IEC 61508 standard. Functional safety of E/E/PE systems

The IEC 61508 standard is an international standard for functional safety of electrical, electronic, and programmable electronic equipment. It is a basic safety publication of the International Electrotechnical Commission (IEC). As such, it is an "umbrella" document covering multiple industries and applications. Its main objective is to help individual industries to develop supplementary standards, specifically designed for those industries based on the original IEC 61508 standard. Another objective of the standard is being able to develop systems related to E / E / PE safety, where the specific standards of the application sector do not yet exist.

As of IEC 61508, specific standards have appeared for different industries, which have started from IEC 61508 standard to lay the foundations of functional safety. They will adapt their specific needs to their own sector:

• IEC 61511: process industries
• IEC 62061: machinery safety
• IEC 61513: nuclear industry
• CENELEC EN50126/8/9: railway industry
• ISO 26262: automotive industry

What is the scope of IEC 61508?

IEC 61508 standard covers safety-related systems when any of such systems incorporates mechanical/ electrical/ electronic devices, being programmable electronic mechanisms. These devices can include anything from valves, solenoids, relays, switches, or even more complex systems such as PLCs or systems with microcontrollers. Thus, the objective of the standard to specifically is covering the possible risks, created when safety functions performed by security-related systems would fail.

Two basic fundamentals of the foundation of IEC 61508

The standard is based on two key concepts: safety life cycle and safety integrity levels (SIL):

• Safety life cycle is defined as an engineering process that includes all the steps being necessary to achieve the required functional safety. Basic philosophy behind safety lifecycle is developing and documenting a safety plan. Also, executing that plan, documenting its execution (in order to demonstrate that the plan has been met), and continuing that security plan until decommissioning of more appropriate documentation, during the entire life cycle of the system.
• Safety Integrity Levels (SIL) are order of magnitude levels of risk reduction. There are four SILs defined in IEC 61508 standard: SIL1 has the lowest level of risk reduction, while SIL4 has the highest level of risk reduction.

This standard specifically covers potential hazards created any time a failure will occur in safety functions, being performed by Electrical/Electronic/Programmable Electronic safety-related systems (E/E/PE): this is known as "functional safety". Functional safety is the general program for ensuring that a safety-related E/E/PE system will generate a safe state, when prompted to do so.

The 7 parts of IEC 61508 standard

Part 1 This covers the basic requirements of the standard and provides a detailed presentation of the safety life cycle. This section is considered the most important, as it provides general requirements for documentation, compliance, functional safety management and functional safety assessment.

Part 2 Covering hardware requirements for safety-related systems. Many consider that this part, along with part 3, is the key area for those developing products for safety market. Part 2 is written for the whole system, but many of the requirements are directly applicable to development of hardware products, related to safety. Part 2 covers a detailed safety life cycle for hardware, as well as specific aspects of functional safety assessment regarding hardware. Part 2 also has detailed requirements for techniques to deal with failure control during the operation.

Part 3 This will cover software requirements of IEC 61508 standard. It is to be implemented to any software being used in a safety-related system or any software being used to develop safety-related systems. This software is specifically known as safety-related software. This part provides details of safety life cycle of the software. This process will be used for developing software.

Part 4 Definitions and abbreviations being used all the time in the standard are included here. This section is extremely useful for both the ones who are new to the standard and for those who are already familiar with it, as a reference to precise meanings of the terms in the standard.

Part 5 Including informative Annexes A to E, which contain discussion methods and examples of risk, safety integrity, tolerable risk, and selection of SIL (Safety Integrity Level). Several selection techniques for SIL are presented, including quantitative and qualitative methods.

In other words, functional safety is achieved by properly designing a Safety Instrumented System (SIS) to carry out a Safety Instrumented Function (SIF), with confidence indicated by Safety Integrity Level (SIL). In Part 5 of the standard, concepts of risk and safety integrity are discussed in greater detail.

Part 6 Guidelines on the application of Parts 2 and 3 are provided, through informative Annexes A to E.

Part 7 It contains important information for those who perform product-development work on equipment that must be certified according to IEC 61508 standard.

Functional Safety Management

Functional Safety Management includes assuming various activities and responsibilities to ensure that functional safety objectives are achieved and maintained. These activities should be documented, usually in a document called functional safety management (FSM) plan. FSM plan should consider the following:

1. The overall strategy and methods to achieve functional safety, including assessment methods and how the process is communicated within the organization.

2. Identification of persons, departments and organizations being responsible for carrying out and reviewing the general phases, E/E/PES, or software safety life cycle. Where appropriate, licensing authorities or safety regulatory bodies must be included.

3. the phases of safety life cycle to be used.

4. The structure of the documentation.

5. Measures and techniques used to meet the requirements.

6. The functional safety assessment activities that will be carried out and the phases of safety life cycle where they will be carried out.

7. Procedures for monitoring and resolving recommendations derived from hazard and risk analysis, functional safety assessment, verification, and validation activities, etc.

8. Procedures to ensure that the staff is competent.

9. Procedures to ensure that dangerous incidents (or near-accidents) are analysed and that steps are taken to avoid repetition.

10. Procedures for analysing maintenance operations and performance, including periodic functional safety inspections and audits; the frequency of inspection and the level of independence of the staff performing the inspection/ audit shall be documented.

11. Procedures for the management of change.

Leedeo Engineering is a specialist in the application of RAMS and ILS (Integrated Logistics Support) system engineering, products and installations in railway, aerospace, defence, and naval industry.