EN 61078:2006

SLOVENSKI STANDARD
01-januar-2007
1DGRPHãþD
SIST EN 61078:2002
Analizne tehnike za zagotovljivost – Zanesljivost, blokovni diagram in Boolove
metode (IEC 61078:2006)
Analysis techniques for dependability - Reliability block diagram and boolean methods
Techniken für die Analyse der Zuverlässigkeit - Verfahren mit dem
Zuverlässigkeitsblockdiagramm und Boole'sche Verfahren
Techniques d'analyse pour la sûreté de fonctionnement - Bloc-diagramme de fiabilité et
méthodes booléennes
Ta slovenski standard je istoveten z: EN 61078:2006
ICS:
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 61078
NORME EUROPÉENNE
May 2006
EUROPÄISCHE NORM
ICS 03.120.01; 03.120.99 Supersedes EN 61078:1993

English version
Analysis techniques for dependability -
Reliability block diagram and boolean methods
(IEC 61078:2006)
Techniques d'analyse  Techniken für die Analyse
pour la sûreté de fonctionnement - der Zuverlässigkeit -
Bloc-diagramme de fiabilité Verfahren mit dem
et méthodes booléennes Zuverlässigkeitsblockdiagramm
(CEI 61078:2006) und Boole'sche Verfahren
(IEC 61078:2006)
This European Standard was approved by CENELEC on 2006-03-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, the Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2006 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61078:2006 E
Foreword
The text of document 56/1071/FDIS, future edition 2 of IEC 61078, prepared by IEC TC 56,
Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 61078 on 2006-03-01.
This European Standard supersedes EN 61078:1993.
The major change with respect to EN 61078:1993 is that an additional clause on Boolean disjointing
methods (Annex B) has been added.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2006-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2009-03-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 61078:2006 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following note has to be added for the standard indicated:
IEC 60812 NOTE Harmonized as EN 60812:2006 (not modified).
__________
- 3 - EN 61078:2006
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
Publication Year Title EN/HD Year

IEC 60050-191 1990 International Electrotechnical Vocabulary - -
(IEV)
Chapter 191: Dependability and quality of
service
1) 2)
IEC 61025 Fault tree analysis (FTA) HD 617 S1
- 1992
ISO 3534-1 1993 Statistics - Vocabulary and symbols - -
Part 1: Probability and general statistical
terms
1)
Undated reference.
2)
Valid edition at date of issue.

NORME CEI
INTERNATIONALE
IEC
INTERNATIONAL
Deuxième édition
STANDARD
Second edition
2006-01
Techniques d'analyse pour la sûreté
de fonctionnement –
Bloc-diagramme de fiabilité et
méthodes booléennes
Analysis techniques for dependability –
Reliability block diagram and
boolean methods
 IEC 2006 Droits de reproduction réservés  Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any
utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including
électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from
microfilms, sans l'accord écrit de l'éditeur. the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
CODE PRIX
W
PRICE CODE
Commission Electrotechnique Internationale
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
Pour prix, voir catalogue en vigueur
For price, see current catalogue

61078  IEC:2006 – 3 –
CONTENTS
FOREWORD.7
INTRODUCTION.11

1 Scope.13
2 Normative references .13
3 Terms and definitions .13
4 Symbols and abbreviated terms.15
5 Assumptions and limitations .17
5.1 Independence of events .17
5.2 Sequential events.17
5.3 Distribution of times to failure .17
6 Establishment of system success/failure definitions.17
6.1 General considerations.17
6.2 Detailed considerations .19
7 Elementary models.21
7.1 Developing the model.21
7.2 Evaluating the model.25
8 More complex models.31
8.1 General procedures.31
8.2 Models with common blocks .41
8.3 m out of n models (non-identical items) .45
8.4 Method of reduction.45
9 Extension of reliability block diagram methods to availability calculations .47

Annex A (informative) Summary of formulæ .51
Annex B (informative) Boolean disjointing methods.59

