prEN IEC 61508-4:2025

SLOVENSKI STANDARD
01-april-2025
Funkcijska varnost električnih/elektronskih/elektronsko programirljivih varnostnih
sistemov - 4. del: Definicije in kratice
Functional safety of electrical/electronic/programmable electronic safety-related systems
- Part 4: Definitions and abbreviations
Funktionale Sicherheit sicherheitsbezogener
elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 4: Begriffe
und Abkürzungen
Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité - Partie 4: Définitions et abréviations
Ta slovenski standard je istoveten z: prEN IEC 61508-4:2025
ICS:
01.040.25 Izdelavna tehnika (Slovarji) Manufacturing engineering
(Vocabularies)
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

65A/1166/CDV
COMMITTEE DRAFT FOR VOTE (CDV)

PROJECT NUMBER:
IEC 61508-4 ED3
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2025-02-14 2025-05-09
SUPERSEDES DOCUMENTS:
65A/1059A/CD, 65A/1078A/CC
IEC SC 65A : SYSTEM ASPECTS
SECRETARIAT: SECRETARY:
United Kingdom Ms Stephanie Lavy
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 8,TC 9,TC 22,TC 31,TC 44,TC 45,TC 56,TC 61,TC
62,TC 65,SC 65B,SC 65C,SC 65E,TC 66,TC 72, TC
77,TC 80,TC 108,SyC AAL,SyC SM,SC 41
ASPECTS CONCERNED:
Safety
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft
for Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some
Countries” clauses to be included should this proposal proceed. Recipients are reminded that the CDV stage is
the final stage for submitting ISC clauses. (SEE AC/22/2007 OR NEW GUIDANCE DOC).

TITLE:
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part
4: Definitions and abbreviations

PROPOSED STABILITY DATE: 2028
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

IEC CDV 61508-4 ED3 © IEC 2025 2 65A/1166/CDV

1 CONTENTS
2 FOREWORD . 4
3 INTRODUCTION . 6
4 1 Scope . 8
5 2 Normative references . 10
6 3 Definitions and abbreviations . 10
7 3.1 Safety terms . 11
8 3.1.15 human factors , ergonomics usability and interaction
9 between persons and products, devices, services, systems and
10 environments, both real and virtual . 13
11 3.1.16 human error discrepancy between the human action
12 taken or omitted, and the intended or required . 13
13 3.2 Equipment and devices . 13
14 3.2.17 direct verification verification of a software tool’s
15 output that does not depend upon any other software tool . 15
16 3.2.18 indirect verification verification of a software
17 tool’s output that depends upon one or more other software tool(s) or
18 verification of software tool’s output after integration with one or more
19 elements of the system. . 15
20 3.2.19 software lifecycle data all data produced during the software lifecycle . 15
21 3.3 Systems – general aspects . 16
22 3.4 Systems – safety-related aspects . 17
23 3.5 Safety functions and safety integrity. 19
24 3.5.16 low demand mode . 22
25 3.5.17 high demand mode . 22
26 3.5.18 continuous demand mode . 22
27 3.6 Fault, failure and error (see Figure 6). 22
28 3.7 Lifecycle activities . 29
29 3.7.6 Formal methods . 29
30 3.8 Confirmation of safety measures . 30
31 3.9 Selection of techniques and measures . 33
32 4 Figures and illustrations for definitions and abbreviations . 34
33 4.1 General . 34
34 4.2 Programmable electronic system . 34
35 4.3 E/E/PE system . 35
36 4.4 E/E/PE safety-related system . 35
37 NOTE Subsystem A is a multi-channel subsystem and subsystems B & C are single
38 channel subsystems. . 36
39 4.5 E/E/PE safety-related system . 36
40 4.6 Overall safety function . 37
41 Index . 40
43 Figure 1 – Overall framework of the IEC 61508 series . 9
44 Figure 2 – Programmable electronic system. 34
45 Figure 3 – Electrical/electronic/programmable electronic system (E/E/PE system) –
46 structure and terminology . 35
47 Figure 4 – Physical diagram of the key concepts of E/E/PE safety-related system,
48 subsystem (see 3.4.4) and element (see 3.4.5) . 35

