SIST EN 61078:2007

SLOVENSKI STANDARD
SIST EN 61078:2007
01-januar-2007
1DGRPHãþD
SIST EN 61078:2002
Analizne tehnike za zagotovljivost – Zanesljivost, blokovni diagram in Boolove
metode (IEC 61078:2006)
Analysis techniques for dependability - Reliability block diagram and boolean methods
Techniken für die Analyse der Zuverlässigkeit - Verfahren mit dem
Zuverlässigkeitsblockdiagramm und Boole'sche Verfahren
Techniques d'analyse pour la sûreté de fonctionnement - Bloc-diagramme de fiabilité et
méthodes booléennes
Ta slovenski standard je istoveten z: EN 61078:2006
ICS:
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
SIST EN 61078:2007 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 61078:2007

---------------------- Page: 2 ----------------------

SIST EN 61078:2007


EUROPEAN STANDARD
EN 61078

NORME EUROPÉENNE
May 2006
EUROPÄISCHE NORM

ICS 03.120.01; 03.120.99 Supersedes EN 61078:1993


English version


Analysis techniques for dependability -
Reliability block diagram and boolean methods
(IEC 61078:2006)


Techniques d'analyse  Techniken für die Analyse
pour la sûreté de fonctionnement - der Zuverlässigkeit -
Bloc-diagramme de fiabilité Verfahren mit dem
et méthodes booléennes Zuverlässigkeitsblockdiagramm
(CEI 61078:2006) und Boole'sche Verfahren
(IEC 61078:2006)




This European Standard was approved by CENELEC on 2006-03-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, the Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels


© 2006 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61078:2006 E

---------------------- Page: 3 ----------------------

SIST EN 61078:2007
EN 61078:2006 - 2 -
Foreword
The text of document 56/1071/FDIS, future edition 2 of IEC 61078, prepared by IEC TC 56,
Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 61078 on 2006-03-01.
This European Standard supersedes EN 61078:1993.
The major change with respect to EN 61078:1993 is that an additional clause on Boolean disjointing
methods (Annex B) has been added.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2006-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2009-03-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 61078:2006 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following note has to be added for the standard indicated:
IEC 60812 NOTE Harmonized as EN 60812:2006 (not modified).
__________

---------------------- Page: 4 ----------------------

SIST EN 61078:2007
- 3 - EN 61078:2006
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

IEC 60050-191 1990 International Electrotechnical Vocabulary - -
(IEV)
Chapter 191: Dependability and quality of
service


1) 2)
IEC 61025 Fault tree analysis (FTA) HD 617 S1
- 1992


ISO 3534-1 1993 Statistics - Vocabulary and symbols - -
Part 1: Probability and general statistical
terms




1)
Undated reference.
2)
Valid edition at date of issue.

---------------------- Page: 5 ----------------------

SIST EN 61078:2007

---------------------- Page: 6 ----------------------

SIST EN 61078:2007
NORME CEI
INTERNATIONALE
IEC



61078
INTERNATIONAL


Deuxième édition
STANDARD

Second edition

2006-01


Techniques d'analyse pour la sûreté
de fonctionnement –
Bloc-diagramme de fiabilité et
méthodes booléennes

Analysis techniques for dependability –
Reliability block diagram and
boolean methods

 IEC 2006 Droits de reproduction réservés  Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any
utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including
électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from
microfilms, sans l'accord écrit de l'éditeur. the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
CODE PRIX
W
PRICE CODE
Commission Electrotechnique Internationale
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
Pour prix, voir catalogue en vigueur
For price, see current catalogue

---------------------- Page: 7 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 3 –
CONTENTS
FOREWORD.7
INTRODUCTION.11

1 Scope.13
2 Normative references .13
3 Terms and definitions .13
4 Symbols and abbreviated terms.15
5 Assumptions and limitations .17
5.1 Independence of events .17
5.2 Sequential events.17
5.3 Distribution of times to failure .17
6 Establishment of system success/failure definitions.17
6.1 General considerations.17
6.2 Detailed considerations .19
7 Elementary models.21
7.1 Developing the model.21
7.2 Evaluating the model.25
8 More complex models.31
8.1 General procedures.31
8.2 Models with common blocks .41
8.3 m out of n models (non-identical items) .45
8.4 Method of reduction.45
9 Extension of reliability block diagram methods to availability calculations .47