Bibliography.71

Figure 1 – Series reliability block diagram.21
Figure 2 – Duplicated (or parallel) series reliability block diagram.21
Figure 3 – Series duplicated (or parallel) reliability block diagram .23
Figure 4 – Mixed redundancy reliability block diagram .23
Figure 5 – Another type of mixed redundancy reliability block diagram.23
Figure 6 – 2/3 redundancy .23
Figure 7 – 2/4 redundancy .23
Figure 8 – Diagram not easily represented by series/parallel arrangement of blocks.25
Figure 9 – Parallel arrangement of blocks .27
Figure 10 – Standby redundancy .29
Figure 11 – Representation of Figure 8 when item A has failed.33
Figure 12 – Representation of Figure 8 when item A is working .33

61078  IEC:2006 – 5 –
Figure 13 – One-out-of-three parallel arrangement .35
Figure 14 – Reliability block diagram using an arrow to help define system success .41
Figure 15 – Alternative representation of Figure 14 using common blocks .41
Figure 16 – 2-out-of-5 non-identical system .45
Figure 17 – Illustrating grouping of blocks before reduction .47
Figure 18 – Reduced reliability block diagrams .47

Table 1 – Application of truth table to the example of Figure 13 .37
Table 2 – Application of truth table to the example of Figure 8 .39
Table 3 – Application of truth table to the examples of Figures 14 and 15 .43

61078  IEC:2006 – 7 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
ANALYSIS TECHNIQUES FOR DEPENDABILITY –
RELIABILITY BLOCK DIAGRAM AND BOOLEAN METHODS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardisation comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardisation in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61078 has been prepared by IEC technical committee 56:
Dependability.
This second edition cancels and replaces the first edition, published in 1991, and constitutes
a full technical revision. The major change with respect to the previous edition is that an
additional clause on Boolean disjointing methods (Annex B) has been added.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1071/FDIS 56/1089/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

61078  IEC:2006 – 9 –
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
61078  IEC:2006 – 11 –
INTRODUCTION
Different analytical methods of dependability analysis are available, of which the reliability
block diagram (RBD) is one. The purpose of each method and their individual or combined
applicability in evaluating the reliability and availability of a given system or component should
be examined by the analyst prior to starting work on the RBD. Consideration should also be
given to the results obtainable from each method, data required to perform the analysis,
complexity of analysis and other factors identified in this standard.
A reliability block diagram (RBD) is a pictorial representation of a system's reliability perform-
ance. It shows the logical connection of (functioning) components needed for successful
operation of the system (hereafter referred to as “system success”).

61078  IEC:2006 – 13 –
ANALYSIS TECHNIQUES FOR DEPENDABILITY –
RELIABILITY BLOCK DIAGRAM AND BOOLEAN METHODS

1 Scope
This International Standard describes procedures for modelling the dependability of a system
and for using the model in order to calculate reliability and availability measures.
The RBD modelling technique is intended to be applied primarily to systems without repair
and where the order in which failures occur does not matter. For systems where the order of
failures is to be taken into account or where repairs are to be carried out, other modelling
techniques, such as Markov analysis, are more suitable.
It should be noted that although the word “repair” is frequently used in this standard, the word
“restore” is equally applicable. Note also that the words “item” and “block” are used
extensively throughout this standard: in most instances interchangeably.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60050-191:1990, International Electrotechnical Vocabulary (IEV) – Chapter 191: Depend-
ability and quality of service
IEC 61025, Fault tree analysis (FTA)
ISO 3534-1:1993, Statistics – Vocabulary and symbols – Part 1: Probability and general
statistical terms
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050-191 and
ISO 3534-1 apply.
61078  IEC:2006 – 15 –
4 Symbols and abbreviated terms
Symbol/Abbreviation Meaning
When used in Boolean expressions, these symbols indicate that items A, B, C,
A, B, C,K
... are in up states
When used in Boolean expressions, these symbols indicate that items A, B, C,
A, B, C,L
... are in down states
F
Probability of system failure
S
Probability density function of block A. The term “block” is used to denote a
f (t)
A
group of one or more components
Pr(SS|X failed) Conditional probability of system success, given that item X is failed
Reliability [probability that an item can perform a required function under given
R , R(t) , R (t)
S
conditions for a given time interval (0,t)]
Reliability of blocks A, B, .
R , R , …
A B
System reliability
R
S
Reliability of switching and sensing mechanism
R
SW
SF System failure (used in the Boolean expressions)
SS System success (used in the Boolean expressions)
t Mission time or time period of interest
Failure rate (constant) of blocks A, B and C
λ , λ , λ
A B C
Dormant failure rate of block B
λ
Bd
Repair rates (constant) of blocks A, B and C
µ , µ , µ
A B C
n
Number of ways of selecting r items from n items
( )
r
0, 1 These symbols are used in truth tables to denote down and up states and apply
to whichever item is the column heading
∩
Boolean symbols denoting AND logic, e.g. A ∩ B, A.B (intersection)
∪
Boolean symbols denoting OR logic, e.g. A ∪ B, A+B (union)