IEC CDV 61508-4 ED3 © IEC 2025 3 65A/1166/CDV

Figure 5 – Failure model . 36
51 Table 1 – Abbreviations used in this standard . 10
IEC CDV 61508-4 ED3 © IEC 2025 4 65A/1166/CDV

54 INTERNATIONAL ELECTROTECHNICAL COMMISSION
55 ____________
57 FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/
58 PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS –
60 Part 4: Definitions and abbreviations
62 FOREWORD
63 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
64 all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
65 co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
66 in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
67 Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
68 preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
69 may participate in this preparatory work. International, governmental and non-governmental organizations liaising
70 with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
71 Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
72 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
73 consensus of opinion on the relevant subjects since each technical committee has representation from all
74 interested IEC National Committees.
75 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
76 Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
77 Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
78 misinterpretation by any end user.
79 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
80 transparently to the maximum extent possible in their national and regional publications. Any divergence between
81 any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
82 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
83 assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
84 services carried out by independent certification bodies.
85 6) All users should ensure that they have the latest edition of this publication.
86 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
87 members of its technical committees and IEC National Committees for any personal injury, property damage or
88 other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
89 expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
90 Publications.
91 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
92 indispensable for the correct application of this publication.
93 9) IEC draws attention to the possibility that the implementation of this document may involve the use of (a)
94 patent(s). IEC takes no position concerning the evidence, validity or applicability of any claimed patent rights in
95 respect thereof. As of the date of publication of this document, IEC had not received notice of (a) patent(s), which
96 may be required to implement this document. However, implementers are cautioned that this may not represent
97 the latest information, which may be obtained from the patent database available at https://patents.iec.ch. IEC
98 shall not be held responsible for identifying any or all such patent rights.
99 IEC 61508-4 has been prepared by subcommittee 65A: System aspects, of IEC technical
100 committee 65: Industrial-process measurement, control and automation.
101 This third edition cancels and replaces the second edition published in 2010. This edition
102 constitutes a technical revision.
103 This edition has been subject to a thorough review and incorporates many comments received
104 at the various revision stages.
105 This edition includes the following significant technical changes with respect to the previous
106 edition (the following list does refer to this document; other parts do mention specific further
107 details):
IEC CDV 61508-4 ED3 © IEC 2025 5 65A/1166/CDV

a) Document was upgraded to the 2024 version of the ISO/IEC Directives; this does
109 introduce a significant number of editorial changes, clause renumbering,rewording of the
110 information provided in Notes and editing of definitions (e.g. figures and illustratons are
111 moved to clause 4 and referenced by relevant defintions);
112 b) Set of defintions introduced to cover aspects of:
113 i) software off-line support tools;
114 ii) software technology classes (‘artificial Intelligence’)
115 iii) diagnostic functions;
116 iv) levels of independence;
117 v) selection of techniques and methods (shortcuts in tables)
118 c) Various clarifications in defintions and minor editorial errors have been corrected; the
119 normative references and the bibliography has been updated.
120 It has the status of a basic safety publication according to IEC Guide 104.
121 The text of this document is based on the following documents:
Draft Report on voting
65A/XX/FDIS 65A/XX/RVD
123 Full information on the voting for its approval can be found in the report on voting indicated in
124 the above table.
125 The language used for the development of this document is English.
126 This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
127 accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
128 at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
129 described in greater detail at www.iec.ch/publications.
130 A list of all parts of the IEC 61508 series, published under the general title Functional safety of
131 electrical / electronic / programmable electronic safety-related systems, can be found on the
132 IEC website.
133 The committee has decided that the contents of this document will remain unchanged until the
134 stability date indicated on the IEC website under webstore.iec.ch in the data related to the
135 specific document. At this date, the document will be
136 • reconfirmed,
137 • withdrawn,
138 • replaced by a revised edition, or
139 • amended.
IEC CDV 61508-4 ED3 © IEC 2025 6 65A/1166/CDV