Annex A (informative) Summary of formulæ .51
Annex B (informative) Boolean disjointing methods.59

Bibliography.71

Figure 1 – Series reliability block diagram.21
Figure 2 – Duplicated (or parallel) series reliability block diagram.21
Figure 3 – Series duplicated (or parallel) reliability block diagram .23
Figure 4 – Mixed redundancy reliability block diagram .23
Figure 5 – Another type of mixed redundancy reliability block diagram.23
Figure 6 – 2/3 redundancy .23
Figure 7 – 2/4 redundancy .23
Figure 8 – Diagram not easily represented by series/parallel arrangement of blocks.25
Figure 9 – Parallel arrangement of blocks .27
Figure 10 – Standby redundancy .29
Figure 11 – Representation of Figure 8 when item A has failed.33
Figure 12 – Representation of Figure 8 when item A is working .33

---------------------- Page: 8 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 5 –
Figure 13 – One-out-of-three parallel arrangement .35
Figure 14 – Reliability block diagram using an arrow to help define system success .41
Figure 15 – Alternative representation of Figure 14 using common blocks .41
Figure 16 – 2-out-of-5 non-identical system .45
Figure 17 – Illustrating grouping of blocks before reduction .47
Figure 18 – Reduced reliability block diagrams .47

Table 1 – Application of truth table to the example of Figure 13 .37
Table 2 – Application of truth table to the example of Figure 8 .39
Table 3 – Application of truth table to the examples of Figures 14 and 15 .43

---------------------- Page: 9 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 7 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

ANALYSIS TECHNIQUES FOR DEPENDABILITY –
RELIABILITY BLOCK DIAGRAM AND BOOLEAN METHODS


FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardisation comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardisation in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61078 has been prepared by IEC technical committee 56:
Dependability.
This second edition cancels and replaces the first edition, published in 1991, and constitutes
a full technical revision. The major change with respect to the previous edition is that an
additional clause on Boolean disjointing methods (Annex B) has been added.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1071/FDIS 56/1089/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 10 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 9 –
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.

---------------------- Page: 11 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 11 –
INTRODUCTION
Different analytical methods of dependability analysis are available, of which the reliability
block diagram (RBD) is one. The purpose of each method and their individual or combined
applicability in evaluating the reliability and availability of a given system or component should
be examined by the analyst prior to starting work on the RBD. Consideration should also be
given to the results obtainable from each method, data required to perform the analysis,
complexity of analysis and other factors identified in this standard.
A reliability block diagram (RBD) is a pictorial representation of a system's reliability perform-
ance. It shows the logical connection of (functioning) components needed for successful
operation of the system (hereafter referred to as “system success”).

---------------------- Page: 12 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 13 –
ANALYSIS TECHNIQUES FOR DEPENDABILITY –
RELIABILITY BLOCK DIAGRAM AND BOOLEAN METHODS



1 Scope
This International Standard describes procedures for modelling the dependability of a system
and for using the model in order to calculate reliability and availability measures.
The RBD modelling technique is intended to be applied primarily to systems without repair
and where the order in which failures occur does not matter. For systems where the order of
failures is to be taken into account or where repairs are to be carried out, other modelling
techniques, such as Markov analysis, are more suitable.
It should be noted that although the word “repair” is frequently used in this standard, the word
“restore” is equally applicable. Note also that the words “item” and “block” are used
extensively throughout this standard: in most instances interchangeably.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60050-191:1990, International Electrotechnical Vocabulary (IEV) – Chapter 191: Depend-
ability and quality of service
IEC 61025, Fault tree analysis (FTA)
ISO 3534-1:1993, Statistics – Vocabulary and symbols – Part 1: Probability and general
statistical terms
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050-191 and
ISO 3534-1 apply.