A
Active (parallel) redundancy
I O
B
I
O
A
Standby redundancy
B
61078  IEC:2006 – 17 –
Symbol/Abbreviation Meaning
I
I
m/n is symbol used to show m-out-of-n items needed for system success in an
m/n
I O
active redundant configuration
I
I
I indicates input
O indicates output
Such indications are used for convenience. They are not mandatory, but may
be useful where connections have a directional significance

I A
Grouping of equipment, components, units or other system elements
O
5 Assumptions and limitations
5.1 Independence of events
One of the most fundamental assumptions on which the procedures described in this standard
are based, is the assumption that components (or blocks representing them) can exist in only
two states: working (“up” state) or failed (“down” state).
Another important assumption is that failure (or repair) of any block must not affect the
probability of failure of (or repair to) ANY other block within the system being modelled. This
implies that there should be available, in effect, sufficient repair resources to service those
blocks needing repair and that when two or more persons are repairing a particular block at
the same time, neither gets in the other’s way. Thus failures of and repairs to individual blocks
are considered to be statistically independent events.
5.2 Sequential events
RBDs are not suitable for modelling order-dependent or time-dependent events. In such
instances, other methods such as Markov analysis or Petri nets should be used.
5.3 Distribution of times to failure
Provided the assumptions noted in 5.1 are valid, there is no restriction, other than
mathematical tractability, on the distribution that may be used to describe the times to failure
or repair.
6 Establishment of system success/failure definitions
6.1 General considerations
A prerequisite for constructing system reliability models is a sound understanding of the ways
in which the system can operate. Systems often require more than one success/failure
definition. These should be defined and listed. An RBD diagram can be made on different
levels: system level, sub-system (module) level or assembly level. When an RBD is made for
further analysis (for example for FMEA analysis), a level suitable for such analysis has to be
chosen.
61078  IEC:2006 – 19 –
In addition, there should be clear statements concerning
– functions to be performed,
– performance parameters and permissible limits on such parameters,
– environmental and operating conditions.
Various qualitative analysis techniques may be employed in the construction of an RBD.
Therefore the system's success/failure definition has to be established. For each system
success/failure definition the next step is to divide the system into logical blocks appropriate
to the purpose of the reliability analysis. Particular blocks may represent system
substructures, which in turn may be represented by other RBDs (system reduction – see 8.4).
For the quantitative evaluation of an RBD, various methods are available. Depending on the
type of structure, simple Boolean techniques (see 8.1.3) and/or path and cut set analyses
may be employed. For a definition of cut set see IEC 61025 (FTA). Calculations may be made
using basic component reliability/availability methods and analytical methods or Monte Carlo
simulation. An advantage with Monte Carlo simulation is that the events in the RBD do not
have to be combined analytically since the simulation itself takes into account whether each
block is failed or functional (see 8.1).
Since the reliability block diagram describes the logical relations needed for system function,
the block diagram does not necessarily represent the way the hardware is physically
connected, although an RBD generally follows, as far as possible, the physical system
connections.
6.2 Detailed considerations
6.2.1 System operation
It may be possible to use a system in more than one functional mode. If separate systems
were used for each mode, such modes should be treated independently of other modes, and
separate reliability models should be used accordingly. When the same system is used to
perform all these functions, then separate diagrams should be used for each type of
operation. Clear statements of what constitutes system success/failure for each aspect of system
operation, is a prerequisite.
6.2.2 Environmental conditions
The system performance specifications should be accompanied by a description of the
environmental conditions under which the system is designed to operate. Also included
should be a description of all the conditions to which the system will be subjected during
transportation, storage and use.
A particular piece of equipment is often used in more than one environment; for example, on
board ship, in an aircraft or on the ground. When this is so, reliability evaluations may be
carried out using the same reliability block diagram each time but using the appropriate failure
rates for each environment.
6.2.3 Duty cycles
The relationship between calendar time, operating time and on/off cycles should be
established. If it can be assumed that the process of switching equipment on and off does not
in itself promote failures, and that the failure rate of equipment in storage is negligible, then
only the actual working time of the equipment need be considered.

