IEC 61784-3:2016
(Main)Industrial communication networks - Profiles - Part 3: Functional safety fieldbuses - General rules and profile definitions
Industrial communication networks - Profiles - Part 3: Functional safety fieldbuses - General rules and profile definitions
IEC 61784-3:2016 series explains some common principles that can be used in the transmission of safety-relevant messages among participants within a distributed network which use fieldbus technology in accordance with the requirements of IEC 61508 series for functional safety. These principles are based on the black channel approach. They can be used in various industrial applications such as process control, manufacturing automation and machinery. This part and the IEC 61784-3-x parts specify several functional safety communication profiles based on the communication profiles and protocol layers of the fieldbus technologies in IEC 61784-1, IEC 61784-2 and the IEC 61158 series. These functional safety communication profiles use the black channel approach, as defined in IEC 61508. These functional safety communication profiles are intended for implementation in safety devices exclusively. This third edition cancels and replaces the second edition published in 2010. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition:
- clarifications and additional explanations for requirements, updated references;
- deletion of technical overviews of profiles (Clauses 6 to 13), and associated dedicated subclauses for terms, definitions, symbols and abbreviations;
- addition of profiles for Communication Profile Families 8, 17 and 18 (Clauses 10, 14, 15);
- clarifications of models in Annex A;
- Annex B changed from informative to normative;
- addition of a new informative Annex E describing models for explicit and implicit FSCP mechanisms;
- addition of a new informative Annex F introducing an extended model for estimation of the total residual error rate;
- updates in parts for CPF 1, CPF 2, CPF 3, CPF 8, CPF 13 (details provided in the parts);
- addition of a new part for CPF 17.
Réseaux de communication industriels - Profils - Partie 3: Bus de terrain de sécurité fonctionnelle - Règles générales et définitions de profils
L'IEC 61784-3:2016 définit des principes communs qui peuvent être appliqués pour la transmission des messages relatifs à la sécurité entre les participants d'un réseau réparti, à l'aide de la technologie de bus de terrain conformément aux exigences de la série IEC 61508 sur la sécurité fonctionnelle. Ces principes peuvent s'appuyer sur le principe de canal noir. Ils peuvent être utilisés dans différentes applications industrielles, par exemple la commande de processus, l'usinage automatique et les machines. La présente partie et les parties IEC 61784-3-x spécifient plusieurs profils de communication de sécurité fonctionnelle basés sur les profils de communication et les couches de protocole des technologies des bus de terrain de l'IEC 61784-1, de l'IEC 61784-2 et de la série IEC 61158. Ces profils de communication de sécurité fonctionnelle utilisent le principe de canal noir, comme défini dans l'IEC 61508. Ces profils de communication de sécurité fonctionnelle sont destinés à être exclusivement mis en oeuvre dans des appareils de sécurité. Cette troisième édition annule et remplace la deuxième édition parue en 2010. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente:
- clarifications et explications complémentaires des exigences, références actualisées;
- suppression des présentations techniques de profils (Articles 6 à 13) et paragraphes dédiés associés à des termes, définitions, symboles et abréviations;
- ajout de profils pour les familles de profils de communication 8, 17 et 18 (Articles 10, 14, 15);
- clarifications des modèles de l'Annexe A;
- modification de l'Annexe B informative qui devient normative;
- ajout d'une nouvelle Annexe E informative pour décrire les modèles des mécanismes FSCP explicites et implicites;
- ajout d'une nouvelle Annexe F informative qui introduit un modèle étendu pour l'estimation du taux total d'erreurs résiduelles;
- actualisations des parties pour les CPF 1, CPF 2, CPF 3, CPF 8, CPF 13 (détails fournis dans les parties);
- ajout d'une nouvelle partie pour CPF 17.
General Information
Relations
Standards Content (Sample)
IEC 61784-3 ®
Edition 3.0 2016-05
REDLINE VERSION
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 15 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC 61784-3 ®
Edition 3.0 2016-05
REDLINE VERSION
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 25.040.40; 35.100.05 ISBN 978-2-8322-3372-6
