IEC TR 62246-3:2018

IEC TR 62246-3 ®
Edition 1.0 2018-06
TECHNICAL
REPORT
colour
inside
Reed switches –
Part 3: Reliability data for reed switch-devices in typical safety applications

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TR 62246-3 ®
Edition 1.0 2018-06
TECHNICAL
REPORT
colour
inside
Reed switches –
Part 3: Reliability data for reed switch-devices in typical safety applications

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 29.120.70 ISBN 978-2-8322-5811-8

– 2 – IEC TR 62246-3:2018 © IEC 2018
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 8
2 Normative references . 8
3 Terms and definitions . 8
3.1 Failure of systems . 9
3.2 Confirmation of safety measures for reed switch-devices . 9
3.3 Reliability data of reed switch-devices . 10
3.4 Functional safety of reed switch-devices . 11
4 Approach adopted for this document. 12
4.1 General . 12
4.2 Application of reed switches in accordance with IEC 62246 (all parts) . 12
4.3 Application in accordance with ISO 13849 (all parts), IEC 62061 and
IEC 61508 (all parts) . 13
4.4 Application of the design of the E/E/PE safety-related system . 13
4.5 Application of SIL capability to function units . 14
4.5.1 General . 14
4.5.2 Procedures . 14
4.5.3 Random hardware failures . 14
4.5.4 Systematic faults . 15
4.5.5 Safety manual . 15
4.5.6 Application of SIL capability for the allocation of SIL to systems . 15
5 Examples of reliability data for reed switch-devices . 16
6 Examples of classification of involved groups for responsibility . 16
Annex A (informative) Hydraulic and pneumatic fluid power . 17
A.1 Example of electric actuator in hydraulic fluid power . 17
A.2 Examples of group safety standards . 17
A.3 Example of safety requirements . 17
A.4 Example of safety measures for the reed switch-device . 17
A.4.1 Usage conditions of end-user . 17
A.4.2 Usage conditions of the reed switch-device . 18
A.5 Example of calculation of failure rates for the reed switch-device . 19
A.5.1 Dangerous failure rate of the reed switch-device . 19
A.5.2 Estimates for diagnostic coverage (DC) . 20
A.5.3 Estimates for common cause failure (CCF) . 20
A.6 Example of classification of involved groups for responsibility . 20
Annex B (informative) Safety of machinery. 21
B.1 Example of guard interlocking device . 21
B.2 Example of group safety standards . 21
B.3 Example of safety requirements for the system . 21
B.3.1 Description of Type 3 interlocking device – example . 21
B.3.2 Typical characteristics . 22
B.3.3 Remarks . 22
B.3.4 Description of Type 4 interlocking device – example . 23
B.3.5 Typical characteristics . 23
B.3.6 Remarks . 23

B.4 Example of safety measures for the reed switch-device . 23
B.4.1 Usage conditions of end-user . 23
B.4.2 Usage conditions of the reed switch-device . 24
B.5 Example of calculation of failure rates for the reed switch-device . 24
B.5.1 General . 24
B.5.2 Dangerous failure rate of reed switch-device . 24
B.5.3 Estimation for diagnostic coverage (DC) . 24
B.5.4 Estimates for common cause failure (CCF) . 24
B.6 Example of classification of involved groups for responsibility . 25
Annex C (informative) Automatic electrical controls for household and similar use . 26
C.1 Example of automatic electrical burner control system . 26
C.2 Examples of group safety standards . 26
C.3 Example of safety requirements for the system . 26
C.4 Example of safety measures for the reed switch-device . 27
C.4.1 Usage conditions of end-user . 27
C.4.2 Usage conditions of reed switch-device . 28
C.5 Example of calculation of failure rates for the reed switch-device . 28
C.5.1 Dangerous failure rate of reed switch-device . 28
C.5.2 Estimates for diagnostic coverage (DC) . 29
C.5.3 Estimates for common cause failure (CCF) . 29
C.5.4 Accident damage reduction . 29
C.6 Example of classification of involved groups for responsibility . 29
Annex D (informative) Household and similar electric appliances . 31
D.1 Example of automatic electric washing machine . 31
D.2 Examples of group safety standards . 31
D.3 Example of safety requirements for the system . 31
D.4 Example of safety measures for the reed switch-device . 31
D.4.1 Usage conditions of end-user . 31
D.4.2 Usage conditions of reed switch-device . 32
D.5 Example of calculation of failure rates for the reed switch-device . 33
D.5.1 Dangerous failure rate of reed switch-device . 33
D.5.2 Estimates for diagnostic coverage (DC) . 33
D.5.3 Estimation for common cause failure (CCF) . 33
D.6 Example of classification of involved groups for responsibility . 33
Annex E (informative) Electric power systems . 35
E.1 Example of measuring and protection relay system . 35
E.2 Industrial standards . 35
E.3 Safety requirements for the system – example . 35
E.4 Safety measures for the reed switch device – example . 35
E.4.1 Usage conditions of end-user . 35
E.4.2 Usage conditions of the reed switch-device . 36
E.5 Example of the calculation of failure rates for the reed switch-device . 37
E.6 Example of classification of involved groups for responsibility . 37
Annex F (informative) Railway application . 39
F.1 Example of automatic train control (ATC) system . 39
F.2 Examples of group safety standards . 39
F.3 Example of safety requirements for the system . 39
F.4 Example of safety measures for the reed switch-device . 39