142 INTRODUCTION
143 Systems comprised of electrical and/or electronic elements have been used for many years to
144 perform safety functions in most application sectors. Computer-based systems (generically
145 referred to as programmable electronic systems) are being used in all application sectors to
146 perform non-safety functions and, increasingly, to perform safety functions. If computer system
147 technology is to be effectively and safely exploited, it is essential that those responsible for
148 making decisions have sufficient guidance on the safety aspects on which to make these
149 decisions.
150 This document sets out a generic approach for all safety lifecycle activities for systems
151 comprised of electrical and/or electronic and/or programmable electronic (E/E/PE) elements
152 that are used to perform safety functions. This unified approach has been adopted in order that
153 a rational and consistent technical policy be developed for all electrically-based safety-related
154 systems. A major objective is to facilitate the development of product and application sector
155 documents based on the IEC 61508 series.
156 NOTE 1 Examples of product and application sector documents based on the IEC 61508 series are given in the
157 Bibliography (see references [1], [2] and [3]).
158 In most situations, safety is achieved by a number of systems which rely on many technologies
159 (for example mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic).
160 Any safety strategy shall therefore consider not only all the elements within an individual system
161 (for example sensors, controlling devices and actuators) but also all the safety-related systems
162 making up the total combination of safety-related systems. Therefore, while this document is
163 concerned with E/E/PE safety-related systems, it may also provide a framework within which
164 safety-related systems based on other technologies may be considered.
165 It is recognized that there is a great variety of applications using E/E/PE safety-related systems
166 in a variety of application sectors and covering a wide range of complexity, hazard and risk
167 potentials. In any particular application, the required safety measures will be dependent on
168 many factors specific to the application. This document, by being generic, will enable such
169 measures to be formulated in future product and application sector documents and in revisions
170 of those that already exist.
171 This document
172 – considers all relevant overall, E/E/PE system and software safety lifecycle phases (for
173 example, from initial concept, though design, implementation, operation and maintenance
174 to decommissioning) when E/E/PE systems are used to perform safety functions;
175 – has been conceived with a rapidly developing technology in mind; the framework is
176 sufficiently robust and comprehensive to cater for future developments;
177 – enables product and application sector documents, dealing with E/E/PE safety-related
178 systems, to be developed; the development of product and application sector documents,
179 within the framework of this document, should lead to a high level of consistency (for
180 example, of underlying principles, terminology etc.) both within application sectors and
181 across application sectors; this will have both safety and economic benefits;
182 – provides a method for the development of the safety requirements specification necessary
183 to achieve the required functional safety for E/E/PE safety-related systems;
184 – adopts a risk-based approach by which the safety integrity requirements can be determined;
185 – introduces safety integrity levels for specifying the target level of safety integrity for the
186 safety functions to be implemented by the E/E/PE safety-related systems;
187 – The document does not specify the safety integrity level requirements for any safety
188 function, nor does it mandate how the safety integrity level is determined. Instead it provides
189 a risk-based conceptual framework and example techniques.
190 – sets target failure measures for safety functions carried out by E/E/PE safety-related
191 systems, which are linked to the safety integrity levels;

