EN 62347:2007

SLOVENSKI STANDARD
01-januar-2008
Napotki za specifikacije sistemske zagotovljivosti (IEC 62347:2006)
Guidance on system dependability specifications
Anleitung zur Spezifikation der Zuverlässigkeit von Systemen
Lignes directrices pour les spécifications de sûreté de fonctionnement des systèmes
Ta slovenski standard je istoveten z: EN 62347:2007
ICS:
03.120.01 Kakovost na splošno Quality in general
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 62347
NORME EUROPÉENNE
March 2007
EUROPÄISCHE NORM
ICS 03.120.01
English version
Guidance on system dependability specifications
(IEC 62347:2006)
Lignes directrices  Anleitung zur Spezifikation
pour les spécifications de sûreté der Zuverlässigkeit von Systemen
de fonctionnement des systèmes (IEC 62347:2006)
(CEI 62347:2006)
This European Standard was approved by CENELEC on 2007-03-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2007 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 62347:2007 E
Foreword
The text of document 56/1138/FDIS, future edition 1 of IEC 62347, prepared by IEC TC 56,
Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 62347 on 2007-03-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2007-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2010-03-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 62347:2006 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
IEC 60300-1 NOTE  Harmonized as EN 60300-1:2003 (not modified).
IEC 60300-2 NOTE  Harmonized as EN 60300-2:2004 (not modified).
IEC 61069 NOTE  Harmonized in EN 61069 series (not modified).
IEC 61069-1 NOTE  Harmonized as EN 61069-1:1993 (not modified).
ISO 9000 NOTE  Harmonized as EN ISO 9000:2005 (not modified).
__________
- 3 - EN 62347:2007
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
Publication Year Title EN/HD Year

1)
IEC 60050-191 - International Electrotechnical Vocabulary - -
(IEV) -
Chapter 191: Dependability and quality of
service
1)
ISO/IEC 15288 - Systems engineering - System life cycle - -
processes
1)
Undated reference.
NORME CEI
INTERNATIONALE
IEC
INTERNATIONAL
Première édition
STANDARD
First edition
2006-11
Lignes directrices pour les spécifications de
sûreté de fonctionnement des systèmes

Guidance on system dependability specifications
© IEC 2006 Droits de reproduction réservés ⎯ Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any
utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including
électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from
microfilms, sans l'accord écrit de l'éditeur. the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
CODE PRIX
V
PRICE CODE
Commission Electrotechnique Internationale
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
Pour prix, voir catalogue en vigueur
For price, see current catalogue

62347 © IEC:2006 – 3 –
CONTENTS
FOREWORD.5
INTRODUCTION.9

1 Scope.11
2 Normative references .11
3 Terms and definitions .11
4 Concepts dealing with system dependability.13
4.1 Understanding the system .13
4.2 System life cycle .17
4.3 System operation .21
4.4 System operating profile.21
4.5 Dependability requirements .23
5 Procedure for specifying system dependability .27
5.1 System specification process .27
5.2 System dependability specification process.27
5.3 Determining dependability values .29
5.4 Procedural steps for determining system dependability requirements .31

Annex A (informative) Evaluation of dependability characteristics .39
Annex B (informative) An example on developing a system dependability specification
– A home security system .53

Bibliography.69

Figure 1 – An example of system properties and related characteristics.15
Figure 2 – Overview of system life cycle stages .19
Figure 3 – Relationships of system operating profile and scenario in system operation .23
Figure 4 – Overview of system specification process .29
Figure 5 – Steps for determining system dependability requirements .33
Figure B.1 – System configuration for normal mode of operation.61
Figure B.2 – System configuration for panic mode of operation.63
Figure B.3 – System configuration for security service mode of operation .63

Table A.1 – Examples of influencing factors under each influencing condition.49
Table A.2 – Relationship of system properties with influencing conditions.51

62347 © IEC:2006 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
GUIDANCE ON SYSTEM DEPENDABILITY SPECIFICATIONS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62347 has been prepared by IEC technical committee 56:
Dependability.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1138/FDIS 56/1161/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

