This is the third in a series of short articles on IEC 61508. IEC 61508 is required whenever
a computer-based system is used to carry out a safety function. The purpose of these articles is to
give the reader an appreciation for this international standard.
The starting point for compliance to IEC 61508 for safety-related system development is to
understand the safety-related system lifecycle. The safety-related system lifecycle starts with a
functional safety management system. The remaining safety-related system lifecycle will be discussed
in following articles. The requirements for the functional safety management system are identified
in IEC 61508-1, clause 6. The functional safety management system requires project management,
configuration management, quality assurance, functional safety assessment, verification, and validation.
Although not specifically required by IEC 61508, most of the clause 6 requirements are addressed
by the ISO 9001 quality management system. Other industry standards are available for detailed
information on these requirements and encouraged by IEC 61508. The functional safety management
system requirements are explained in the following sections.
Project management is traceable to IEC 61508-1, subclause 6.2.1 a), b), c), and g).
Project management involves two major disciplines: safety planning, and safety tracking and oversight.
Safety planning establishes compliant safety plans for meeting the objectives of IEC 61508.
Safety tracking and oversight provides visibility into actual progress of attaining IEC 61508
objectives, permitting management and functional safety assessment corrective action when
performance deviates from the compliant safety plans.
The objectives of project management are:
- safety project estimates are documented and used to plan and track the safety project.
- safety project activities and commitments are planned and documented.
- all safety development personnel agree to their safety project commitments.
- actual safety results and performances are tracked against the safety plans.
- corrective actions are managed to closure.
- changes to safety plans and commitments are agreed upon by the affected safety development personnel.
Configuration Management is traceable to IEC 61508-1, subclause 6.2.1 d), l), m), and o).
Configuration management establishes and maintains the integrity of the safety documentation
throughout the lifecycle.
The objectives of configuration management are:
- safety lifecycle documentation is identified,
- safety lifecycle documentation is controlled (Configuration Control Board),
- safety lifecycle documentation is made available, and
- changes to identified safety lifecycle documentation are
controlled (problem reporting system for corrective actions).
Quality Assurance is traceable to IEC 61508-1, subclause 6.2.1 k). Quality assurance provides
safety management independent and objective visibility into the safety lifecycle being used and
the safety documentation being developed.
The objectives of quality assurance are:
- safety lifecycle activities comply with documented and controlled safety lifecycle
procedures and are verified objectively,
- safety lifecycle documentation complies with safety lifecycle documentation standards and are verified objectively,
- the safety development team is informed of quality assurance activities, and
- noncompliance issues that are not resolved at the safety project level are resolved
by senior management.
Functional Safety Assessment is traceable to IEC 61508-1, subclause 6.2.1 f) and g).
Unlike the civil aviation industry, which is regulated by government, unregulated industries
typically have no certification authority to oversee safety. With the civil aviation industry
in the United States of America, a Designated Engineering Representative (DER), employed by
the safety system development company and assigned by the certification authority,
Federal Aviation Administration (FAA), approves the safety
system development and submits safety objective evidence to the certification authority.
IEC 61508 requires a Functional Safety Assessor to provide a similar approval function as a DER.
Third party certification companies like Sira
Test & Certification LTD. ( Sira ) , can replace the government certification authority for
a self regulated industry. Functional safety assessment is a process that independently
investigates and arrives at a judgement on the functional safety achieved by the safety project.
Objective evidence of the functional safety assessment is produced and retained to show due diligence.
Verification is traceable to IEC 61508-1, subclause 6.2.1 g). Verification is a technical
assessment of the results of the lifecycle processes. Verification is not just testing.
Testing cannot show the absence of errors. Verification includes a combination of reviews,
analyses, and tests. The objective of verification is to demonstrate and document for each
safety lifecycle process, that the process outputs meet the process objectives and requirements.
Validation is traceable to IEC 61508-1, subclause 6.2.1 g). Validation determines that the
safety system requirements are the correct requirements, and that they are complete. Validation
includes a combination of reviews, analyses, and tests. For safety system developers, validation
proves that the safety requirements have been met. Verification and validation can be confusing
concepts. It can be verified that a person has a driver license, but that does not mean that the
driver license is valid. Typically process inputs are determined to be valid before the expense
of process output verification is incurred. A concern to safety is to not verify invalid requirements.
The next article in this series will address the overall safety lifecycle requirements.
Paul Bodeau is a member of the Safety Division with over 25 years of diversified engineering
experience, mostly in safety firmware development for military and civilian aviation. Mr.
Bodeau can be reached at the Why Not Engineering web site page Contact Us
(C) 2003 Paul Bodeau. All Rights Reserved.
Why Not Engineering - All Rights Reserved