The use of computers in control – especially in safety-critical systems – opens up a whole new range of possibilities for getting things wrong. This course attempts to reduce that range of possibilities by showing how to get the specification right. The course does not attempt to produce programmers; it is intended for experienced control and safety engineers and is presented from the point of view of the system procurer. The course is intended to meet many of the requirements of IEC 61508, the HSE PES Guidelines, and UK DefStan 00-58.

The course is intended for experienced control and safety engineers. It is usually expected that attendees will have a knowledge of safety in analog control; however, if this is not so then brief introductory lectures can be provided. Eight to twelve persons are the typical numbers attending though more can be accommodated by special arrangement.

It is well known that time spent on correctly specifying the system reduces the time and effort spent correcting errors later in the procurement cycle. Therefore the objective of this course is to show how to get the specification right.

The following lectures are offered. Those preceded by a † are intended for the less experienced. Those preceded by a ‡ are considered extra lectures to be given if time allows.

Outlines the course, explains the objectives, explains the order in which the lectures are given, and introduces the workshop exercise.

Introduces the principles of safe analog control for those not familiar with the subject.

Introduces analog trip and shutdown systems for those not familiar with the subject.

Gives a complete overview of the IEC 61508 standard so that the various requirements can be related to what follows.

Describes typical elements of computer systems hardware and explains how they fail and how the failure modes are represented by HAZOP guidewords.

IEC 61508 and similar standards require the setting of integrity levels for safety. This causes many difficulties and this lecture offers a procedure which should be acceptable to most regulatory authorities.

The controlled system and the control scheme must be represented in an appropriate way so that they can be presented to the supplier. They also need to be represented in such a way that they can be subjected to HAZOP at different points of the design cycle. Continuous and discrete systems are treated separately, the former by Functional Modelling, that latter by State Transition Diagrams. This lecture is usually given in two parts.

Describes the design life-cycle of typical software-based systems and explains what is to be specified, by whom, and when.

This briefly covers some of the less obvious things - EMI, EMC, etc - which need to be specified for computer systems.

Describes the extended set of HAZOP guidewords needed for computer control and shows how they are applied to both continuous and discrete systems. The HAZOP is mainly applied to the representation used in the specification.

It is not the intention to teach software engineering. However, the methods used to generate software dictate how the results are analysed to ensure that they comply with the original specification.

The HSE PES Guidelines contain a very useful and extensive set of checklists. Unfortunately, these are somewhat difficult to interpret and this lecture attempts to explain some of the more difficult points.

This course is oriented towards the procurer of computer-controlled systems. At several points in the design cycle, the procurer must verify what is being supplied and this lecture outlines the points to be considered.

Where time is available and interest warrants it, we can offer a number of case studies of computer control projects, given by experts in the field.

Attendees apply the techniques learned to the control of a typical plant which contains both continuous and discrete elements and a trip/shutdown system. These exercises take place throughout the course at appropriate intervals and each exercise typically lasts an hour. The exercises are intended for small groups of three or four people who will complete typical elements of a specification as the course progresses. Although printed forms will be issued, attendees are advised to bring plenty of scrap paper. Full solutions to all exercises are included.