Industrial thermoprocessing equipment - Part 11: Safety requirements for protective systems

This part of EN 746 specifies the requirements for protective systems used in industrial furnaces and associated processing equipment (TPE).
The functional requirements to which the protective systems apply are specified in the other parts of the EN 746 series.

Industrielle Thermoprozessanlagen und dazugehörige Prozesskomponenten - Sicherheitsanforderungen - Teil 11: Schutzsysteme

Dieser Teil von EN 746 legt die Anforderungen an Schutzsysteme, die in Industrieöfen und zugehörigen Prozessanlagen (TPE) verwendet werden, fest.
Die funktionalen Anforderungen, die für Schutzsysteme gelten, werden in den anderen Teilen der Normenreihe EN 746 festgelegt.

Équipements thermiques industriels - Partie 11 : Prescriptions de sécurité pour les systèmes de protection

La présente partie de l’EN 746 spécifie les exigences pour les systèmes de protection utilisés dans les fours industriels et les équipements thermiques associés (TPE).
Les exigences fonctionnelles auxquelles les systèmes de protection s’appliquent sont spécifiées dans les autres parties de la série EN 746.

Industrijska termoprocesna oprema - 11. del: Varnostne zahteve za zaščitne sisteme

General Information

Status
Not Published
Current Stage
4098 - Decision to abandon - Enquiry
Due Date
26-Jul-2021
Completion Date
25-Nov-2020

Buy Standard

Draft
prEN 746-11:2020
English language
76 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
oSIST prEN 746-11:2020
01-marec-2020
Industrijska termoprocesna oprema - 11. del: Varnostne zahteve za zaščitne
sisteme
Industrial thermoprocessing equipment - Part 11: Safety requirements for protective
systems
Industrielle Thermoprozessanlagen - Teil 11: Sicherheitsanforderungen an
Schutzsysteme
Équipements thermiques industriels - Partie 11 : Prescriptions de sécurité pour les
systèmes de protection
Ta slovenski standard je istoveten z: prEN 746-11
ICS:
25.180.01 Industrijske peči na splošno Industrial furnaces in general
oSIST prEN 746-11:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN 746-11:2020

---------------------- Page: 2 ----------------------
oSIST prEN 746-11:2020


DRAFT
EUROPEAN STANDARD
prEN 746-11
NORME EUROPÉENNE

EUROPÄISCHE NORM

January 2020
ICS 25.180.01
English Version

Industrial thermoprocessing equipment - Part 11: Safety
requirements for protective systems
Équipements thermiques industriels - Partie 11 : Industrielle Thermoprozessanlagen - Teil 11:
Prescription de sécurité pour les systèmes de Sicherheitsanforderungen an Schutzsysteme
protection
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/TC 186.

If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations
which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.


EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN 746-11:2020 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 6
4 Design requirements for equipment in a protective system . 9
4.1 General . 9
4.2 Requirements for protective systems. 10
4.3 Fault assessment for the hardwired section of protective systems . 19
4.4 Failure of utilities . 19
4.5 Reset . 20
Annex A (informative) Explanation of techniques and measures for avoiding systematic
faults . 21
Annex B (informative) Examples of techniques for avoiding failures from external wiring . 23
Annex C (informative) Examples for the determination of safety integrity level SIL using the
risk graph method . 27
Annex D (informative) Example of an extended risk assessment for one safety
instrumented function using the EN 61511 method . 46
Annex E (informative) Sample schematic diagrams of protective system . 54
Annex F (normative) Hardwiring protective systems . 64
Annex ZA (informative) Relationship between this European Standard and the essential
requirements of Directive 2006/42/EC aimed to be covered . 74
Bibliography . 76

2

---------------------- Page: 4 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
European foreword
This document (prEN 746-11:2020) has been prepared by Technical Committee CEN/TC 186
“Industrial Thermoprocess Equipment - Safety”, the secretariat of which is held by DIN.
This document is currently submitted to the CEN Enquiry.
The contents of prEN 746-11:2020 are based on parts of EN 746-2:2009 and ISO 13577-4:2016.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association and supports essential requirements of EU Directive(s).
For relationship with EU Directive(s), see informative Annex ZA, which is an integral part of this
document.
3

