E/E/PES compliance (IEC 61508-2) - Article #5

This is the fifth in a series of short articles on IEC 61508. IEC 61508 is required whenever a computer-based system is used to carry out a safety function. The purpose of these articles is to give the reader an appreciation for this international standard.

IEC 61508-2 is to realize Electrical/Electronic/Programmable Electronic Systems (E/E/PESs) for safety. The crux of IEC 61508-2 is clause 7. It is important to know that IEC 61508-2, clause 7, addresses two types of failures: random hardware failures and systematic failures. Random hardware failures are the result of physical parts that wear out or break. Systematic failures are the result of errors injected into the product (E/E/PES) and not eliminated from the product during the development processes. In other words, the process that develops the safety product determines the product safety. IEC 61508-2 is all about the product development process. Compliance to IEC 61508-2 requires the mitigation of both random hardware failures and systematic failures during the E/E/PES development processes.

Unlike random hardware failures, systematic failures cannot be predicted quantitatively. IEC 61508-7 describes techniques and measures to mitigate systematic failures qualitatively. The greater the required safety of the E/E/PES, the more rigorous the required techniques and measures from IEC 61508-7, for both random hardware failures and systematic failures during the development processes.

IEC 61508-2, subclause 7.4.3, introduces safety integrity levels (SILs) for specifying the target level of safety integrity for the safety functions to be implemented by the E/E/PES. IEC 61508-4 defines SIL as a "discrete level (one out of a possible four) for specifying the safety integrity requirements of the safety functions to be allocated to the E/E/PE safety-related systems, where safety integrity level 4 has the highest safety integrity and safety integrity level 1 has the lowest." Both random hardware failures and systematic failures are addressed in terms of SILs. IEC 61508-2, Tables 2 and 3 are used to rate random hardware failures in terms of a SIL. The tables in IEC 61508-2, Annex B, address systematic failures in terms of a SIL. Again, both are required for compliance to IEC 61508-2 for the realization of the E/E/PES.

At this point in time, there are many very good sources of information about compliance to IEC 61508-2 for random hardware failures. Compliance to IEC 61508-2 for systematic failures is ignored in industry literature today. What is needed now is industry understanding of systematic failures for compliance to IEC 61508. Future articles in this series will explain systematic failures for compliance to IEC 61508.

The next article in this series will address E/E/PES development processes (Objective 1).

Paul Bodeau is a member of the Safety Division with over 25 years of diversified engineering experience, mostly in safety firmware development for military and civilian aviation. Mr. Bodeau can be reached at (661) 260-1210, or pbodeau@WhyNotEngineering.com.