61078  IEC:2006 – 21 –
However, in some instances, the process of switching on and off is in itself the prime cause of
equipment failure, and equipment may have a higher failure rate in storage than when working
(e.g. moisture and corrosion). In complex cases where only parts of the system are switched on
and off, modelling techniques other than reliability block diagrams (e.g. Markov analysis) may
be more suitable.
7 Elementary models
7.1 Developing the model
The first step is to select a system success/failure definition. If more than one definition is
involved, a separate reliability block diagram may be required for each. The next step is to
divide the system into blocks to reflect the logical behaviour so that each block is statistically
independent of the others, and is as large as possible. At the same time each block should
contain (preferably) no redundancy.
In practice it may be necessary to make repeated attempts at constructing the reliability block
diagram (each time bearing in mind the steps referred to above) before a suitable block
diagram is finalized.
The next step is to refer to the system success/failure definition and construct a diagram that
connects the blocks to form a "success path". As indicated in the diagrams that follow, the
various success paths, between the input and output ports of the diagram, pass through those
combinations of blocks that need to function in order that the system functions. If all the
blocks are required to function for the system to function, then the corresponding reliability
block diagram will be one in which all the blocks are joined in series as illustrated in Figure 1.

I
A C Z O
B
IEC  2604/05
Figure 1 – Series reliability block diagram
In this diagram "I" is the input port, "O" the output port and A, B, C, . Z are the blocks which
together constitute the system. Diagrams of this type are known as "series” reliability block
diagrams or “series models”.
A different type of reliability block diagram is needed when failure of one component or
"block" alone, does not affect system performance as far as the system success/failure
definition is concerned. For example, if in the above instance the entire link is duplicated
(made redundant), then the block diagram is as illustrated by Figure 2. Alternatively, if each
block within the link is duplicated, the block diagram is as illustrated by Figure 3. Diagrams of
this type are known as "parallel” reliability block diagrams or “parallel models”. Note that the
terms “duplicated”, “redundant” and “parallel” are very similar in meaning and are often used
interchangeably.
A1 C1 Z1
B1
O
I
A2 B2 C2 Z2
IEC  2605/05
Figure 2 – Duplicated (or parallel) series reliability block diagram

61078  IEC:2006 – 23 –
A1 C1
B1 Z1
O
I
A2 C2
B2 Z2
IEC  2606/05
Figure 3 – Series duplicated (or parallel) reliability block diagram
Reliability block diagrams used for modelling system reliability are often more complicated
mixtures of series and parallel diagrams. Such a diagram would arise if an example were to
be considered consisting of a duplicated communication link comprising three repeaters A, B
and C, and a common power supply block (D). The resulting diagram then takes the form of
Figures 4 and 5.
A1 C1
B1
O
I D
A2 C2
B2
IEC  2607/05
Figure 4 – Mixed redundancy reliability block diagram

