IEC TR 61508-0:2005

IEC/TR 61508-0
Edition 1.0 2005-01
TECHNICAL
REPORT
RAPPORT
TECHNIQUE
Functional safety of electrical/electronic/programmable electronic
safety-related systems –
Part 0: Functional safety and IEC 61508

Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité –
Partie 0: La sécurité fonctionnelle et la CEI 61508

IEC/TR 61508-0:2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by

any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or

IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.

Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette

publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.

IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
A propos de la CEI
La Commission Electrotechnique Internationale (CEI) est la première organisation mondiale qui élabore et publie des
normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications CEI
Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possédez
l’édition la plus récente, un corrigendum ou amendement peut avoir été publié.
ƒ Catalogue des publications de la CEI: www.iec.ch/searchpub/cur_fut-f.htm
Le Catalogue en-ligne de la CEI vous permet d’effectuer des recherches en utilisant différents critères (numéro de référence,
texte, comité d’études,…). Il donne aussi des informations sur les projets et les publications retirées ou remplacées.
ƒ Just Published CEI: www.iec.ch/online_news/justpub
Restez informé sur les nouvelles publications de la CEI. Just Published détaille deux fois par mois les nouvelles
publications parues. Disponible en-ligne et aussi par email.
ƒ Electropedia: www.electropedia.org
Le premier dictionnaire en ligne au monde de termes électroniques et électriques. Il contient plus de 20 000 termes et
définitions en anglais et en français, ainsi que les termes équivalents dans les langues additionnelles. Egalement appelé
Vocabulaire Electrotechnique International en ligne.
ƒ Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm
Si vous désirez nous donner des commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du
Service clients ou contactez-nous:
Email: csc@iec.ch
Tél.: +41 22 919 02 11
Fax: +41 22 919 03 00
IEC/TR 61508-0
Edition 1.0 2005-01
TECHNICAL
REPORT
RAPPORT
TECHNIQUE
Functional safety of electrical/electronic/programmable electronic
safety-related systems –
Part 0: Functional safety and IEC 61508

Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité –
Partie 0: La sécurité fonctionnelle et la CEI 61508

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
Q
CODE PRIX
ICS 13.110; 25.040; 29.020; 35.240.50 ISBN 2-8318-7816-0

TR 61508-0  IEC:2005 –– 2 – 3 – TR 61508-0 © IEC:2005

CONTENTS
FOREWORD.3

INTRODUCTION.5

1 Scope .6

2 Normative references .6

3 Functional safety .7

3.1 What is functional safety? .7

3.2 Safety functions and safety-related systems.7
3.3 Example of functional safety .8
3.4 Challenges in achieving functional safety .8
4 IEC 61508 – Functional safety of E/E/PE safety-related systems .9
4.1 Objectives .9
4.2 E/E/PE safety-related systems .9
4.3 Technical approach .10
4.4 Safety integrity levels .11
4.5 Example of functional safety revisited .11
4.6 Parts framework of IEC 61508 .12
4.7 IEC 61508 as a basis for other standards.14
4.8 IEC 61508 as a stand-alone standard.14
4.9 Further information .15
Annex A (informative) List of frequently asked questions from IEC “functional safety” zone .16

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 3 – 5 –

INTERNATIONAL ELECTROTECHNICAL COMMISSION

____________
FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/

PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS –

Part 0: Functional safety and IEC 61508

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC 61508-0, which is a technical report, has been prepared by subcommittee 65A: System
Aspects, of IEC technical committee 65: Industrial-process measurement and control.

TR 61508-0  IEC:2005 –– 4 – 7 – TR 61508-0 © IEC:2005

The text of this technical report is based on the following documents:

Enquiry draft Report on voting

65A/413/DTR 65A/422/RVC
Full information on the voting for the approval of this technical report can be found in the

report on voting indicated in the above table.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The parts of this publication, IEC 61508, under the general title Functional safety of electrical/
electronic/programmable electronic safety-related systems are listed in 4.6.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 5 – 9 –

INTRODUCTION
The purpose of this Technical Report is to introduce the concept of functional safety and to

give an overview of the IEC 61508 series of standards.