62347 © IEC:2006 – 7 –
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
62347 © IEC:2006 – 9 –
INTRODUCTION
A system is a physical and/or virtual entity. It is necessary sometimes to define a system’s
boundary so that it can be distinguished or separated from other systems. A system interacts
with its surroundings or environment to fulfil a specific need or purpose, or to achieve a
defined objective. This is accomplished through the interaction of the system’s elements
representing the necessary functions designed to meet the intended objective. Determining
the functions needed to meet a specific objective represents the process of developing a
system specification. Detailed system design begins only after the functions have been
identified.
Systems may vary in their complexity structurally and functionally. A system can consist of
hardware, software, and human elements, or a combination of any of these elements to
perform the necessary functions. A system consisting of a single function can be a product,
such as a television set or a software program for lighting controls. A system performing
multiple functions can be a home theatre system or an aircraft. Individual systems with
defined boundaries can be joined together to form a complex set of interacting systems such
as a power distribution network or an internet protocol service.
System specification establishes the envelope and boundary for the system. System structure
is often hierarchical linking subsystems and interacting systems. System specification is
applicable to all systems under the generic definition of system irrespective of its hierarchy. It
does not replace or substitute for use a product specification, which provides specific details
of the product requirements.
The dependability of a system infers that the system is perceived to be trustworthy and has
the ability to provide service upon demand as desirable performance attributes. Such
performance attributes can be achieved through the incorporation of dependability into the
functions. Dependability implies the awareness of user confidence acquired through prior
experience of the system with reliable performance results in meeting user expectations.
This International Standard provides the rationale on the importance of dependability in
system specification by functions. It presents a procedure for determining system
dependability requirements. For generic system operation, the process of determining the
functions needed to meet system dependability objective is described. For specific system
operation, the concept of an operating profile is introduced to establish the requirements of
functions in an environment relevant to the specific system operation. This International
Standard is based on the system model and categorization of functions established in the
IEC 61069 series. Relevant technical processes for the definition and analysis of system
requirements are adopted from ISO/IEC 15288. The procedural steps and processes for
determining system dependability requirements are presented with applicable examples.
IEC 60300-1 and IEC 60300-2 are used to guide dependability management. This
International Standard extends the dependability specification process to address functions as
a prerequisite for system design. It complements IEC 60300-3-4 in specification of
dependability requirements for products and equipment. The technical process for
engineering dependability into systems is described in IEC 60300-3-15.

62347 © IEC:2006 – 11 –
GUIDANCE ON SYSTEM DEPENDABILITY SPECIFICATIONS

1 Scope
This International Standard gives guidance on the preparation of system dependability
specifications. It provides a process for system evaluation and presents a procedure for
determining system dependability requirements.
This International Standard is not intended for certification or to perform conformity
assessment for contractual purposes. It is not intended to change any rights or obligations
provided by applicable statutory or regulatory requirements.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60050(191), International Electrotechnical Vocabulary (IEV) – Chapter 191: Dependability
and quality of service
ISO/IEC 15288, Systems engineering – System life cycle processes
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050(191) and the
following apply.
3.1
system
set of interrelated or interacting elements
[ISO 9000:2005, 3.2.1]
NOTE 1 In the context of dependability, a system will have:
• a defined purpose expressed in terms of intended functions;
• stated conditions of operation/use; and
• defined boundaries.
NOTE 2 The structure of a system may be hierarchical.
[IEC 60300-1, 3.6]
NOTE 3 For some systems, such as Information Technology products, data is an important part of the system
elements.
3.2
operating profile
complete set of tasks to achieve a specific system objective
NOTE An operating profile is the sequence of tasks to be performed by the system to achieve its operational
objective. The operating profile represents a specific operating scenario for the system in operation.