---------------------- Page: 5 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)
Introduction
This part of EN 746 was developed to specify the requirements of a protective system, which is a safety-
related electrical control system (SRECS) of industrial thermoprocessing equipment and associated
processing equipment (TPE).
Mandatory safety-related control functions of TPE are specified in EN 746-1, EN 746-2, and EN 746-3.
It is intended that in designing the protective system of TPE, manufacturers of TPE choose from the four
methods provided in this part of EN 746.
This part of EN 746 is to be used together with the other parts of EN 746 with the principles of
EN ISO 12100. However, there are cases in which a risk assessment according to EN 61511 (all parts) is
more suitable for the design of a TPE protective system.
This document is a type-C standard as stated in EN ISO 12100.
The machinery concerned and the extent to which hazards, hazardous situations, or hazardous events
are covered are indicated in the scope of this part of EN 746.
When requirements of this type-C standard are different from those which are stated in type-A or -B
standards, the requirements of this type-C standard take precedence over the requirements of the other
standards for machines that have been designed and built according to the requirements of this type-C
standard.
EN 61511 (all parts) provides the option of a low-demand rate on the protective system.
EN 62061:2005 or EN ISO 13849-1:2015 always assume high-demand applications.
Therefore, this part of EN 746 permits extended risk assessment for SRECS in which risk assessment
based on EN 61511 (all parts) can be chosen as an alternative.
4

---------------------- Page: 6 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
1 Scope
This part of EN 746 specifies the requirements for protective systems used in industrial furnaces and
associated processing equipment (TPE).
The functional requirements to which the protective systems apply are specified in the other parts of
the EN 746 series.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable to its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
1)
prEN ISO 13574:— , Industrial furnaces and associated processing equipment — Vocabulary
EN 298:2012, Automatic burner control systems for burners and appliances burning gaseous or liquid
fuels
EN ISO 13849-1:2015, Safety of machinery - Safety-related parts of control systems - Part 1: General
principles for design (ISO 13849-1:2015)
EN 14597:2012, Temperature control devices and temperature limiters for heat generating systems
EN IEC 60947-4-1:2019, Low-voltage switchgear and controlgear — Part 4-1: Contactors and motor-
starters - Electromechanical contactors and motor-starters (IEC 60947-4-1:2018)
EN 60947-5-1:2017, Low-voltage switchgear and controlgear — Part 5-1: Control circuit devices and
switching elements - Electromechanical control circuit devices (IEC 60947-5-1:2016)
EN 60204-1:2018, Safety of machinery — Electrical equipment of machines — Part 1: General
requirements (IEC 60204-1:2016)
EN 60730-2-5:2015, Automatic electrical controls — Part 2-5: Particular requirements for automatic
electrical burner control systems (IEC 60730-2-5:2013)
EN 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-related
systems (IEC 61508)
EN 61131-3:2013, Programmable controllers — Part 3: Programming languages (IEC 61131-3:2013)
EN 61511 (all parts), Functional safety — Safety instrumented systems for the process industry sector (IEC
61511 (all parts))
2)
EN 62061:2005 , Safety of machinery — Functional safety of safety-related electrical, electronic and
programmable electronic control systems (IEC 62061:2005)

1) Under preparation.
2) This document is impacted by the amendments EN 62061:2005/A1:2013 and EN 62061:2005/A2:2015.
5

