|Founder's Articles on IEC 61508 and ISO 9000|
Published in February, 2004
E/E/PES compliance (IEC 61508-2) - Article #5
This is the fifth in a series of short articles on IEC 61508. IEC 61508 is required
whenever a computer-based system is used to carry out a safety function. The purpose
of these articles is to give the reader an appreciation for this international standard.
IEC 61508-2 is to realize Electrical/Electronic/Programmable Electronic Systems (E/E/PESs)
for safety. The crux of IEC 61508-2 is clause 7. It is important to know that IEC 61508-2,
clause 7, addresses two types of failures: random hardware failures and systematic failures.
Random hardware failures are the result of physical parts that wear out or break. Systematic
failures are the result of errors injected into the product (E/E/PES) and not eliminated from the
product during the development processes. In other words, the process that develops the safety
product determines the product safety. IEC 61508-2 is all about the product development process.
Compliance to IEC 61508-2 requires the mitigation of both random hardware failures and
systematic failures during the E/E/PES development processes.
Unlike random hardware failures, systematic failures cannot be predicted
quantitatively. IEC 61508-7 describes techniques and measures to mitigate
systematic failures qualitatively. The greater the required safety of the E/E/PES,
the more rigorous the required techniques and measures from IEC 61508-7, for both
random hardware failures and systematic failures during the development processes.
IEC 61508-2, subclause 7.4.3, introduces safety integrity levels (SILs) for
specifying the target level of safety integrity for the safety functions to be
implemented by the E/E/PES. IEC 61508-4 defines SIL as a "discrete level (one
out of a possible four) for specifying the safety integrity requirements of the
safety functions to be allocated to the E/E/PE safety-related systems, where safety
integrity level 4 has the highest safety integrity and safety integrity level 1
has the lowest." Both random hardware failures and systematic failures are addressed
in terms of SILs. IEC 61508-2, Tables 2 and 3 are used to rate random hardware
failures in terms of a SIL. The tables in IEC 61508-2, Annex B, address systematic
failures in terms of a SIL. Again, both are required for compliance to IEC 61508-2
for the realization of the E/E/PES.
At this point in time, there are many very good sources of information about
compliance to IEC 61508-2 for random hardware failures. Compliance to IEC 61508-2
for systematic failures is ignored in industry literature today. What is needed
now is industry understanding of systematic failures for compliance to IEC 61508.
Future articles in this series will explain systematic failures for compliance
to IEC 61508.
The next article in this series will address E/E/PES development processes (Objective 1).
Paul Bodeau is a member of the Safety Division with over 25 years of diversified
engineering experience, mostly in safety firmware development for military and
civilian aviation. Mr. Bodeau can be reached at (661) 260-1210, or