International Standards and Conformity Assessment for all electrical, electronic and related technologies
Functional Safety and the IEC

IEC 61508

Functional Safety

 

Major changes in IEC 61508 ed2.0

 

1. Management of functional safety

The requirements have been restructured and now provide more comprehensive normative requirements; including:

 

  • Appointment of one or more persons by an organisation with responsibility for one or more phases necessary for the achievement of functional safety of an E/E/PE safety-related system;
  • Identification of all persons undertaking defined activities relevant to the achievement of functional safety of an E/E/PE safety-related system;
  • All those persons undertaking defined activities relevant to the achievement of functional safety of an E/E/PE safety-related system shall be competent for the duties they have to perform.

2. Terminology

There have been several important changes to the definitions and it is important that where changes have been made they are examined to assess the implications since the change may affect the interpretation as understood in IEC 61508/Edition 1.  Examples of  some changes to key definitions or new ones include: subsystem, dangerous failure, safe failure, element and element safety function.

3. Modes of operation

The criteria relating to when a safety function is operating in a low demand mode of operation or a high demand/continuous mode of operation has been changed. The requirements relating to the proof test frequency have been removed from the criteria.

4. Architectural constraints

There are two possible Routes to compliance:

 

  • Route 1H: based on hardware fault tolerance and safe failure fraction concepts; or,
  • Route 2H: based on component reliability data from field feedback, increased confidence levels and hardware fault tolerance for specified safety integrity levels.

5. Systematic safety integrity

There are three possible Routes to compliance which are:

 

  • Route 1S: Requirements for the avoidance (prevention) and requirements for the control of systematic faults. This covers both hardware and software.
  • Route 2S: Evidence that the equipment is "proven in use" (PIU). This covers both hardware and software.
  • Route 3S: For pre-existing software elements only.

6. Systematic capability introduced

Systematic Capability is introduced and is defined as "...a measure (expressed on a scale of SC 1 to SC 4) of the confidence that the systematic safety integrity of an element meets the requirements of the specified SIL, in respect of the specified element safety function..."

7. Security

Security is addressed but in an informative way.  Malevolent and unauthorised actions have to be addressed during the hazard and risk analysis. If a security threat is seen as being reasonably foreseeable, then a security threats analysis should be carried out and if security threats have been identified then a vulnerability analysis should be undertaken in order to specify security requirements.

8. E/E/PE requirements specification

The E/E/PE requirements specification in Edition 1 of IEC 61508 comprised a single specification (i.e. a single step process). Edition 2 of IEC 61508 comprises two specifications (i.e. a two step process) namely:

 

  • Step 1: Develop the E/E/PE system safety requirements specification (in IEC 61508-1);
  • Step 2: Develop the E/E/PE system design requirements specification (in IEC 61508-2).

9. Digital communications

The proposed requirements have been further elaborated and now comprise the concept of White and Black Channel architectures.

10. ASICS & integrated circuits

Requirements for ASICs are now included, namely:

 

  • An appropriate group of techniques and measures shall be used that are essential to prevent the introduction of faults during the design and development of ASICs;
  • Special architectural requirements for integrated circuits (ICs) with on-chip redundancy are given in a normative Annex.

11. Safety manual for compliant items

The proposed revision sets out requirements for suppliers of products who claim compliance with the standard. The purpose of the safety manual for compliant items is to document all the information, relating to a compliant item, which is required to enable the integration of the compliant item into a safety-related system, or a subsystem or element, in compliance with the requirements of the standard.

12. Software

The following are the key changes to IEC 61508-3 (software):

 

  • Introduction of the idea of desirable Properties (such as completeness, correctness and predictability) for the output of each lifecycle phase.
  • Provision of extended requirement for the selection and justification of software development tools.
  • Allowing software elements which were not originally developed with safety in mind to be re-used in safety related applications by the provision of suitable evidence including evidence of successful use in other applications.
  • Revision to the set of technique and measures in Annexes A and B, to remove obsolete or little-used techniques and introduce current methods.