SIST EN 61069-2:2017

SLOVENSKI STANDARD
01-marec-2017
1DGRPHãþD
SIST EN 61069-2:1998
Meritve, krmiljenje in avtomatizacija v industrijskih procesih - Ocenjevanje
lastnosti sistema zaradi njegovega vrednotenja - 2. del: Metodologija vrednotenja
(IEC 61069-2:2016)
,QGXVWULDOSURFHVVPHDVXUHPHQWFRQWURODQGDXWRPDWLRQ(YDOXDWLRQRIV\VWHP
SURSHUWLHVIRUWKHSXUSRVHRIV\VWHPDVVHVVPHQW3DUW$VVHVVPHQWPHWKRGRORJ\
,(&
/HLWWHFKQLNIULQGXVWULHOOH3UR]HVVH(UPLWWOXQJGHU6\VWHPHLJHQVFKDIWHQ]XP=ZHFN
GHU(LJQXQJVEHXUWHLOXQJHLQHV6\VWHPV7HLO0HWKRGLNGHU(LJQXQJVEHXUWHLOXQJ
,(&
Mesure, commande et automation dans les processus industriels - Appréciation des
propriétés d'un système en vue de son évaluation - Partie 2: Méthodologie à appliquer
pour l'évaluation (IEC 61069-2:2016)
Ta slovenski standard je istoveten z: EN 61069-2:2016
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 61069-2
NORME EUROPÉENNE
EUROPÄISCHE NORM
October 2016
ICS 25.040.40 Supersedes EN 61069-2:1994
English Version
Industrial-process measurement, control and automation -
Evaluation of system properties for the purpose of system
assessment - Part 2: Assessment methodology
(IEC 61069-2:2016)
Mesure, commande et automation dans les processus Leittechnik für industrielle Prozesse - Ermittlung der
industriels - Appréciation des propriétés d'un système en Systemeigenschaften zum Zweck der Eignungsbeurteilung
vue de son évaluation - Partie 2: Méthodologie à appliquer eines Systems - Teil 2: Methodik der Eignungsbeurteilung
pour l'évaluation (IEC 61069-2:2016)
(IEC 61069-2:2016)
This European Standard was approved by CENELEC on 2016-07-20. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2016 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 61069-2:2016 E
European foreword
The text of document 65A/790/FDIS, future edition 2 of IEC 61069-2, prepared by SC 65A “System
aspects” of IEC/TC 65 “Industrial-process measurement, control and automation” was submitted to the
IEC-CENELEC parallel vote and approved by CENELEC as EN 61069-2:2016.

The following dates are fixed:
(dop) 2017-04-28
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2019-10-28
standards conflicting with the
document have to be withdrawn
This document supersedes EN 61069-2:1994.

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.
Endorsement notice
The text of the International Standard IEC 61069-2:2016 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC/TS 62603-1:2014 NOTE Harmonized as CLC/TS 62603-1:2014.
IEC 60584-1:2013 NOTE Harmonized as EN 60584-1:2013 (not modified).
IEC 61069-4 NOTE Harmonized as EN 61069-4.
IEC 61709 NOTE Harmonized as EN 61709.
ISO 9001:2015 NOTE Harmonized as EN ISO 9001:2015.
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu
Publication Year Title EN/HD Year

IEC 61069-1 2016 Industrial-process measurement, control EN 61069-1 2016
and automation - Evaluation of system
properties for the purpose of system
assessment -
Part 1: Terminology and basic concepts