– 2 – IEC 61784-3:2016 RLV IEC 2016
CONTENTS
FOREWORD . 8
0 Introduction . 10
0.1 General . 10
0.2 Transition from Edition 2 to extended assessment methods in Edition 3 . 12
0.3 Patent declaration . 12
1 Scope . 14
2 Normative references. 14
3 Terms, definitions, symbols, abbreviated terms and conventions. 16
3.1 Terms and definitions . 16
3.1.1 Common terms and definitions .
3.1.2 CPF 1: Additional terms and definitions .
3.1.3 CPF 2: Additional terms and definitions .
3.1.4 CPF 3: Additional terms and definitions .
3.1.5 CPF 6: Additional terms and definitions .
3.1.6 CPF 8: Additional terms and definitions .
3.1.7 CPF 12: Additional terms and definitions .
3.1.8 CPF 13: Additional terms and definitions .
3.1.9 CPF 14: Additional terms and definitions .
3.2 Symbols and abbreviated terms . 24
3.2.1 Common symbols and abbreviated terms .
3.2.2 CPF 1: Additional symbols and abbreviated terms .
3.2.3 CPF 2: Additional symbols and abbreviated terms .
3.2.4 CPF 3: Additional symbols and abbreviated terms .
3.2.5 CPF 6: Additional symbols and abbreviated terms .
3.2.6 CPF 8: Additional symbols and abbreviated terms .
3.2.7 CPF 12: Additional symbols and abbreviated terms .
3.2.8 CPF 13: Additional symbols and abbreviated terms .
3.2.9 CPF 14: Additional symbols and abbreviated terms .
4 Conformance . 26
5 Basics of safety-related fieldbus systems . 26
5.1 Safety function decomposition . 26
5.2 Communication system . 27
5.2.1 General . 27
5.2.2 IEC 61158 fieldbuses . 27
5.2.3 Communication channel types . 28
5.2.4 Safety function response time . 28
5.3 Communication errors . 29
5.3.1 General . 29
5.3.2 Corruption . 29
5.3.3 Unintended repetition . 29
5.3.4 Incorrect sequence . 30
5.3.5 Loss . 30
5.3.6 Unacceptable delay . 30
5.3.7 Insertion . 30
5.3.8 Masquerade . 30
5.3.9 Addressing. 30
5.4 Deterministic remedial measures . 31
5.4.1 General . 31
5.4.2 Sequence number . 31
5.4.3 Time stamp . 31
5.4.4 Time expectation . 31
5.4.5 Connection authentication . 31
5.4.6 Feedback message . 31
5.4.7 Data integrity assurance . 32
5.4.8 Redundancy with cross checking . 32
5.4.9 Different data integrity assurance systems . 32
5.5 Typical relationships between errors and safety measures . 32
5.6 Communication phases . 33
5.7 FSCP implementation aspects . 34
5.8 Data integrity considerations . 34
5.8.1 Calculation of the residual error rate . 34
5.8.2 Total residual error rate and SIL . 37
5.9 Relationship between functional safety and security . 38
5.10 Boundary conditions and constraints . 39
5.10.1 Electrical safety . 39
5.10.2 Electromagnetic compatibility (EMC) . 39
5.11 Installation guidelines . 40
5.12 Safety manual . 40
5.13 Safety policy . 40
6 Communication Profile Family 1 (FOUNDATION™ Fieldbus) – Profiles for functional
safety . 41
6.1 Functional Safety Communication Profile 1/1 .
6.2 Technical overview .
7 Communication Profile Family 2 (CIP™) and Family 16 (SERCOS®)– Profiles for
functional safety . 42
7.1 Functional Safety Communication Profile 2/1 .
7.2 Technical overview .
8 Communication Profile Family 3 (PROFIBUS™, PROFINET™) – Profiles for
functional safety . 44
8.1 Functional Safety Communication Profile 3/1 .
8.2 Technical overview .
9 Communication Profile Family 6 (INTERBUS®) – Profiles for functional safety . 46
9.1 Functional Safety Communication Profile 6/7 .
9.2 Technical overview .
10 Communication Profile Family 8 (CC-Link™) – Profiles for functional safety . 48
10.1 Functional Safety Communication Profile 8/1 . 48
10.2 Technical overview Functional Safety Communication Profile 8/2 . 48
11 Communication Profile Family 12 (EtherCAT™) – Profiles for functional safety . 49
11.1 Functional Safety Communication Profile 12/1 .
11.2 Technical overview .
12 Communication Profile Family 13 (Ethernet POWERLINK™) – Profiles for
functional safety . 50
12.1 Functional Safety Communication Profile 13/1 .
12.2 Technical overview .
– 4 – IEC 61784-3:2016 RLV IEC 2016
13 Communication Profile Family 14 (EPA®) – Profiles for functional safety . 52
13.1 Functional Safety Communication Profile 14/1 .
13.2 Technical overview .
14 Communication Profile Family 17 (RAPIEnet™) – Profiles for functional safety . 53
15 Communication Profile Family 18 (SafetyNET p™ Fieldbus) – Profiles for
functional safety . 53
Annex A (informative) Example functional safety communication models . 54
A.1 General . 54
A.2 Model A (single message, channel and FAL, redundant SCLs) . 54
A.3 Model B (full redundancy) . 54
A.4 Model C (redundant messages, FALs and SCLs, single channel) . 55
A.5 Model D (redundant messages and SCLs, single channel and FAL) . 55
Annex B (informative normative) Safety communication channel model using CRC-
based error checking . 57
B.1 Overview. 57
B.2 Channel model for calculations . 57
B.3 Bit error probability Pe. 58
B.4 Cyclic redundancy checking . 59
B.4.1 General . 59
B.4.2 Considerations concerning CRC polynomials . 60
Annex C (informative) Structure of technology-specific parts . 62
Annex D (informative) Assessment guideline . 64
D.1 Overview. 64
D.2 Channel types . 64
D.2.1 General . 64
D.2.2 Black channel . 64
D.2.3 White channel . 64
D.3 Data integrity considerations for white channel approaches . 65
D.3.1 General . 65
D.3.2 Models B and C . 65
D.3.3 Models A and D . 66
D.4 Verification of safety measures . 67
D.4.1 General . 67
D.4.2 Implementation . 67
D.4.3 "De-energize to trip" principle . 67
D.4.4 Safe state . 67
D.4.5 Transmission errors . 67
D.4.6 Safety reaction and response times . 67
D.4.7 Combination of measures . 68
D.4.8 Absence of interference . 68
D.4.9 Additional fault causes (white channel) . 68
D.4.10 Reference test beds and operational conditions . 68
D.4.11 Conformance tester . 69
Annex E (informative) Examples of implicit vs. explicit FSCP safety measures . 70
E.1 General . 70
E.2 Example fieldbus message with safety PDUs . 70
E.3 Model with completely explicit safety measures . 70
E.4 Model with explicit A-code and implicit T-code safety measures . 71
E.5 Model with explicit T-code and implicit A-code safety measures . 71
E.6 Model with split explicit and implicit safety measures . 72
E.7 Model with completely implicit safety measures . 73
E.8 Addition to Annex B – impact of implicit codes on properness . 73
Annex F (informative) Extended models for estimation of the total residual error rate . 74
F.1 Applicability . 74
F.2 General models for black channel communications . 74
F.3 Identification of generic safety properties . 75
F.4 Assumptions for residual error rate calculations . 75
F.5 Residual error rates. 76
F.5.1 Explicit and implicit mechanisms . 76
F.5.2 Residual error rate calculations . 76
F.6 Data integrity . 78
F.6.1 Probabilistic considerations . 78
F.6.2 Deterministic considerations . 78
F.7 Authenticity . 79
F.7.1 General . 79
F.7.2 Residual error rate for authenticity (RR ) . 80
A
F.8 Timeliness . 81
F.8.1 General . 81
F.8.2 Residual error rate for timeliness (RR ) . 83
T
F.9 Masquerade . 84
F.9.1 General . 84
F.9.2 Other terms used to calculate residual error rate for masquerade
rejection (RR ) . 84
M
F.10 Calculation of the total residual error rates . 84
F.10.1 Based on the summation of the residual error rates . 84
F.10.2 Based on other quantitative proofs . 85
F.11 Total residual error rate and SIL . 85
F.12 Configuration and parameterization for an FSCP . 86
F.12.1 General . 86
F.12.2 Configuration and parameterization change rate . 88
F.12.3 Residual error rate for configuration and parameterization . 88
Bibliography . 89
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 10
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 11
Figure 3 – Transition from Edition 2 to Edition 3 assessment methods . 12
Figure 4 – Safety communication as a part of a safety function . 27
Figure 5 – Example model of a functional safety communication system . 28
Figure 6 – Example of safety function response time components . 29
Figure 7 – Scope of FSCP 1/1 .
Figure 7 – Conceptual FSCP protocol model . 34
Figure 8 – Relationship of Safety Validators .
Figure 8 – FSCP implementation aspects . 34
Figure 9 – Basic communication preconditions for FSCP 3/1 .
– 6 – IEC 61784-3:2016 RLV IEC 2016
Figure 9 – Example application 1 (m=4) . 36
Figure 10 – Structure of a FSCP 3/1 safety PDU .
Figure 10 – Example application 2 (m = 2) . 37
Figure 11 – Safe communication modes .
Figure 11 – Zones and conduits concept for security according to IEC 62443 . 39
Figure 12 – FSCP 6/7 communication preconditions .
Figure 13 – Basic FSCP 12/1 system .
Figure 14 – Producer consumer example .
Figure 15 – Client server example .
Figure 16 – FSCP 14/1 safety communication architecture .
Figure A.1 – Model A . 54
Figure A.2 – Model B . 55
Figure A.3 – Model C . 55
Figure A.4 – Model D . 56
Figure B.1 – Communication channel with perturbation . 57
Figure B.2 – Binary symmetric channel (BSC) . 58
Figure B.3 – Example of a block with a message part and a CRC bits (redundancy
code) signature . 59
Figure B.4 – Block codes for error detection . 60
Figure B.5 – Proper and improper CRC polynomials . 61
Figure D.1 – Basic Markov model . 66
Figure E.1 – Example safety PDUs embedded in a fieldbus message . 70
Figure E.2 – Model with completely explicit safety measures . 70
Figure E.3 – Model with explicit A-code and implicit T-code safety measures . 71
Figure E.4 – Model with explicit T-code and implicit A-code safety measures . 72
Figure E.5 – Model with split explicit and implicit safety measures . 72
Figure E.6 – Model with completely implicit safety measures . 73
Figure F.1 – Black channel from an FSCP perspective . 74
Figure F.2 – Model for authentication considerations . 79
Figure F.3 – Fieldbus and internal address errors . 80
Figure F.4 – Example of slowly increasing message latency . 82
Figure F.5 – Example of an active network element failure . 83
Figure F.6 – Example application 1 (m = 4) . 85
Figure F.7 – Example application 2 (m = 2) . 85
Figure F.8 – Example of configuration and parameterization procedures for FSCP . 87
Table 1 – Overview of the effectiveness of the various measures on the possible errors . 33
Table 2 – Definition of items used for calculation of the residual error rates . 36
Table 3 – Typical relationship of residual error rate to SIL level . 37
Table 4 – Typical relationship of residual error on demand to SIL . 37
Table 5 – Overview of profile identifier usable for FSCP 6/7 . 47
Table B.1 – Example dependency d and block bit length n . 60
min
Table C.1 – Common subclause structure for technology-specific parts . 62
Table F.1 – Typical relationship of residual error rate to SIL . 86
Table F.2 – Typical relationship of residual error on demand to SIL. 86
– 8 – IEC 61784-3:2016 RLV IEC 2016
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
This redline version of the official IEC Standard allows the user to identify the changes
made to the previous edition. A vertical bar appears in the margin wherever a change
has been made. Additions are in green text, deletions are in strikethrough red text.