---------------------- Page: 13 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 15 –
4 Symbols and abbreviated terms
Symbol/Abbreviation Meaning
When used in Boolean expressions, these symbols indicate that items A, B, C,
A, B, C,K
... are in up states
When used in Boolean expressions, these symbols indicate that items A, B, C,
A, B, C,L
... are in down states
F
Probability of system failure
S
Probability density function of block A. The term “block” is used to denote a
f (t)
A
group of one or more components
Pr(SS|X failed) Conditional probability of system success, given that item X is failed
Reliability [probability that an item can perform a required function under given
R , R(t) , R (t)
S
conditions for a given time interval (0,t)]
Reliability of blocks A, B, .
R , R , …
A B
System reliability
R
S
Reliability of switching and sensing mechanism
R
SW
SF System failure (used in the Boolean expressions)
SS System success (used in the Boolean expressions)
t Mission time or time period of interest
Failure rate (constant) of blocks A, B and C
λ , λ , λ
A B C
Dormant failure rate of block B
λ
Bd
Repair rates (constant) of blocks A, B and C
µ , µ , µ
A B C
n
Number of ways of selecting r items from n items
( )
r

0, 1 These symbols are used in truth tables to denote down and up states and apply
to whichever item is the column heading
∩
Boolean symbols denoting AND logic, e.g. A ∩ B, A.B (intersection)
∪
Boolean symbols denoting OR logic, e.g. A ∪ B, A+B (union)

A
Active (parallel) redundancy
I O
B

I
O
A
Standby redundancy
B

---------------------- Page: 14 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 17 –

Symbol/Abbreviation Meaning

I
I
m/n is symbol used to show m-out-of-n items needed for system success in an
m/n
I O
active redundant configuration
I
I
I indicates input
O indicates output
Such indications are used for convenience. They are not mandatory, but may
be useful where connections have a directional significance

I A
Grouping of equipment, components, units or other system elements
O

5 Assumptions and limitations
5.1 Independence of events
One of the most fundamental assumptions on which the procedures described in this standard
are based, is the assumption that components (or blocks representing them) can exist in only
two states: working (“up” state) or failed (“down” state).
Another important assumption is that failure (or repair) of any block must not affect the
probability of failure of (or repair to) ANY other block within the system being modelled. This
implies that there should be available, in effect, sufficient repair resources to service those
blocks needing repair and that when two or more persons are repairing a particular block at
the same time, neither gets in the other’s way. Thus failures of and repairs to individual blocks
are considered to be statistically independent events.
5.2 Sequential events
RBDs are not suitable for modelling order-dependent or time-dependent events. In such
instances, other methods such as Markov analysis or Petri nets should be used.
5.3 Distribution of times to failure
Provided the assumptions noted in 5.1 are valid, there is no restriction, other than
mathematical tractability, on the distribution that may be used to describe the times to failure
or repair.
6 Establishment of system success/failure definitions
6.1 General considerations
A prerequisite for constructing system reliability models is a sound understanding of the ways
in which the system can operate. Systems often require more than one success/failure
definition. These should be defined and listed. An RBD diagram can be made on different
levels: system level, sub-system (module) level or assembly level. When an RBD is made for
further analysis (for example for FMEA analysis), a level suitable for such analysis has to be
chosen.