62347 © IEC:2006 – 13 –
3.3
function
elementary operation performed by the system which, combined with other elementary
operations (system functions), enables the system to perform a task
[IEC 61069-1, definition 2.2.5]
NOTE For some systems, information and data are important parts of the system elements.
3.4
element
combination of components that form the basic building block to perform a distinct function
NOTE An element may comprise hardware, software, information and/or human components.
3.5
influencing condition
condition set forth by external influencing elements and/or other factors that interact with and
affect system performance
NOTE Influencing conditions may also include regulations and constraints.
4 Concepts dealing with system dependability
4.1 Understanding the system
4.1.1 Purpose and objective
A system is designed for a purpose. A system must have a defined objective to achieve its
purpose. The purpose of a home theatre system is to provide cinema-like entertainment in a
home environment. The objectives may include users’ perception of a clear picture vision and
superb sound quality, reliability and safety in operation, and ease of installation and upgrade.
A system may have a specific objective to perform a dedicated task, such as an aircraft
carrying cargo to reach a delivery target. The objectives of a system may include the com-
pletion of a sequence of tasks, such as delivering different payloads to different destinations.
Defining the system to meet its generic or specific objectives is an important prerequisite of
specifying the system requirements.
A system with multiple functions and complex operating scenario often involves external
interacting systems to achieve its objectives. A system may also evolve with time, resulting
from enhancements of its performance capability, to sustain service demands in operation
and for market competition.
4.1.2 System properties and characteristics
A system has a set of properties specifically assigned, selected or designed into the system
to meet its intended objectives. Specific system properties are used to develop the needed
functions to perform the tasks. These properties represent the special features or attributes
inherent in the system. They may be categorized in major groupings as defined in IEC 61069
series. Under each group is a set of characteristics relevant to and dominant in that group.
The functions are derived from those system properties by means of interacting elements
within the system. The interacting elements are designed to provide specific characteristics
capable of delivering the system functions and to carry out the tasks once these functions can
be realized. System characteristics may be qualitative or quantitative. Figure 1 shows an
example of the system characteristics grouped under various system properties.

62347 © IEC:2006 – 15 –
System properties
Functionality Performance Operability Dependability Supportability Application specifics
••capa bility •• adequ acy •• a ccess ••availability ••serviceability •• saf ety
capacity precision interface reliability upgradeability security
•• •• •• •• •• ••
••cov erage •• r esponse time •• u ser-friendliness ••maintainability ••disposability •• im munity
••conf igurability •• repeat ability •• si mplicity ••maintenance
••program mability •• ro bustness support
IEC  2131/06
••expa ndability
NOTES Functionality: the extent to which the processing, monitoring and control functions are provided.
Performance: the extent to which the provided functions can be executed under defined operational
and environmental conditions.
Operability: the extent to which information can be effectively communicated via the human interfaces
and established protocols.
Dependability: the extent to which the system can be relied upon to perform its intended functions
under defined operational and environmental conditions at a given instant of time or over a given time
interval.
Supportability: the extent to which the system can be supported and maintained for continual
operation.
Application specifics: the extent to which the system can be designed for risk avoidance and risk
containment, such as security operational measures.

Figure 1 – Example of system properties and related characteristics
4.1.3 Influencing conditions
In order to determine which functions have the selected characteristics appropriate to
achieving a specific objective, it is necessary to define the conditions that the system is
capable of withstanding or meeting the demands and duration of the assigned tasks. The
following areas of influence or domains affecting the system should be considered:
• task requirements imposed on the system;
• human interface with the system;
• process involved with system operation;
• environment to which the system is exposed;
• support services available for the system;
• utilities needed to operate the system;
• external interacting systems;
• constraints and regulations.
A system dependability specification cannot be completed in isolation. It requires the input of
detailed information at the system planning stage to determine how the system is intended to
perform for the entire duration of its defined life. This effort is essential to permit identification
and selection of dependability and other relevant characteristics, and justification for design
trade-off and system optimization.

