IEC 62061:2021
(Main)Safety of machinery - Functional safety of safety-related control systems
Safety of machinery - Functional safety of safety-related control systems
IEC 62061:2021 specifies requirements and makes recommendations for the design, integration and validation of safety-related control systems (SCS) for machines. It is applicable to control systems used, either singly or in combination, to carry out safety functions on machines that are not portable by hand while working, including a group of machines working together in a coordinated manner.
This document is a machinery sector specific standard within the framework of IEC 61508 (all parts).
The design of complex programmable electronic subsystems or subsystem elements is not within the scope of this document.
The main body of this sector standard specifies general requirements for the design, and verification of a safety-related control system intended to be used in high/continuous demand mode.
This document:
– is concerned only with functional safety requirements intended to reduce the risk of hazardous situations;
– is restricted to risks arising directly from the hazards of the machine itself or from a group of machines working together in a coordinated manner;
This document does not cover
– electrical hazards arising from the electrical control equipment itself (e.g. electric shock - see IEC 60204-1);
– other safety requirements necessary at the machine level such as safeguarding;
– specific measures for security aspects – see IEC TR 63074.
This document is not intended to limit or inhibit technological advancement.
IEC 62061:2021 cancels and replaces the first edition, published in 2005, Amendment 1:2012 and Amendment 2:2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
– structure has been changed and contents have been updated to reflect the design process of the safety function,
– standard extended to non-electrical technologies,
– definitions updated to be aligned with IEC 61508-4,
– functional safety plan introduced and configuration management updated (Clause 4),
– requirements on parametrization expanded (Clause 6),
– reference to requirements on security added (Subclause 6.8),
– requirements on periodic testing added (Subclause 6.9),
– various improvements and clarification on architectures and reliability calculations (Clause 6 and Clause 7),
– shift from "SILCL" to "maximum SIL" of a subsystem (Clause 7),
– use cases for software described including requirements (Clause 8),
– requirements on independence for software verification (Clause 8) and validation activities (Clause 9) added,
– new informative annex with examples (Annex G),
– new informative annexes on typical MTTFD values, diagnostics and calculation methods for the architectures (Annex C, Annex D and Annex H).
Sécurité des machines - Sécurité fonctionnelle des systèmes de commande relatifs à la sécurité
L'IEC 62061:2021 spécifie les exigences et donne des recommandations pour la conception, l'intégration et la validation des systèmes de commande relatifs à la sécurité (SCS) pour les machines. Elle s'applique aux systèmes de commande utilisés, séparément ou en combinaison, pour assurer les fonctions de sécurité de machines qui ne sont pas portables à la main en fonctionnement, y compris un groupe de machines fonctionnant ensemble d'une manière coordonnée.
Le présent document est spécifique au secteur des machines dans le cadre de l'IEC 61508 (toutes les parties).
La conception de sous-systèmes ou d'éléments de sous-système électroniques programmables complexes ne relève pas du domaine d'application du présent document. Ces éléments relèvent du domaine d'application de l'IEC 61508 ou de normes qui lui sont associées.
Le présent document:
– se concerne que les exigences de sécurité fonctionnelle destinées à réduire le risque de situations dangereuses;
– se limite aux risques résultant directement des phénomènes dangereux de la machine elle même ou d'un groupe de machines fonctionnant ensemble d'une manière coordonnée;
Le présent document ne concerne pas
– les phénomènes dangereux électriques provenant du matériel de commande électrique lui même (par exemple choc électrique – voir l'IEC 60204-1);
– les autres exigences relatives à la sécurité nécessaires au niveau de la machine (la protection par protecteur, par exemple);
– les mesures particulières pour les aspects liés à la sécurité – voir l'IEC TR 63074.
Le présent document n'est pas destiné à limiter ou inhiber les progrès technologiques.