---------------------- Page: 15 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 19 –
In addition, there should be clear statements concerning
– functions to be performed,
– performance parameters and permissible limits on such parameters,
– environmental and operating conditions.
Various qualitative analysis techniques may be employed in the construction of an RBD.
Therefore the system's success/failure definition has to be established. For each system
success/failure definition the next step is to divide the system into logical blocks appropriate
to the purpose of the reliability analysis. Particular blocks may represent system
substructures, which in turn may be represented by other RBDs (system reduction – see 8.4).
For the quantitative evaluation of an RBD, various methods are available. Depending on the
type of structure, simple Boolean techniques (see 8.1.3) and/or path and cut set analyses
may be employed. For a definition of cut set see IEC 61025 (FTA). Calculations may be made
using basic component reliability/availability methods and analytical methods or Monte Carlo
simulation. An advantage with Monte Carlo simulation is that the events in the RBD do not
have to be combined analytically since the simulation itself takes into account whether each
block is failed or functional (see 8.1).
Since the reliability block diagram describes the logical relations needed for system function,
the block diagram does not necessarily represent the way the hardware is physically
connected, although an RBD generally follows, as far as possible, the physical system
connections.
6.2 Detailed considerations
6.2.1 System operation
It may be possible to use a system in more than one functional mode. If separate systems
were used for each mode, such modes should be treated independently of other modes, and
separate reliability models should be used accordingly. When the same system is used to
perform all these functions, then separate diagrams should be used for each type of
operation. Clear statements of what constitutes system success/failure for each aspect of system
operation, is a prerequisite.
6.2.2 Environmental conditions
The system performance specifications should be accompanied by a description of the
environmental conditions under which the system is designed to operate. Also included
should be a description of all the conditions to which the system will be subjected during
transportation, storage and use.
A particular piece of equipment is often used in more than one environment; for example, on
board ship, in an aircraft or on the ground. When this is so, reliability evaluations may be
carried out using the same reliability block diagram each time but using the appropriate failure
rates for each environment.
6.2.3 Duty cycles
The relationship between calendar time, operating time and on/off cycles should be
established. If it can be assumed that the process of switching equipment on and off does not
in itself promote failures, and that the failure rate of equipment in storage is negligible, then
only the actual working time of the equipment need be considered.

---------------------- Page: 16 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 21 –
However, in some instances, the process of switching on and off is in itself the prime cause of
equipment failure, and equipment may have a higher failure rate in storage than when working
(e.g. moisture and corrosion). In complex cases where only parts of the system are switched on
and off, modelling techniques other than reliability block diagrams (e.g. Markov analysis) may
be more suitable.
7 Elementary models
7.1 Developing the model
The first step is to select a system success/failure definition. If more than one definition is
involved, a separate reliability block diagram may be required for each. The next step is to
divide the system into blocks to reflect the logical behaviour so that each block is statistically
independent of the others, and is as large as possible. At the same time each block should
contain (preferably) no redundancy.
In practice it may be necessary to make repeated attempts at constructing the reliability block
diagram (each time bearing in mind the steps referred to above) before a suitable block
diagram is finalized.
The next step is to refer to the system success/failure definition and construct a diagram that
connects the blocks to form a "success path". As indicated in the diagrams that follow, the
various success paths, between the input and output ports of the diagram, pass through those
combinations of blocks that need to function in order that the system functions. If all the
blocks are required to function for the system to function, then the corresponding reliability
block diagram will be one in which all the blocks are joined in series as illustrated in Figure 1.

I
A C Z O
B

IEC  2604/05
Figure 1 – Series reliability block diagram
In this diagram "I" is the input port, "O" the output port and A, B, C, . Z are the blocks which
together constitute the system. Diagrams of this type are known as "series” reliability block
diagrams or “series models”.
A different type of reliability block diagram is needed when failure of one component or
"block" alone, does not affect system performance as far as the system success/failure
definition is concerned. For example, if in the above instance the entire link is duplicated
(made redundant), then the block diagram is as illustrated by Figure 2. Alternatively, if each
block within the link is duplicated, the block diagram is as illustrated by Figure 3. Diagrams of
this type are known as "parallel” reliability block diagrams or “parallel models”. Note that the
terms “duplicated”, “redundant” and “parallel” are very similar in meaning and are often used
interchangeably.

A1 C1 Z1
B1
O
I

A2 B2 C2 Z2
IEC  2605/05

Figure 2 – Duplicated (or parallel) series reliability block diagram

---------------------- Page: 17 ----------------------

SIST EN 61078:2007
61078  IEC:2006 – 23 –
A1 C1
B1 Z1
O
I
A2 C2
B2 Z2

IEC  2606/05
Figure 3 – Series duplicated (or parallel) reliability block diagram
Reliability block diagrams used for modelling system reliability are often more complicated
mixtures of series and parallel diagrams. Such a diagram would arise if an example were to
be considered consisting of a duplicated communication link comprising three repeaters A, B
and C, and a common pow
...