A1 C1
B1
I D
O
A2 C2
B2
IEC  2608/05
Figure 5 – Another type of mixed redundancy reliability block diagram
On account of the statistical independence stated above, failure of any block shall not give
rise to a change in the probability of failure of any other block within the system. In particular,
failure of a redundant block shall not affect system power supplies or signal sources.
The need frequently arises to model systems where the success definition is that m or more
out of n items connected in parallel are required for system success. The reliability block
diagram then takes the form of Figure 6 or Figure 7.
X1
X1
X2
2/4
O
I
2/3
I X2 O
X3
X3
X4
IEC  2609/05 IEC  2610/05
Figure 6 – 2/3 redundancy Figure 7 – 2/4 redundancy

61078  IEC:2006 – 25 –
Thus, in Figure 6, the failure of one item is tolerated but failure of two or more items is not.
Most reliability block diagrams are easily understood and the conditions for system success
are evident. Not all block diagrams, however, can be simplified to combinations of series or
parallel systems. The diagram in Figure 8 is an example.

C1
B1
I
A O
B2 C2
IEC  2611/05
Figure 8 – Diagram not easily represented by series/parallel arrangement of blocks
Again, the diagram is self-explanatory. System success is achieved if items B1 and C1 are
both working, or items A and C1, or A and C2, or finally B2 and C2. Figure 8 could represent
the fuel supply to engines of a light aircraft. Item B1 represents the supply to the port engine
(C1), item B2 represents the supply to the starboard engine (C2), and item A represents a
backup supply to both engines. The system success/failure definition is that both engines
have to fail before the aircraft fails.
It should be noted that in all the above diagrams, no block appears more than once in a given
diagram. The procedures for developing the reliability expression for diagrams of this type are
outlined in Clause 8.
7.2 Evaluating the model
The reliability of a system, R (t), is the probability that a system can perform a required
S
function without failure under stated conditions for a given time interval (0, t). In general, this
is defined by the relationship:
t
 
 
R (t) = exp − λ()u du
S
 ∫ 
 
where λ(u) denotes the system failure rate at t = u , u being a dummy variable.
In what follows, R (t) will be written for simplicity as R . The probability of system failure,
S S
F , is given by:
S
F = 1− R
S S
7.2.1 Series models
For systems such as those illustrated by Figure 1, the system reliability R is given by the
S
simple equation:
R = R ⋅ R ⋅ R LR  (1)
S A B C Z
i.e. by multiplying together the reliabilities of all the blocks constituting the system.

61078  IEC:2006 – 27 –
7.2.2 Parallel models
A
I O
B
IEC  2612/05
Figure 9 – Parallel arrangement of blocks
For systems of the type illustrated by Figure 9, the system probability of failure ( F ) is given
S
by:
F = F ⋅ F
S A B
Hence system reliability ( R ) is given by:
S
R = R + R − R ⋅ R (2)
S A B A B
Formulæ (1) and (2) can be combined. Thus, if a system exists as depicted by Figure 2, but
with only three items in each branch, the system reliability is:
R = R ⋅ R ⋅ R + R ⋅ R ⋅ R − R ⋅ R ⋅ R ⋅ R ⋅ R ⋅ R (3)
S A1 B1 C1 A2 B2 C2 A1 B1 C1 A2 B2 C2
Similarly, for Figure 3, the following applies:
R =()R + R − R ⋅ R ⋅(R + R − R ⋅ R)⋅(R + R − R ⋅ R) (4)
S A1 A2 A1 A2 B1 B2 B1 B2 C1 C2 C1 C2
n
In general, R =1 − ()1− R
S ∏ i
i =1
For Figures 4 and 5, the system reliability equations are obtained simply by multiplying
Equations (3) and (4) by R .
D
7.2.3 m out of n models (identical items)
The system reliability equation corresponding to Figures 6 and 7 is a little more complicated
than those above. In general, if the reliability of a system can be represented by n identical
items in parallel where m items out of n are required for system success, then the system
reliability R is given by:
S
n−m
r
n n−r
R = ( )⋅ R ⋅()1− R (5)
S ∑ r
r=0
Thus the reliability of the system illustrated by Figure 6 is given by:
3 2 2 3
()
R = R + 3 ⋅ R ⋅ 1− R = 3 ⋅ R − 2 ⋅ R (6)
S
where R is the reliability of the individual items.
Similarly for Figure 7:
4 3 2 2 4 3 2
R = R + 4 ⋅ R ⋅()1− R + 6 ⋅ R ⋅()1− R = 3 ⋅ R − 8 ⋅ R + 6 ⋅ R (7)
S
61078  IEC:2006 – 29 –
m n
For the particular case where m = n -1, R = n ⋅ R − m ⋅ R
S
If the n items are not identical, use of a more general procedure is recommended (see 8.3).
7.2.4 Standby redundancy models
Another frequently used form of redundancy is what is known as standby redundancy (see
first paragraph of Annex A). In its most elementary form, the physical arrangement of items is
represented by the diagram in Figure 10.