IEC CDV 61508-4 ED3 © IEC 2025 7 65A/1166/CDV

– sets a lower limit on the target failure measures for a safety function carried out by a single
193 E/E/PE safety-related system. For E/E/PE safety-related systems operating in
194 • a low demand mode of operation, the lower limit is set at an average probability of a
–5
195 dangerous failure on demand of 10 ;
196 • a high demand or a continuous mode of operation, the lower limit is set at an average
–9 –1
197 frequency of a dangerous failure of 10 [h ];
198 NOTE 2 A single E/E/PE safety-related system does not necessarily mean a single-channel architecture.
199 NOTE 3 It can be possible to achieve designs of safety-related systems with lower values for the target safety
200 integrity for non-complex systems, but these limits are considered to represent what can be achieved for relatively
201 complex systems (for example programmable electronic safety-related systems) at the present time.
202 – sets requirements for the avoidance and control of systematic faults, which are based on
203 experience and judgement from practical experience gained in industry. Even though the
204 probability of occurrence of systematic failures cannot in general be quantified the document
205 does, however, allow a claim to be made, for a specified safety function, that the target
206 failure measure associated with the safety function can be considered to be achieved if all
207 the requirements in the document have been met;
208 – adopts a broad range of principles, techniques and measures to achieve functional safety
209 for E/E/PE safety-related systems, but does not explicitly use the concept of fail safe
210 However, the concepts of “fail safe” and “inherently safe” principles may be applicable and
211 adoption of such concepts is acceptable providing the requirements of the relevant clauses
212 in the document are met.
IEC CDV 61508-4 ED3 © IEC 2025 8 65A/1166/CDV

215 FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/
216 PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS –
218 Part 4: Definitions and abbreviations
222 1 Scope
223 1.1 This part of IEC 61508 contains the definitions and explanation of terms that are used in
224 parts 1 to 7 of the IEC 61508 series of documents.
225 1.2 The definitions are grouped under general headings so that related terms can be
226 understood within the context of each other. However, it should be noted that these headings
227 are not intended to add meaning to the definitions.
228 1.3 This document is a basic safety publication to be used in conjunction with the other parts
229 of IEC 61508 for use by end users to evaluate functional safety applications, or by technical
230 committees in the preparation of standards in accordance with the principles contained in IEC
231 Guide 104 and ISO/IEC Guide 51. This document does not apply in the context of low complexity
232 E/E/PE safety-related systems (see IEC 61508-4 3.4.3).
233 1.4 One of the responsibilities of a technical committee is, wherever applicable, to make use
234 of basic safety publications in the preparation of its publications. In this context, the
235 requirements, test methods or test conditions of this basic safety publication will not apply
236 unless specifically referred to or included in the publications prepared by those technical
237 committees.
238 1.5 Figure 1 shows the overall framework of the IEC 61508 series and indicates the role that
239 IEC 61508-4 plays in the achievement of functional safety for E/E/PE safety-related systems.

IEC CDV 61508-4 ED3 © IEC 2025 9 65A/1166/CDV

Technical Requirements Other Requirements
Part 1
Development of the overall
safety requirements
(concept, scope, definition,
hazard and risk analysis)
7.1 to 7.5
Part 5
Example of methods
for the determination
of safety integrity
levels
Part 1
Allocation of the safety requirements
to the E/E/PE safety-related systems
7.6
Part 1
Specification of the system safety
requirements for the E/E/PE
safety-related systems
7.10
Part 6
Guidelines for the
application of
Parts 2 & 3
Part 2 Part 3
Realisation phase Realisation phase
for E/E/PE for safety-related
safety-related software
systems
Part 7
Overview of
techniques and
measures
Part 1
Installation, commissioning
& safety validation of E/E/PE
safety-related systems
7.13 - 7.14
Part 1
Operation, maintenance,repair,
modification and retrofit,
decommissioning or disposal of
E/E/PE safety-related systems
7.15 - 7.17
241 Figure 1 – Overall framework of the IEC 61508 series

IEC CDV 61508-4 ED3 © IEC 2025 10 65A/1166/CDV

242 2 Normative references
243 The following documents are referred to in the text in such a way that some or all of their content
244 constitutes requirements of this document. For dated references, only the edition cited applies.
245 For undated references, the latest edition of the referenced document (including any
246 amendments) applies.
247 IEC Guide 104:2019, The preparation of safety publications and the use of basic safety
248 publications and group safety publications
249 ISO/IEC Guide 51:2014, Safety aspects – Guidelines for their inclusion in standards
250 3 Definitions and abbreviations
251 For the purposes of this document, the definitions and the abbreviations given in Table 1 below,
252 as well as the following apply.
253 Table 1 – Abbreviations used in this document
Abbreviation Full expression Definition and/or explanation
of term
ALARP As Low As Reasonably Practicable IEC 61508-5, Annex C