---------------------- Page: 7 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)
3 Terms and definitions
For the purposes of this document, the terms and definitions given in prEN ISO 13574 and the following
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1
final element
part of a protective system which implements the physical action necessary to achieve a safe state
Note 1 to entry: Examples are valves, switch gear, motors including their auxiliary elements, for example, a
solenoid valve and actuator if involved in the safety function.
[SOURCE EN 61511-1:2017, 3.2.24 modified: "instrumented system" had been changed to read
"protective system" in the definition.]
3.2
flame detector device
device by which the presence of a flame is detected and signaled
Note 1 to entry: It can consist of a flame sensor, an amplifier, and a relay for signal transmission.
[SOURCE: prEN ISO 13574:—, 2.65, modified: The second sentence in the original definition had been
presented as in the Note.]
3.3 automatic burner control system
protective system comprised of at least a programming unit and all the elements of a flame detector
device
Note 1 to entry: The various functions of an automatic burner control system can be in one or more housings.
[SOURCE: prEN ISO 13574:—, 2.5, modified: The second sentence in the original definition had been
presented as in the Note.]
3.4
functional safety
capability of a protective system or other means to reduce risk, to execute the actions required for
achieving or maintaining a safe state for the process and its related equipment
[SOURCE: prEN ISO 13574:—, 2.73]
3.5
logic function
function that performs the transformations between input information (provided by one or more input
functions or sensors) and output information (used by one or more output functions or final elements)
Note 1 to entry: Logic functions are executed by the logic solver of a protective system.
[SOURCE: EN 61511-1:2017, 3.2.39, modified — "input functions" had been changed to read "input
functions or sensors" and "output function" had been changed to read "output function or final
elements" in the definition, and the second sentence in the original definition had been deleted; Note
has been added.]
6

---------------------- Page: 8 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
3.6
logic solver
portion of a protective system that performs one or more logic function(s)
Note 1 to entry: Examples are electrical systems, electronic systems, programmable electronic systems,
pneumatic systems, and hydraulic systems. Sensors and final elements are not part of the logic solver.
[SOURCE: EN 61511-1:2017, 3.2.40 modified: "either a BPCS or SIS" had been changed to read "a
protective system" in the definition; Note 1 in the original definition had been deleted.]
3.7
manual reset
action after a lockout of a safety device (e.g. automatic burner control) carried out manually by the
supervising operator
[SOURCE: prEN ISO 13574:—, 2.107]
3.8
performance level
PL
discrete level used to specify the ability of safety-related parts of control systems to perform a safety
function under foreseeable conditions
[SOURCE: EN ISO 13849-1:2015, 3.1.23]
3.9
product standard
standard for products and devices which are listed in EN 746 (all parts) except this part of EN 746
[SOURCE: prEN ISO 13574:—, 2.135 modified: "EN 746-4" has been changed to read "this part of
EN 746" in the definition.]
3.10
programmable logic control
PLC
electronic device designed for control of the logical sequence of events
[SOURCE: prEN ISO 13574:—, 2.125]
3.11
protective system
instrumented system used to implement one or more safety-related instrumented functions which is
composed of any combination of sensor(s), logic solver(s), and final elements (for example, see
Figure 2)
Note 1 to entry: This can include safety-related instrumented control functions or safety-related instrumented
protection functions or both.
[SOURCE: prEN ISO 13574:—, 2.138]
7

---------------------- Page: 9 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)
3.12
safety bus
bus system and/or protocol for digital network communication between safety devices, which is
designed to achieve and/or maintain a safe state of the protective system in compliance with
EN 61508 (all parts) or EN 60730-2-5:2015
[SOURCE: prEN ISO 13574:—, 2.164]
3.13
safety device
device that is used to perform protective functions, either on its own or as a part of a protective system
Note 1 to entry: Examples are sensors, limiters, flame monitors, burner control systems, logic systems, final
elements, and automatic shut-off valves.
3.14
safety integrity level
SIL
discrete level (one out of a possible four) for specifying the safety integrity requirements of the safety
functions to be allocated to the E/E/PE safety-related systems, where safety integrity level 4 has the
highest level of safety integrity and safety integrity level 1 has the lowest
Note 1 to entry: The target failure measures for the four safety integrity levels are specified in EN 61508-
1:2010, Tables 2 and 3.
Note 2 to entry: A safety integrity level (SIL) is not a property of a system, subsystem, element, or device. The
correct interpretation of the phrase "SIL n safety-related system" (where n is 1, 2, 3, or 4) is that the system is
potentially capable of supporting safety functions with a safety integrity level up to n.
[SOURCE: EN ISO 13849-1:2015, 3.1.33]
3.15
sensor
device that produces a signal based on a process variable
EXAMPLES Transmitters, transducers, process switches, and position switches.
3.16
system for permanent operation
system, which is intended to remain in the running position for longer than 24 h without interruption
[SOURCE: EN 60730-2-5:2015, 2.5.101]
3.17
system for non-permanent operation
system, which is intended to remain in the running position for less than 24 h
[SOURCE: EN 60730-2-5:2015, 2.5.102]
3.18
systematic capability
measure (expressed on a scale of SC 1 to SC 4) of the confidence that the systematic safety integrity of
an element meets the requirements of the specified SIL, in respect of the specified element safety
function, when the element is applied in accordance with the instructions specified in the compliant
item safety manual for the element
8

