PCs in Low SIL Applications

We have been developing an approach to justifying the use of PCs in low criticality applications. The work is a response to challenges foreseen by the industry in making justified use of PCs low-criticality applications. A typical example would be using a PC-based system in a SCADA or supervisory role. Difficulties arise because of hardware and software complexity, heterogeneity, reliance on a general-purpose operating system, lack of prior field experience, etc.

The approach consists of three steps: 

1. Firstly it sets out guidance (in terms of, say, limits on expected MTBF or response times) to enable a initial feasibility assessment (is, for instance, a PC-based solution suitable at all?).
2. At the next step we seek to establish how the computer may trigger or contribute to failures of its immediately surrounding system(s). This is done by means of a system-level hazard analysis, using techniques such as Hazops or FMEA. The result of these analyses is used to guide a risk assessment, which in turn takes account of mitigations that may exist at the system-computer boundary.
3. Failures which are not sufficiently mitigated against at that boundary need to be addressed further. Here the approach is to determine which internal failure modes can cause failures at the boundary.

Part of this work has also included the study of operating systems and their reliability.