|
|
 |
 |
| |
|
| |
|
| |
|
A1) Is
IEC 61508 relevant to me?
Generally, the significant hazards for equipment
and any associated control system have to be identified by the specifier
or developer via a hazard analysis. The analysis identifies whether
functional safety is necessary to
ensure adequate protection against each significant hazard. If so,
then it has to be taken into account in an appropriate manner in
the design. Functional safety is just one method of dealing with
hazards, and other means for their elimination or reduction, such
as inherent safety through design, are of primary importance.
IEC 61508 defines appropriate means for achieving functional safety
in the systems it covers.
See the document Functional
safety and IEC 61508 for further details. |
 |
| |
|
A2) What systems does
IEC 61508 cover?
IEC 61508 applies to safety-related
systems when one or more of such systems incorporate electrical
and/or electronic and/or programmable electronic (E/E/PE)
devices. It covers possible hazards caused by failure of the safety
functions to be performed by the E/E/PE safety-related systems,
as distinct from hazards arising from the E/E/PE equipment itself
(for example electric shock etc). It is generically based and applicable
to all E/E/PE safety-related systems irrespective of the application.
It is recognized that the consequences of failure
could also have serious economic implications and in such cases
the standard could be used to specify any E/E/PE safety-related
system used for the protection of equipment or product.
The scope of IEC 61508-1
gives more details. |
|
| |
|
A3) Give me some
practical examples
The range of E/E/PE
safety-related systems to which
IEC 61508 can be applied includes:
- emergency shut-down systems,
- fire and gas systems,
- turbine control,
- gas burner management,
- crane automatic safe-load indicators,
- guard interlocking and emergency stopping systems for machinery,
- medical devices,
- dynamic positioning (control of a ship's movement when in proximity
to an offshore installation),
- fly-by-wire operation of aircraft flight control surfaces,
- railway signalling systems (including moving block train signalling),
- variable speed motor drives used to restrict speed as a means
of protection,
- automobile indicator lights, anti-lock braking and engine-management
systems,
- remote monitoring, operation or programming of a network-enabled
process plant,
- an information-based decision support tool where erroneous
results affect safety.
Relevant means of implementing safety functions include electro-mechanical
relays (i.e. electrical), non-programmable solid-state electronics
(i.e. electronic) and programmable electronics. Programmable electronic
safety-related systems typically incorporate programmable controllers,
programmable logic controllers, microprocessors, application specific
integrated circuits, or other programmable devices (for example
“smart” sensors, transmitters and actuators).
In every case, the standard applies to the entire
E/E/PE safety-related system (for example from sensor, through control
logic and communication systems, to final actuator, including any
critical actions of a human operator). For safety functions to be
effectively specified and implemented, it is essential to consider
the system as a whole. |
|
| |
|
A4) How does
IEC 61058 apply where E/E/PE technology makes up only a small part
of the safety-related system?
IEC 61508 is applicable to any safety-related
system that contains an E/E/PE
device.
This applicability is appropriate because many requirements,
particularly in IEC 61508-1, are
not technology specific. Indeed, early development phases (such
as initial concept, overall scope definition, hazard and risk analysis
and specifying the overall safety requirements) may take place before
the implementation technology has been decided.
Even during later phases such as realisation, specific
functional safety requirements apply directly to non-E/E/PE devices,
such as mechanical components, as well as E/E/PE devices. For example,
the requirements for hardware reliability and fault tolerance in
IEC 61508-2 directly relate to the
properties of all components in the E/E/PE safety-related system,
whether or not they include E/E/PE technology.
For low complexity
E/E/PE safety-related systems, it is possible to comply with IEC
61508 while not meeting every requirement
of the standard.
|
|
| |
|
A5) How
does IEC 61508 apply to systems whose function is to avoid damage
to the environment or severe financial loss?
IEC 61508 is concerned with achieving functional
safety, where safety is defined as freedom from unacceptable
risk of physical injury or damage to the health of people, either
directly or indirectly as a result of damage to property or to the
environment (see 3.1 of IEC 61508-4).
So damage to long term health, including damage to property or the
environment that leads to damage to long term health, is explicitly
within the scope of the standard and is encompassed by the term
safety.