62347 © IEC:2006 – 17 –
4.1.4 Influencing factors
Each influencing condition can be affected by various factors influencing the status of its
condition. For example, the task requirements imposed on the system could be influenced by
factors associated with the nature and duration of the task; the system environment could be
influenced by the temperature and humidity of the system ambience. Influencing factors are
not equal to the extent of their influence. Some factors are more prominent or dominant in the
extent of their influence while others may have less influence or be negligible.
Annex A provides typical examples of influencing factors on system functions to serve as
criteria for evaluation of system dependability characteristics.
4.1.5 Relationships of system properties with influencing conditions
Establishing the relationships of system properties with influencing conditions can help
identify the relevance and criticality of a specific external condition influencing the design of a
function. The identification process will lead to the selection of specific properties and
associated characteristics that are needed for the function. The selected characteristics are
not exclusive to a specific function. The same characteristics may be needed in the design of
other functions. The importance of these characteristics is determined by an iterative process
for evaluation and design trade-off. The results derived from this evaluation can help
determine the system configuration and establish the appropriate system boundaries in
meeting the intended objective. The relevant information and data captured in this evaluation
process will form the basis for specifying the important characteristics in the design of system
functions.
The relationships of system properties with influencing conditions can be used as guidance
for evaluation of system functions. The identification of functions is presented in Annex A to
facilitate determination of relevant dependability characteristics.
4.1.6 Realization of system functions
A system can consist of any combination of hardware, software, and human elements. System
functions can be realized by means of using hardware and/or software in their construction.
Some functions may involve human intervention to achieve their assigned tasks. For new
system development, system functions can be realized through engineering design and
production as described in IEC 60300-3-15 (under consideration). Sometimes it may be more
economical or expedient to modify an existing design or to utilize a commercial-off-the-shelf
(COTS) product to serve as the needed function. Evolving systems often require additional
functions for performance capability enhancement and removal of obsolete functions. In such
a case, the engineering effort would have to deal with legacy issues as described in Annex A.
4.2 System life cycle
A system, irrespective of its size and complexity, follows a life cycle progression from its initial
conception through to its eventual retirement. A system life cycle is generally represented by
a sequence of discrete stages. Each system life cycle stage can be further represented by
sub-stages to facilitate planning, operation and support. A typical system life cycle can consist
of the following identifiable stages as shown in Figure 2.

62347 © IEC:2006 – 19 –
System life cycle stages
Concept/ Design/ Realization/ Operation/
Retirement/
Enhancement
Development
Definition Implementation Maintenance
Decommission
IEC  2132/06
Figure 2 – Overview of system life cycle stages
The objective of each life cycle stage is presented as follows:
• Concept/definition: to identify system requirements and develop system specifications.
• Design/development: to conduct preliminary design and develop viable system functions
to meet performance objectives.
• Realization/implementation: to produce, out-source or acquire the system elements in
hardware and software forms for assembly of subsystems suitable for human interactions
as needed in system operation.
• Operation/maintenance: to engage the system for provision of operational service and to
sustain the prescribed level of system performance capability.
• Enhancement: to improve the system performance with additional features.
• Retirement/decommission: to end the existence of the system entity.
The description of system life cycle stages in Figure 2 is viewed from a generic systems
engineering perspective. There are other system life cycle descriptions. IEC 60300-2
describes the product life cycle phases from a project management view. ISO/IEC 15288
provides a similar system life cycle description from a software engineering view. Whereas
there are some differences in the use of terms presented in these standards, their alignments
are noticeable at the transition points of their respective system life cycle stages or project
phases.
Each stage has its own specific objectives to be met by the system design process, such as
limited access to maintenance during system operation, recyclable parts for ease of disposal.
Each stage also requires different internal procedures and work instructions, as well as
requiring different contractual conditions to be met. Defining system requirements and
developing system solutions during concept/definition and design/development stages can
affect subsequent stages in system operation/maintenance. Decisions made for system
architecture and technology selection in system design can have an effect on production,
system integration and enhancement efforts, and constraining the disposal process.
The time duration of a system life cycle is affected by various factors depending on the
system type and application, the technology used, and the support provision. For example,
the life cycle of a motor vehicle may last from 7 to 15 years due to mechanical wear and
chassis deterioration, whereas a personal computer may have a life-span of less than 5 years
due to technology obsolescence. The time duration for application is the useful life of the
system.
62347 © IEC:2006 – 21 –
4.3 System operation
The primary objective of a system design and application is aimed at achieving its intended
performance during system operation. The operation stage of the system life cycle represents
the useful life or service life of the system. During operation the system is monitored,
maintained, and supported as needed to sustain operational objectives.
For most system operations, they follow a generic operating pattern of average usage
reflecting the actual application. The functions during operation are needed to carry out the
intended system performance all the time or to be available upon demand to meet
performance requirements. In some cases, there is a warranty period representing a sub-
stage during initial operation of the system. During guarantee and warranty periods, the
system maintenance and support effort may be more intensive for business or contractual
reasons than those normally applied after warranty for the remaining useful life of the system
operation. Most commercially available systems, such as a motor vehicle or a home
entertainment system, fit into this generic pattern for operation and maintenance.
However, there are systems designated for serving a dedicated operational objective where a
specific operating profile will need to be established.
Degradation in system performance should be presented by a separate operation stage.
Under normal system operation, degraded performance of system without affecting critical
operation is tolerated up to a predetermined limit. For example, a few isolated outage
incidents of subscriber lines of a telecommunications switching system due to infrequent
lightning strikes in bad weather conditions is normally considered acceptable. The general
public customers would tolerate such rare events subject to expedient restoration to full
service within reasonable time. However, the occurrence of outages in such rare events still
represents a degraded performance scenario. Degradation will have an effect on the quality of
service provided by the system.
Emergency situations and responses should be treated as separate stages.
4.4 System operating profile
An operating profile is the sequence of tasks to be performed by the system to achieve its
operational objective. The operating profile represents a specific operating scenario for the
system in operation. For example, the objective of a commercial aircraft flying from point A to
point B is to deliver passenger service; an operating profile can be stated for the aircraft to
perform the tasks of take-off, flight, and landing during its specific operation. Associated with
each specific task, there are specific activities and conditions set forth for the aircraft to
perform. Criteria are established at the completion or start of each task to determine its
success before continuation or to abort further operation.
The tasks in an operating profile can only be achieved through the implementation of various
functions designed into the system. From a system's operational perspective, some of the
functions are critical that may demand incorporation of specific dependability requirements to
achieve the designated tasks. Other functions may be non-critical; they may not be needed
for those designated tasks. For example, the aircraft engines are critical functions to carry out
the tasks of take-off, flight, and landing. However, the landing gears are only used during
take-off and landing. The landing gear function is not needed during flight. An analysis of the
system operating profile may help determine the application needs and duty cycles of specific
functions during operation. Figure 3 shows the relationships of operating profile and operating
scenario in system operation to the system life cycle stages.