IEC 61069-2 ®
Edition 2.0 2016-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial-process measurement, control and automation – Evaluation of system

properties for the purpose of system assessment –

Part 2: Assessment methodology

Mesure, commande et automation dans les processus industriels – Appréciation

des propriétés d'un système en vue de son évaluation –

Partie 2: Méthodologie à appliquer pour l'évaluation

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40 ISBN 978-2-8322-3410-5

– 2 – IEC 61069-2:2016 © IEC 2016
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references. 8
3 Terms, definitions, abbreviated terms, acronyms, conventions and symbols . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms, acronyms, conventions and symbols . 8
4 Assessment approach . 8
5 Assessment method . 9
5.1 Overview. 9
5.1.1 General . 9
5.1.2 Phases . 9
5.2 Defining the objectives of the assessment . 10
5.3 Design and layout of the assessment . 11
5.3.1 Defining the scope of assessment . 11
5.3.2 System properties and influencing factors . 11
5.3.3 Collation of documented information . 13
5.3.4 Documenting collated information . 14
5.3.5 Selecting assessment items . 14
5.3.6 Assessment specification . 14
5.4 Planning of the assessment program . 14
5.4.1 Overview . 14
5.4.2 Developing assessment activities . 15
5.4.3 Assessment program . 16
5.5 Execution of the assessment . 16
5.6 Reporting of the assessment . 16
6 Evaluation techniques . 17
Annex A (informative) System Requirements Document (SRD) . 18
A.1 Overview. 18
A.2 Analysis of system mission . 18
A.2.1 General . 18
A.2.2 Formulation of system mission . 18
A.2.3 Analysis of system mission into tasks . 18
A.2.4 Assignment of relative importance to tasks . 19
A.2.5 Defining influencing factors . 19
A.3 Review of system requirements document (SRD) . 19
Annex B (informative) System Specification Document (SSD) . 20
B.1 Overview. 20
B.2 Development of system specification document . 20
B.2.1 General . 20
B.2.2 System overview . 20
B.2.3 Defining system boundaries . 21
B.2.4 Specification of system . 21
B.2.5 Description of system operation . 21
B.2.6 Statement of system implementation rationale . 22

IEC 61069-2:2016 © IEC 2016 – 3 –
B.2.7 Statement of compliance with system requirements . 22
Annex C (informative) Examples of collation documentation . 23
C.1 Overview. 23
C.2 Example of furnace control documentation . 23
C.2.1 Schematic of task . 23
C.2.2 Task definition . 23
C.2.3 Input characteristics . 23
C.2.4 Output characteristics . 24
C.2.5 Operational functions . 25
C.2.6 Monitoring functions . 25
C.2.7 Configuration . 25
C.2.8 Flexibility . 25
C.2.9 Functionality collation tables . 26
C.3 Example of simple control loop task documentation. 32
C.3.1 Overview . 32
C.3.2 Schematic of task . 32
C.3.3 Information flows . 32
C.3.4 Performance tables . 32
C.3.5 Performance collation tables . 33
C.4 Example of collation documentation (from SRD of a master-slave control
task) . 35
C.4.1 Overview . 35
C.4.2 Schematic of task . 35
C.4.3 Boundary states . 35
C.5 Example of collation documentation (from SSD of a master-slave control
task) . 36
Bibliography . 38

Figure 1 – General layout of IEC 61069 . 7
Figure 2 – Assessment matrix . 12
Figure C.1 – Control block . 23
Figure C.2 – Task schematic . 32
Figure C.3 – Schematic of task . 35

Table 1 – Assessment phases, inputs and outputs . 10
Table C.1 – SRD coverage analysis . 26
Table C.2 – SRD configurability analysis . 28
Table C.3 – SRD flexibility analysis . 30
Table C.4 – Performance for information flow . 32
Table C.5 – Information translation . 33
Table C.6 – Performance collation . 34
Table C.7 – Failure states of task input and output . 36
Table C.8 – Dependability . 37

– 4 – IEC 61069-2:2016 © IEC 2016
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL-PROCESS MEASUREMENT, CONTROL AND AUTOMATION –
EVALUATION OF SYSTEM PROPERTIES
FOR THE PURPOSE OF SYSTEM ASSESSMENT –

Part 2: Assessment methodology

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61069-2 has been prepared by subcommittee 65A: System
aspects, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This second edition cancels and replaces the first edition published in 1993. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Reorganization of the material of IEC 61069-2:1993 to make the overall set of standards
more organized and consistent;
b) IEC TS 62603-1:2014 has been incorporated into this edition.