It is recognised that the consequences of failure
could also have serious economic implications and in such cases
the standard could be used to specify any E/E/PE
system used for the protection of equipment or product (1.2 e of
IEC 61508-1).
The particular safety functions that are necessary,
and the associated levels of performance required of them, are determined
by hazard and risk analysis (see for example IEC
61508-5). An equivalent analysis of risk in terms of environmental
or financial hazards can be performed by replacing safety parameters
with environmental or financial parameters. Most of the subsequent
requirements of the standard are as applicable for “environmental
functions” or “financial functions” as they are
for safety functions. This includes the required levels of performance,
which are expressed in terms of probability of failure.
|
|
| |
|
A6) What does IEC
61508 consist of?
The standard is published
in parts as shown in the table below. Only
parts 1 to 4 contain normative requirements.
IEC 61508 part structure |
| Reference |
Full title |
Preview |
IEC/TR 61508-0 |
IEC/TR 61508-0:2005, Functional safety of E/E/PE safety-related systems –
Part 0: Functional safety and IEC 61508 |
|
| IEC 61508-1 |
IEC 61508-1:1998, Functional safety of E/E/PE safety-related systems –
Part 1: General requirements |
|
| IEC 61508-2 |
IEC 61508-2:2000, Functional safety of E/E/PE safety-related systems –
Part 2: Requirements for E/E/PE safety-related systems |
|
| IEC 61508-3 |
IEC 61508-3:1998, Functional safety of E/E/PE safety-related systems –
Part 3: Software requirements |
|
| IEC 61508-4 |
IEC 61508-4:1998, Functional safety of E/E/PE safety-related systems –
Part 4: Definitions and abbreviations |
|
| IEC 61508-5 |
IEC 61508-5:1998, Functional safety of E/E/PE safety-related systems –
Part 5: Examples of methods for the determination of safety integrity levels |
|
| IEC 61508-6 |
IEC 61508-6:2000, Functional safety of E/E/PE safety-related systems –
Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 |
|
| IEC 61508-7 |
IEC 61508-7:2000, Functional safety of E/E/PE safety-related systems –
Part 7: Overview of techniques and measures |
|
|
|
|
|
| |
|
A7) Can I get
hold of the standard for free, for example by downloading from the
internet?
No, IEC 61508 is a priced publication. You can purchase
it online
from the IEC, or obtain it from the national standards body in your
own country.
You can download for free the first few pages of an IEC standard from the IEC webstore. These previews contain the contents, foreword, introduction, scope and normative references.
|
|
| |
|
A8) Now I’ve obtained
a copy of the standard, how do I go about reading it?
Annex A of IEC
61508-5 provides introductory material on risk and safety integrity.
In IEC 61508-1, the overall safety lifecycle
requirements contained in clause 7 are summarized in a lifecycle
diagram in figure 2, with an overview of each phase in table 1.
In addition, requirements relating to verification, management of
functional safety and functional safety
assessment are contained in 7.18, clause 6 and clause 8 respectively.
Annex A of IEC 61508-6 gives
an eight-page overview of the requirements in IEC
61508-2 and IEC 61508-3.
In IEC 61508-2, the E/E/PES safety lifecycle requirements
contained in clause 7 are summarised in a lifecycle diagram in figure
2, with an overview of each phase in table 1. Likewise, in IEC 61508-3,
the software safety lifecycle requirements contained in clause 7
are summarised in figure 3 with an overview in table 1.
Any particular requirement of IEC 61508 should be considered in
the context of its lifecycle phase (where applicable) and the stated
objectives for the requirements of that phase, clause or subclause.
The objectives are always stated immediately before the requirements.
|
|
| |
|
| |
Last updated: 2005-04-08 |
|
Note: This document answers some Frequently Asked Questions (FAQs) about the international standard IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems. It has been compiled by SC65A/WG14, the international committee responsible for producing guidelines on IEC 61508. The answers to the questions are not intended to provide a definitive technical answer but rather to inform the new user to the standard.
We welcome feedback, in terms of a comment on these web pages or a new question for consideration by the committee.
Important: The above explanations have been prepared by the IEC for general assistance but are not intended to be a substitute for any user's specific requirements related to a particular IEC standard. Enquiries on specific standards should be addressed to the relevant IEC Technical Committee.
|
|
|