International Standard IEC 61784-3 has been prepared by subcommittee 65C: Industrial
networks, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This third edition cancels and replaces the second edition published in 2010. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
• clarifications and additional explanations for requirements, updated references;
• deletion of technical overviews of profiles (Clauses 6 to 13), and associated dedicated
subclauses for terms, definitions, symbols and abbreviations;
• addition of profiles for Communication Profile Families 8, 17 and 18 (Clauses 10, 14, 15);
• clarifications of models in Annex A;
• Annex B changed from informative to normative;
• addition of a new informative Annex E describing models for explicit and implicit FSCP
mechanisms;
• addition of a new informative Annex F introducing an extended model for estimation of the
total residual error rate;
• updates in parts for CPF 1, CPF 2, CPF 3, CPF 8, CPF 13 (details provided in the parts);
• addition of a new part for CPF 17.
The text of this standard is based on the following documents:
FDIS Report on voting
65C/840/FDIS 65C/848/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts of the IEC 61784-3 series, published under the general title Industrial
communication networks – Profiles – Functional safety fieldbuses, can be found on the IEC
website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 10 – IEC 61784-3:2016 RLV IEC 2016
0 Introduction
0.1 General
The IEC 61158 fieldbus standard together with its companion standards IEC 61784-1 and
IEC 61784-2 defines a set of communication protocols that enable distributed control of
automation applications. Fieldbus technology is now considered well accepted and well
proven. Thus many fieldbus enhancements are emerging continue to emerge, addressing not
yet standardized applications for areas such as real time, safety-related and security-related
applications.
This standard explains the relevant principles for functional safety communications with
reference to IEC 61508 series and specifies several safety communication layers (profiles and
corresponding protocols) based on the communication profiles and protocol layers of
IEC 61784-1, IEC 61784-2 and the IEC 61158 series. It does not cover electrical safety and
intrinsic safety aspects.
Figure 1 shows the relationships between this standard and relevant safety and fieldbus
standards in a machinery environment.
IEC
NOTE Subclauses 6.7.6.4 (high complexity) and 6.7.8.1.6 (low complexity) of IEC 62061 specify the relationship
between PL (Category) and SIL.
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
Figure 2 shows the relationships between this standard and relevant safety and fieldbus
standards in a process environment.
IEC
a
For specified electromagnetic environments; otherwise IEC 61326-3-1 or IEC 61000-6-7.
b
EN ratified.
Figure 2 – Relationships of IEC 61784-3 with other standards (process)
Safety communication layers which are implemented as parts of safety-related systems
according to IEC 61508 series provide the necessary confidence in the transportation of
messages (information) between two or more participants on a fieldbus in a safety-related
system, or sufficient confidence of safe behaviour in the event of fieldbus errors or failures.
Safety communication layers specified in this standard do this in such a way that a fieldbus
can be used for applications requiring functional safety up to the Safety Integrity Level (SIL)
specified by its corresponding functional safety communication profile.
The resulting SIL claim of a system depends on the implementation of the selected functional
safety communication profile (FSCP) within this system – implementation of a functional
safety communication profile in a standard device is not sufficient to qualify it as a safety
device.
This standard describes:
– 12 – IEC 61784-3:2016 RLV IEC 2016
• basic principles for implementing the requirements of IEC 61508 series for safety-related
data communications, including possible transmission faults, remedial measures and
considerations affecting data integrity;
• individual description of functional safety communication profiles for several
communication profile families in IEC 61784-1 and IEC 61784-2, including safety layer
extensions to the communication service and protocols sections of the IEC 61158 series.
0.2 Transition from Edition 2 to extended assessment methods in Edition 3
This edition of the generic part of the standard includes additional extended models for future
use when estimating the total residual error rate for an FSCP. This value can be used to
determine if the FSCP meets the requirements of functional safety applications up to a given
SIL. These extended models for qualitative and quantitative safety determination methods are
detailed in Annex E and Annex F.
However, because of the typical duration of the assessment process, the FSCPs published
prior to or concurrently with this new edition of the generic part can only be assessed using
the methods from previous editions, based on data integrity considerations specified in 5.8.
The validity schema in Figure 3 shows how to handle the transition from original assessment
methods of Edition 2 (specified in 5.8) to extended assessment methods in Edition 3
(currently specified in Annex F). According to this schema, the FSCPs are exempt from a new
assessment according to Annex F until Edition 4, where the contents of current Annex F will
replace the current 5.8.
NOTE However, a particular FSCP can achieve an earlier assessment and publish an adequate amendment.
IEC
Key
DI Data Integrity
TADI Timeliness, Authenticity, Data Integrity
Figure 3 – Transition from Edition 2 to Edition 3 assessment methods
0.3 Patent declaration
The International Electrotechnical Commission (IEC) draws attention to the fact that it is
claimed that compliance with this document may involve the use of patents concerning
functional safety communication profiles for families 1, 2, 3, 6, 8, 12, 13, 14, 17 and 18 given
in IEC 61784-3-1, IEC 61784-3-2, IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8,
IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17 and IEC 61784-3-18.
IEC takes no position concerning the evidence, validity and scope of these patent rights.
The holders of these patent rights have assured the IEC that they are willing to negotiate
licences either free of charge or under reasonable and non-discriminatory terms and
conditions with applicants throughout the world. In this respect, the statements of the holders
of these patent rights are registered with IEC.
NOTE Patent details and corresponding contact information are provided in IEC 61784-3-1, IEC 61784-3-2,
IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8, IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17
and IEC 61784-3-18.
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights other than those identified above. IEC shall not be held responsible for
identifying any or all such patent rights.
ISO (www.iso.org/patents) and IEC (http://patents.iec.ch) maintain on-line data bases of
patents relevant to their standards. Users are encouraged to consult the data bases for the
most up to date information concerning patents.
– 14 – IEC 61784-3:2016 RLV IEC 2016
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
1 Scope
This part of the IEC 61784-3 series explains some common principles that can be used in the
transmission of safety-relevant messages among participants within a distributed network
which use fieldbus technology in accordance with the requirements of IEC 61508 series for
functional safety. These principles are based on the black channel approach. They can be
used in various industrial applications such as process control, manufacturing automation and
machinery.
This part and the IEC 61784-3-x parts specify several functional safety communication
profiles based on the communication profiles and protocol layers of the fieldbus technologies
in IEC 61784-1, IEC 61784-2 and the IEC 61158 series. These functional safety
communication profiles use the black channel approach, as defined in IEC 61508. These
functional safety communication profiles are intended for implementation in safety devices
exclusively.