CCF Common Cause Failure 3.6.10

DC Diagnostic Coverage 3.8.6
(E)EPLD (Electrically) Erasable Programmable Logic Device
3.2.13, example: E/E/PE
E/E/PE Electrical/Electronic/Programmable Electronic
safety-related system
E/E/PE system Electrical/Electronic/Programmable Electronic System 3.3.2
EEPROM Electrically Erasable Programmable Read-Only Memory
EPROM Erasable Programmable Read-Only Memory
EUC Equipment Under Control 3.2.1
FPGA Field Programmable Gate Array
GAL Generic Array Logic
HFT Hardware Fault Tolerance 7.4.4 of IEC 61508-2
MooN M out of N channel architecture IEC 61508-6, Annex D
(for example 1oo2 is 1 out of 2 architecture, where either
of the two channels can perform the safety function)
MooND M out of N channel architecture with Diagnostics IEC 61508-6, Annex D
(for example 1oo2D is 1 out of 2 architecture, where either
of the two channels can perform the safety function and
“D” is referred to as either Diagnostics or Degradation)
MTBF Mean Time Between Failures 3.6.19, NOTE 3
MTTR Mean Time To Restoration 3.6.21
MRT Mean Repair Time 3.6.22
PAL Programmable Array Logic
PE Programmable Electronic 3.2.12
PEsystem Programmable Electronic system 3.3.1
PFD Probability of dangerous Failure on Demand 3.6.17
PFD Average Probability of dangerous Failure on Demand 3.6.18
avg
IEC CDV 61508-4 ED3 © IEC 2025 11 65A/1166/CDV

Abbreviation Full expression Definition and/or explanation
of term
PFH -1 3.6.19
Average frequency of dangerous failure [h ]
PLA Programmable Logic Array
PLC Programmable Logic Controller IEC 61508-6, Annex E
PLD Programmable Logic Device
PLS Programmable Logic Sequencer
PML Programmable Macro Logic
RAM Random Access Memory
ROM Read-Only Memory
SFF Safe Failure Fraction 3.6.15
SIL Safety Integrity Level 3.5.8
VHDL Very High Speed Integrated Circuit Hardware Description IEC 61508-2, Annex F, Note 5
Language
255 3.1 Safety terms
256 3.1.1
257 harm
258 injury or damage to the health of people, or damage to property or the environment
259 [SOURCE: ISO/IEC Guide 51:2014, definition 3.1]
260 3.1.2
261 hazard
262 potential source of harm
263 Note 1 to entry: The term includes danger to persons arising within a short time scale (for example, fire and
264 explosion) and also those that have a long-term effect on a person’s health (for example, release of a toxic
265 substance).
266 [SOURCE: ISO/IEC Guide 51:2014, definition 3.2, modified – Note 1 to entry has been added,]
267 3.1.3
268 hazardous situation
269 circumstance in which people, property or the environment is/are exposed to one or more
270 hazards
271 [SOURCE: ISO/IEC Guide 51:2014, definition 3.4]
272 3.1.4
273 hazardous event
274 event that can cause harm
275 Note 1 to entry: Whether or not a hazardous event results in harm depends on whether people, property or the
276 environment are exposed to the consequence of the hazardous event and, in the case of harm to people, whether
277 any such exposed people can escape the consequences of the event after it has occurred.
278 [SOURCE: ISO/IEC Guide 51:2014, definition 3.3, modified – Note 1 to entry has been added,]
279 3.1.5
280 harmful event
281 occurrence in which a hazardous situation or hazardous event results in harm
282 Note 1 to entry: Adapted from ISO/IEC Guide 51, definition 3.4, to allow for a hazardous event.