You should read it if you are:

• wondering whether IEC 61508 applies to you,

• involved in the development of electrical, electronic or programmable electronic systems
which may have safety implications, or

• drafting any other standard where functional safety is a relevant factor.
Clause 3 of this document gives an informal definition of functional safety, describes the
relationship between safety functions, safety integrity and safety-related systems, gives an
example of how functional safety requirements are derived, and lists some of the challenges
in achieving functional safety in electrical, electronic or programmable electronic systems.
Clause 4 gives details of IEC 61508, which provides an approach for achieving functional
safety. The clause describes the standard’s objectives, technical approach and parts
framework. It explains that IEC 61508 can be applied as is to a large range of industrial
applications and yet also provides a basis for many other standards.

TR 61508-0  IEC:2005 –– 6 – 11 – TR 61508-0 © IEC:2005

FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/

PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS –

Part 0: Functional safety and IEC 61508

1 Scope
This Technical Report introduces the concept of functional safety and gives an overview of
the IEC 61508 series.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 61508-1:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 1: General requirements
IEC 61508-2:2000, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 2: Requirements for electrical/electronic/programmable electronic
safety-related systems
IEC 61508-3:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 3: Software requirements
IEC 61508-4:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 4: Definitions and abbreviations
IEC 61508-5:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 5: Examples of methods for the determination of safety integrity levels
IEC 61508-6:2000, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
IEC 61508-7:2000, Functional safety of electrical/electronic/programmable electronic safety-

related systems – Part 7: Overview of techniques and measures
IEC Guide 104, The preparation of safety publications and the use of basic safety publications
and group safety publications
ISO/IEC Guide 51, Safety aspects – Guidelines for their inclusion in standards

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 7 – 13 –

3 Functional safety
3.1 What is functional safety?

We begin with a definition of safety. This is freedom from unacceptable risk of physical injury

or of damage to the health of people, either directly, or indirectly as a result of damage to

property or to the environment.

Functional safety is part of the overall safety that depends on a system or equipment

operating correctly in response to its inputs.

For example, an overtemperature protection device, using a thermal sensor in the windings of
an electric motor to de-energise the motor before it can overheat, is an instance of functional
safety. But providing specialised insulation to withstand high temperatures is not an instance
of functional safety (although it is still an instance of safety and could protect against exactly
the same hazard).
Neither safety nor functional safety can be determined without considering the systems as a
whole and the environment with which they interact.
3.2 Safety functions and safety-related systems
Generally, the significant hazards for equipment and any associated control system in its
intended environment have to be identified by the specifier or developer via a hazard
analysis. The analysis determines whether functional safety is necessary to ensure adequate
protection against each significant hazard. If so, then it has to be taken into account in an
appropriate manner in the design. Functional safety is just one method of dealing with
hazards, and other means for their elimination or reduction, such as inherent safety through
design, are of primary importance.
The term safety-related is used to describe systems that are required to perform a specific
function or functions to ensure risks are kept at an accepted level. Such functions are, by
definition, safety functions. Two types of requirements are necessary to achieve functional
safety:
• safety function requirements (what the function does) and
• safety integrity requirements (the likelihood of a safety function being performed
satisfactorily).
The safety function requirements are derived from the hazard analysis and the safety integrity
requirements are derived from a risk assessment. The higher the level of safety integrity, the

lower the likelihood of dangerous failure.
Any system, implemented in any technology, which carries out safety functions is a safety-
related system. A safety-related system may be separate from any equipment control system
or the equipment control system may itself carry out safety functions. In the latter case, the
equipment control system will be a safety-related system. Higher levels of safety integrity
necessitate greater rigour in the engineering of the safety-related system.

