IEC_61508-6.pdf

61508-6 IEC:19971Version 4.0 05/12/97COMMISSIONCEIELECTROTECHNIQUEIECINTERNATIONALE61508-6INTERNATIONALELECTROTECHNICALCOMMISSIONFunctional safety of electrical/electronic/programmable electronic safety-related systemsPart 6:Guidelines on the application of parts 2 and 361508-6 IEC:19972Version 4.0 05/12/97ContentsForeword.6Introduction.81Scope.102Definitions and abbreviations.12Annex A(informative)Application of parts 2 and 3.13A.1General.13A.2Functional steps.15Annex B(informative)Example technique for evaluating probabilities of failure.21B.1General.21B.2Average probability of failure per demand(for low demand mode of operation).23B.2.1Procedure for calculations.23B.2.2Detailed tables for low demand mode of operation.26B.2.3Examples for low demand mode of operation.30B.2.4Architectures for low demand mode of operation.33B.3Probability of failure per hour(for high demand or continuous mode of operation).38B.3.1Procedure for calculations.38B.3.2Detailed tables for high demand or continuous mode of operation.40B.3.3Examples for high demand or continuous mode of operation.44B.3.4Architectures for high demand or continuous mode of operation.46B.4References.47Annex C(informative)Calculation of diagnostic coverage:worked example.48Annex D(informative)A methodology for quantifying the effect of hardware-related common causefailures in multi-channel programmable electronic systems.52D.1General.52D.2Brief overview.52D.3Scope of the methodology.55D.4Points taken into account in the methodology.56D.5Using to calculate the probability of failure in an E/E/PE safety-related system due tocommon cause failures.56D.6Using the tables to estimate.57D.7Examples of the use of the methodology.62D.8References.63Annex E(informative)Example application of software safety integrity tables of part 3.6461508-6 IEC:19973Version 4.0 05/12/97E.1General.64E.2Example for safety integrity level 2.64E.3Example for safety integrity level 3.71Figures1Overall framework of this standard.11A.1 Application of part 2.17A.2 Application of part 2(continued).18A.3 Application of part 3.20B.1 Example configuration for two sensor channels.22B.2 Component structure.24B.3 Architecture for example 1.30B.4 1oo1 physical block diagram.33B.5 1oo1 reliability block diagram.33B.6 1oo2 physical block diagram.34B.7 1oo2 reliability block diagram.34B.8 2oo2 physical block diagram.35B.9 2oo2 reliability block diagram.35B.10 1oo2D physical block diagram.36B.11 1oo2D reliability block diagram.36B.12 2oo3 physical block diagram.37B.13 2oo3 reliability block diagram.37B.14 Architecture for high demand or continuous mode example.44D.1 Relationship of common cause failures to the failures of individual channels.54TablesB.1 Terms and their ranges used in this annex.23B.2 Average probability of failure on demand for a proof test interval of 6 months and a mean time torestoration of 8 hours.26B.3 Average probability of failure on demand for a proof test interval of 1 year and a mean time torestoration of 8 hours.2761508-6 IEC:19974Version 4.0 05/12/97B.4 Average probability of failure on demand for a proof test interval of 2 years and a mean time torestoration of 8 hours.28B.5 Average probability of failure on demand for a proof test interval of 10 years and a mean time torestoration of 8 hours.29B.6 Average probability of failure on demand for the sensor element in example 1(proof test intervalof a year and a mean time to restoration of 8 hours).30B.7 Average probability of failure on demand for the logic solver element in example 1(proof testinterval of a year and a mean time to restoration of 8 hours).31B.8 Average probability of failure on demand for the final element in example 1(proof test interval ofa year and a mean time to restoration of 8 hours).31B.9 Example for a non-perfect proof test.38B.10 Probability of failure per hour(in high demand or continuous mode of operation)for a proof testinterval of 1 month and a mean time to restoration of 8 hours.40B.11 Probability of failure per hour(in high demand or continuous mode of operation)for a proof testinterval of 3 months and a mean time to restoration of 8 hours.41B.12 Probability of failure per hour(in high demand or continuous mode of operation)for a proof testinterval of 6 months and a mean time to restoration of 8 hours.42B.13 Probability of failure per hour(in high demand or continuous mode of operation)for a proof testinterval of 1 year and a mean time to restoration of 8 hours.43B.14 Probability of failure per hour for the example sensor element(proof test interval of 6 monthsand a mean time to restoration of 8 hours).44B.15 Probability of failure per hour for the example logic solver element(proof test interval of 6months and a mean time to restoration of 8 hours).45B.16 Probability of failure per hour for the example final element(proof test interval of 6 months and amean time to restoration of 8 hours).45C.1 Example calculations for diagnostic coverage.49C.2 Diagnostic coverage and effectiveness for dif