NOTE 1 Other safety-related communication systems meeting the requirements of IEC 61508 series may can
exist that are not included in this standard.
NOTE 2 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such
as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
All systems are exposed to unauthorized access at some point of their life cycle. Additional
measures need to be considered in any safety-related application to protect fieldbus systems
against unauthorized access. The IEC 62443 series will address many of these issues;
...
IEC 61784-3 ®
Edition 3.0 2016-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 15 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 20 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 15
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.
Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
La recherche avancée permet de trouver des publications IEC 65 000 entrées terminologiques électrotechniques, en anglais
en utilisant différents critères (numéro de référence, texte, et en français, extraites des articles Termes et Définitions des
comité d’études,…). Elle donne aussi des informations sur les publications IEC parues depuis 2002. Plus certaines entrées
projets et les publications remplacées ou retirées. antérieures extraites des publications des CE 37, 77, 86 et
CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished
Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.
IEC 61784-3 ®
Edition 3.0 2016-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.100.05 ISBN 978-2-8322-3238-5
– 2 – IEC 61784-3:2016 IEC 2016
CONTENTS
FOREWORD . 7
0 Introduction . 9
0.1 General . 9
0.2 Transition from Edition 2 to extended assessment methods in Edition 3 . 11
0.3 Patent declaration . 12
1 Scope . 13
2 Normative references. 13
3 Terms, definitions, symbols, abbreviated terms and conventions. 15
3.1 Terms and definitions . 15
3.2 Symbols and abbreviated terms . 22
4 Conformance . 23
5 Basics of safety-related fieldbus systems . 23
5.1 Safety function decomposition . 23
5.2 Communication system . 24
5.2.1 General . 24
5.2.2 IEC 61158 fieldbuses . 24
5.2.3 Communication channel types . 25
5.2.4 Safety function response time . 25
5.3 Communication errors . 26
5.3.1 General . 26
5.3.2 Corruption . 26
5.3.3 Unintended repetition . 26
5.3.4 Incorrect sequence . 26
5.3.5 Loss . 27
5.3.6 Unacceptable delay . 27
5.3.7 Insertion . 27
5.3.8 Masquerade . 27
5.3.9 Addressing. 27
5.4 Deterministic remedial measures . 27
5.4.1 General . 27
5.4.2 Sequence number . 27
5.4.3 Time stamp . 27
5.4.4 Time expectation . 28
5.4.5 Connection authentication . 28
5.4.6 Feedback message . 28
5.4.7 Data integrity assurance . 28
5.4.8 Redundancy with cross checking . 28
5.4.9 Different data integrity assurance systems . 29
5.5 Typical relationships between errors and safety measures . 29
5.6 Communication phases . 30
5.7 FSCP implementation aspects . 31
5.8 Data integrity considerations . 31
5.8.1 Calculation of the residual error rate . 31
5.8.2 Total residual error rate and SIL . 33
5.9 Relationship between functional safety and security . 34
5.10 Boundary conditions and constraints . 35
5.10.1 Electrical safety . 35
5.10.2 Electromagnetic compatibility (EMC) . 35
5.11 Installation guidelines . 36
5.12 Safety manual . 36
5.13 Safety policy . 36
6 Communication Profile Family 1 (FOUNDATION™ Fieldbus) – Profiles for functional
safety . 37
7 Communication Profile Family 2 (CIP™) and Family 16 (SERCOS®) – Profiles for
functional safety . 37
8 Communication Profile Family 3 (PROFIBUS™, PROFINET™) – Profiles for
functional safety . 37
9 Communication Profile Family 6 (INTERBUS®) – Profiles for functional safety . 38
10 Communication Profile Family 8 (CC-Link™) – Profiles for functional safety . 38
10.1 Functional Safety Communication Profile 8/1 . 38
10.2 Functional Safety Communication Profile 8/2 . 39
11 Communication Profile Family 12 (EtherCAT™) – Profiles for functional safety . 39
12 Communication Profile Family 13 (Ethernet POWERLINK™) – Profiles for
functional safety . 40
13 Communication Profile Family 14 (EPA®) – Profiles for functional safety . 40
14 Communication Profile Family 17 (RAPIEnet™) – Profiles for functional safety . 40
15 Communication Profile Family 18 (SafetyNET p™ Fieldbus) – Profiles for
functional safety . 41
Annex A (informative) Example functional safety communication models . 42
A.1 General . 42
A.2 Model A (single message, channel and FAL, redundant SCLs) . 42
A.3 Model B (full redundancy) . 42
A.4 Model C (redundant messages, FALs and SCLs, single channel) . 43
A.5 Model D (redundant messages and SCLs, single channel and FAL) . 43
Annex B (normative) Safety communication channel model using CRC-based error
checking . 45
B.1 Overview. 45
B.2 Channel model for calculations . 45
B.3 Bit error probability Pe. 46
B.4 Cyclic redundancy checking . 47
B.4.1 General . 47
B.4.2 Considerations concerning CRC polynomials . 48
Annex C (informative) Structure of technology-specific parts . 50
Annex D (informative) Assessment guideline . 52
D.1 Overview. 52
D.2 Channel types . 52
D.2.1 General . 52
D.2.2 Black channel . 52
D.2.3 White channel . 52
D.3 Data integrity considerations for white channel approaches . 53
D.3.1 General . 53
D.3.2 Models B and C . 53
D.3.3 Models A and D . 54
D.4 Verification of safety measures . 55
– 4 – IEC 61784-3:2016 IEC 2016
D.4.1 General . 55
D.4.2 Implementation . 55
D.4.3 "De-energize to trip" principle . 55
D.4.4 Safe state . 55
D.4.5 Transmission errors . 55
D.4.6 Safety reaction and response times . 55
D.4.7 Combination of measures . 56
D.4.8 Absence of interference . 56
D.4.9 Additional fault causes (white channel) . 56
D.4.10 Reference test beds and operational conditions . 56
D.4.11 Conformance tester . 56
Annex E (informative) Examples of implicit vs. explicit FSCP safety measures . 57
E.1 General . 57
E.2 Example fieldbus message with safety PDUs . 57
E.3 Model with completely explicit safety measures . 57
E.4 Model with explicit A-code and implicit T-code safety measures . 58
E.5 Model with explicit T-code and implicit A-code safety measures . 58
E.6 Model with split explicit and implicit safety measures . 59
E.7 Model with completely implicit safety measures . 60
E.8 Addition to Annex B – impact of implicit codes on properness . 60
Annex F (informative) Extended models for estimation of the total residual error rate . 61
F.1 Applicability . 61
F.2 General models for black channel communications . 61
F.3 Identification of generic safety properties . 62
F.4 Assumptions for residual error rate calculations . 62
F.5 Residual error rates. 63
F.5.1 Explicit and implicit mechanisms . 63
F.5.2 Residual error rate calculations . 63
F.6 Data integrity . 65
F.6.1 Probabilistic considerations . 65
F.6.2 Deterministic considerations . 65
F.7 Authenticity . 66
F.7.1 General . 66
F.7.2 Residual error rate for authenticity (RR ) . 67
A
F.8 Timeliness . 68
F.8.1 General . 68
F.8.2 Residual error rate for timeliness (RR ) . 70
T
F.9 Masquerade . 71
F.9.1 General . 71
F.9.2 Other terms used to calculate residual error rate for masquerade
rejection (RR ) . 71
M
F.10 Calculation of the total residual error rates . 71
F.10.1 Based on the summation of the residual error rates . 71
F.10.2 Based on other quantitative proofs . 72
F.11 Total residual error rate and SIL . 72
F.12 Configuration and parameterization for an FSCP . 73
F.12.1 General . 73
F.12.2 Configuration and parameterization change rate . 75
F.12.3 Residual error rate for configuration and parameterization . 75
Bibliography . 76
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 9
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 10
Figure 3 – Transition from Edition 2 to Edition 3 assessment methods . 11
Figure 4 – Safety communication as a part of a safety function . 24
Figure 5 – Example model of a functional safety communication system . 25