– 4 – IEC TR 62246-3:2018 © IEC 2018
F.4.1 Usage conditions of end-user . 39
F.4.2 Usage conditions of the reed switch-device . 40
F.5 Example of calculation of failure rates for the reed switch-device . 41
F.6 Example of classification of involved groups for responsibility . 42
Bibliography . 43

Figure A.1 – Architecture of an electric actuator in hydraulic fluid power . 18
Figure A.2 – Control circuit of reed switches of magnetic proximity switches . 19
Figure A.3 – B value estimated by Weibull analysis . 19
Figure B.1 – Electric interlocking device with a proximity switch actuated by a magnet
actuator . 22
Figure B.2 – Electric interlocking device with two proximity switches . 22
Figure B.3 – Typical architecture of guard interlocking device . 23
Figure C.1 – Architecture of a microcomputer type gas meter . 27
Figure C.2 – Control circuit of a reed switch in flow sensor . 28
Figure C.3 – Accident occurrences and casualties by year (Japan) . 29
Figure D.1 – Architecture of an automatic electric washing machine . 32
Figure D.2 – Control circuit of a magnetic proximity switch. 33
Figure E.1 – Architecture of a measuring and protection relay system . 36
Figure E.2 – Control circuit of a reed switch in a measuring and protection relay . 37
Figure F.1 – Architecture of the automatic train control (ATC) system . 40
Figure F.2 – Control circuit of reed switches in the ATC system . 41

Table 1 – Diagnostic coverage (DC) . 10
Table 2 – Maximum allowable safety integrity level for a safety function carried out by
a type A safety-related element or subsystem . 13
Table 3 – Performance level . 13
Table 4 – Architectural constraints on subsystems: maximum SIL that can be claimed
for a safety-related control function (SRCF) using this subsystem . 14
Table A.1 – Possible sharing of responsibility on an electric actuator . 20
Table B.1 – Possible sharing of responsibility on a guard interlocking device . 25
Table C.1 – Detection methods and action in the event of emergency . 26
Table C.2 – Possible sharing of responsibility on microcomputer type gas meter . 30
Table D.1 – Possible sharing of responsibility on an automatic electric washing
machine . 34
Table E.1 – Failure rates of reed relays in a measuring and protection relay system . 37
Table E.2 – Possible sharing of responsibility on a measuring and protection relay
system . 38
Table F.1 – Field failure rates of reed relays in the ATC system . 41
Table F.2 – Possible sharing of responsibility on reed relays in the ATC system . 42

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
REED SWITCHES –
Part 3: Reliability data for reed switch-devices
in typical safety applications

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC TR 62246-3, which is a Technical Report, has been prepared by IEC technical committee
94: All-or-nothing electrical relays.
The text of this Technical Report is based on the following documents:
Draft TR Report on voting
94/425/DTR 94/429/RVDTR
Full information on the voting for the approval of this Technical Report can be found in the
report on voting indicated in the above table.

