Control-in-the-loop Model Based Safety Analysis

In most cases, Model Based Safety Analysis (MBSA) of critical systems focuses only on the process and not on the control system of this process. In this paper, we claim that, for complex controlled systems, not only the process but the whole closedloop system Process/Control must be considered to perform a relevant MBSA. As one of the aim of the control system is to manage the numerous switching mechanisms that must be introduced in the process to ensure fault tolerance, mission phase changes, maintenance based on auto-test... The correct achievement of these mechanisms depends indeed on the state (faulty or faultless) of control system components. Hence, a qualitative or quantitative safety analysis which considers both the process and the control provides more realistic results by integrating the faults of the control system components that manage the above-mentioned switching mechanisms. This claim is exemplified on an industrial case study issued from a power plant: the coolant feeding system. The considered process is very critical and includes numerous passive redundancies; moreover, since the lifespan of this system is equal to several decades, each component must be repairable. This process is controlled by a classical control system where some components are also redundant. First, the faulty behavior is modeled by a BDMP (Boolean logic Driven Markov Process) which is the unique formalism suitable to the modeling of systems with repairable components, as detailed in Bouissou & Bon (2003). The BDMPs obtained for the process in isolation and for the closed-loop Process/Control are then translated into finite state automata from which the Minimal Cut Sequences (MCS) are derived, as described in Chaux et al. (2012). The comparison of these two sets of minimal cut sequences shows the benefit of the control-in-the-loop approach. New sequences that combine failures of both process and control components are obtained in this case. Figure 1 depicts the main steps of the comparative study performed in this paper. Figure 1. Main steps of the study.