Figure 6 – Example of safety function response time components . 26
Figure 7 – Conceptual FSCP protocol model . 31
Figure 8 – FSCP implementation aspects . 31
Figure 9 – Example application 1 (m=4) . 33
Figure 10 – Example application 2 (m = 2) . 33
Figure 11 – Zones and conduits concept for security according to IEC 62443 . 35
Figure A.1 – Model A . 42
Figure A.2 – Model B . 43
Figure A.3 – Model C . 43
Figure A.4 – Model D . 44
Figure B.1 – Communication channel with perturbation . 45
Figure B.2 – Binary symmetric channel (BSC) . 46
Figure B.3 – Example of a block with a message part and a CRC signature . 47
Figure B.4 – Block codes for error detection . 48
Figure B.5 – Proper and improper CRC polynomials . 49
Figure D.1 – Basic Markov model . 54
Figure E.1 – Example safety PDUs embedded in a fieldbus message . 57
Figure E.2 – Model with completely explicit safety measures . 57
Figure E.3 – Model with explicit A-code and implicit T-code safety measures . 58
Figure E.4 – Model with explicit T-code and implicit A-code safety measures . 59
Figure E.5 – Model with split explicit and implicit safety measures . 59
Figure E.6 – Model with completely implicit safety measures . 60
Figure F.1 – Black channel from an FSCP perspective . 61
Figure F.2 – Model for authentication considerations . 66
Figure F.3 – Fieldbus and internal address errors . 67
Figure F.4 – Example of slowly increasing message latency . 69
Figure F.5 – Example of an active network element failure . 70
Figure F.6 – Example application 1 (m = 4) . 72
Figure F.7 – Example application 2 (m = 2) . 72
Figure F.8 – Example of configuration and parameterization procedures for FSCP . 74
Table 1 – Overview of the effectiveness of the various measures on the possible errors . 30
Table 2 – Definition of items used for calculation of the residual error rates . 32
Table 3 – Typical relationship of residual error rate to SIL. 34
Table 4 – Typical relationship of residual error on demand to SIL . 34
Table 5 – Overview of profile identifier usable for FSCP 6/7 . 38
– 6 – IEC 61784-3:2016 IEC 2016
Table B.1 – Example dependency d and block bit length n . 48
min
Table C.1 – Common subclause structure for technology-specific parts . 50
Table F.1 – Typical relationship of residual error rate to SIL . 73
Table F.2 – Typical relationship of residual error on demand to SIL. 73
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
International Standard IEC 61784-3 has been prepared by subcommittee 65C: Industrial
networks, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This third edition cancels and replaces the second edition published in 2010. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
• clarifications and additional explanations for requirements, updated references;
• deletion of technical overviews of profiles (Clauses 6 to 13), and associated dedicated
subclauses for terms, definitions, symbols and abbreviations;
• addition of profiles for Communication Profile Families 8, 17 and 18 (Clauses 10, 14, 15);
• clarifications of models in Annex A;
– 8 – IEC 61784-3:2016 IEC 2016
• Annex B changed from informative to normative;
• addition of a new informative Annex E describing models for explicit and implicit FSCP
mechanisms;
• addition of a new informative Annex F introducing an extended model for estimation of the
total residual error rate;
• updates in parts for CPF 1, CPF 2, CPF 3, CPF 8, CPF 13 (details provided in the parts);
• addition of a new part for CPF 17.
The text of this standard is based on the following documents:
FDIS Report on voting
65C/840/FDIS 65C/848/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts of the IEC 61784-3 series, published under the general title Industrial
communication networks – Profiles – Functional safety fieldbuses, can be found on the IEC
website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
0 Introduction
0.1 General
The IEC 61158 fieldbus standard together with its companion standards IEC 61784-1 and
IEC 61784-2 defines a set of communication protocols that enable distributed control of
automation applications. Fieldbus technology is now considered well accepted and well
proven. Thus fieldbus enhancements continue to emerge, addressing applications for areas
such as real time, safety-related and security-related applications.
This standard explains the relevant principles for functional safety communications with
reference to IEC 61508 series and specifies several safety communication layers (profiles and
corresponding protocols) based on the communication profiles and protocol layers of
IEC 61784-1, IEC 61784-2 and the IEC 61158 series. It does not cover electrical safety and
intrinsic safety aspects.
Figure 1 shows the relationships between this standard and relevant safety and fieldbus
standards in a machinery environment.
IEC
NOTE Subclauses 6.7.6.4 (high complexity) and 6.7.8.1.6 (low complexity) of IEC 62061 specify the relationship
between PL (Category) and SIL.
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
– 10 – IEC 61784-3:2016 IEC 2016
Figure 2 shows the relationships between this standard and relevant safety and fieldbus
standards in a process environment.
IEC
a
For specified electromagnetic environments; otherwise IEC 61326-3-1 or IEC 61000-6-7.
b
EN ratified.
Figure 2 – Relationships of IEC 61784-3 with other standards (process)
Safety communication layers which are implemented as parts of safety-related systems
according to IEC 61508 series provide the necessary confidence in the transportation of
messages (information) between two or more participants on a fieldbus in a safety-related
system, or sufficient confidence of safe behaviour in the event of fieldbus errors or failures.
Safety communication layers specified in this standard do this in such a way that a fieldbus
can be used for applications requiring functional safety up to the Safety Integrity Level (SIL)
specified by its corresponding functional safety communication profile.
The resulting SIL claim of a system depends on the implementation of the selected functional
safety communication profile (FSCP) within this system – implementation of a functional
safety communication profile in a standard device is not sufficient to qualify it as a safety
device.
This standard describes:
• basic principles for implementing the requirements of IEC 61508 series for safety-related
data communications, including possible transmission faults, remedial measures and
considerations affecting data integrity;
• functional safety communication profiles for several communication profile families in
IEC 61784-1 and IEC 61784-2, including safety layer extensions to the communication
service and protocols sections of the IEC 61158 series.
0.2 Transition from Edition 2 to extended assessment methods in Edition 3
This edition of the generic part of the standard includes additional extended models for future
use when estimating the total residual error rate for an FSCP. This value can be used to
determine if the FSCP meets the requirements of functional safety applications up to a given
SIL. These extended models for qualitative and quantitative safety determination methods are
detailed in Annex E and Annex F.
However, because of the typical duration of the assessment process, the FSCPs published
prior to or concurrently with this new edition of the generic part can only be assessed using
the methods from previous editions, based on data integrity considerations specified in 5.8.
The validity schema in Figure 3 shows how to handle the transition from original assessment
methods of Edition 2 (specified in 5.8) to extended assessment methods in Edition 3
(currently specified in Annex F). According to this schema, the FSCPs are exempt from a new
assessment according to Annex F until Edition 4, where the contents of current Annex F will
replace the current 5.8.
NOTE However, a particular FSCP can achieve an earlier assessment and publish an adequate amendment.
