International Journal of Systems Science, 2015 Vol. 46, No. 10, 1889–1896, http://dx.doi.org/10.1080/00207721.2013.837592 Overall availability and risk analysis of a general robot–safety device system Edmond J. Vanderperre a and Stanislav S. Makhanov b ,∗ a Reliability Engineering Research Unit, A. Ruzettelaan 183, Bus 158, 8370 Blankenberge, Belgium; b School of Information and Computer Technology, Sirindhorn International Institute of Technology, Thammasat University, Tiwanont Road, T. Bangkadi, A. Muang, Pathum Thani 12000, Thailand (Received 25 December 2012; final version received 5 August 2013) We analyse the availability of a general robot–safety device system characterised by the feature of cold standby and by an admissible risky state. In contrast to the previous literature, we allow a general failure-free time distribution for the robot and, as an example, we present computational results for Coxian failure and repair time distributions. In order to decide whether the risky state is admissible, we introduce a risk criterion based on the notion of rare events. The criterion is always satisfied in the case of fast repair. Keywords: robot; safety device; cold standby; failure rate; availability; risk criterion; fast repair 1. Introduction Innovations in the field of microelectronics and microme- chanics have enhanced the involvement of ‘smart’ robots in all kinds of advanced technical applications (e.g. Brandin 1996). Unfortunately, no robot is completely reliable. Therefore, up-to-date robots are often connected with a safety device (e.g. Vanderperre and Makhanov 2009). Such a device prevents possible damage, caused by a robot failure or by hazardous man–machine interactions, in the robot’s neighbouring environment. The usual ‘bugbears’ are soft- ware failures (e.g. Gaskill and Went 1996), human errors (Dhillon and Liu 2006) and physical failures (e.g. Birolini 2007; Ushakov 2012). Moreover, the random behaviour of the entire system (robot–safety device–repair facility) could jeopardise some prescribed safety requirements, e.g. if we allow the robot to operate when the safety device is under repair. Such a ‘risky’ state is called admissible if the asso- ciated event ‘The robot is operating and the safety device is under repair’ constitutes a rare event. Therefore, an appro- priate statistical analysis of robot–safety device systems is indispensable to support the system designer in problems of risk acceptance and safety assessments. There are numerous examples of application of robot– safety device systems in industry (medicine, energy pro- duction, etc.; see Xu and Hu 2008). A recent example is a telerobot to treat bladder cancer (see e.g. Goldman et al. 2013). The operating unit is a laser-cutter device to remove a tumor. The safety unit prevents the robot to cut deeper than a prescribed maximum depth (independent of some hazardous man–machine interactions). Another example is a robot with a safety de- vice that automatically prevents an operator to enter a ∗ Corresponding author. Email: makhanov@siit.tu.ac.th dangerous neighbourhood of the robot (see e.g. Ruz, Vazquez, Salas-Morera, and Cubera-Atienza 2012). Even- tually, the safety device can send a stop signal to the robot. Remarks: There are occasions where the use of standard safety devices, such as light curtains, is infeasible. There- fore, efforts are required to improve and develop new safety units to cover the safety requirements of a constantly grow- ing industry. The performance of new safety devices, based on wireless technology, has been analysed by Ruz et al. (2012). A basic repairable robot–safety device system, called the T-system (see e.g. Vanderperre 2000, 2001; Vanderperre and Makhanov 2005), consists of a robot with a safety device subjected to standby and attended by two heterogeneous repairmen. The robot is allowed to operate when the safety device is under repair, provided that a suit- able risk criterion is satisfied (Vanderperre and Makhanov 2002). A useful modification of the T-system, called the S-system, is characterised by a shut-off rule for the robot (Vanderperre and Makhanov 2009), i.e. any repair of the failed safety device requires a shutdown of the operative robot. A particular variant of the T-system is a robot– safety device system attended by a single repairman and subjected to a repair(break-in) priority rule, called the M-system (Vanderperre and Makhanov 2012). The M-system is characterised by the following features: • The M-system is attended by a single repairman. • The robot has overall (break-in) priority in repair with regard to the safety device. C  2013 Taylor & Francis