TR 61508-0  IEC:2005 –– 8 – 15 – TR 61508-0 © IEC:2005

3.3 Example of functional safety

Consider a machine with a rotating blade that is protected by a hinged solid cover. The blade

is accessed for routine cleaning by lifting the cover. The cover is interlocked so that whenever

it is lifted an electrical circuit de-energises the motor and applies a brake. In this way, the

blade is stopped before it could injure the operator.

In order to ensure that safety is achieved, both hazard analysis and risk assessment are

necessary.
a) The hazard analysis identifies the hazards associated with cleaning the blade. For this

machine it might show that it should not be possible to lift the hinged cover more than
5 mm without the brake activating and stopping the blade. Further analysis could reveal
that the time for the blade to stop shall be 1 s or less. Together, these describe the safety
function.
b) The risk assessment determines the performance requirements of the safety function. The
aim is to ensure that the safety integrity of the safety function is sufficient to ensure that
no one is exposed to an unacceptable risk associated with this hazardous event.
The harm resulting from a failure of the safety function could be amputation of the operator’s
hand or could be just a bruise. The risk also depends on how frequently the cover has to be
lifted, which might be many times during daily operation or might be less than once a month.
The level of safety integrity required increases with the severity of injury and the frequency of
exposure to the hazard.
The safety integrity of the safety function will depend on all the equipment that is necessary
for the safety function to be carried out correctly, i.e. the interlock, the associated electrical
circuit and the motor and braking system. Both the safety function and its safety integrity
specify the required behaviour for the systems as a whole within a particular environment.
To summarise, the hazard analysis identifies what has to be done to avoid the hazardous
event, or events, associated with the blade. The risk assessment gives the safety integrity
required of the interlocking system for the risk to be acceptable. These two elements, “What
safety function has to be performed?” – the safety function requirements – and “What degree
of certainty is necessary that the safety function will be carried out?” – the safety integrity
requirements – are the foundations of functional safety.
3.4 Challenges in achieving functional safety
Safety functions are increasingly being carried out by electrical, electronic or programmable
electronic systems. These systems are usually complex, making it impossible in practice to
fully determine every failure mode or to test all possible behaviour. It is difficult to predict the
safety performance, although testing is still essential.
The challenge is to design the system in such a way as to prevent dangerous failures or to
control them when they arise. Dangerous failures may arise from
• incorrect specifications of the system, hardware or software;
• omissions in the safety requirements specification (e.g. failure to develop all relevant
safety functions during different modes of operation);
• random hardware failure mechanisms;
• systematic hardware failure mechanisms;
• software errors;
• common cause failures;
TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 9 – 17 –

• human error;
• environmental influences (e.g. electromagnetic, temperature, mechanical phenomena);

• supply system voltage disturbances (e.g. loss of supply, reduced voltages, re-connection

of supply).
IEC 61508 contains requirements to minimise these failures and is described in the next
clause.
4 IEC 61508 – Functional safety of E/E/PE safety-related systems

4.1 Objectives
IEC 61508 aims to
• release the potential of E/E/PE technology to improve both safety and economic
performance;
• enable technological developments to take place within an overall safety framework;
• provide a technically sound, system based approach, with sufficient flexibility for the
future;
• provide a risk-based approach for determining the required performance of safety-related
systems;
• provide a generically-based standard that can be used directly by industry but can also
help with developing sector standards (e.g. machinery, process chemical plants, medical
or rail) or product standards (e.g. power drive systems);
• provide a means for users and regulators to gain confidence when using computer-based
technology;
• provide requirements based on common underlying principles to facilitate:
 improved efficiencies in the supply chain for suppliers of subsystems and components
to various sectors,
 improvements in communication and requirements (i.e. to increase clarity of what
needs to be specified),
 the development of techniques and measures that could be used across all sectors,
increasing available resources,
 the development of conformity assessment services if required.
IEC 61508 does not cover the precautions that may be necessary to prevent unauthorized
persons damaging, and/or otherwise adversely affecting, the functional safety achieved by

E/E/PE safety-related systems.
4.2 E/E/PE safety-related systems
IEC 61508 is concerned with functional safety, achieved by safety-related systems that are
primarily implemented in electrical and/or electronic and/or programmable electronic (E/E/PE)
technologies, i.e. E/E/PE safety related systems. The standard is generic in that it applies to
these systems irrespective of their application.