L'IEC 62061:2021 annule et remplace la première édition parue en 2005, l’Amendement 1:2012 ainsi que l’Amendement 2:2015. Cette édition constitue une révision technique.
Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente:
– la structure a été modifiée et le contenu a été mis à jour pour refléter le processus de conception de la fonction de sécurité,
– la norme a été étendue aux technologies non électriques,
– définitions mises à jour pour être alignées sur l'IEC 61508-4,
– plan de sécurité fonctionnelle introduit et gestion de configuration mise à jour (Article 4),
– exigences relatives au paramétrage étendues (Article 6),
– référence aux exigences relatives à la sécurité ajoutée (Paragraphe 6.8)
– exigences relatives aux essais périodiques ajoutées (Paragraphe 6.9),
– différentes améliorations et clarifications relatives aux architectures et aux calculs de fiabilité (Article 6 et Article 7),
– décalage entre le "SILCL" et le "SIL maximal" d'un sous-système (Article 7),
– cas d'utilisation pour les logiciels décrits, y compris les exigences (Article 8),
– exigences relatives à l'indépendance des activités de vérification (Article 8) et de validation (Article 9) du logiciel ajoutées,
– nouvelle annexe informative avec des exemples (Annex G),
– nouvelles annexes informatives relatives aux valeurs MTTFD, aux diagnostics et aux méthodes de calcul des architectures (Annex C, Annex D et Annex H).
General Information
Relations
Buy Standard
Standards Content (Sample)
IEC 62061 ®
Edition 2.1 2024-03
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
colour
inside
Safety of machinery – Functional safety of safety-related control systems
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.
IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.
Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC 62061 ®
Edition 2.1 2024-03
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
colour
inside
Safety of machinery – Functional safety of safety-related control systems
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 13.110; 25.040.99; 29.020 ISBN 978-2-8322-8675-3
REDLINE VERSION – 2 – IEC 62061:2021+AMD1:2024 CSV
IEC 2024
CONTENTS
FOREWORD . 8
INTRODUCTION . 10
1 Scope . 11
2 Normative references . 12
3 Terms, definitions and abbreviations . 13
3.1 Alphabetical list of definitions . 13
3.2 Terms and definitions . 15
3.3 Abbreviations . 28
4 Design process of an SCS and management of functional safety . 28
4.1 Objective . 28
4.2 Design process . 29
4.3 Management of functional safety using a functional safety plan . 31
4.4 Configuration management . 33
4.5 Modification . 33
5 Specification of a safety function . 34
5.1 Objective . 34
5.2 Safety requirements specification (SRS) . 34
5.2.1 General . 34
5.2.2 Information to be available . 34
5.2.3 Functional requirements specification . 35
5.2.4 Estimation of demand mode of operation . 35
5.2.5 Safety integrity requirements specification . 36
6 Design of an SCS . 37
6.1 General . 37
6.2 Subsystem architecture based on top down decomposition . 37
6.3 Basic methodology – Use of subsystem . 37
6.3.1 General . 37
6.3.2 SCS decomposition . 38
6.3.3 Sub-function allocation . 39
6.3.4 Use of a pre-designed subsystem . 39
6.4 Determination of safety integrity of the SCS . 40
6.4.1 General . 40
6.4.2 PFH . 40
6.5 Requirements for systematic safety integrity of the SCS . 41
6.5.1 Requirements for the avoidance of systematic hardware failures . 41
6.5.2 Requirements for the control of systematic faults . 42
6.6 Electromagnetic immunity . 43
6.7 Software based manual parameterization . 43
6.7.1 General . 43
6.7.2 Influences on safety-related parameters . 43
6.7.3 Requirements for software based manual parameterization . 44
6.7.4 Verification of the parameterization tool . 45
6.7.5 Performance of software based manual parameterization . 45
6.8 Security aspects . 45
6.9 Aspects of periodic testing . 46
7 Design and development of a subsystem . 46
