|Founder's Articles on IEC 61508 and ISO 9000|
Published in May, 2004
Software Compliance - Article #8
This is the eighth in a series of short articles on IEC 61508.
IEC 61508 is required whenever a computer-based system is used to carry out
a safety function. The purpose of these articles is to give the reader an
appreciation for this international standard.
IEC 61508-3 is to realize Electrical/Electronic/Programmable Electronic Systems
(E/E/PESs) Software for safety. The crux of IEC 61508-3 is clause 7.
Clause 7 requires an understanding of the software development processes.
The objectives of IEC 61508-3 are:
1. define the software safety development processes to achieve the required functional safety.
2. document all information relevant to functional safety of the software.
IEC 61508-2 addresses random hardware failures and systematic failures.
See previous articles in this series. Software does not break. Therefore,
IEC 61508-3, clause 7, addresses only systematic failures.
Unlike random hardware failures, systematic failures cannot be predicted
quantitatively. IEC 61508-7 describes techniques and measures to mitigate
systematic failures for software qualitatively. This means the software
development processes determine the software safety. The higher the safety
integrity level (SIL), the more rigorous the techniques and measures from
IEC 61508-7, to reduce the likelihood of systematic failures during the
software development processes.
IEC 61508-2, subclause 7.4.3, introduces safety integrity levels (SILs)
for specifying the target level of safety integrity for the safety functions
to be implemented by the E/E/PES. The software is obligated to meet the same
SIL as its E/E/PES. IEC 61508-4 defines SIL as a “discrete level (one out of
a possible four) for specifying the safety integrity requirements of the
safety functions to be allocated to the E/E/PE safety-related systems, where
safety integrity level 4 has the highest safety integrity and safety integrity
level 1 has the lowest.” The tables in IEC 61508-3, Annex A, address systematic
failures in terms of a SIL.
Discussions today in industry literature about safety integrity levels for
software and compliance to IEC 61508-3 are almost non-existent. The world’s
best FMECA cannot make the E/E/PES software safe. What is needed now is
industry understanding of systematic failures for compliance to IEC 61508-3.
Future articles in this series will explain systematic failures for compliance
to IEC 61508-3.
The next article in this series will address the software development processes
Paul Bodeau is a member of the Safety Division with over 25 years of diversified
engineering experience, mostly in safety firmware development for military and
civilian aviation. Mr. Bodeau can be reached at (661) 260-1210, or