3.2.4 Reference safety architectures - 1oo2
1oo2 reference architecture (shown in below Figure 4.) is composed by two separate channels, each of them
implemented in the same way of 1oo1 reference architecture. Safety integrity of each channel is guaranteed by
the combination of STM32F2 Series internal processes (implemented safety mechanisms) and external
processes WDTe and VMONe. Safety integrity of overall compliant item is guaranteed by the external voter PEv
allowing to claim HFT=1. Achievement of higher safety integrity levels as per IEC61508-2 Table 3 is therefore
possible. Appropriate separation between the two channels (including power supply separation) should be
implemented in order to avoid huge impact of common-cause failures (refer to Section 4.2 Dependent failures
analysis). βD computation is anyway required.
Target for 1oo2 reference architecture is SIL3.
Figure 4. 1oo2 reference architecture
Actuators
Sensors
VMONe
PEc
PEoPEi
PEd
WDTeVMONe
PEv
PEc
PEoPEi
PEd
WDTe
UM1845
Compliant item
UM1845 - Rev 4
page 9/108
To Next Page
Loading...
