams, both terms being used as equivalents in this standard.
The following symbols are used throughout this document. Other symbols may be applied as
appropriate.
4.1.1 State symbol
A state is represented by a circle or a rectangle.
NOTE In order to increase readability, down states can be highlighted, e. g. by bold lines, colouring or hatching.
4.1.2 State description
The state description is placed inside the state symbol and may take the form of words or
alphanumeric characters defining those combinations of failed and functioning elements which
characterise the state.

---------------------- Page: 13 ----------------------

61165  IEC:2006 – 19 –
4.1.3 State label
A state label is a number or a letter in a circle, placed adjacent to the state symbol, or in the
absence of a state description, within the state symbol itself.
NOTE The state can often be adequately represented by a circle with the state number or letter.
4.1.4 Transition arrow
The transition arrow indicates the direction of a transition (e. g. as a result of failure or
restoration). Transition rates are written near the transition arrow.
4.2 Other symbols and abbreviations
Symbols for reliability, availability, maintainability and safety measures follow those of
IEC 60050(191), where available. The references below with a prefix 191 are from
IEC 60050(191). In this standard the following symbols are used:
Symbol/
Abbreviation Term Reference
R()t reliability
NOTE 191-12-01 uses the general symbol R()t ,t
1 2
DFR dangerous failure rate IEC 61508
NOTE In a safety context, hazard rate (HR) is commonly used for DFR.
MTTF mean time to failure 191-12-07
MTTFF mean time to first failure 191-12-06
MTTFH mean time to first hazardous situation
PFD probability of failure on demand (unavailability) IEC 61508
NOTE The PFD at a given time t corresponds to P (t) for all down states j.
j
∑
j
λ()t (instantaneous) failure rate 191-12-02
µ()t restoration rate
NOTE 191-13-02 uses µ()t for repair rate
A()t instantaneous availability 191-11-01
U(t) instantaneous unavailability 191-11-02
A asymptotic and steady-state availability
NOTE Steady-state availability has the same numerical value
as asymptotic availability.
MUT mean up time 191-11-11
MDT mean down time 191-11-12
P ()t probability of finding the system in state i at time t
i
P asymptotic and steady-state probability of finding the system in state i at
i
time t
Δt a small time interval
P ()t
transition probability from state i to state j in time t
ij
q transition rate from state i to state j, j≠i
ij
NOTE q is formally defined as q = q . It is the departure rate from state i.
i i ∑ ij
j≠i

---------------------- Page: 14 ----------------------

61165  IEC:2006 – 21 –
4.3 Example
As an example, Figure 1 shows the diagram of transition probabilities in (t,t+Δt), for t arbitrary
and small Δt, for a non-restorable item with constant failure rate λ.
λΔt
1
0
Up state Down state
IEC  660/06


Figure 1 – Diagram of transition probabilities in time interval (t,t+Δt), for arbitrary value
of t and small Δt, for a non-restorable one-element system with constant failure rate λ
λΔt is the conditional probability of a transition between state 0 and state 1 in the small time
interval (t,t+Δt) given that the system was in state 0 at time t. To simplify the notation, the
quantity Δt is often omitted and the transition probabilities diagram of Figure 1 becomes the
transition rates diagram given in Figure 2.

λ
0 1
IEC  661/06

Figure 2 – State transition diagram of a non-restorable one-element system
In Figure 2 and in the following, the term state transition diagram will be used as equivalent to
the term transition rates diagram.
5 General description
The Markov techniques make use of a state transition diagram which is a representation of
the reliability, availability, maintainability or safety behaviours of a system, from which system
performance measures can be calculated. It models the system's behaviour with respect to
time. In this standard, a system is regarded as a number of elements, each of which can
assume only one of two states: up or down. The system as a whole, however, can assume
many different states, each being determined by the particular combination of functioning and
failed elements. Thus as an element fails or is restored, the system "moves" from one state to
another state. This kind of model is generally called a discrete-state, continuous time model.
Markov techniques are especially suited to the investigation of systems with redundancy, or to
systems where system failure depends on sequential events, or to systems for which the
maintenance strategies are complex, e.g. systems with restoration priorities or multiple
restoration teams, queuing problems, and resource restrictions. The analyst should ensure
that the model adequately reflects the operation of the real system with respect to
maintenance strategies and policies. In particular the suitability of exponential distributions for
the modelling of restoration times must be reviewed. It should be noted that when redundant
repairable systems are modelled with limited repair capacity then due to the memory-less
property of the model the actual repair time can be overrepresented, see Figure B.9 for an
example.

---------------------- Page: 15 ----------------------

61165  IEC:2006 – 23 –
Provided the assumptions and limitations described in Clause 6 can be accepted, one of the
major advantages of Markov techniques is that maintenance strategies, for example
restoration priorities of individual elements, can be modelled. Moreover, the order in which
multiple failures occur can be considered in the model. It should be noted that other analysis
techniques e.g. fault tree analysis (FTA) and reliability block diagram (RBD) methods (as
described in IEC 61025 and IEC 61078 respectively) do not allow complex maintenance
strategies to be taken into account, though they may have special gates represented by
special symbols (dynamic gates) to indicate the presence of those cases. However, the effect
of those gates has to be evaluated separately by Markov techniques or other techniques, and
the results included in the analysis of the Fault Tree or RBD, whilst observing the possible
limitations.
Although Markov techni
...