TR 61508-0  IEC:2005 –– 10 – 19 – TR 61508-0 © IEC:2005

Some requirements of the standard relate to development activities where the implementation
technology may not yet have been fully decided. This includes development of the overall

safety requirements (concept, scope definition, hazard analysis and risk assessment). If there

is a possibility that E/E/PE technologies might be used, the standard should be applied so

that the functional safety requirements for any E/E/PE safety-related systems are determined

in a methodical, risk-based manner.

Other requirements of the standard are not solely specific to E/E/PE technology, including

documentation, management of functional safety, functional safety assessment and

competence. All requirements that are not technology-specific might usefully be applied to

other safety-related systems although these systems are not within the scope of the standard.

The following are examples of E/E/PE safety-related systems:
• emergency shut-down system in a hazardous chemical process plant;
• crane safe load indicator;
• railway signalling system;
• guard interlocking and emergency stopping systems for machinery;
• variable speed motor drive used to restrict speed as a means of protection;
• system for interlocking and controlling the exposure dose of a medical radiotherapy
machine;
• dynamic positioning (control of a ship’s movement when in proximity to an offshore
installation);
• fly-by-wire operation of aircraft flight control surfaces;
• automobile indicator lights, anti-lock braking and engine-management systems;
• remote monitoring, operation or programming of a network-enabled process plant;
• an information-based decision support tool where erroneous results affect safety.
An E/E/PE safety-related system covers all parts of the system that are necessary to carry out
the safety function (i.e. from sensor, through control logic and communication systems, to
final actuator, including any critical actions of a human operator).
Since the definition of E/E/PE safety-related system is derived from the definition of safety, it
also concerns freedom from unacceptable risk of both physical injury and damage to the
health of people. The harm can arise indirectly as a result of damage to property or the
environment. However, some systems will be designed primarily to protect against failures
with serious economic implications. IEC 61508 can be used to develop any E/E/PE system
that has critical functions, such as the protection of equipment or products.

4.3 Technical approach
IEC 61508
• uses a risk based approach to determine the safety integrity requirements of E/E/PE
safety-related systems, and includes a number of examples of how this can be done;
• uses an overall safety lifecycle model as the technical framework for the activities
necessary for ensuring functional safety is achieved by the E/E/PE safety-related systems;

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 11 – 21 –

• covers all safety lifecycle activities from initial concept, through hazard analysis and risk

assessment, development of the safety requirements, specification, design and

implementation, operation and maintenance, and modification, to final decommissioning

and/or disposal;
• encompasses system aspects (comprising all the subsystems carrying out the safety

functions, including hardware and software) and failure mechanisms (random hardware

and systematic);
• contains both requirements for preventing failures (avoiding the introduction of faults) and

requirements for controlling failures (ensuring safety even when faults are present);

• specifies the techniques and measures that are necessary to achieve the required safety

integrity.
4.4 Safety integrity levels
IEC 61508 specifies 4 levels of safety performance for a safety function. These are called
safety integrity levels. Safety integrity level 1 (SIL1) is the lowest level of safety integrity and
safety integrity level 4 (SIL4) is the highest level. The standard details the requirements
necessary to achieve each safety integrity level. These requirements are more rigorous at
higher levels of safety integrity in order to achieve the required lower likelihood of dangerous
failure.
An E/E/PE safety-related system will usually implement more than one safety function. If the
safety integrity requirements for these safety functions differ, unless there is sufficient
independence of implementation between them, the requirements applicable to the highest
relevant safety integrity level shall apply to the entire E/E/PE safety-related system.
If a single E/E/PE system is capable of providing all the required safety functions, and the
required safety integrity is less than that specified for SIL1, then IEC 61508 does not apply.
4.5 Example of functional safety revisited
The safety function requirements and the safety integrity requirements constitute the
functional safety requirements specification. These requirements must be fully determined
before designing the E/E/PE safety-related system.
In the example described in Clause 3, the functional safety requirements for the specific
hazardous event could be stated as follows.
When the hinged cover is lifted by 5 mm or more, the motor
shall be de-energised and the brake activated so that the blade
is stopped within 1 s. The safety integrity level of this safety

