SIST-TP CLC IEC/TR 61508-0:2019

SLOVENSKI STANDARD
01-junij-2019
)XQNFLMVNDYDUQRVWHOHNWULþQLKHOHNWURQVNLKSURJUDPLUOMLYLKHOHNWURQVNLKYDUQRVWQLK
VLVWHPRYGHO)XQNFLRQDOQDYDUQRVWLQ,(&,(&75
Functional safety of electrical/electronic/programmable electronic safety-related systems
- Part 0: Functional safety and IEC 61508 (IEC/TR 61508-0:2005)
)XQNWLRQDOH6LFKHUKHLWVLFKHUKHLWVEH]RJHQHU
HOHNWULVFKHUHOHNWURQLVFKHUSURJUDPPLHUEDUHUHOHNWURQLVFKHU6\VWHPH7HLO
)XQNWLRQDOH6LFKHUKHLWXQG,(&
,(&75
Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité - Partie 0: La sécurité fonctionnelle et la CEI 61508
(IEC/TR 61508-0:2005)
Ta slovenski standard je istoveten z: CLC IEC/TR 61508-0:2019
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL REPORT CLC IEC/TR 61508-0

RAPPORT TECHNIQUE
TECHNISCHER BERICHT
February 2019
ICS 25.040.40; 29.020; 35.240.50

English Version
Functional safety of electrical/electronic/programmable electronic
safety-related systems - Part 0: Functional safety and IEC 61508
(IEC/TR 61508-0:2005)
Sécurité fonctionnelle des systèmes Funktionale Sicherheit sicherheitsbezogener
électriques/électroniques/électroniques programmables elektrischer/elektronischer/programmierbarer elektronischer
relatifs à la sécurité - Partie 0: La sécurité fonctionnelle et la Systeme - Teil 0: Funktionale Sicherheit und IEC 61508
CEI 61508 (IEC/TR 61508-0:2005)
(IEC/TR 61508-0:2005)
This Technical Report was approved by CENELEC on 2019-02-18.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. CLC IEC/TR 61508-0:2019 E

European foreword
This document (CLC IEC/TR 61508-0:2019) consists of the text of IEC/TR 61508-0:2005 prepared by
SC 65A "System aspects" of IEC/TC 65 "Industrial-process measurement, control and automation".
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Endorsement notice
The text of the International Standard IEC/TR 61508-0:2005 was approved by CENELEC as a
European Standard without any modification.

Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 61508-1 1998 Functional safety of EN 61508-1 2001
electrical/electronic/programmable
electronic safety-related systems - Part 1:
General requirements
IEC 61508-2 2000 Functional safety of EN 61508-2 2001
electrical/electronic/programmable
electronic safety-related systems -- Part 2:
Requirements for
electrical/electronic/programmable
electronic safety-related systems
IEC 61508-3 1998 Functional safety of EN 61508-3 2001
electrical/electronic/programmable
electronic safety-related systems -- Part 3:
Software requirements
IEC 61508-4 1998 Functional safety of EN 61508-4 2001
electrical/electronic/programmable
electronic safety-related systems -- Part 4:
Definitions and abbreviations
IEC 61508-5 1998 Functional safety of EN 61508-5 2001
electrical/electronic/programmable
electronic safety-related systems -- Part 5:
Examples of methods for the determination
of safety integrity levels
IEC 61508-6 2000 Functional safety of EN 61508-6 2001
electrical/electronic/programmable
electronic safety-related systems -- Part 6:
Guidelines on the application of IEC
61508-2 and IEC 61508-3
IEC 61508-7 2000 Functional safety of EN 61508-7 2001
electrical/electronic/programmable
electronic safety-related systems -- Part 7:
Overview of techniques and measures
Publication Year Title EN/HD Year
IEC Guide 104 -  The preparation of safety publications and - -
the use of basic safety publications and
group safety publications
ISO/IEC Guide 51 -  Safety aspects - Guidelines for their - -
inclusion in standards
IEC/TR 61508-0
Edition 1.0 2005-01
TECHNICAL
REPORT
RAPPORT
TECHNIQUE
Functional safety of electrical/electronic/programmable electronic
safety-related systems –
Part 0: Functional safety and IEC 61508

Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité –
Partie 0: La sécurité fonctionnelle et la CEI 61508

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
Q
CODE PRIX
ICS 13.110; 25.040; 29.020; 35.240.50 ISBN 2-8318-7816-0

TR 61508-0  IEC:2005 –– 2 – 3 – TR 61508-0 © IEC:2005

CONTENTS
FOREWORD.3

INTRODUCTION.5

1 Scope .6

2 Normative references .6

3 Functional safety .7

3.1 What is functional safety? .7

3.2 Safety functions and safety-related systems.7
3.3 Example of functional safety .8
3.4 Challenges in achieving functional safety .8
4 IEC 61508 – Functional safety of E/E/PE safety-related systems .9
4.1 Objectives .9
4.2 E/E/PE safety-related systems .9
4.3 Technical approach .10
4.4 Safety integrity levels .11
4.5 Example of functional safety revisited .11
4.6 Parts framework of IEC 61508 .12
4.7 IEC 61508 as a basis for other standards.14
4.8 IEC 61508 as a stand-alone standard.14
4.9 Further information .15
Annex A (informative) List of frequently asked questions from IEC “functional safety” zone .16

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 3 – 5 –

INTERNATIONAL ELECTROTECHNICAL COMMISSION

____________
FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/

PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS –

Part 0: Functional safety and IEC 61508

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC 61508-0, which is a technical report, has been prepared by subcommittee 65A: System
Aspects, of IEC technical committee 65: Industrial-process measurement and control.