IEC CDV 61508-4 ED3 © IEC 2025 12 65A/1166/CDV

283 3.1.6
284 risk
285 combination of the probability of occurrence of harm and the severity of that harm
286 Note 1 to entry: For more discussion on this concept see Annex A of IEC 61508-5.
287 [SOURCE: ISO/IEC Guide 51:2014, definition 3.9, modified – Note 1 to entry has been
288 changed.]
289 3.1.7
290 tolerable risk
291 level of risk that is accepted in a given context based on the current values of society
292 Note 1 to entry: See Annex C of IEC 61508-5.
293 [SOURCE: ISO/IEC Guide 51:2014, definition 3.15, modified – Note 1 to entry has been
294 changed.]
295 3.1.8
296 residual risk
297 risk remaining after protective measures have been taken
298 [SOURCE: ISO/IEC Guide 51:2014, definition 3.8 - modified]
299 3.1.9
300 EUC risk
301 risk arising from the EUC or its interaction with the EUC control system
302 Note 1 to entry: The risk in this context is that associated with the specific harmful event in which E/E/PE safety-
303 related systems and other risk reduction measures are to be used to provide the necessary risk reduction, (i.e. the
304 risk associated with functional safety).
305 Note 2 to entry: The EUC risk is indicated in Figure A.1 of IEC 61508-5. The main purpose of determining the EUC
306 risk is to establish a reference point for the risk without taking into account E/E/PE safety-related systems and other
307 risk reduction measures.
308 Note 3 to entry: Assessment of this risk will include associated human factor issues.
310 3.1.10
311 safety
312 freedom from risk which is not tolerable
313 [SOURCE: ISO/IEC Guide 51:2014, definition 3.14]
314 3.1.11
315 functional safety
316 part of the overall safety relating to the EUC and the EUC control system that depends on the
317 correct functioning of the E/E/PE safety-related systems and other risk reduction measures
318 3.1.12
319 cascading failure
320 failure of a component (3.4.6) caused by failure (3.6.4) of another component (3.4.6)
322 3.1.13
323 safe state
324 condition of the EUC when safety is achieved

IEC CDV 61508-4 ED3 © IEC 2025 13 65A/1166/CDV

325 Note 1 to entry: In going from a potentially hazardous condition to the final safe state, the EUC may have to go
326 through a number of intermediate safe states. For some situations a safe state exists only so long as the EUC is
327 continuously controlled. Such continuous control may be for a short or an indefinite period of time.
328 3.1.14
329 reasonably foreseeable misuse
330 use of a product or system in a way not intended by the supplier, but which can result from
331 readily predictable human behaviour
332 [SOURCE: ISO/IEC Guide 51:2014, definition 3.7 – modified – Notes 1 and 2 to entry have
333 been omitted]
334 3.1.15
335 human factors , ergonomics
336 usability and interaction between persons and products, devices, services, systems and
337 environments, both real and virtual
338 [SOURCE: IEV 872-03-01]
339 3.1.16
340 human error
341 discrepancy between the human action taken or omitted, and the intended or required
342 EXAMPLE Performing an incorrect action, omitting a required action; miscalculation,
343 misreading a value.
344 [SOURCE: IEV 192-03-14]
345 3.2 Equipment and devices
346 3.2.1
347 equipment under control
348 EUC
349 equipment, machinery, apparatus or plant used for manufacturing, process, transportation,
350 medical or other activities
351 Note 1 to entry: The EUC control system is separate and distinct from the EUC.
352 3.2.2
353 environment
354 all relevant parameters that can affect the achievement of functional safety in the specific
355 application under consideration and in any safety lifecycle phase
356 Note 1 to entry: This would include, for example, physical environment, operating environment, legal environment
357 and maintenance environment.
358 3.2.3
359 functional unit
360 entity of hardware or software, or both, capable of accomplishing a specified purpose
361 [SOURCE: ISO/IEC 2382:2015]
362 3.2.4
363 application
364 task related to the EUC rather than to the E/E/PE system
365 3.2.5
366 software
367 intellectual creation comprising the programs, procedures, data, rules and any associated
368 documentation pertaining to the operation of a data processing system

