IEC 61508 Overview and Journey to Certification
Journey to IEC 61508 Compliance

The journey to IEC 61508 compliance begins with a functional safety management system. IEC 61508-1, subclause 6.2.1, describes the required functional safety management system. Compliance to the IEC 61508 functional safety management system can be more difficult for some organizations than for others. Organizations with strong compliance to ISO 9001 find stepping up to IEC 61508 compliance much easier than organizations with weak compliance to ISO 9001. Why Not Engineering suggests that compliance to IEC 61508-1, subclause 6.2.1, be accomplished in three steps. These steps are:

    1. Develop a management system
    2. Evolve the management system into a quality management system, and then
    3. Evolve the quality management system into a functional safety management system.

Step 1. A management system (Open loop)
A management system consists of a set of documented procedures that describe the organization's processes in a way similar to ISO 9001. These procedures describe the forward gain or value added that management expects from the documented procedures. When these documented procedures are followed, the management system is stable.

ISO 9001:2000, paragraph 0.2, identifies the process approach to a management system. ISO 9001:2000, paragraph 0.2, is quoted here: "For an organization to function effectively, it has to identify and manage numerous linked activities. An activity using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process. Often the output from one process directly forms the input to the next. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as the process approach."

Why Not Engineering has developed generic ISO 9001 procedures that implement the process approach described in ISO 9001:2000, paragraph 0.2. (Products) These procedures are designed to comply and be traceable to every ISO 9001:2000 paragraph. The most difficult paragraph of ISO 9001:2000 to comply with is 4.1 parts a), and b). This paragraph requires that all needed processes are identified, and that the sequence of the processes and the interaction of these processes are determined. This is known as the lifecycle. If your ISO 9001 auditor is not helping you with compliance to this paragraph, you will have a difficult time with compliance to IEC 61508. The Why Not Engineering Generic ISO 9001:2000 Procedures instantly provides adequacy to ISO 9001:2000, paragraph 4.1 a), and b). All needed processes are contained in procedures that are sequenced. All procedures have the required inputs and outputs. The procedure inputs and outputs are traceable from the source procedures and traceable to the sink procedures. In this way, the ISO 9001:2000, paragraph 4.1 requirements are met.

Step 2. A quality management system (Closed loop)
A quality management system builds upon the already established management system in step 1., by providing compliance feedback from the adequate documented procedures to the organizations management. This feedback comes from metrics and process audits performed with independence. The compliance feedback is used for process improvement. Usually a quality assurance process is added to accomplish this. Why Not Engineering is able to assist organizations with developing a quality assurance process. Why Not Engineering is developing a generic Quality Assurance Manual (Products) adequate to ISO 9001:2000 and IEC 61508. A quality management system is motivated to eliminate all defects before the customer receives products. This promotes customer satisfaction.

Step 3. A functional safety management system (Closed loop with harm reduction)
A functional safety management system moves the quality management system in step 2., from defect reduction to harm reduction. See the short section "Does your programmable electronic system require safety?" An important factor in harm reduction is the avoidance of systematic failures. IEC 61508 defines a systematic failure as "failure related in a deterministic way to a certain cause, which can only be eliminated by a modification of the design or of the manufacturing process, operational procedures, documentation or other relevant factors". For safety component development, (IEC 61508-2 and/or IEC 61508-3), the effort to reduce systematic failures is proportional to the Safety Integrity Level (SIL) calculated for the component. Why Not Engineering is researching and developing generic procedures adequate to IEC 61508-1, IEC 61508-2, and IEC 61508-3. Just like the Generic ISO 9001:2000 Procedures, the IEC 61508 procedures will use the "Process Approach". All procedures will be defined, sequenced, and traceable to the appropriate IEC 61508 requirement. All procedure inputs and all procedure outputs will trace to sources and sinks respectively. Also, all Conformity Assessment of Safety-Related Systems ( CASS) Targets of Evaluation (TOEs) will have traceability to the Generic IEC 61508 Procedures.

Once step 3 has been completed, a third party evaluation of the adequacy to IEC 61508 is wise. A third party evaluation permits customers to know objectively that an organization has the ability to meet IEC 61508 requirements. While a safety system is being developed, a third party monitoring the safety system development can confirm compliance to IEC 61508. Although Why Not Engineering can assist in this effort, Why Not Engineering is not authorized to certify any organization to IEC 61508. However, there are firms that can certify organizations to IEC 61508. Sira Test & Certification LTD. ( Sira ) is authorized to certify organizations via the CASS Approach. Why Not Engineering can assist an organization to meet all IEC 61508 requirements. Then, if desired, the organization can request IEC 61508 certification. Read the short section entitled "Why is Process Certification Required?"

Does your programmable electronic system require safety?

IEC 61508 is industry's best practices for programmable electronic systems safety. Safety is defined by IEC 61508 as "freedom from unacceptable risk." Risk is defined by IEC 61508 as the "combination of the probability of occurrence of harm and the severity of that harm." Harm is defined by IEC 61508 as "physical injury or damage to the health of people either directly or indirectly as a result of damage to property or to the environment." If a failure in your programmable electronic system can cause physical injury or damage to the health of people, then your programmable electronic system shall meet industry best practices for safety.

The consequences of non-compliance to industry best practices for safety, or not showing due diligence, could be grounds for civil or criminal action. Again the risk must be determined for each organization. Why Not Engineering can assist your organization in meeting all IEC 61508 requirements.

Why is process certification required?

A programmable electronic safety product is as safe as the process that developed it. What this means is that systematic failures can be introduced during the programmable electronic safety product development. IEC 61508 requires a lifecycle to be followed to reduce the chances of systematic failures to an acceptable risk. Without following the lifecycle, no claim to any programmable electronic system safety is possible. Random failures can be reduced to zero, and still no statement of programmable electronic product safety can be made.

For practical purposes, compliance to IEC 61508 requires a third party certification. The practical purposes are that the IEC 61508 lifecycle must be followed, and proof that the lifecycle was followed needs to be documented. Proof (objective evidence) is believed when the proof is obtained with independence. Thus a third party certification is required to validate that proof.


Why Not Engineering - All Rights Reserved