---------------------- Page: 10 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
Note 1 to entry: Systematic capability is determined with reference to the requirements for the avoidance and
control of systematic faults (see EN 61508-2:2010 and EN 61508-3:2010).
Note 2 to entry: What qualifies as a relevant systematic failure mechanism depends on the nature of the
element. For example, for an element comprising solely software, only software failure mechanisms will need to
be considered. For an element comprising hardware and software, it is necessary to consider both systematic
hardware and software failure mechanisms.
Note 3 to entry: A systematic capability of SC N for an element, in respect of the specified element safety
function, means that the systematic safety integrity of SIL N has been met when the element is applied in
accordance with the instructions specified in the compliant item safety manual for the element.
[SOURCE: prEN ISO 13574:—, 2.183]
4 Design requirements for equipment in a protective system
4.1 General
Electrical equipment shall comply with EN 60204-1 and withstand the hazards identified in the risk
assessment required at the design stage. Electrical equipment shall be protected against damage. In
particular, it shall be robust to withstand damage during continuous operation.
Devices shall be used in accordance with the manufacturer's instructions including safety manuals. Any
device used outside of its published technical specification shall be verified and validated to be suitable
for the intended application.
Devices of a protective system shall withstand the environmental conditions and fulfill their intended
function.
Sensors (e.g. pressure transmitters, temperature transmitters, flow transmitters) used in the protective
system shall be independent from the process control system.
Figure 1 is provided as an aid to understanding the relationship between the various elements of TPE
and their ancillary equipment, the heating system, the process control system, and the protective
system.

Figure 1 — Block diagram of control and protective systems
9

---------------------- Page: 11 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)
An appropriate group of techniques and measures shall be used that are designed to prevent the
introduction of faults during the design and development of the hardware and software of the
protective system (see Annex A).
Failure due to short circuit in external wiring shall be avoided (see Annex B).
Requirements for testing and testing intervals for protective systems shall be specified in the
instruction handbook. Except as permitted by method D, the testing of all safety functions shall be
performed at least annually. Method D shall be used if the testing of all safety functions is performed
beyond 1 y.
See Annex C and D for examples of SIL/PL determinations.
4.2 Requirements for protective systems
4.2.1 General
Any one or a combination of the four (4) methods shall be used to implement a protective system for
the safety function(s) requirements identified in EN 746 (all parts); however, only one method shall be
used for any one specific safety function. The four methods are the following:
— Method A as specified in 4.2.1;
— Method B as specified in 4.2.2;
— Method C as specified in 4.2.3;
— Method D as specified in 4.2.4.
Figure 2 shows the basic configuration of a protective system.

Figure 2 — Basic configuration of a protective system
Figure 3 shows the basic characteristics of each method.
10

---------------------- Page: 12 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
NOTE 1 Software interconnections are links between software function blocks, safety PLC inputs, and safety
PLC outputs. These are similar to hardwired interconnections between devices.
NOTE 2 Safety function software is either a software function block or program to perform safety logic
functions (e.g. prepurge, automatic burner control).

Figure 3 — Method overview
11

---------------------- Page: 13 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)
See Annex E for sample schematic diagrams of the various methods.Error! Unknown op code for
conditional.
4.2.2 Method A
Method A shall be a hardwired system in which all devices (i.e. sensors, logic solver, and final elements
described in Figure 4) comply with the relevant product standards as specified in EN 746 (all parts) and
EN 14597:2012.
The requirements of EN 61508 (all parts), EN 61511 (all parts), EN 62061:2005, and
EN ISO 13849-1:2015 are not applicable for this type of protective system.
The following requirements for hardwiring shall be fulfilled:
— all logic solvers shall be supplied by the devices and through the direct interconnections between
the devices;
— connections shall not be permitted through data communication buses;
— devices with fixed program language, which meet the relevant product standards, shall be
permitted;
— hardwiring shall be in accordance with Annex F.