function shall be SIL2.
The functional safety requirements specification concerns behaviour of the safety-related
system as a whole, within a particular environment. In this example, the E/E/PE safety-related
system includes the guard interlock switch, the electrical circuit, contactors, the motor and the
brake.
TR 61508-0  IEC:2005 –– 12 – 23 – TR 61508-0 © IEC:2005

4.6 Parts framework of IEC 61508

IEC 61508 consists of the following parts, under the general title Functional safety of

electrical/electronic/programmable electronic safety-related systems:

Part 0: Functional safety and IEC 61508

Part 1: General requirements
Part 2: Requirements for electrical/electronic/programmable electronic safety-related

systems
Part 3: Software requirements
Part 4: Definitions and abbreviations
Part 5: Examples of methods for the determination of safety integrity levels
Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
Part 7: Overview of measures and techniques
A requirements map is shown in Figure 1.

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 13 – 25 –

Technical
requirements
PART 1
Development of the overall safety

requirements (concept, scope
definition, hazard and risk analysis)

(E/E/PE safety-related systems, other PART 5
technology safety-related systems and

Risk based approaches
external risk reduction facilities)
to the development of
7.1 to 7.5 the safety integrity

requirements
Other
PART 1
requirements
Allocation of the safety
requirements to the E/E/PE
safety-related systems
Definitions and
PART 7
7.6
abbreviations
Overview of
techniques
and measures
PART 4
PART 6
Guidelines for the
Documentation
Realisation
Realisation
application of
phase for phase for
parts 2 and 3 Clause 5 and
E/E/PE safety- safety-related
annex A
related systems software
PART 1
PART 2 PART 3
Management of
functional safety
Clause 6
PART 1
PART 1
Installation and commissioning
and safety validation of E/E/PE
Functional safety
safety-related systems
assessment
Clause 8
7.13 and 7.14
PART 1
PART 1
Operation and maintenance,
modification and retrofit,
decommisioning or disposal of
E/E/PE safety-related systems
7.15 to 7.17
IEC  001/05
Figure 1 – Requirements map for parts 1 to 7 of IEC 61508

TR 61508-0  IEC:2005 –– 14 – 27 – TR 61508-0 © IEC:2005

4.7 IEC 61508 as a basis for other standards

Standards writers need to address functional safety in their safety standard if the hazard

analysis carried out by a Technical Committee identifies that this is necessary to adequately

protect against a significant hazard or hazardous event.

Parts 1, 2, 3 and 4 of IEC 61508 are IEC basic safety publications. One of the responsibilities

of IEC Technical Committees is, wherever practicable, to make use of these parts of

IEC 61508 in the preparation of their own sector or product standards that have E/E/PE

safety-related systems within their scope. For more details see IEC Guide 104 and ISO/IEC

