IEC_61508_Functional_Safety.pdf

Functional safety and IEC 61508 A basic guide November 2002 Copyright IEC 2002.This material may be freely reproduced,except for advertising,endorsement or commercial purposes.The International Electrotechnical Commission(IEC)must be acknowledged as the source.All such extracts are copyright of IEC,Geneva,Switzerland.All rights reserved.IEC has no responsibility for the placement and context in which the extracts and contents are reproduced;nor is IEC in any way responsible for the other content or accuracy thereof.Functional safety and IEC 61508:A basic guide November 2002 Contents Page 1 Introduction.3 2 Functional safety.3 2.1 What is functional safety?.3 2.2 Safety functions and safety-related systems.3 2.3 Example of functional safety.4 2.4 Challenges in achieving functional safety.5 3 IEC 61508 Functional safety of E/E/PE safety-related systems.5 3.1 Objectives.6 3.2 E/E/PE safety-related systems.6 3.3 Technical approach.7 3.4 Safety integrity levels.8 3.5 Example of functional safety revisited.8 3.6 Parts framework of IEC 61508.9 3.7 IEC 61508 as a basis for other standards.9 3.8 IEC 61508 as a stand-alone standard.11 3.9 Further information.11 Page 2 of 11 Functional safety and IEC 61508:A basic guide November 2002 1 Introduction The purpose of this document is to introduce the concept of functional safety and give an overview of the international standard IEC 61508.You should read it if you are:?wondering whether IEC 61508 applies to you,?involved in the development of electronic or programmable systems which may have safety implications,or?drafting any other standard where functional safety is a relevant factor.Section 2 of this document gives an informal definition of functional safety,describes the relationship between safety functions,safety integrity and safety-related systems,gives an example of how functional safety requirements are derived,and lists some of the challenges in achieving functional safety in electronic or programmable systems.Section 3 gives details of IEC 61508,which provides an approach for achieving functional safety.The section describes the standards objectives,technical approach and parts framework.It explains that IEC 61508 can be applied as is to a large range of industrial applications and yet also provides a basis for many other standards.2 Functional safety 2.1 What is functional safety?We begin with a definition of safety.This is freedom from unacceptable risk of physical injury or of damage to the health of people,either directly or indirectly as a result of damage to property or to the environment.Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.For example,an overtemperature protection device,using a thermal sensor in the windings of an electric motor to de-energise the motor before they can overheat,is an instance of functional safety.But providing specialised insulation to withstand high temperatures is not an instance of functional safety(although it is still an instance of safety and could protect against exactly the same hazard).2.2 Safety functions and safety-related systems Generally,the significant hazards for equipment and any associated control system have to be identified by the specifier or developer via a hazard analysis.The analysis determines whether functional safety is necessary to ensure adequate protection against each significant hazard.If so,then it has to be taken into account in an appropriate manner in the design.Functional safety is just one method of dealing with hazards,and other means for their elimination or reduction,such as inherent safety through design,are of primary importance.Page 3 of 11 Functional safety and IEC 61508:A basic guide November 2002 The term safety-related is used to describe systems that are required to perform a specific function or functions to ensure risks are kept at an accepted level.Such functions are,by definition,safety functions.Two types of requirements are necessary to achieve functional safety:?safety function requirements(what the function does)and?safety integrity requirements(the likelihood of a safety function being performed satisfactorily).The safety function requirements are derived from the hazard analysis and the safety integrity requirements are derived from a risk assessment.The higher the level of safety integrity,the lower the likelihood of dangerous failure.Any system,implemented in any technology,which carries out safety functions is a safety-related system.The safety-related system may be separate from any equipment control system or may be included within it.Higher levels of safety integrity necessitate greater rigour in the engineering of the safety-related system.2.3 Example of functional safety Consider a machine with a rotating blade that is protected by a hinged solid cover.The blade is accessed for routine cleaning by lifting the cover.The cover is interlocked so that whenever it is lifted an el