– 6 – IEC TR 62246-3:2018 © IEC 2018
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts in the IEC 62246 series, published under the general title Reed switches, can
be found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
INTRODUCTION
This Technical Report:
– provides reliability data for reed switch-devices applied to machinery systems and also
E/E/PE systems;
– selects typical safety applications for reed switch-devices according to the requirements
from typical group safety standards;
– selects references, terms and definitions for machinery systems, E/E/PE systems and reed
switch-devices, lifecycle activities, safety integrity and performance level, failures and
safety measures for the reed switch-devices from typical group safety standards;
– addresses a way to share the responsibility on the components in the life cycle phases;
– addresses the application of IEC 62246 (all parts);
– considers the relation between safety requirements for the system from industrial
standards and basic safety measures for the reed switch-devices of a single E/E/PE
safety-related system and for two E/E/PE safety-related systems operating in:
• a low demand mode of operation,
• a high demand or continuous mode of operation.
– considers usage conditions at the end-user side:
• environmental conditions for reed switches’ use;
• proof test period;
• preventive maintenance.
– considers usage conditions at the E/E/PE system manufacturer side:
• switching load;
• failure mode;
• diagnostic coverage for reed switch-devices.
– considers usage conditions at the component manufacturer side:
– considers how to evaluate the risk of the reed switch-devices fault occurrence based on
the requirements from ISO 13849 (all parts), IEC 62061 and IEC 61508 (all parts):
– addresses a way to calculate reliability data of the reed switch-devices based on the
requirements from ISO 13849 (all parts), IEC 62061 and IEC 61508 (all parts)
– analyses dangerous failure rates, B values of the reed switch-devices according to the
10D
switching loads;
– calculates dangerous failure rates of the reed switch-devices based on usage rate per
year;
– considers long-term field demonstration tests and operating experiences of the systems.

– 8 – IEC TR 62246-3:2018 © IEC 2018
REED SWITCHES –
Part 3: Reliability data for reed switch-devices
in typical safety applications

1 Scope
This part of IEC 62246, which is a Technical Report, provides basic technical background and
experience about reliability data for reed switch-devices applied to machinery systems as well
as E/E/PE safety-related control systems during the life cycle phases in general and industrial
safety applications.
The document selects typical safety applications from group safety standards, and includes
national safety standards and regulations accordingly. This document shows major reliability
aspects for a proper design according to the standards, but it does not cover all details of an
individual design. The responsibility for the verification of system design remains with the
system integrator/manufacturer.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
IEC 62061:2005, Safety of machinery – Functional safety of safety-related electrical,
electronic and programmable electronic control systems
IEC 62061:2005/AMD1:2012
IEC 62061:2005/AMD2:2015
IEC 62246-1-1:2018, Reed switches – Part 1-1: Generic specification – Blank detail
specification
ISO 13849 (all parts), Safety of machinery – Safety-related parts of control systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 13849 (all parts),
IEC 62061, IEC 61508 (all parts), and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp

3.1 Failure of systems
3.1.1
average probability of failure on demand
PFD
avg
mean unavailability (see IEC 60050-191) of an E/E/PE safety-related system to perform the
specific safety function when a demand occurs from the EUC or EUC control system
Note 1 to entry: The mean unavailability over a given time interval [t1, t2] is generally noted by U (t1, t2).
Note 2 to entry: Two kind of failures contribute to PFD and PFD : the dangerous undetected failures that have
avg
occurred since the last proof test and genuine on demand failures caused by the demands (proof tests and safety
demands) themselves. The first one is time dependent and characterized by their dangerous failure rate λ (t)
DU
whilst the second one is dependent only on the number of demands and is characterized by a probability of failure
per demand (denoted by γ).
Note 3 to entry: As genuine on-demand failures cannot be detected by tests, it is necessary to identify them and
take them into consideration when calculating the target failure measures.
[SOURCE: IEC 61508-4:2010, 3.6.18]
3.1.2
probability of dangerous failure per hour
PFH
average probability of dangerous failure per hour in a safety-related control system or
subsystem
[SOURCE: IEC 61508-4:2010, 3.6.19, modified – Replacement of "of an E/E/PE safety
related system to perform the specified safety function over a given period of time" by " per
hour in a safety-related control system or subsystem" and deletion of the notes to entry.]
3.2 Confirmation of safety measures for reed switch-devices
3.2.1
proof test period
periodic test performed to detect failures in a reed switch-device so that, if necessary, the
reed switch-device can be restored to an “as new” condition or as close as practical to this
condition
Note 1 to entry: The effectiveness of the proof test will be dependent upon how close to the “as new” condition
the system is restored. For the proof test to be fully effective, it will be necessary to detect 100 % of all dangerous
failures. Although in practice 100 % is not easily achieved for other than low-complexity E/E/PE safety-related
systems, this is the target. As a minimum, all the safety functions which are executed are checked according to the
E/E/PE safety requirements specification. If separate channels are used, these tests are done for each channel
separately.
Note 2 to entry: The proof test is not always usable. For example, for reed relays in E/E/PE systems, functional
operating characteristics are confirmed according to the periodic proof tests by end-users.
[SOURCE: IEC 61508-4:2010, 3.8.5, modified – The term "proof test" has been replaced by
"proof test period" and the entire definition and notes to entry have been redrafted.]
3.2.2
diagnostic coverage
DC
fraction of dangerous failures detected by automatic on-line diagnostic tests
Note 1 to entry: The fraction of dangerous failures is computed by using the dangerous failure rate associated
with the detected dangerous failures divided by the total rate of dangerous failures
Note 2 to entry: The value of DC is given in four levels (see Table 1).