IEC 61069-2:2016 © IEC 2016 – 5 –
The text of this standard is based on the following documents:
FDIS Report on voting
65A/790/FDIS 65A/799/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts in the IEC 61069 series, published under the general title Industrial-process
measurement,control and automation – Evaluation of system properties for the purpose of
system assessment, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC 61069-2:2016 © IEC 2016
INTRODUCTION
IEC 61069 deals with the method which should be used to assess system properties of a
basic control system (BCS). IEC 61069 consists of the following parts:
Part 1: Terminology and basic concepts
Part 2: Assessment methodology
Part 3: Assessment of system functionality
Part 4: Assessment of system performance
Part 5: Assessment of system dependability
Part 6: Assessment of system operability
Part 7: Assessment of system safety
Part 8: Assessment of other system properties
Assessment of a system is the judgement, based on evidence, of the suitability of the system
for a specific mission or class of missions.
To obtain total evidence would require complete evaluation (for example under all influencing
factors) of all system properties relevant to the particular mission or class of missions.
Since this is rarely practical, the rationale on which an assessment of a system should be
based is:
– the identification of the importance of each of the relevant system properties;
– the planning for evaluation of the relevant system properties with a cost-effective
dedication of effort to the various system properties.
In conducting an assessment of a system, it is crucial to bear in mind the need to gain a
maximum increase in confidence in the suitability of a system within practical cost and time
constraints.
An assessment can only be carried out if a mission has been stated (or given), or if any
mission can be hypothesized. In the absence of a mission, no assessment can be made;
however, evaluations can still be specified and carried out for use in assessments performed
by others. In such cases, the standard can be used as a guide for planning an evaluation and
it provides methods for performing evaluations, since evaluations are an integral part of
assessment.
In preparing the assessment, it may be discovered that the definition of the system is too
narrow. For example, a facility with two or more revisions of the control systems sharing
resources, e.g., a network, should consider issues of co-existence and inter-operability. In this
case, the system to be investigated should not be limited to the “new” BCS; it should include
both. That is, it should change the boundaries of the system to include enough of the other
system to address these concerns.
The part structure and the relationship among the parts of IEC 61069 are shown in Figure 1.

IEC 61069-2:2016 © IEC 2016 – 7 –

IEC 61069: Industrial-process measurement, control and automation –
Evaluation of system properties for the purpose of system assessment
Part 1: Terminology and basic concepts
• Basic concept
• Terminology ‐ Objective
‐ Description of system
‐ Common terms
‐ Terms for particular part
‐ System properties
‐ Influencing factors
Part 2: Assessment methodology
• Generic requirements of procedure of assessment
‐ Overview, approach and phases
‐ Requirements for each phase
‐ General description of evaluation techniques
Parts 3 to 8: Assessment of each system property
• Basics of assessment specific to each property
‐ Properties and influencing factors
• Assessment method for each property
• Evaluation techniques for each property

IEC
Figure 1 – General layout of IEC 61069

– 8 – IEC 61069-2:2016 © IEC 2016
INDUSTRIAL-PROCESS MEASUREMENT, CONTROL AND AUTOMATION –
EVALUATION OF SYSTEM PROPERTIES
FOR THE PURPOSE OF SYSTEM ASSESSMENT –

Part 2: Assessment methodology

1 Scope
This part of IEC 61069 specifies the methodology in the assessment of a basic control system
(BCS) based on the basic concepts of IEC 61069-1.
It describes the method for analysing, weighing the relative importance of the various system
properties and influencing factors, and determining an assessment program.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 61069-1:— , Industrial-process measurement, control and automation – Evaluation of
system properties for the purpose of system assessment – Part 1: Terminology and basic
concepts
3 Terms, definitions, abbreviated terms, acronyms, conventions and symbols
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 61069-1 apply.
3.2 Abbreviated terms, acronyms, conventions and symbols
For the purposes of this document, the abbreviated terms, acronyms, conventions and
symbols given in IEC 61069-1 apply.
4 Assessment approach
BCSs are sufficiently complex, so that a totally comprehensive assessment inevitably requires
an expenditure of effort and time that is neither practical nor cost-effective. It is therefore
important to analyse and specify the objectives of the assessment carefully, before an
assessment program is planned.
The mission of the system or class of missions is broken down into tasks.
The task(s) which the system needs to perform should be defined in terms of the selected
BCS, its system properties, and the required functions. This enables the functions required for
the system to fulfil its mission(s) to be specified precisely.
__________
Second edition to be published simultaneously with this part of IEC 61069.