Guide 51.
IEC 61508 is the basis for published sector standards (e.g. process sector). It is also currently
being used as a basis for developing other sector standards and product standards. It is
therefore influencing the development of E/E/PE safety-related systems and products across
all sectors.
Sector specific standards based on IEC 61508:
• are aimed at system designers, system integrators and users;
• take account of specific sector practice, which can allow less complex requirements;
• use sector terminology to increase clarity;
• may specify particular constraints appropriate for the sector;
• usually rely on the requirements of IEC 61508 for detailed design of subsystems;
• may allow end users to achieve functional safety without having to consider IEC 61508
themselves.
The basic safety publication status of IEC 61508 described above does not apply for low
complexity E/E/PE safety-related systems (see 4.2 of IEC 61508-1). These are E/E/PE safety-
related systems in which the failure modes of each individual component are well-defined and
the behaviour of the system under fault conditions can be completely determined. An example
is a system comprising one or more limit switches, operating one or more contactors to de-
energize an electric motor, possibly via interposing electromechanical relays.
4.8 IEC 61508 as a stand-alone standard
All parts of IEC 61508 can be used directly by industry as “stand-alone” publications. This
includes use of the standard:
• as a set of general requirements for E/E/PE safety-related systems where no application
sector or product standards exist or where they are not appropriate;
• by suppliers of E/E/PE components and subsystems for use in all sectors (e.g. hardware
and software of sensors, smart actuators, programmable controllers, data communication);
• by system builders to meet user specifications for E/E/PE safety-related systems;
• by users to specify requirements in terms of the safety functions to be performed together
with the performance requirements of those safety functions;

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 15 – 29 –

• to facilitate the maintenance of the "as designed" safety integrity of E/E/PE safety-related

systems;
• to provide the technical framework for conformity assessment and certification services;

• as a basis for carrying out assessments of safety lifecycle activities.

4.9 Further information
Further information on IEC 61508 and functional safety, including an extensive set of

frequently asked questions (see Annex A), can be found in the “functional safety” zone of the
IEC web site (http://www.iec.ch/functionalsafety).

If you have a copy of the standard but are not familiar with its contents, you may find it helpful
to read the following sections first:
• Annex A of IEC 61508-5, which introduces risk concepts and safety integrity.
• Figure 2 and Table 1 of IEC 61508-1, which illustrate the overall safety lifecycle and list
the objectives of each lifecycle phase. The lifecycle and phase objectives provide a key to
understanding the requirements of Clause 7 of IEC 61508-1.
• Clauses 6 and 8 of IEC 61508-1, which contain requirements relating to management of
functional safety and functional safety assessment.
• Annex A of IEC 61508-6, which gives an eight-page overview of the requirements in
IEC 61508-2 and IEC 61508-3.
• Figure 2 and Table 1 of IEC 61508-2 and Figure 3 and Table 1 of IEC 61508-3, which
provide a key to understanding the requirements of Clause 7 of IEC 61508-2 and
IEC 61508-3 respectively.
Any particular requirement of IEC 61508 should be considered in the context of its lifecycle
phase (where applicable) and the stated objectives for the requirements of that phase, clause
or subclause. The objectives are always stated immediately before the requirements.

TR 61508-0  IEC:2005 –– 16 – 31 – TR 61508-0 © IEC:2005

Annex A
(informative)
List of frequently asked questions from IEC “functional safety” zone

Table A.1 lists, frequently asked questions that are answered in the “functional safety” zone of
the IEC web site (http://www.iec.ch/functionalsafety). Other questions may have been added
since this list was published.

Table A.1 – List of frequently asked questions

Section Frequently asked questions
Scope Is IEC 61508 relevant to me?
What systems does IEC 61508 cover?
Give me some practical examples
How does IEC 61058 apply where E/E/PE technology makes up only a small part of the safety-
related system?
How does IEC 61508 apply to systems whose function is to avoid damage to the environment or
severe financial loss?
What does IEC 61508 consist of?
Can I get hold of the standard for free, for example by downloading from the Internet?
Now I’ve obtained a copy of the standard, how do I go about reading it?
Position in How will the standard be published internationally?
international
What is the international status of IEC 61508?
standards
framework
How does IEC 61508 fit together with application sector standards?
What is a basic safety publication?
What application sector or subsystem standards based on IEC 61508 are there?
How do safety integrity levels 1 to 4 in IEC 61508 convert or relate to the categories described
in EN 954-1?
Can I use IEC 61508 as a stand-alone standard?
Will IEC 61508 be revised?
Can I submit a comment for the revision process?
Regional issues How can I find information on IEC 61508 specific to my country?
and technical
Is IEC 61508 also a European Standard?
interpretation
Is application of IEC 61508 compulsory under any IEC Directive?
How can I request a technical interpretation for a particular subclause of the standard?