62347 © IEC:2006 – 23 –
System life cycle stages
Concept Development Realization Operation Modification Retirement
System operating profile
Specific
Generic
operation operation
Operating scenario (sequence of required tasks)
Task 1 Task 2 Task 3 Task n
IEC  2133/06
Figure 3 – Relationships of system operating profile and scenario in system operation
4.5 Dependability requirements
4.5.1 Dependability requirements for system functions
During the definition and design stages of the system life cycle, the design objective is
focused on realizing the functions for system performance during operation. Dependability
requirements for system functions can only be determined after the functions have been
identified by the system design process. For most systems following a generic operating
pattern, the system demands all functions to meet dependability requirements for sustained
operation. That is, all system functions during operation are needed to carry out the intended
system performance all the time or be available upon demand.
Dependability requirements in a specific operation may require certain selective key functions
to complete the tasks. These key functions are critical to the successful performance of the
system during the specific operation. For example, the availability of landing gear deployment
during aircraft take-off and landing.
The application procedure for specifying system dependability is done by differentiating
between those functions that do and those that do not influence system dependability.
To develop the requirements for specifying system dependability, a description of the
operating profile is necessary. This is done through the evaluation of functions relevant to
dependability, which involves an analysis of influencing conditions affecting the selected
dependability characteristics.
4.5.2 System dependability characteristics
The dependability concepts are described in IEC 60300-1 and defined in IEC 60050(191). The
dependability characteristics applicable to system specification include:

62347 © IEC:2006 – 25 –
• availability performance;
• reliability performance;
• maintainability performance;
• maintenance support performance.
From a system application perspective, availability performance exhibits the efficacy of
system operation upon demand. Reliability performance represents the longevity of system
operation without any incidents affecting system outage or impairment. Maintainability
performance is the ease of access for system maintenance services, on-site or remote system
restoration and recovery. Maintenance support performance provides the needed
organizational capability and resources to sustain continuity of system operation.
4.5.3 System dependability acceptance criteria
For system dependability applications, criteria for acceptance include, but are not limited to a
combination of the following:
• demonstrating achievement of system dependability objective by means of progressive
performance verification at various life cycle stages in meeting target requirements
established for each stage;
• demonstrating successful completion of test cases to simulate system performance
operation, malfunction and recovery;
• providing objective evidence of performance history and data of similar systems deployed
in field operation in meeting system dependability objective;
• achievement of established failure-free time duration for acceptance during system
commissioning and warranty period of system operation;
• provision of return or replacement policy, warranty incentives, and extension of
maintenance service contracts to sustain continuity of system operation.
Establishing system dependability acceptance criteria for complex systems often constitutes a
collaborative process between contracting parties. Examples include commissioning of a new
telecommunications network, provision of third-party contract maintenance services, and
installation of software application systems for inventory control and stock reordering. System
dependability specification should reflect the particular nature of the business.
4.5.4 Dependability verification of system functions
A system can consist of any combination of hardware, software, and human elements.
Whereas such combination of system elements may be demonstrated by using the criteria
established for system dependability acceptance, individual hardware or software products
serving as system functions may utilize the approaches for verification and validation as
described in IEC 60300-3-4 for product acceptance and specification purposes. For COTS
software products, it is essential to specify size and run time, interface and protocol
requirements to facilitate interoperability verification and system integration. When human
elements are involved, either independently serving as specific system functions or integrated
as part of the system operation, skills and training requirements are needed for specification
of functions. This is often demonstrated by completion of training requirements and
certification.
62347 © IEC:2006 – 27 –
5 Procedure for specifying system dependability
5.1 System specification process
The system specification process assumes that market input is available for system definition
and that the associated conditions for completing the system objective have been provided.
The starting point for the process is to identify the system and develop the necessary
requirements leading to specifying system dependability by functions.
Figure 4 presents an overview of the system specification process. It identifies the sequence
of process activities showing the outcomes of the system dependability activities in the
system specification process. The process activities in system identification by defining its
requirements are based on the users’ needs and constraints of system applications. The
process activities for requirements analysis transform the users’ view on system applications
into a technical view for engineering the system. The process activities in architectural design
synthesize a solution that satisfies system requirements for operating scenarios by identifying
the necessary functions. The functional design and evaluation process activities determine
the practical means for realizing the functions to facilitate design trade-off and optimization.
The process activities in system design documentation provide the system information,
including dependability data, suitable for system design. A detailed process for engineering
dependability into systems is described in IEC 60300-3-15 (under consideration).
5.2 System dependability specification process
Specifying system dependability should be an integral part of the system specification process
to facilitate the system design effort. The dependability activities should be conducted
concurrently with the systems engineering process to ensure timely coordination and
collaborative effort.
A system dependability specification is the allocation of dependability requirements for each
relevant function of the system from a dependability perspective. Dependability specification
may vary with system configuration, mode of operation, and the applicable influencing
conditions. The specification provides a set of key dependability requirements of relevant
system functions and related characteristics for the initiation of system design.
From a system perspective, the system requirements detail the system’s performance, and
the system specification prescribes the system’s contents. Requirements are an essential
requisite for seeking fulfilment in a contract agreement. A specification represents a precise
statement of the requirements. Among other purposes, a specification is generally used as
the basis for establishing clear understanding of the requirements by the contracting parties.
Requirements form the basis for the contract intent in reaching business agreements.
IEC 60300-3-4 provides details on specification of dependability requirements. The process
described herein extends the applications to include specification by functions for complex
systems and interacting systems.
Figure 4 also shows the relationships of various process activities involved in system
specification, including those related to dependability assessment, to establish values for
dependability requirements.
62347 © IEC:2006 – 29 –
Systems engineering process
-- Market
SysSysttemem
requirement
iiddeenntitifificaticatioonn
inputs
proprocesscess
Dependability assessment process
System objectives
--
and purpose defined
ReqRequuiirremenementtss
--Dependability
anaanallysiysiss process process
characteristics identified
--Usage factor and duty
-- System environment
cycles established
and influencing
conditions
determined
--Operating scenarios
AArrcchihitteecctturaurall
established
dedesisign processgn process
--Dependability design trade-
off and evaluation conducted
-- System operating
--System elements selected
p
...