– 10 – IEC TR 62246-3:2018 © IEC 2018
Table 1 – Diagnostic coverage (DC)
DC
Denotation Range
None DC < 60 %
Low 60 % ≤ DC < 90 %
Medium 90 % ≤ DC < 99 %
High 99 % ≤ DC
NOTE The choice of the DC ranges is based on the key values 60 %, 90 % and 99 % also established in other
standards (e.g. IEC 61508 (all parts)) dealing with diagnostic coverage of tests. Investigations show that (1 –
DC) rather than DC itself is a characteristics measure for the effectiveness of the test. (1 – DC) for the key
values 60 %, 90 % and 99 % forms a kind of logarithmic scale fitting to the logarithmic PL-scale. A DC-value
less than 60 % has only slight effect on the reliability of the tested system and is therefore called “none”. A
DC-value greater than 99 % for complex systems is very hard to achieve. To be practicable, the number of
ranges was restricted to four. The indicated borders of this table are assumed within an accuracy of 5 %.

[SOURCE: ISO13849-1:2015, 4.5.3]
3.2.3
proven in use
demonstration, based on an analysis of operational experience for a specific configuration of
an element, that the likelihood of dangerous systematic faults is low enough so that every
safety function that uses the element achieves its required safety integrity level
Note 1 to entry: Field experience is one of the techniques and measures to avoid faults during E/E/PE system
integration and E/E/PE system safety validation. Field experience is referred to as “effectiveness low” in case of a)
and “effectiveness high” in case of b) respectively:
a) With no serious failure in terms of experience for at least one year, over at least ten pieces of equipment
with an operating time of 10 000 h, and different fields of use, 95 % of statistical correctness, and safety;
b) Detailed documentation of all changes (including minor changes) under experience for at least two years,
over at least ten pieces of equipment with an operating time of 10 million hours, and different fields of use,
99,9 % of statistical correctness, and past operation.
Note 2 to entry: "proven in use" is not always usable. For example, applications referred to in IEC 61508 (all
parts) are confirmed based on field feedback data.
[SOURCE: IEC 61508-4:2010, 3.8.18, modified – Addition of the notes to entry.]
3.2.4
common cause failure
CCF
failures of different items, resulting from a single event, where these failures are not
consequences of each other
Note 1 to entry: Common cause failures should not be confused with common mode failures (see
ISO 12100-1:2003, 3.34).
3.3 Reliability data of reed switch-devices
3.3.1
dangerous failure
failure of element and/or subsystem and/or system that plays a part in implementing the
safety function that:
a) prevents a safety function from operating when required (demand mode) or causes a
safety function to fail (continuous mode); or
b) decreases the probability that the safety function operates correctly when required

