A1) Is IEC 61508 relevant to me?
Generally, the significant hazards for equipment and any associated control system have to be identified by the specifier or developer via a hazard analysis. The analysis identifies whether functional safety is necessary to ensure adequate protection against each significant hazard. If so, then it has to be taken into account in an appropriate manner in the design. Functional safety is just one method of dealing with hazards, and other means for their elimination or reduction, such as inherent safety through design, are of primary importance.
IEC 61508 defines appropriate means for achieving functional safety in the systems it covers.
A2) What systems does IEC 61508 cover?
IEC 61508 applies to safety-related systems when one or more of such systems incorporate electrical and/or electronic and/or programmable electronic (E/E/PE) devices. It covers possible hazards caused by failure of the safety functions to be performed by the E/E/PE safety-related systems, as distinct from hazards arising from the E/E/PE equipment itself (for example electric shock etc). It is generically based and applicable to all E/E/PE safety-related systems irrespective of the application.
It is recognized that the consequences of failure could also have serious economic implications and in such cases the standard could be used to specify any E/E/PE safety-related system used for the protection of equipment or product.
The scope of IEC 61508-1 gives more details.
A3) Give me some practical examples
- emergency shut-down systems,
- fire and gas systems,
- turbine control,
- gas burner management,
- crane automatic safe-load indicators,
- guard interlocking and emergency stopping systems for machinery,
- medical devices,
- dynamic positioning (control of a ship's movement when in proximity to an offshore installation),
- railway signalling systems (including moving block train signalling),
- variable speed motor drives used to restrict speed as a means of protection,
- remote monitoring, operation or programming of a network-enabled process plant,
- an information-based decision support tool where erroneous results affect safety.
Relevant means of implementing safety functions include electro-mechanical relays (i.e. electrical), non-programmable solid-state electronics (i.e. electronic) and programmable electronics. Programmable electronic safety-related systems typically incorporate programmable controllers, programmable logic controllers, microprocessors, application specific integrated circuits, or other programmable devices (for example "smart" devices such as sensors/transmitters/actuators).
In every case, the standard applies to the entire E/E/PE safety-related system (for example from sensor, through control logic and communication systems, to final actuator, including any critical actions of a human operator). For safety functions to be effectively specified and implemented, it is essential to consider the system as a whole. The physical extent of an E/E/PE safety-related system is solely determined by the safety function.
A4) How does IEC 61058 apply where E/E/PE technology makes up only a small part of the safety-related system?
This applicability is appropriate because many requirements, particularly in IEC 61508-1, are not technology specific. Indeed, early development phases (such as initial concept, overall scope definition, hazard and risk analysis and specifying the overall safety requirements) may take place before the implementation technology has been decided.
Even during later phases such as realisation, specific functional safety requirements apply directly to non-E/E/PE devices, such as mechanical components, as well as E/E/PE devices. For example, the requirements for hardware reliability and fault tolerance in IEC 61508-2 directly relate to the properties of all components in the E/E/PE safety-related system, whether or not they include E/E/PE technology.
A5) How does IEC 61508 apply to systems whose function is to avoid damage to the environment or severe financial loss?
IEC 61508 is concerned with achieving functional safety, where safety is defined as freedom from unacceptable risk of physical injury or damage to the health of people, either directly or indirectly as a result of damage to property or to the environment (see 3.1 of IEC 61508-4). So damage to long term health, including damage to property or the environment that leads to damage to long term health, is explicitly within the scope of the standard and is encompassed by the term safety.
It is recognised that the consequences of failure could also have serious economic implications and in such cases the standard could be used to specify any E/E/PE system used for the protection of equipment or product (1.2 f of IEC 61508-1).
The particular safety functions that are necessary, and the associated levels of performance required of them, are determined by hazard and risk analysis (see for example IEC 61508-5). An equivalent analysis of risk in terms of environmental or financial hazards can be performed by replacing safety parameters with environmental or financial parameters. Most of the subsequent requirements of the standard are as applicable for "environmental functions" or "financial functions" as they are for safety functions. This includes the required levels of performance, which are expressed in terms of the average probability of a dangerous failure on demand of the safety function or the average frequency of a dangerous failure of the safety function [h-1] (see Tables 2 & 3 of IEC 61508-1).
A6) What does IEC 61508 consist of?
Reference, Date, Technical Committee, Title
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations
Functional safety of electrical/electronic/programmable electronic safety related systems - Part 5: Examples of methods for the determination of safety integrity levels
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures
A7) Can I get hold of the standard for free, for example by downloading from the internet?
A8) Now I've obtained a copy of the standard, how do I go about reading it?
Annex A of IEC 61508-5 provides introductory material on risk and safety integrity. In IEC 61508-1, the overall safety lifecycle requirements contained in clause 7 are summarized in a lifecycle diagram in figure 2, with an overview of each phase in table 1. In addition, requirements relating to verification, management of functional safety and functional safety assessment are contained in 7.18, clause 6 and clause 8 respectively.
In IEC 61508-2, the E/E/PE system safety lifecycle requirements contained in clause 7 are summarised in a lifecycle diagram in figure 2, with an overview of each phase in table 1. Likewise, in IEC 61508-3, the software safety lifecycle requirements contained in clause 7 are summarised in figure 3 with an overview in table 1.
Any particular requirement of IEC 61508 should be considered in the context of its lifecycle phase (where applicable) and the stated objectives for the requirements of that phase, clause or subclause. The objectives are always stated immediately before the requirements.