IEC 61069-2:2016 © IEC 2016 – 9 –
Missions of the system usually require some characteristics of the system which are not
directly related to the tasks of the system. Such characteristics include documentation and
support services.
The assessment program shall be designed with the assessment objectives, the system
requirements and the system specifications. It should be prepared in advance.
NOTE In certain cases, e.g. a regulated application, it may be necessary that the assessment be designed and
performed by an independent party.
In the absence of a mission, no assessment can be made; however, examination of the
system to gather and organize data for a later assessment is possible.
5 Assessment method
5.1 Overview
5.1.1 General
The details of the assessment program shall be derived from consideration of the assessment
objectives (as stated in 5.2) and the following inputs:
– System Requirements Document (SRD), and
– System Specification Document (SSD).
NOTE 1 Systems Requirements Document is explained in Annex A.
NOTE 2 System Specification Document is explained in Annex B.
The assessment correlates items of the system requirements document with the system
specification document guided by the assessment objective.
If at any phase of the assessment information from the SRD or SSD is missing or incomplete,
the originators of the SRD or SSD should be consulted with specific questions to obtain the
required further information.
The assessment method is a tool to be utilized during the life cycle of BCS. Yet the life cycle
is out of scope of IEC 61069-2. Still during the development of a BCS and defining its
assessment, the overall BCS life cycle should be taken into account.
Assessments for every relevant stages of the life cycle should be planned, e.g. commissioning.
5.1.2 Phases
The assessment consists of the following phases:
– Defining the objectives of the assessment;
– Design and layout of the assessment;
– Planning of the assessment program;
– Execution of the assessment;
– Reporting of the results.
The phases and their respective inputs and outputs are shown in Table 1.

– 10 – IEC 61069-2:2016 © IEC 2016
Table 1 – Assessment phases, inputs and outputs
Phase Input Output
Defining the objectives of the SRD and SSD (Documented) Objective of the
assessment assessment
Assessment protocol
Design and layout of the Objective of the assessment Assessment specification
assessment
SRD
SSD
Planning of the assessment Assessment specification Assessment program
program
Execution of the assessment Assessment program Result of the evaluations
Reporting of the results Result of the evaluations Report of the assessment

5.2 Defining the objectives of the assessment
The objectives of the assessment shall be stated and documented prior to the start of the
assessment as a foundation for planning and preparation of the assessment program. They
should be stated clearly and carefully.

These objectives form the basis of the guiding principles throughout the assessment by:
• determining the scope,
• the nature of the evaluation,
• the depth of the evaluation to be carried out,
• the measurements and observations to be made,
• the type of reports to be produced.
The objectives govern the cost of the assessment and the resources required to conduct the
assessment.
It is therefore of utmost importance that the objectives and the scope of the assessment are
well-documented and agreed upon before the assessment program is further developed.
Description of the magnitude of BCS change requiring a reassessment should be defined, e.g.
BCS expansion.
Updates of the assessment, during the BCS life cycle, regardless of changes/expansion,
should be defined/scheduled, e.g. after 10 years of operation.
The authority(ies) who may require an assessment or re-assessment should be defined.
Additionally the authority(ies) who approve assessments or re-assessments should be defined.
During the assessment, reviews should be carried out at planned review points or at pre-
determined intervals. Such reviews should at least be held at the end of each phase.
The objectives of the assessment may be, for example:
– to assess a specific system for a particular mission;
– to assess a variety of configurations of a single system for a particular mission;
– to compare several systems for a particular mission;
– to obtain an assessment of a particular system for general use in a variety of missions;

