June 5, 2017 Founder's article on IEC 61508 - January, 2004
  Articles Written by our Founder
Founder's Articles on IEC 61508 and ISO 9000
Published in January, 2004

Overall safety lifecycle requirements (IEC 61508-1, clause 7) - Article #4

This is the forth in a series of short articles on IEC 61508. IEC 61508 is required whenever a computer-based system is used to carry out a safety function. The purpose of these articles is to give the reader an appreciation for this international standard.

When one or more electrical/electronic/programmable electronic systems (E/E/PESs) are required to implement a safety function, then IEC 61508-1, clause 7, applies. IEC 61508-1, clause 7, establishes requirements for the safety function at the system level, and is described in the following paragraphs.

IEC 61508-1, subclause 7.2, Concept, identifies requirements for understanding the control system for the safety function. Along with the physical control system requirements and its interaction with other systems, the legal (regulatory) aspects must be identified.

IEC 61508-1, subclause 7.3, Overall scope definition, identifies the boundary of the control system, and the hazard and risk analysis of the control system. The control system equipment is specified, the external events are specified, and the subsystems associated with hazards are specified.

IEC 61508-1, subclause 7.4, Hazard and risk analysis, identifies hazards and hazardous events, sequences leading to hazardous events, and risks of the control system. A hazard and risk analysis is performed, and hazards are eliminated.

IEC 61508-1, subclause 7.5, Overall safety requirements, specifies the overall safety requirements for the E/E/PE safety-related system. Safety functions for each hazard are specified, and the safety integrity level (SIL) for each safety function is specified.

IEC 61508-1, subclause 7.6, Safety requirements allocation, allocates the safety functions from the safety requirements specification to the E/E/PE safety-related systems or other technology safety-related systems with associated safety integrity level (SIL) for each safety function.

IEC 61508-1, subclause 7.7, Overall operation and maintenance planning, develops a plan for operating and maintaining the E/E/PE safety-related system. The plan specifies routine actions needed to maintain functional safety of the E/E/PE safety-related system, and actions needed to prevent an unsafe state of the E/E/PE safety-related system.

IEC 61508-1, subclause 7.8, Overall safety validation planning, develops a plan for overall safety validation of the E/E/PE safety-related system. Overall safety validation planning ensures that the E/E/PE safety-related system that has been developed is the correct E/E/PE safety-related system and that the E/E/PE safety-related system is complete.

IEC 61508-1, subclause 7.9, Overall installation and commissioning planning, develops a plan for the installation and then commissioning of the E/E/PE safety-related system.

IEC 61508-1, subclause 7.10, Realization: E/E/PES, identifies E/E/PE safety-related system realization in accordance with IEC 61508-2 and IEC 61508-3. If the overall safety requirements have not been allocated to the subsystem manufacturer, then the subsystem manufacturer does not know the specific safety function required for their safety subsystem. In other words, the subsystem manufacturer is developing a general purpose or off the shelf safety product. If this is the case, the subsystem manufacturer starts at IEC 61508, subclause 7.10. This subclause says to realize the E/E/PES with the requirements of IEC 61508-2 and 61508-3.

IEC 61508-1, subclause 7.11, Realization: other technology, creates other technology safety-related systems required by the control system safety functions. IEC 61508 does not cover other technology.

IEC 61508-1, subclause 7.12, Realization: external risk reduction facilities, creates external risk reduction facilities required to meet safety function requirements and safety integrity requirements. IEC 61508 does not cover external risk reduction facilities.

IEC 61508-1, subclause 7.13, Overall installation and commissioning, installs and commissions the E/E/PE safety-related system. The installation and commissioning are carried out in accordance with the plan from IEC 61508-1 subclause 7.9.

IEC 61508-1, subclause 7.14, Overall safety validation, validates the E/E/PE safety-related system. The overall safety validation is carried out in accordance with the plan from IEC 61508-1 subclause 7.8.

IEC 61508-1, subclause 7.15, Overall operation, maintenance and repair, operates, maintains and repairs the E/E/PE safety-related system. The overall operation, maintenance and repair is carried out in accordance with the plan from IEC 61508-1 subclause 7.7.

IEC 61508-1, subclause 7.16, Overall modification and retrofit, ensures that the functional safety for the E/E/PE safety-related system is appropriate during and after modification and retrofit. An authorized request initiates planned procedures to modify and retrofit the E/E/PE safety-related system.

IEC 61508-1, subclause 7.17, Decommissioning or disposal, ensures that the functional safety for the E/E/PE safety-related system is appropriate during and after decommissioning. An authorized request initiates planned procedures to decommission or dispose of the E/E/PE safety-related system. The planned procedures include an impact analysis covering the E/E/PE safety-related system and associated systems.

IEC 61508-1, subclause 7.18, Verification, demonstrates that the lifecycle processes of IEC 61508-1 meet all their objectives. Verification is a technical assessment of the lifecycle processes described above.

IEC 61511 is another international safety standard. It was developed from IEC 61508, and is the functional safety specification for the process industry sector. The material in IEC 61508-1 is made specific to the process industry sector in IEC 61511. IEC 61511 invokes IEC 61508-2 and IEC 61508-3 as required.

When the functional safety management system is in place, and the overall safety lifecycle requirements are identified, it is time to begin the development of the safety component in accordance with IEC 61508-2. The next article in this series will address E/E/PES compliance (IEC 61508-2).

Paul Bodeau is a member of the Safety Division with over 25 years of diversified engineering experience, mostly in safety firmware development for military and civilian aviation. Mr. Bodeau can be reached at the Contact Us page on the Why Not Engineering web site at http://www.whynotengineering.com.

Copyright (C) 2003 Paul Bodeau. All Rights Reserved.

Why Not Engineering - All Rights Reserved