A
I
O
B
IEC  2613/05
Figure 10 – Standby redundancy
In this figure, item A is the on-line active item, and item B is standing by waiting to be
switched on to replace A when the latter fails. Although taken into account below, the
switching and sensing mechanism is not shown on the diagram.
An equation for the reliability R(t), of such a system can be obtained by considering what
possible events may occur during a mission time t. The following are possibilities:
a) item A is working throughout time t; or
b) item A with a failure rate λ and probability density function f (τ) is initially working, but
A A
fails at some time τ • item B (failure rate λ ) is initially in a passive state (dormant) state, (either cold or
Bd
under low power) surviving until A fails (time τ) at which time it is energized (failure
rate λ ) then interchanged with A by means of switch S (reliability R ()τ ); or
B SW
• item B survives the remainder of the mission with probability R (t-τ).
B
Mathematically, this can be expressed as follows:
t
R (t) = R (t) + f (τ ) ⋅ R (τ )⋅ R (τ ) ⋅ R (t −τ )⋅ dτ
S A A Bd SW B
∫
If it is assumed that all items have a constant active or dormant failure rate, then the above
equation becomes:
t
−λ τ
-λ t −λ τ −λ τ −λ ⋅(t−τ )
A A Bd⋅ SW ⋅ B
R( t) = e + λ ⋅ e ⋅ e e e ⋅ dτ
S A
∫
NOTE If the reliability of the switch is not a function of time but a function of some other variable (e.g. number of
operations, demands, etc.) it would be preferable not to use functional notation at all, but to use instead R to
sw
denote the switch reliability.

61078  IEC:2006 – 31 –
On evaluating the right-hand side of the above equation:
λ
−λ ⋅t −λ ⋅t −(λ + λ +λ )⋅t
A
A B A SW Bd
R (t) = e + ⋅[]e − e
S
λ + λ + λ − λ
A SW Bd B
With an assumption of perfect switching, λ = 0 , the equation becomes:
SW
λ
−λ ⋅t A − λ ⋅t −(λ + λ )⋅t
A B A Bd
R (t) = e + ⋅[]e − e
S
λ + λ − λ
A Bd B
If the dormant failure rate of item B is also assumed equal to zero, then reliability of a standby
redundant system is:
λ
− λ ⋅t − λ ⋅t − λ ⋅t
A
A B A
R (t) = e + ⋅[]e − e
S
λ − λ
A B
If, in addition to the above, both failure rates are equal (λ = λ and λ = λ), then the equation
A B
for system reliability can be shown to be given by:
−λ.t
R (t) = e ⋅()1+ λ ⋅ t
S
If under such ideal conditions, there are n (instead of one) items on standby, this latter
equation becomes:
2 3 n
 
()λ ⋅t ()λ ⋅t ()λ ⋅t
−λ⋅t
 
R (t) = e 1+ λ.t + + +K+
S
 
2! 3! n!
 