IEC CDV 61508-4 ED3 © IEC 2025 14 65A/1166/CDV

369 Note 1 to entry: Software is independent of the medium on which it is recorded.
370 Note 2 to entry: This definition without Note 1 differs from ISO/IEC 2382-1 (reference [7] in the Bibliography) by the
371 addition of the word data.
372 3.2.6
373 system software
374 part of the software of a PE system that relates to the functioning of, and services provided by,
375 the programmable device itself, as opposed to the application software that specifies the
376 functions that perform a task related to the safety of the EUC
377 Note 1 to entry: Refer to IEC 61508-7 for examples.
378 Note 2 to entry: Some sector specific standards use the term ‘embedded software’ to differentiate between the
379 application system programme and the underlying platform system.
381 3.2.7
382 application software
383 application data
384 configuration data
385 part of the software of a programmable electronic system that specifies the functions that
386 perform a task related to the EUC rather than the functioning of, and services provided by the
387 programmable device itself
388 3.2.8
389 pre-existing software
390 software element which already exists and is not developed specifically for the current project
391 or safety-related system
392 Note 1 to entry: The software could be a commercially available product, or it could have been developed by some
393 organisation for a previous product or system. Pre-existing software may or may not have been developed in
394 accordance with the requirements of this document.
395 3.2.9
396 data
397 information represented in a manner suitable for communication, interpretation, or processing
398 by computers
399 Note 1 to entry: Data may take the form of static information (for example configuration of a set point or a
400 representation of geographical information) or it may take the form of instructions to specify a sequence of pre-
401 existing functions.
402 Note 2 to entry: Refer to IEC 61508-7 for examples.
403 3.2.10
404 software on-line support tool
405 software tool that can directly influence the safety-related system during its run time
406 3.2.11
407 software off-line support tool
408 software tool that supports a phase of a safety function development lifecycle and that cannot directly
409 influence the safety-related system during its run time.
410 3.2.12
411 Tool Impact Class
412 TIC
413 characterization of the potential impact of a software off-line support tool error on the safety function, if
414 no detection/mitigation means were applied
415 3.2.13
416 Tool Error Impact Detection/Prevention Level
417 TD
IEC CDV 61508-4 ED3 © IEC 2025 15 65A/1166/CDV

characterization of the degree of effectiveness of the means (e.g. review of the tool’s output,
419 internal/external consistency checks) which are applied by the tool usage process to detect and/or
420 prevent the impact of errors introduced or failed to be detected by the tool into the safety function
421 during tool operation
422 3.2.14
423 Software technology class
424 SWTC I
425 implemented software being developed by human programming or coding, which can be completely
426 followed-up, understood and reviewed over all lifecycle phases, including the software off-line support
427 tools used (e.g. code compilers), where all data sources / parameters are predetermined and limited
428 by humans and no functional self-evolvement of the software itself during operation is possible
429 3.2.15
430 Software technology class
431 SWTC II
432 implemented software at least initially being developed by human programming but partly
433 developed or coded by software algorithms (e.g. machine learning), which cannot be
434 completely followed-up, understood and reviewed by humans over all lifecycle phases,
435 including the software off-line support tools used (e.g. code compilers), where all data
436 sources / parameters are predetermined and limited by humans and no functional self-
437 evolvement of the software itself during operation is possible
438 NOTE 1 For further information refer to ISO/IEC TR 5469:2024 and ISO/IEC TS 22440:-1.
439 NOTE 2 Software update is possible if supported by the appropriate software update process.
440 3.2.16
441 Software technology class
442 SWTC III
443 software not meeting the criteria of software technology class I or II
444 3.2.17
445 direct verification
446 verification of a software tool’s output that does not depend upon any other software tool
447 EXAMPLE 1 Fault injection tool fails to inject fault will be immediately recognizable by user due to associated test
448 case failure.
449 EXAMPLE 2 Wrong output from text editor tool will be immediately recognizable by user.
450 3.2.18
451 indirect verification
452 verification of a software tool’s output that depends upon one or more other software tool(s)
453 or verification of software tool’s output after integration with one or more elements of the
454 system.
455 EXAMPLE 1 Use of redundant tool to generate same output and comparison of outputs by user to detect tool errors.
456 EXAMPLE 2 Integration of tool output with element of system and test of integration by user to detect tool errors.
457 3.2.19
458 software lifecycle data
459 all data produced during the software lifecycle
461 translator
462 ISO/IEC/IEEE 24765:2017(en), 3.4380]
463 EXAMPLE Design refinement tools, compilers, assemblers, linkers, binders, loaders and code generation tools.