IEC
Key
DI Data Integrity
TADI Timeliness, Authenticity, Data Integrity
Figure 3 – Transition from Edition 2 to Edition 3 assessment methods
– 12 – IEC 61784-3:2016 IEC 2016
0.3 Patent declaration
The International Electrotechnical Commission (IEC) draws attention to the fact that it is
claimed that compliance with this document may involve the use of patents concerning
functional safety communication profiles for families 1, 2, 3, 6, 8, 12, 13, 14, 17 and 18 given
in IEC 61784-3-1, IEC 61784-3-2, IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8,
IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17 and IEC 61784-3-18.
IEC takes no position concerning the evidence, validity and scope of these patent rights.
The holders of these patent rights have assured the IEC that they are willing to negotiate
licences either free of charge or under reasonable and non-discriminatory terms and
conditions with applicants throughout the world. In this respect, the statements of the holders
of these patent rights are registered with IEC.
NOTE Patent details and corresponding contact information are provided in IEC 61784-3-1, IEC 61784-3-2,
IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8, IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17
and IEC 61784-3-18.
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights other than those identified above. IEC shall not be held responsible for
identifying any or all such patent rights.
ISO (www.iso.org/patents) and IEC (http://patents.iec.ch) maintain on-line data bases of
patents relevant to their standards. Users are encouraged to consult the data bases for the
most up to date information concerning patents.
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
1 Scope
This part of the IEC 61784-3 series explains some common principles that can be used in the
transmission of safety-relevant messages among participants within a distributed network
which use fieldbus technology in accordance with the requirements of IEC 61508 series for
functional safety. These principles are based on the black channel approach. They can be
used in various industrial applications such as process control, manufacturing automation and
machinery.
This part and the IEC 61784-3-x parts specify several functional safety communication
profiles based on the communication profiles and protocol layers of the fieldbus technologies
in IEC 61784-1, IEC 61784-2 and the IEC 61158 series. These functional safety
communication profiles use the black channel approach, as defined in IEC 61508. These
functional safety communication profiles are intended for implementation in safety devices
exclusively.
NOTE 1 Other safety-related communication systems meeting the requirements of IEC 61508 series can exist that
are not included in this standard.
NOTE 2 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such
as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
All systems are exposed to unauthorized access at some point of their life cycle. Additional
measures need to be considered in any safety-related application to protect fieldbus systems
against unauthorized access. The IEC 62443 series will address many of these issues; the
relationship with the IEC 62443 series is detailed in a dedicated subclause of this part.
NOTE 3 Additional profile specific requirements for security can also be specified in IEC 61784-4 .
NOTE 4 Implementation of a functional safety communication profile according to this part in a device is not
sufficient to qualify it as a safety device, as defined in IEC 61508 series.
NOTE 5 The resulting SIL claim of a system depends on the implementation of the selected functional safety
communication profile within this system.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 61000-6-7, Electromagnetic compatibility (EMC) – Part 6-7: Generic standards –
Immunity requirements for equipment intended to perform functions in a safety-related system
(functional safety) in industrial locations
_______________
In the following pages of this standard, “IEC 61508” will be used for “IEC 61508 series”.
In the following pages of this standard, “this part” will be used for “this part of the IEC 61784-3 series”.
Proposed new work item under consideration.
– 14 – IEC 61784-3:2016 IEC 2016
IEC 61010-2-201:2013, Safety requirements for electrical equipment for measurement, control
and laboratory use – Part 2-201: Particular requirements for control equipment
IEC 61158 (all parts), Industrial communication networks – Fieldbus specifications
IEC 61326-3-1, Electrical equipment for measurement, control and laboratory use – EMC
requirements – Part 3-1: Immunity requirements for safety-related systems and for equipment
intended to perform safety-related functions (functional safety) – General industrial
applications
IEC 61326-3-2, Electrical equipment for measurement, control and laboratory use – EMC
requirements – Part 3-2: Immunity requirements for safety-related systems and for equipment
intended to perform safety-related functions (functional safety) – Industrial applications with
specified electromagnetic environment
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
IEC 61508-1:2010, Functional safety of electrical/electronic/programmable electronic safety-
rel
...
IEC 61784-3 ®
Edition 3.1 2017-08
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 20 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 16
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.
Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
La recherche avancée permet de trouver des publications IEC
65 000 entrées terminologiques électrotechniques, en anglais
en utilisant différents critères (numéro de référence, texte,
et en français, extraites des articles Termes et Définitions des
comité d’études,…). Elle donne aussi des informations sur les
publications IEC parues depuis 2002. Plus certaines entrées
projets et les publications remplacées ou retirées.
antérieures extraites des publications des CE 37, 77, 86 et
CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished
Restez informé sur les nouvelles publications IEC. Just Service Clients - webstore.iec.ch/csc
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.
IEC 61784-3 ®
Edition 3.1 2017-08
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.100.05 ISBN 978-2-8322-4712-9
IEC 61784-3 ®
Edition 3.1 2017-08
CONSOLIDATED VERSION
REDLINE VERSION
VERSION REDLINE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
– 2 – IEC 61784-3:2016+AMD1:2017 CSV
IEC 2017
CONTENTS
FOREWORD . 7
0 Introduction . 9
0.1 General . 9
0.2 Transition from Edition 2 to extended assessment methods in Edition 3 . 11
0.3 Patent declaration . 12
INTRODUCTION to the Amendment . 12
1 Scope . 13
2 Normative references . 13
3 Terms, definitions, symbols, abbreviated terms and conventions . 15
3.1 Terms and definitions . 15
3.2 Symbols and abbreviated terms . 22
3.2.1 Abbreviated terms . 22
3.2.2 Symbols . 23
4 Conformance . 24
5 Basics of safety-related fieldbus systems . 24
5.1 Safety function decomposition . 24
5.2 Communication system . 25
5.2.1 General . 25
5.2.2 IEC 61158 fieldbuses . 25
5.2.3 Communication channel types . 26
5.2.4 Safety function response time . 26
5.3 Communication errors . 27
5.3.1 General . 27
5.3.2 Corruption . 27
5.3.3 Unintended repetition . 27
5.3.4 Incorrect sequence . 27
5.3.5 Loss . 28
5.3.6 Unacceptable delay . 28
5.3.7 Insertion . 28
5.3.8 Masquerade. 28
5.3.9 Addressing . 28
5.4 Deterministic remedial measures . 28
5.4.1 General . 28
5.4.2 Sequence number. 28
5.4.3 Time stamp . 28
5.4.4 Time expectation . 29
5.4.5 Connection authentication . 29
5.4.6 Feedback message . 29
5.4.7 Data integrity assurance . 29
5.4.8 Redundancy with cross checking . 29
5.4.9 Different data integrity assurance systems . 29
5.5 Typical relationships between errors and safety measures . 30
5.6 Communication phases . 31
5.7 FSCP implementation aspects . 31
5.8 Data integrity considerations . 32
5.8.1 Calculation of the residual error rate . 32
IEC 2017
5.8.2 Total residual error rate and SIL . 34
5.9 Relationship between functional safety and security . 34