Note 1 to entry: For reed switch-devices, it means OFF failure (failure to open) in high demand mode of operation
or continuous mode of operation and ON failure (failure to close) in low demand mode of operation.
Note 2 to entry: For reed switch-devices, it means that the OFF-failure (failure to open) in the high demand or
continuous mode of operation and the ON-failure (failure to close) in the low demand mode of operation can be a
dangerous failure for the achievement of an invariable safe-state, and both of the OFF- and ON-failures can be a
dangerous failure for the achievement of an intrinsically variable safe-state.
Note 3 to entry: Invariable safe-state is the state of the overall system in which the safety control-system
concerned can be in one of the activated or inert state to achieve the safe state of the overall system, and the
intrinsically variable safe-state is the state of the overall system in which the safety control-system has to change
its own state from the activated to the inert or from the inert to the activated or both to achieve the safe state of the
overall system.
Note 4 to entry: Activated state is in the lower degree of disorder (i.e., the higher degree of order) and the inert
state is in the higher degree of disorder. The measure of disorder of a system is entropy that is also a measure of
the ”multiplicity” associated with the system state.
[SOURCE: IEC 61508-4:2010, 3.6.7, modified – Addition of the notes to entry.]
3.3.2
B value
10D
number of cycles until 10 % of the components have a dangerous failure
Note 1 to entry: The B value will be specified by the manufacturer of safety devices.
10D
[SOURCE: ISO 13849-1:2015, Table 1]
3.4 Functional safety of reed switch-devices
3.4.1
element safety function of reed switch-device
function to open and/or close as the input and output devices within the stated safety
accuracy in accordance with the following a) to c) applications:
a) the reed switch-device operating its element safety function to materialize an invariable
safe state;
b) the reed switch-device operating its element safety function to materialize an intrinsically
variable safe state;
c) the reed switch-device operating element safety functions to materialize reciprocally
variable safe states
Note 1 to entry: An OFF failure (failure to open) of the form A contact can be a safe failure, an ON failure (failure
to close) of the form A contact can be a dangerous failure, an OFF failure (failure to open) of the form B contact
can be a dangerous failure, and ON failure (failure to close) of the form B contact can be a safe failure regardless
of modes of operation.
Note 2 to entry: For example, a stationary machine is often a safe state for a machinery production system.
Note 3 to entry: All the failure modes of the form A and B contacts can be dangerous failure modes regardless of
modes of operation because the reed switch-device has to repeat to contact and open appropriately according to
circumstances.
Note 4 to entry: An automated steering gear for automobiles controls variable safe courses in accordance with
circumstances, i.e., a variable safe state to prevent collisions.
Note 5 to entry: Any failure mode of the form A and B contacts can be dangerous to one of the safe states but
safe to another safe state regardless of modes of operation because the safe states are mutually reciprocal, i.e., a
safe open state of contact that can be a dangerous state for another contact and a dangerous closed state of
contact that can be a safe state for another contact.
Note 6 to entry: For example, an explosion of air bags for automobiles is a safe situation when an auto crashes
but an unexpected explosion is a dangerous situation when the auto is running normally.

– 12 – IEC TR 62246-3:2018 © IEC 2018
3.4.2
SIL capability of function unit(s)
characteristic of a function unit(s) to which the capability of SIL 1, 2, 3 or 4 is allocated
Note 1 to entry: The allocation is done respectively under specified conditions and circumstances in accordance
with IEC 61508-2 and IEC 61508-3.
[SOURCE EC 60079-29-3:2014, 3.15, modified – Addition of “of function unit(s)” in the term.]
4 Approach adopted for this document
4.1 General
The approach adopted is to raise the following necessities.
In fields such as process industries, machine manufacturing industries, transportation,
general household electrical appliances applying reed switch-devices, there is a growing
demand for functional safety assessment (FSA).
Reed switch manufacturers should do some assessment of their final assembly (reed
switch-devices) and provide important reliability data relating to their reed switch-devices to
other product manufacturers, system integrators or users.
This document describes the process which should be applied in accordance with the
structure of the applications described in this document.
4.2 Application of reed switches in accordance with IEC 62246 (all parts)
When applying reed switches into the following specific products as switching elements, the
contact ratings are intended to be used in conjunction with IEC 62246-1-1:2018 unless
otherwise specified in the detail specifications:
a) reed relays:
electromechanical control circuit devices, consisting of reed switches and coil fitting into a
housing which could be plastic or metal (see IEC 61810-1:2015 and IEC 61811-1:2015);
b) reed switches for electromechanical control circuit devices, consisting of reed switches
and magnet actuator fitting into a housing which could be plastic or metal (see
IEC 60947-5-1:2016);
c) magnetic proximity switches:
electromechanical control circuit devices without external power supply, consisting of reed
switches and magnet actuator, either separated or in the same housing which could be
plastic or metal; they can detect the presence of magnetic objects without contact (see
IEC 60947-5-2:2007);
d) magnetic safety switches:
guard interlocking devices that are designed to protect both people and machines,
consisting of reed switches, overcurrent protection, non-coded or coded magnet actuator
in a separate housing which could be plastic or metal (see IEC 60947-5-3:2013 and
ISO 14119:2013);
e) reed sensors:
electromechanical control circuit devices built using reed switches with additional
functionalities such as the ability to withstand higher shock, easier mounting, additional
intelligent circuitry, etc. (see IEC 60947-5-9:2006).
EXAMPLE 1 Shock reed sensor: a ring magnet is mounted on a very precise tension spring and this assembly is
slid over a reed switch. Depending on the impact to trigger the reed switch, different tension springs are used.