IEC 61069-2:2016 © IEC 2016 – 11 –
– to establish the suitability of a system for a particular mission;
– to establish the suitability of a system for a defined class of missions.
The assessment protocol shall be defined including:
– the assessment authorities for change and release of the assessment program,
– the assessment specifications and the assessment reports,
– the procedures to be followed,
– the contingency actions that are permissible without seeking prior authorization in the
event that the assessment cannot be conducted as planned.
5.3 Design and layout of the assessment
5.3.1 Defining the scope of assessment
5.3.1.1 System boundary
The boundary of the system shall be carefully defined by identifying "what does and what
does not" belong to the system to be assessed.
The boundary of the system to be assessed shall be defined by taking into account all aspects
of influencing factors described in IEC 61069-1; — ,5.3 . It shall be documented in the
assessment specification.
The system boundary can be physical (e.g. equipment, geography) and/or virtual (e.g.
information, communication).
The objectives of the assessment are translated into a scope of the assessment. In order to
develop the scope, the system properties described in IEC 61069-1; —, 5.2.2 to 5.2.7 shall be
taken into consideration.
5.3.1.2 System configuration
The configuration(s) of the system to be assessed shall be specified in the assessment
specification. Since the configurability of the system itself can be a system property to be
assessed, the configuration of the system where the assessment items are evaluated should
be carefully specified.
If the assessment objective is to assess a specific system for a particular mission, the
assessment shall be carried out on a specific system configuration and this configuration
shall be documented in the assessment specification.
If the assessment objective is to assess the flexibility of a system to meet a broad range of
typical requirements encountered in a specific sector of industry, the assessment shall be
carried out on a range of defined modules that can be configured in a variety of alternative
ways. The range of modules and the variety of configurations shall be documented in the
assessment specification.
A system is sometimes so complex that comprehensive evaluations of all system properties
would not be cost-effective, or even feasible. By careful consideration of the objectives, the
system configuration and the influencing factors, the evaluations can be reduced to include
only those assessment items which are most sensitive for the mission of the system.
5.3.2 System properties and influencing factors
The assessment items required for the assessment shall be specified. The required value or
range of value of each system property and influencing factor shall also be specified.

– 12 – IEC 61069-2:2016 © IEC 2016
Additionally, as far as applicable, influencing factors as described in IEC 61069-1 should be
included.
Each assessment item should be scrutinized to determine whether it influences or degrades
the system in such a way that it hampers or prohibits the correct conduct of other assessment
items.
These considerations shall be documented as an assessment specification to show the
constraints upon the sequencing of the assessment activities.
A convenient way to document the system properties and the influencing factors is in the form
of a matrix, where the cells correspond to the assessment items.
A generic matrix to summarize an assessment is given in Figure 2.
System Other
Functionality Performance Dependability Operability System Safety
Properties properties
Influencing
Factors
Mission /
Task
Personnel
Process
Infrastructure
Environment
External
systems
IEC
Figure 2 – Assessment matrix
The assessment items required to be included in the assessment shall be selected and their
relative priorities shall be determined. It can be done using this matrix as a means for
considering each system property and each influencing factor and taking into consideration
the objective of the assessment.
An assessment item can be progressively further detailed by using e.g. groups or sub-groups
of properties, in which the headings of the generic matrix are further expanded into more
detailed system properties and influencing factors.
Assessment items, not relevant for the particular assessment, should also be identified for
later reference, and the reasons for the exclusion should be documented.