5.10 Boundary conditions and constraints . 35
5.10.1 Electrical safety . 35
5.10.2 Electromagnetic compatibility (EMC) . 36
5.11 Installation guidelines . 36
5.12 Safety manual . 36
5.13 Safety policy . 36
6 Communication Profile Family 1 (FOUNDATION™ Fieldbus) – Profiles for functional
safety . 37
7 Communication Profile Family 2 (CIP™) and Family 16 (SERCOS®) – Profiles for
functional safety . 37
8 Communication Profile Family 3 (PROFIBUS™, PROFINET™) – Profiles for
functional safety . 38
9 Communication Profile Family 6 (INTERBUS®) – Profiles for functional safety . 38
10 Communication Profile Family 8 (CC-Link™) – Profiles for functional safety . 39
10.1 Functional Safety Communication Profile 8/1 . 39
10.2 Functional Safety Communication Profile 8/2 . 39
11 Communication Profile Family 12 (EtherCAT™) – Profiles for functional safety. 39
12 Communication Profile Family 13 (Ethernet POWERLINK™) – Profiles for
functional safety . 40
13 Communication Profile Family 14 (EPA®) – Profiles for functional safety . 40
14 Communication Profile Family 17 (RAPIEnet™) – Profiles for functional safety. 40
15 Communication Profile Family 18 (SafetyNET p™ Fieldbus) – Profiles for
functional safety . 41
Annex A (informative) Example functional safety communication models . 42
A.1 General . 42
A.2 Model A (single message, channel and FAL, redundant SCLs) . 42
A.3 Model B (full redundancy) . 42
A.4 Model C (redundant messages, FALs and SCLs, single channel) . 43
A.5 Model D (redundant messages and SCLs, single channel and FAL) . 43
Annex B (normative) Safety communication channel model using CRC-based error
checking . 45
B.1 Overview. 45
B.2 Channel model for calculations . 45
B.3 Bit error probability Pe . 46
B.4 Cyclic redundancy checking . 47
B.4.1 General . 47
B.4.2 Considerations concerning CRC polynomials . 48
Annex C (informative) Structure of technology-specific parts. 50
Annex D (informative) Assessment guideline . 53
D.1 Overview. 53
D.2 Channel types . 53
D.2.1 General . 53
D.2.2 Black channel . 53
D.2.3 White channel . 53
D.3 Data integrity considerations for white channel approaches . 54
D.3.1 General . 54
– 4 – IEC 61784-3:2016+AMD1:2017 CSV
IEC 2017
D.3.2 Models B and C . 54
D.3.3 Models A and D . 55
D.4 Verification of safety measures . 56
D.4.1 General . 56
D.4.2 Implementation . 56
D.4.3 "De-energize to trip" principle . 56
D.4.4 Safe state . 56
D.4.5 Transmission errors . 56
D.4.6 Safety reaction and response times . 56
D.4.7 Combination of measures . 57
D.4.8 Absence of interference . 57
D.4.9 Additional fault causes (white channel) . 57
D.4.10 Reference test beds and operational conditions . 57
D.4.11 Conformance tester . 58
Annex E (informative) Examples of implicit vs. explicit FSCP safety measures. 59
E.1 General . 59
E.2 Example fieldbus message with safety PDUs . 59
E.3 Model with completely explicit safety measures . 59
E.4 Model with explicit A-code and implicit T-code safety measures . 60
E.5 Model with explicit T-code and implicit A-code safety measures . 60
E.6 Model with split explicit and implicit safety measures . 61
E.7 Model with completely implicit safety measures . 62
E.8 Addition to Annex B – impact of implicit codes on properness . 62
Annex F (informative) Extended models for estimation of the total residual error rate . 63
F.1 Applicability . 63
F.2 General models for black channel communications . 63
F.3 Identification of generic safety properties . 64
F.4 Assumptions for residual error rate calculations . 64
F.5 Residual error rates . 65
F.5.1 Explicit and implicit mechanisms . 65
F.5.2 Residual error rate calculations . 65
F.6 Data integrity . 67
F.6.1 Probabilistic considerations . 67
F.6.2 Deterministic considerations . 67
F.7 Authenticity . 68
F.7.1 General . 68
F.7.2 Residual error rate for authenticity (RR ) . 69
A
F.8 Timeliness . 70
F.8.1 General . 70
F.8.2 Residual error rate for timeliness (RR ) . 72
T
F.9 Masquerade . 73
F.9.1 General . 73
F.9.2 Other terms used to calculate residual error rate for masquerade
rejection (RR ) . 73
M
F.10 Calculation of the total residual error rates . 73
F.10.1 Based on the summation of the residual error rates . 73
F.10.2 Based on other quantitative proofs . 74
F.11 Total residual error rate and SIL . 74
F.12 Configuration and parameterization for an FSCP . 75
IEC 2017
F.12.1 General . 75
F.12.2 Configuration and parameterization change rate . 77
F.12.3 Residual error rate for configuration and parameterization . 77
Annex G (informative) Implicit data safety mechanisms for IEC 61784-3 functional
safety communication profiles (FSCPs) . 78
G.1 Overview. 78
G.2 Basic principles . 78
G.3 Problem statement: constant values for implicit data . 79
G.4 RP for FSCPs with random, uniformly distributed err . 82
impl
G.4.1 General . 82
i
G.4.2 Uniform distribution within the interval [0;2 -1], i ≥ r . 83
r
G.4.3 Uniform distribution in the interval [1;2 -1], i = r . 85
G.5 General case . 87
G.6 Calculation of P . 87
ID
Bibliography . 89
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 9
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 10
Figure 3 – Transition from Edition 2 to Edition 3 assessment methods . 11
Figure 4 – Safety communication as a part of a safety function . 25
Figure 5 – Example model of a functional safety communication system . 26
Figure 6 – Example of safety function response time components . 27
Figure 7 – Conceptual FSCP protocol model . 31
Figure 8 – FSCP implementation aspects. 32
Figure 9 – Example application 1 (m=4) . 33
Figure 10 – Example application 2 (m = 2) . 34
Figure 11 – Zones and conduits concept for security according to IEC 62443 . 35
Figure A.1 – Model A . 42
Figure A.2 – Model B . 43
Figure A.3 – Model C . 43
Figure A.4 – Model D . 44
Figure B.1 – Communication channel with perturbation . 45
Figure B.2 – Binary symmetric channel (BSC) . 46
Figure B.3 – Example of a block with a message part and a CRC signature . 47
Figure B.4 – Block codes for error detection . 48
Figure B.5 – Proper and improper CRC polynomials . 49
Figure D.1 – Basic Markov model . 55
Figure E.1 – Example safety PDUs embedded in a fieldbus message . 59
Figure E.2 – Model with completely explicit safety measures . 59
Figure E.3 – Model with explicit A-code and implicit T-code safety measures . 60
Figure E.4 – Model with explicit T-code and implicit A-code safety measures . 61
Figure E.5 – Model with split explicit and implicit safety measures . 61
Figure E.6 – Model with completely implicit safety measures . 62
Figure F.1 – Black channel from an FSCP perspective . 63
Figure F.2 – Model for authentication considerations . 68
– 6 – IEC 61784-3:2016+AMD1:2017 CSV
IEC 2017
Figure F.3 – Fieldbus and internal address errors . 69
Figure F.4 – Example of slowly increasing message latency . 71
Figure F.5 – Example of an active network element failure . 72
Figure F.6 – Example application 1 (m = 4) . 74
Figure F.7 – Example application 2 (m = 2) . 74
Figure F.8 – Example of configuration and parameterization procedures for FSCP . 76
Figure G.1 – FSCP with implicit transmission of authenticity and/or timeliness codes . 79
Figure G.2 – Example of an incorrect transmission with multiple error causes . 80
Figure G.3 – Impact of errors in implicit data on the residual error probability . 81
Table 1 – Overview of the effectiveness of the various measures on the possible errors . 30
Table 2 – Definition of items used for calculation of the residual error rates . 33
Table 3 – Typical relationship of residual error rate to SIL . 34
Table 4 – Typical relationship of residual error on demand to SIL . 34
Table 5 – Overview of profile identifier usable for FSCP 6/7 . 38
Table B.1 – Example dependency d and block bit length n . 48
min
Table C.1 – Common subclause structure for technology-specific parts . 50
Table F.1 – Typical relationship of residual error rate to SIL . 75
Table F.2 – Typical relationship of residual error on demand to SIL . 75
IEC 2017
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
This consolidated version of the official IEC Standard and its amendment has been prepared
for user convenience.