It should be noted that a practical reliability block diagram should include blocks to represent
the reliability of the switch plus sensing mechanism, which is often the "weak link" in standby
systems.
It should also be noted that, unlike all the examples considered so far and in the remainder of
this standard, the probability of survival of one item (item B) is dependent upon the time when
the other item (item A) fails. In other words, items A and B cannot be regarded as failing
independently. As a consequence, other procedures, such as Markov analysis, should be
used to analyse standby systems.
8 More complex models
8.1 General procedures
8.1.1 Background
It is possible to evaluate the reliability R (t) of all the systems considered so far by the
S
application of a suitable reliability formula selected from Equations (1) to (7). However, for
some systems the corresponding RBDs may not conveniently be evaluated by any of the
above formulæ. These systems are considered to be more complex and so other reliability
analysis techniques have to be employed. It should be noted that complex RBDs can usually
be evaluated using Monte Carlo simulation. However, the use of such procedures is not dealt
with in this standard.
For the procedures that follow, the condition of independence, as stated in 5.1, shall apply.

61078  IEC:2006 – 33 –
8.1.2 Use of the total probability theorem
When dealing with reliability block diagrams of the type illustrated by Figure 8, a different kind
of approach is required. One such approach is based on the total probability theorem, which
can be summarized as follows.
For n mutually exclusive events AKA, whose probabilities sum to unity, then
1 n
P(B) = P(B | A ) ⋅ P(A ) +K + P(B | A ) ⋅ P(A ) where B is an arbitrary event, P(A )is the
n n i
1 1
probability of occurrence of event Aand )P(B | A is the conditional probability of B given
i i
A .
i
A convenient form of the above, which is appropriate for analysing reliability block diagrams,
is to make repeated use of the relationship:
R = P()SS | X working ⋅ P(X working) + P(SS | X failed)⋅ P(X failed)
S r r r r
In the above equation R denotes the reliability of the system, P()SS | X working denotes the
S r
reliability of the system (probability of system success) given that a particular block X is
working, and P()SS | X failed denotes the reliability of the system given that the particular
r
item X has failed. For example, if in Figure 8 the item A has failed, the reliability block
diagram simply becomes:
C1
B1
O
I
B2 C2
IEC  2614/05
Figure 11 – Representation of Figure 8 when item A has failed
so that
P (SS|A failed) = R ⋅ R + R ⋅ R − R ⋅ R ⋅ R ⋅ R
r B1 C1 B2 C2 B1 C1 B2 C2
Similarly, when A is working, the reliability block diagram is simply that given in Figure 12.

C1
I O
C2
IEC  2615/05
Figure 12 – Representation of Figure 8 when item A is working
so that
P (SS|A working) = R + R − R ⋅ R
r C1 C2 C1 C2
hence
R =()R + R − R ⋅ R ⋅ R +(R ⋅ R + R ⋅ R − R ⋅ R ⋅ R ⋅ R)⋅(1− R)
S C1 C2 C1 C2 A B1 C1 B2 C2 B1 C1 B2 C2 A

61078  IEC:2006 – 35 –
If R = R = R and R = R = R , the above equation simplifies to:
C1 C2 C B1 B2 B
2 2 2
R = (2R − R )⋅ R + (2R ⋅ R − R ⋅ R )⋅()1− R (8)
S C A B C A
C B C
The technique described in 8.1.2 can be applied to verify Equations (6) and (7).
8.1.3 Use of Boolean truth tables
The system success paths depicted by RBDs can also be represented by Boolean
expressions. For example, three items A, B and C which are connected in parallel (one
required for system success) can be represented by the RBD illustrated in Figure 13, or by