IEC 61069-2:2016 © IEC 2016 – 13 –
5.3.3 Collation of documented information
The collation is a step of this phase to extract the information which is required to determine
potential candidates of the assessment items. The information provided by this process is
used for design and layout of the assessment.
For the purpose of the collation, the necessary information shall be extracted from the SRD
and the SSD.
The SRD and SSD shall be carefully scrutinized to compile precise and concise statements of
the topics. Example topics include:
– the boundaries of the system,
– the areas of non-compliance between system requirements and system specification,
– the list of required and future tasks,
– the list of functions provided to perform each of the required and future tasks,
– the list of alternative data paths linking the functions to support the required task(s),
– the allocation of the functions to the modules and elements,
– the number of these modules and elements,
– the extent to which these modules and elements are used to fulfil the required tasks,
– the system properties for each of the above functions,
– the influencing factors for each of the above modules/elements.
A list of potential assessment items shall be created from these topics. The assessment items
shall be specified under specific system configuration(s) according to the objective of the
assessment.
Each potential assessment item shall be examined to decide the extent to which this item is
evaluated to obtain the required increase in the level of confidence.
The statements should be described in qualitative and quantitative terms, and, if applicable,
their range of values.
NOTE Examples of collation documentation are provided in Annex C.
Each task to be assessed should be described in terms of its inputs, outputs and operation.
For each input, notes should be made of:
permissible input states and corresponding permissible output state(s);
–
– non-permissible input states and corresponding action(s) required.
For each output, notes should be made of:
– permissible output states;
– non-permissible output states and corresponding action(s) required.
For each of the tasks, the following information about tasks should be clearly stated:
– kinds of failures which affect each task;
– permissible frequency of occurrence of each failure;
– action to be taken for each failure;
– maximum time during which the task can be stopped before the module is restored.

– 14 – IEC 61069-2:2016 © IEC 2016
5.3.4 Documenting collated information
The information collated as stated in 5.3.3 should be documented in a form that can be
manipulated for the process of planning the assessment program.
If information for the collation is missing or incomplete, the required further information should
be obtained from the originators of the SRD and SSD. This further or additional information
should be properly recorded in the assessment specification.
5.3.5 Selecting assessment items
The complete list of assessment items is reduced by considering the following filters:
– importance of the task(s) to the mission;
– existing level of confidence based upon prior knowledge;
– the level of interdependency of different functions, the number of interfaces, the re-use of
the same function in different tasks;
– the global pre-knowledge available and extent to which the knowledge applies to the
assessment item(s).
The relative importance should be evaluated taking into account both aspects of importance
of the task(s) in a particular phase of the system life time and of duration of the phase since
importance can vary depending of the phase.
The existing level of confidence may be based on preceding success of the system in similar
or identical missions, experience with the manufacturer, the experience of users with the
same system type or comparable systems.
Assessment items which are required by international and/or national regulatory bodies shall
be evaluated in accordance with the rules laid down in those regulations.
Assessment items shall include a check that the BCS complies with the national regulations in
force at the site where the system is intended to be used.
5.3.6 Assessment specification
The assessment specification is a document that describes what should be evaluated. The
assessment specification should specify at least the following points:
– the objective of the assessment as stated in 5.2;
– the system boundary as stated in 5.3.1.1;
– the system configuration as stated in 5.3.1.2;
– the assessment matrix as stated in 5.3.2;
– the list of assessment items as stated in 5.3.2;
– the list of tasks as stated in 5.3.3;
– the criteria used for filtering of the items as stated in 5.3.5;
– the referenced standards for each assessment item.
5.4 Planning of the assessment program
5.4.1 Overview
During this phase, an assessment program shall be planned based on the assessment
specification prepared in the previous phase.

IEC 61069-2:2016 © IEC 2016 – 15 –
The objective of designing an assessment program is to increase confidence in the judgement
of a system's suitability for the system mission.
The assessment activities shall maximize this increase in confidence, whilst remaining within
defined cost and time constraints.
The assessment program shall specify the assessment activities and their sequence against
a time scale in a manner that enables the assessment to be controlled.
The assessment program shall comprise a set of assessment activities, each of which may be:
– either an observation at system level, or
– observation at lower levels (if necessary down to an individual element) combined with a
synthesis to system level.
The design of the individual assessment activities is dependent upon the system property
being considered.
The assessment program should specify also detail of each assessment activity including:
– type of evaluation technique; and
– tools and utilities required.
The evaluation technique(s) to be used should be selected so that the results can be
compared qualitatively and/or quantitatively against the requirements.
The evaluation techniques selected may be analytical using only system documentation or
they may be empirical, requiring access to an evaluation system. In practice the techniques
selected will be a combination of analysis and empirical tests using the system documentation
and a restricted combination of modules.
The assessment act
...