IEC 61784-3 edition 3.1 contains the third edition (2016-05) [documents 65C/840/FDIS and
65C/848/RVD] and its amendment 1 (2017-08) [documents 65C/879/FDIS and 65C/886/RVD].
In this Redline version, a vertical line in the margin shows where the technical content is
modified by amendment 1. Additions are in green text, deletions are in strikethrough red text.
A separate Final version with all changes accepted is available in this publication.
– 8 – IEC 61784-3:2016+AMD1:2017 CSV
IEC 2017
International Standard IEC 61784-3 has been prepared by subcommittee 65C: Industrial
networks, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This third edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
• clarifications and additional explanations for requirements, updated references;
• deletion of technical overviews of profiles (Clauses 6 to 13), and associated dedicated
subclauses for terms, definitions, symbols and abbreviations;
• addition of profiles for Communication Profile Families 8, 17 and 18 (Clauses 10, 14, 15);
• clarifications of models in Annex A;
• Annex B changed from informative to normative;
• addition of a new informative Annex E describing models for explicit and implicit FSCP
mechanisms;
• addition of a new informative Annex F introducing an extended model for estimation of the
total residual error rate;
• updates in parts for CPF 1, CPF 2, CPF 3, CPF 8, CPF 13 (details provided in the parts);
• addition of a new part for CPF 17.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts of the IEC 61784-3 series, published under the general title Industrial
communication networks – Profiles – Functional safety fieldbuses, can be found on the IEC
website.
The committee has decided that the contents of the base publication and its amendment will
remain unchanged until the stability date indicated on the IEC web site under
"http://webstore.iec.ch" in the data related to the specific publication. At this date, the
publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
IEC 2017
0 Introduction
0.1 General
The IEC 61158 fieldbus standard together with its companion standards IEC 61784-1 and
IEC 61784-2 defines a set of communication protocols that enable distributed control of
automation applications. Fieldbus technology is now considered well accepted and well
proven. Thus fieldbus enhancements continue to emerge, addressing applications for areas
such as real time, safety-related and security-related applications.
This standard explains the relevant principles for functional safety communications with
reference to IEC 61508 series and specifies several safety communication layers (profiles and
corresponding protocols) based on the communication profiles and protocol layers of
IEC 61784-1, IEC 61784-2 and the IEC 61158 series. It does not cover electrical safety and
intrinsic safety aspects.
Figure 1 shows the relationships between this standard and relevant safety and fieldbus
standards in a machinery environment.
IEC
NOTE Subclauses 6.7.6.4 (high complexity) and 6.7.8.1.6 (low complexity) of IEC 62061 specify the relationship
between PL (Category) and SIL.
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
– 10 – IEC 61784-3:2016+AMD1:2017 CSV
IEC 2017
Figure 2 shows the relationships between this standard and relevant safety and fieldbus
standards in a process environment.
IEC
a
For specified electromagnetic environments; otherwise IEC 61326-3-1 or IEC 61000-6-7.
b
EN ratified.
Figure 2 – Relationships of IEC 61784-3 with other standards (process)
Safety communication layers which are implemented as parts of safety-related systems
according to IEC 61508 series provide the necessary confidence in the transportation of
messages (information) between two or more participants on a fieldbus in a safety-related
system, or sufficient confidence of safe behaviour in the event of fieldbus errors or failures.
Safety communication layers specified in this standard do this in such a way that a fieldbus
can be used for applications requiring functional safety up to the Safety Integrity Level (SIL)
specified by its corresponding functional safety communication profile.
The resulting SIL claim of a system depends on the implementation of the selected functional
safety communication profile (FSCP) within this system – implementation of a functional
safety communication profile in a standard device is not sufficient to qualify it as a safety
device.
IEC 2017
This standard describes:
• basic principles for implementing the requirements of IEC 61508 series for safety-related
data communications, including possible transmission faults, remedial measures and
considerations affecting data integrity;
• functional safety communication profiles for several communication profile families in
IEC 61784-1 and IEC 61784-2, including safety layer extensions to the communication
service and protocols sections of the IEC 61158 series.
0.2 Transition from Edition 2 to extended assessment methods in Edition 3
This edition of the generic part of the standard includes additional extended models for future
use when estimating the total residual error rate for an FSCP. This value can be used to
determine if the FSCP meets the requirements of functional safety applications up to a given
SIL. These extended models for qualitative and quantitative safety determination methods are
detailed in Annex E and Annex F.
However, because of the typical duration of the assessment process, the FSCPs published
prior to or concurrently with this new edition of the generic part can only be assessed using
the methods from previous editions, based on data integrity considerations specified in 5.8.
The validity schema in Figure 3 shows how to handle the transition from original assessment
methods of Edition 2 (specified in 5.8) to extended assessment methods in Edition 3
(currently specified in Annex F). According to this schema, the FSCPs are exempt from a new
assessment according to Annex F until Edition 4, where the contents of current Annex F will
replace the current 5.8.
NOTE However, a particular FSCP can achieve an earlier assessment and publish an adequate amendment.
IEC
Key
DI Data Integrity
TADI Timeliness, Authenticity, Data Integrity
Figure 3 – Transition from Edition 2 to Edition 3 assessment methods
– 12 – IEC 61784-3:2016+AMD1:2017 CSV
IEC 2017
0.3 Patent declaration
The International Electrotechnical Commission (IEC) draws attention to the fact that it is
claimed that compliance with this document may involve the use of patents concerning
functional safety communication profiles for families 1, 2, 3, 6, 8, 12, 13, 14, 17 and 18 given
in IEC 61784-3-1, IEC 61784-3-2, IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8,
IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17 and IEC 61784-3-18.
IEC takes no position concerning the evidence, validity and scope of these patent rights.
The holders of these patent rights have assured the IEC that they are willing to negotiate
licences either free of charge or under reasonable and non-discriminatory terms and
conditions with applicants throughout the world. In this respect, the statements of the holders
of these patent rights are registered with IEC.
NOTE Patent details and corresponding contact information are provided in IEC 61784-3-1, IEC 61784-3-2,
IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8, IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17
and IEC 61784-3-18.
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights other than those identified above. IEC shall not be held responsible for
identifying any or all such patent rights.
ISO (www.iso.org/patents) and IEC (http://patents.iec.ch) maintain on-line data bases of
patents relevant to their standards. Users are encouraged to consult the data bases for the
most up to date information concerning patents.
INTRODUCTION to the Amendment
This Amendment 1 discusses the concepts of implicit data safety mechanisms for use in
functional safety communications protocols (FSCPs) as specified in IEC 61784-3:2016.
IEC 2017
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
1 Scope
This part of the IEC 61784-3 series explains some common principles that can be used in the
transmission of safety-relevant messages among participants within a distributed network
which use fieldbus technology in accordance with the requirements of IEC 61508 series for
functional safety. These principles are based on the black channel approach. They can be
used in various industrial applications such as process control, manufacturing automation and
machinery.
This part and the IEC 61784-3-x parts specify several functional safety communication
profiles based on the communication profiles and p
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...