How can I contact my national committee?

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 17 – 33 –

Table A.1 (continued)
Section Frequently asked questions

Complying with Which requirements do I need to satisfy in order to claim compliance with the standard?
the standard
How does IEC 61508 apply to low complexity E/E/PE safety-related systems?

How do the requirements of IEC 61508 change with respect to the safety integrity level of the

safety functions allocated to the E/E/PE safety-related system?

Is it necessary to choose techniques and measures from those recommended in annexes A and

B of IEC 61508-2 and IEC 61508-3 in order to comply with the standard?

I have contractual responsibility for some (but not all) of the development phases for an E/E/PE

safety-related system. What information do I need in documentation from other parties to
enable me to comply with IEC 61508?
Suppliers are quoting that their products conform to IEC 61508 for a specific safety integrity
level. Does this mean that using these products is sufficient for me to comply with IEC 61508?
I supply subsystems, such as sensors or actuators, that are intended for use in an E/E/PE
safety-related system. What does IEC 61508 mean for me?
Do I have to use third party certified components in order to comply with IEC 61508?
Is there any correlation between the level of independence required for functional safety
assessment and the need for third party certification?
In what ways do I need to consider the impact of human activities on the operation of an E/E/PE
safety-related system?
Can an E/E/PE safety-related system contain hardware and/or software that was not produced
according to IEC 61508, and still comply with the standard?
Do control systems that place demands on a safety-related system have to be themselves
designated as safety-related systems?
How do electromagnetic immunity limits depend on the safety integrity level?
Key concepts What is functional safety?
What is a safety-related system in the context of IEC 61508?
What does E/E/PE mean?
What is a low complexity E/E/PE safety-related system?
What is a safety integrity level (SIL)?
What does software safety integrity mean in the context of safety integrity being defined as
probability of failure?
What is meant by a SIL system, subsystem or component?
What is functional safety assessment?
What is a mode of operation?
What is the difference between low demand mode of operation and high demand or continuous
mode of operation?
Give me example architectures for the different modes of operation.
Does the mode of operation affect how the safety integrity level is determined?
What is the equipment under control (EUC)?
Hazard and risk Is IEC 61508 only concerned about ensuring safety by improving reliability?
analysis
Does IEC 61508 cover the elimination of hazards at source?
Does IEC 61508 require a quantitative risk analysis to be carried out in order to determine
safety integrity levels?
What factors should I take into account when planning to use a risk graph method for
determining safety integrity levels?
How do I take account of hazards that are introduced by the E/E/PE safety-related system?
___________
– 18 –– 2 – TRTR 61508-0 © CEI:2005 61508-0  CEI:2005

SOMMAIRE
AVANT-PROPOS.19

INTRODUCTION.21

1 Domaine d’application .22

2 Références normatives .22

3 Sécurité fonctionnelle .23

3.1 Qu’est ce que la sécurité fonctionnelle ? .23

3.2 Fonctions de sécurité et systèmes relatifs à la sécurité.23
3.3 Exemple de sécurité fonctionnelle.24
3.4 Défis rencontrés dans l’atteinte de la sécurité fonctionnelle .24
4 CEI 61508 – Sécurité fonctionnelle des systèmes E/E/PE relatifs à la sécurité.25
4.1 Objectifs.25
4.2 Systèmes E/E/PE relatifs à la sécurité .25
4.3 Approche technique.26
4.4 Niveaux d’intégrité de sécurité .27
4.5 Exemple de sécurité fonctionnelle revisitée .27
4.6 Structur
...