TR 61508-0  IEC:2005 –– 4 – 7 – TR 61508-0 © IEC:2005

The text of this technical report is based on the following documents:

Enquiry draft Report on voting

65A/413/DTR 65A/422/RVC
Full information on the voting for the approval of this technical report can be found in the

report on voting indicated in the above table.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The parts of this publication, IEC 61508, under the general title Functional safety of electrical/
electronic/programmable electronic safety-related systems are listed in 4.6.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 5 – 9 –

INTRODUCTION
The purpose of this Technical Report is to introduce the concept of functional safety and to

give an overview of the IEC 61508 series of standards.

You should read it if you are:

• wondering whether IEC 61508 applies to you,

• involved in the development of electrical, electronic or programmable electronic systems
which may have safety implications, or

• drafting any other standard where functional safety is a relevant factor.
Clause 3 of this document gives an informal definition of functional safety, describes the
relationship between safety functions, safety integrity and safety-related systems, gives an
example of how functional safety requirements are derived, and lists some of the challenges
in achieving functional safety in electrical, electronic or programmable electronic systems.
Clause 4 gives details of IEC 61508, which provides an approach for achieving functional
safety. The clause describes the standard’s objectives, technical approach and parts
framework. It explains that IEC 61508 can be applied as is to a large range of industrial
applications and yet also provides a basis for many other standards.

TR 61508-0  IEC:2005 –– 6 – 11 – TR 61508-0 © IEC:2005

FUNCTIONAL SAFETY OF ELECTRICAL/ELECTRONIC/

PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS –

Part 0: Functional safety and IEC 61508

1 Scope
This Technical Report introduces the concept of functional safety and gives an overview of
the IEC 61508 series.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 61508-1:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 1: General requirements
IEC 61508-2:2000, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 2: Requirements for electrical/electronic/programmable electronic
safety-related systems
IEC 61508-3:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 3: Software requirements
IEC 61508-4:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 4: Definitions and abbreviations
IEC 61508-5:1998, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 5: Examples of methods for the determination of safety integrity levels
IEC 61508-6:2000, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
IEC 61508-7:2000, Functional safety of electrical/electronic/programmable electronic safety-

related systems – Part 7: Overview of techniques and measures
IEC Guide 104, The preparation of safety publications and the use of basic safety publications
and group safety publications
ISO/IEC Guide 51, Safety aspects – Guidelines for their inclusion in standards

TR 61508-0 © IEC:2005TR 61508-0  IEC:2005 –– 7 – 13 –

3 Functional safety
3.1 What is functional safety?

We begin with a definition of safety. This is freedom from unacceptable risk of physical injury

or of damage to the health of people, either directly, or indirectly as a result of damage to

property or to the environment.

Functional safety is part of the overall safety that depends on a system or equipment

operating correctly in response to its inputs.

For example, an overtemperature protection device, using a thermal sensor in the windings of
an electric motor to de-energise the motor before it can overheat, is an instance of functional
safety. But providing specialised insulation to withstand high temperatures is not an instance
of functional safety (although it is still an instance of safety and could protect against exactly
the same hazard).
Neither safety nor functional safety can be determined without considering the systems as a
whole and the environment with which they interact.
3.2 Safety functions and safety-related systems
Generally, the significant hazards for equipment and any associated control system in its
intended environment have to be identified by the specifier or developer via a hazard
analysis. The analysis determines whether functional safety is necessary to ensure adequate
protection against each significant hazard. If so, then it has to be taken into account in an
appropriate manner in the design. Functional safety is just one method of dealing with
hazards, and other means for their elimination or reduction, such as inherent safety through
design, are of primary importance.
The term safety-related is used to describe systems that are required to perform a specific
function or functions to ensure risks are kept at an accepted level. Such functions are, by
definition, safety functions. Two types of requirements are necessary to achieve functional
safety:
• safety function requirements (what the function does) and
• safety integrity requirements (the likelihood of a safety function being performed
satisfactorily).
The safety function requirements are derived from the hazard analysis and the safety integrity
requirements are derived from a risk assessment. The higher the level of safety integrity, the

lower the likelihood of dangerous failure.
Any system, implemented in any technology, which carries out safety functions is a safety-
related system. A safety-related system may be separate from any equipment control system
or the equipment control system may itself carry out safety functions. In the latter case, the
equipment control system will be a safety-related system. Higher levels of safety integrity
necessitate greater rigour in the engineering of the safety-related system.

TR 61508-0  IEC:2005 –– 8 – 15 – TR 61508-0 © IEC:2005

3.3 Example of functional safety

Consider a machine with a rotating blade that is protected by a hinged solid cover. The blade

is accessed for routine cleaning by lifting the cover. The cover is interlocked so that whenever

it is lifted an electrical circuit de-energises the motor and applies a brake. In this way, the

blade is stopped before it could injure the operator.

In order to ensure that safety is achieved, both hazard analysis and risk assessment are

necessary.
a) The hazard analysis identifies the hazards associated with cleaning the blade. For this

machine it might show that it should not be possible to lift the hinged cover more than
5 mm without the brake activating and stopping the blade. Further analysis could reveal
that the time for the blade to stop shall be 1 s or less. Together, these describe the safety
function.
b) The risk assessment determines the performance requirements of the safety function. The
aim is to ensure that the safety integrity of the safety function is sufficient to ensure that
no one is exposed to an unacceptable risk associated with this hazardous event.
The harm resulting from a failure of the safety function could be amputation of the operator’s
hand or could be just a bruise. The risk also depends on how frequently the cover has to be
lifted, which might be many times during daily operation or might be less than once a month.
The level of safety integrity required increases with the severity of injury and the frequency of
exposure to the hazard.
The safety integrity of the safety function will depend on all the equipment that is necessary
for the
...