A
B
IO
C
IEC  2616/05
1/3 needed
Figure 13 – One-out-of-three parallel arrangement
the Boolean expression:
SS = A ∪ B ∪ C (9)
where SS denotes system success, while A, B and C denote success states of blocks A, B
and C.
However, the Boolean terms A, B and C cannot be directly replaced by the corresponding
probabilities R ,R ,R in order to obtain a value for system reliability. This is because
A B C
Equation (9) is in effect a set of "overlapping" (not ”disjoint”) terms (see Clause B.3).
SS = ABC ∪ ABC ∪ ABC ∪ ABC ∪ ABC ∪ ABC ∪ ABC (10)
In purely Boolean terms, Equations (9) and (10) are equivalent. In Equation (10) each literal
(terms like A, A, B, B, C, C ) can be replaced by the corresponding reliability/unreliability term:
R ,(1− R ), R ,(1− R ), R ,(1− R )
A A B B C C
to yield an equation for system reliability R , given by:
S
R = R (1− R )(1− R ) + (1− R )R (1− R ) + (1− R )(1− R )R + R (1− R )R
S A B C A B C A B C A B C
+R R (1− R ) + (1− R )R R + R R R (11)
A B C A B C A B C
An even simpler way of writing Equation (9) in non-overlapping terms is:
SS = A ∪ A ∩ B ∪ B ∩ A ∩ C (12)
so that
R = R + (1− R ) ⋅ R + (1− R ) ⋅ (1− R ) ⋅ R (13)
S
A A B B A C
61078  IEC:2006 – 37 –
It can be shown that once simplified, Equations (11) and (13) are identical.
The process of arriving at Equation (11) can be more systematically carried out by using a
truth table to convert Equation (9) to Equation (10), as shown in Table 1.
Referring to Table 1 the success terms are (from top to bottom):
A ∩ B ∩ C, A ∩ B ∩ C, A ∩ B ∩ C, A ∩ B ∩ C, A ∩ B ∩ C, A ∩ B ∩ C, A ∩ B ∩ C
These terms are combined (“OR-ed”) to give Equation (10).
Table 1 – Application of truth table to the example of Figure 13
Item
System
A B C
0 0 0 0
0 0 1 1
0 1 0 1
0 1 1 1
1 0 0 1
1 0 1 1
1 1 0 1
1 1 1 1
NOTE 1= working, 0 = failed.
The example illustrated by Figure 8 is next considered and all possible combinations (32 in
all) of working and failed items are listed as illustrated in Table 2.

61078  IEC:2006 – 39 –
Table 2 – Application of truth table to the example of Figure 8
Item
System
B1 B2 C1 C2 A
0 0 0 0 0 0
0 0 0 0 1 0
0 0 0 1 0 0
0 0 0 1 1 1
0 0 1 0 0 0
0 0 1 0 1 1
0 0 1 1 0 0
0 0 1 1 1 1
0 1 0 0 0 0
0 1 0 0 1 0
0 1 0 1 0 1
0 1 0 1 1 1
0 1 1 0 0 0
0 1 1 0 1 1
0 1 1 1 0 1
0 1 1 1 1 1
1 0 0 0 0 0
1 0 0 0 1 0
1 0 0 1 0 0
1 0 0 1 1 1
1 0 1 0 0 1
1 0 1 0 1 1
1 0 1 1 0 1
1 0 1 1 1 1
1 1 0 0 0 0
1 1 0 0 1 0
1 1 0 1 0 1
1 1 0 1 1 1
1 1 1 0 0 1
1 1 1 0 1 1
1 1 1 1 0 1
1 1 1 1 1 1
NOTE 1= working, 0 = failed.
The success combinations of items can be selected from Table 2 and the expression for
system reliability is the set of mutually exclusive terms which can be written down as follows:
SS = B1 ∩ B2 ∩ C1 ∩ C2 ∩ A ∪ B1 ∩ B2 ∩ C1 ∩ C2 ∩ A ∪L ∪ B1 ∩ B2 ∩ C1 ∩ C2 ∩ A (14)
from which
R = (1− R ) ⋅ (1− R ) ⋅ (1− R ) ⋅ R ⋅ R + (1− R ) ⋅ (1− R ) ⋅ R ⋅ (1− R ) ⋅ R +L
S B1 B2 C1 C2 A B1 B2 C1 C2 A
+R ⋅ R ⋅ R ⋅ R ⋅ R
B1 B2 C1 C2 A
61078  IEC:2006 – 41 –
Equation (14) contains 19 terms (one for each combination that results in success), all of
wh
...