IEC CDV 61508-4 ED3 © IEC 2025 16 65A/1166/CDV

464 3.2.20
465 programmable electronic
466 PE
467 based on computer technology which may be comprised of hardware, software, and of input
468 and/or output units
469 EXAMPLE The following are all programmable electronic devices:
470 – microprocessors;
471 – micro-controllers;
472 – programmable controllers;
473 – application specific integrated circuits (ASICs);
474 – programmable logic controllers (PLCs);
475 – other computer-based devices (for example smart sensors, transmitters, actuators).
476 Note 1 to entry: This term covers microelectronic devices based on one or more central processing units (CPUs)
477 together with associated memories, etc.
478 3.2.21
479 electrical/electronic/programmable electronic
480 E/E/PE
481 electrical (E) and/or electronic (E) and/or programmable electronic (PE) technology
482 Note 1 to entry: The term is intended to cover any and all devices or systems operating on electrical principles.
483 EXAMPLE Electrical/electronic/programmable electronic devices include:
484 – electro-mechanical devices (electrical);
485 – solid-state non-programmable electronic devices (electronic);
486 – electronic devices based on computer technology (programmable electronic); see 3.2.12.
487 3.2.22
488 limited variability language
489 software programming language, whose notation is textual or graphical or has characteristics
490 of both, for commercial and industrial programmable electronic controllers with a range of
491 capabilities limited to their application
492 EXAMPLE The following are limited variability languages, from IEC 61131-3 (reference [8] in the Bibliography) and
493 other sources, which are used to represent the application program for a PLC system:
494 – ladder diagram: a graphical language consisting of a series of input symbols (representing behaviour similar to
495 devices such as normally open and normally closed contacts) interconnected by lines (to indicate the flow of
496 current) to output symbols (representing behaviour similar to relays);
497 – Boolean algebra: a low-level language based on Boolean operators such as AND, OR and NOT with the ability
498 to add some mnemonic instructions;
499 – function block diagram: in addition to Boolean operators, allows the use of more complex functions such as data
500 transfer file, block transfer read/write, shift register and sequencer instructions;
501 – sequential function chart: a graphical representation of a sequential program consisting of interconnected steps,
502 actions and directed links with transition conditions.
503 3.3 Systems – general aspects
504 3.3.1
505 programmable electronic system
506 PE system
507 system for control, protection or monitoring based on one or more programmable electronic
508 devices, including all elements of the system such as power supplies, sensors and other input
509 devices, data highways and other communication paths, and actuators and other output devices
510 Note 1 to entry Refer to 4.2 for further information.

IEC CDV 61508-4 ED3 © IEC 2025 17 65A/1166/CDV

511 3.3.2
512 electrical/electronic/programmable electronic system
513 E/E/PE system
514 system for control, protection or monitoring based on one or more electrical/electronic
515 programmable electronic (E/E/PE) devices, including all elements of the system such as power
516 supplies, sensors and other input devices, data highways and other communication paths, and
517 actuators and other output devices
518 Note 1 to entry Refer to 4.3 for further information.
519 3.3.3
520 EUC control system
521 system that responds to input signals from the process and/or from an operator and generates
522 output signals causing the EUC to operate in the desired manner
523 Note 1 to entry: The EUC control system includes input devices and final elements.
524 3.3.4
525 architecture
526 representation of the structure of hardware and/or software elements in a system that allows
527 identification of building blocks, their boundaries and interfaces, and includes the allocation of
528 requirements to these
529 [Source: ISO 26262-1 :2018, 3.1 modified]
531 3.3.5
532 software module
533 construct that consists of procedures and/or data declarations and that can also interact with
534 other such constructs
535 3.3.6
536 channel
...