IEC 2024
7.1 General . 46
7.2 Subsystem architecture design . 47
7.3 Requirements for the selection and design of subsystem and subsystem
elements . 48
7.3.1 General . 48
7.3.2 Systematic integrity . 48
7.3.3 Fault consideration and fault exclusion . 51
7.3.4 Failure rate of subsystem element . 52
7.4 Architectural constraints of a subsystem . 55
7.4.1 General . 55
7.4.2 Estimation of safe failure fraction (SFF) . 56
7.4.3 Behaviour (of the SCS) on detection of a fault in a subsystem . 58
7.4.4 Realization of diagnostic functions . 59
7.5 Subsystem design architectures . 60
7.5.1 General . 60
7.5.2 Basic subsystem architectures . 60
7.5.3 Basic requirements . 61
7.6 PFH of subsystems . 62
7.6.1 General . 62
7.6.2 Methods to estimate the PFH of a subsystem . 62
7.6.3 Simplified approach to estimation of contribution of common cause
failure (CCF) . 63
8 Software . 63
8.1 General . 63
8.2 Definition of software levels . 63
8.3 Software – Level 1 . 64
8.3.1 Software safety lifecycle – SW level 1 . 64
8.3.2 Software design – SW level 1 . 65
8.3.3 Module design – SW level 1 . 67
8.3.4 Coding – SW level 1 . 68
8.3.5 Module test – SW level 1 . 68
8.3.6 Software testing – SW level 1 . 68
8.3.7 Documentation – SW level 1 . 69
8.3.8 Configuration and modification management process – SW level 1 . 69
8.4 Software level 2 . 70
8.4.1 Software safety lifecycle – SW level 2 . 70
8.4.2 Software design – SW level 2 . 72
8.4.3 Software system design – SW level 2 . 73
8.4.4 Module design – SW level 2 . 74
8.4.5 Coding – SW level 2 . 75
8.4.6 Module test – SW level 2 . 75
8.4.7 Software integration testing SW level 2 . 76
8.4.8 Software testing SW level 2 . 76
8.4.9 Documentation – SW level 2 . 77
8.4.10 Configuration and modification management process – SW level 2 . 77
9 Validation . 78
9.1 Validation principles . 78
9.1.1 Validation plan . 81
9.1.2 Use of generic fault lists . 81
REDLINE VERSION – 4 – IEC 62061:2021+AMD1:2024 CSV
IEC 2024
9.1.3 Specific fault lists . 81
9.1.4 Information for validation . 82
9.1.5 Validation record . 82
9.2 Analysis as part of validation .
...
IEC 62061 ®
Edition 2.0 2021-03
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Safety of machinery – Functional safety of safety-related control systems
Sécurité des machines – Sécurité fonctionnelle des systèmes de commande
relatifs à la sécurité
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni
utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et
les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC online collection - oc.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always have
committee, …). It also gives information on projects, replaced access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 000 terminological entries in English
details all new publications released. Available online and once
and French, with equivalent terms in 18 additional languages.
a month by email.
Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Recherche de publications IEC - Découvrez notre puissant moteur de recherche et consultez
webstore.iec.ch/advsearchform gratuitement tous les aperçus des publications. Avec un
La recherche avancée permet de trouver des publications IEC abonnement, vous aurez toujours accès à un contenu à jour
en utilisant différents critères (numéro de référence, texte, adapté à vos besoins.
comité d’études, …). Elle donne aussi des informations sur les
projets et les publications remplacées ou retirées. Electropedia - www.electropedia.org
Le premier dictionnaire d'électrotechnologie en ligne au monde,
IEC Just Published - webstore.iec.ch/justpublished
avec plus de 22 000 articles terminologiques en anglais et en
Restez informé sur les nouvelles publications IEC. Just
français, ainsi que les termes équivalents dans 16 langues
Published détaille les nouvelles publications parues.
additionnelles. Egalement appelé Vocabulaire
Disponible en ligne et une fois par mois par email.