EXAMPLE 2 Thermal reed sensor: a reed switch is enclosed in special ferrite compound which loses its magnetic
permeability at its Curie temperature, and is sandwiched between two permanent magnets.
EXAMPLE 3 Pressure reed sensor: a magnet actuator in mounted on a very precise tension spring and this
assembly is a distance away from a reed switch. Pressure drops cause the spring with attached magnet actuator to
move towards the reed switch, causing the contacts to close.
4.3 Application in accordance with ISO 13849 (all parts), IEC 62061 and IEC 61508 (all
parts)
Reed switch-device manufacturers should provide reliability data such as λ values when
D1
they are applied into machinery systems based on the requirements from ISO 13849-1 and
IEC 62061.
When applied into E/E/PE systems, where no application sector standard exists, they should
provide reliability data such as field failure rates: λ , λ and SFF based on the requirements
s D2
from IEC 61508 (all parts).
4.4 Application of the design of the E/E/PE safety-related system
The design of the E/E/PE safety-related system (including the overall hardware and software
architecture, sensors, programmable electronics, ASICs, embedded software, application
software, data, etc.), shall meet all of the following requirements (see Table 2, Table 3 and
Table 4).
For hardware safety integrity, these include:
– the architecture constraints on hardware safety integrity, and
– the requirements for quantifying the effect of random failures.
Table 2 – Maximum allowable safety integrity level for a safety function
carried out by a type A safety-related element or subsystem
Safety failure fraction of an element Hardware fault tolerance
0 1 2
< 60 % SIL 1 SIL 2 SIL 3
60 % to < 90 % SIL 2 SIL 3 SIL 4
90 % to < 99 % SIL 3 SIL 4 SIL 4
≥ 99 % SIL 3 SIL 4 SIL 4
NOTE 1 Refer to IEC 62061 which gives SIL3 max. and PL e and category 4, however when using IEC 61508
(all parts), it is possible to achieve SIL 4 only.
NOTE 2 This table is based on IEC 61508-2:2010, Table 2.

Table 3 – Performance level
PL Average probability of dangerous failure per hour [PFH ]
D
-5 -4
a ≥ 10 to < 10
-6 -5
b ≥ 3 × 10 to < 10
-6 -6
c ≥ 10 to < 3 × 10
-7 -6
d ≥ 10 to < 10
-8 -7
e ≥ 10 to < 10
NOTE This table is based on ISO 13849-1:2015, Table 3.

– 14 – IEC TR 62246-3:2018 © IEC 2018
Table 4 – Architectural constraints on subsystems: maximum SIL that can be claimed
for a safety-related control function (SRCF) using this subsystem
Hardware fault tolerance (see Note 1)
Safe failure fraction
0 1 2
< 60 % Not allowed (for SIL 1 SIL 2
exception see Note 3)
60 % to < 90 % SIL 1 SIL 2 SIL 3
90 % to < 99 % SIL 2 SIL 3 SIL 3 (see Note 2)
≥ 99 % SIL 3 SIL 3 (see Note 2) SIL 3 (see Note 2)
NOTE 1 A hardware fault tolerance of N means that N+1 faults could cause a loss of the safety-related control
function.
NOTE 2 A SIL 4 claim limit is not considered in this document. For SIL 4 see IEC 61508-1.
NOTE 3 See IEC 62061:2005 and IEC 62061:2005/AMD2:2015, 6.7.6.4 or for subsystems where fault
exclusions have been applied to faults that could lead to a dangerous failure, see IEC 62061:2005,
IEC 62061:2005/AMD1:2012 and IEC 62061:2005/AMD2:2015, 6.7.7.
NOTE 4 This table is based on IEC 62061:2005, Table 5.

4.5 Application of SIL capability to function units
4.5.1 General
The procedures to allocate SIL capability to function units of reed switch-devices are intended
to be specified based on the agreement between system and reed switch-devices
manufacturers for the realization of an E/E/PE safety-related system.
4.5.2 Procedures
The allocation of SIL capability to
...