Electrotechnique International (IEV) en ligne.
Service Clients - webstore.iec.ch/csc
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC online collection - oc.iec.ch
IEC 62061 ®
Edition 2.0 2021-03
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Safety of machinery – Functional safety of safety-related control systems
Sécurité des machines – Sécurité fonctionnelle des systèmes de commande
relatifs à la sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.110; 25.040.99; 29.020 ISBN 978-2-8322-9333-1
– 2 – IEC 62061:2021 IEC 2021
CONTENTS
FOREWORD . 8
INTRODUCTION . 10
1 Scope . 11
2 Normative references . 12
3 Terms, definitions and abbreviations . 13
3.1 Alphabetical list of definitions . 13
3.2 Terms and definitions . 15
3.3 Abbreviations . 28
4 Design process of an SCS and management of functional safety . 28
4.1 Objective . 28
4.2 Design process . 29
4.3 Management of functional safety using a functional safety plan . 31
4.4 Configuration management . 33
4.5 Modification . 33
5 Specification of a safety function . 34
5.1 Objective . 34
5.2 Safety requirements specification (SRS) . 34
5.2.1 General . 34
5.2.2 Information to be available . 34
5.2.3 Functional requirements specification . 35
5.2.4 Estimation of demand mode of operation . 35
5.2.5 Safety integrity requirements specification . 36
6 Design of an SCS . 37
6.1 General . 37
6.2 Subsystem architecture based on top down decomposition . 37
6.3 Basic methodology – Use of subsystem . 37
6.3.1 General . 37
6.3.2 SCS decomposition . 38
6.3.3 Sub-function allocation . 39
6.3.4 Use of a pre-designed subsystem . 39
6.4 Determination of safety integrity of the SCS . 40
6.4.1 General . 40
6.4.2 PFH . 40
6.5 Requirements for systematic safety integrity of the SCS . 41
6.5.1 Requirements for the avoidance of systematic hardware failures . 41
6.5.2 Requirements for the control of systematic faults . 42
6.6 Electromagnetic immunity . 43
6.7 Software based manual parameterization . 43
6.7.1 General . 43
6.7.2 Influences on safety-related parameters . 43
6.7.3 Requirements for software based manual parameterization . 44
6.7.4 Verification of the parameterization tool . 45
6.7.5 Performance of software based manual parameterization . 45
6.8 Security aspects . 45
6.9 Aspects of periodic testing . 46
7 Design and development of a subsystem . 46
7.1 General . 46
7.2 Subsystem architecture design . 47
7.3 Requirements for the selection and design of subsystem and subsystem
elements . 48
7.3.1 General . 48
7.3.2 Systematic integrity . 48
7.3.3 Fault consideration and fault exclusion . 51
7.3.4 Failure rate of subsystem element . 52
7.4 Architectural constraints of a subsystem . 55
7.4.1 General . 55
7.4.2 Estimation of safe failure fraction (SFF) . 56
7.4.3 Behaviour (of the SCS) on detection of a fault in a subsystem . 57
7.4.4 Realization of diagnostic functions . 58
7.5 Subsystem design architectures . 59
7.5.1 General . 59
7.5.2 Basic subsystem architectures . 59
7.5.3 Basic requirements . 61
7.6 PFH of subsystems . 62
7.6.1 General . 62
7.6.2 Methods to estimate the PFH of a subsystem . 62
7.6.3 Simplified approach to estimation of contribution of common cause
failure (CCF) . 62
8 Software . 62
8.1 General . 62
8.2 Definition of software levels . 63
8.3 Software – Level 1 . 64
8.3.1 Software safety lifecycle – SW level 1 . 64
8.3.2 Software design – SW level 1 . 65
8.3.3 Module design – SW level 1 . 67
8.3.4 Coding – SW level 1 . 67
8.3.5 Module test – SW level 1 .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.