Figure 4 — Hardware configuration of Method A
NOTE The safety devices used in 4.2.1 correspond to specific safety requirements, matched to the field of
application and the functional requirements made of these devices, as demanded in the corresponding products
standards for safety devices, e.g. automatic burner control systems, valve-proving systems, pressure-sensing
devices, automatic shut-off valves. Even without additional SIL/PL certification of these safety devices, the safety
requirements for use of safety devices are in compliance with relevant product standards. Implementation of a
protective system in accordance with 4.2.1 is one of several alternative methods.
12

---------------------- Page: 14 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
4.2.3 Method B
Method B shall be a combination of devices meeting the relevant product standards and/or SIL/PL
capable devices for which no relevant product standard exits. Safety PLCs are excluded (see Figure 5).
The following requirements for hardwiring shall be fulfilled:
— all logic solvers shall be supplied by the devices and through the direct interconnections between
the devices;
— devices with fixed program language, which meet the relevant product standards, shall be
permitted;
— interconnections may be hardwired or through safety bus;
— hardwiring shall be in accordance with Annex F.
For devices which are not covered by product standards, the following requirements shall be fulfilled:
— the device shall be SIL 3 capable in accordance with EN 61508 (all parts), EN 62061:2005, or
EN 61511 (all parts) or it shall be PL e capable in accordance with EN ISO 13849-1:2015;
— SIL/PL capability certification shall apply to the complete device, including the hardware and
software.
NOTE 1 Verification and validations of SIL/PL certification for devices is typically carried out by a notified
body, accredited national testing laboratory, or by an organization in accordance with EN ISO/IEC 17025:2005.
Devices with less than SIL 3/PL e capability shall be permitted, provided the SIL/PL requirements for
the loop (safety function) are determined and calculated.
When the SIL is determined by prior use (i.e. proven in use), the requirements in EN 61511 (all parts)
shall be followed.
All requirements in the safety handbook for the device shall be adhered to, such as the proof test
interval.
NOTE 2 See Annex C for examples of determining SIL/PL.
13

---------------------- Page: 15 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)

Figure 5 — Hardware configuration of Method B
4.2.4 Method C
4.2.4.1 General
Method C shall be a combination of devices meeting the relevant product standards and/or SIL/PL
capable devices for which no relevant product standard exits and/or safety PLCs.
The following requirements for hardwiring shall be fulfilled:
— all logic solvers shall be supplied by the devices and through the direct interconnections between
the devices;
— devices with fixed program language, which meet the relevant product standards, shall be
permitted;
14

---------------------- Page: 16 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
— the interconnections may be hardwired, through safety bus, or through software interconnections;
— hardwiring shall be in accordance with Annex F.
Safety function software is only permitted in the form of verified and validated SIL 3 capable software
function blocks (see Figure 6).
Safety functions shall be permitted within a safety-rated device (e.g. a safety PLC) or within an external
device covered by the relevant product standard.
For the devices (safety PLC, timers, etc.) which are NOT covered by product standards, the following
requirements shall be fulfilled:
— the devices shall be SIL 3 capable in accordance with EN 61508 (all parts), EN 62061:2005, or
EN 61511 (all parts) or it shall be PL e capable in accordance with EN ISO 13849-1:2015;
— where a programmable device implements a safety function that is partly or entirely addressed in a
relevant product standard, the software function shall be verified and validated with respect to the
applicable requirements in the related product standard including but not limited to the sequences
and timings of the product standard;
— software interconnections in a programmable device shall be verified by a functional test;
— software programming languages for PLCs shall be in accordance with EN 61131-3:2013;
— software shall be locked and secured against unauthorized and unintentional changes.
NOTE 1 Verification and validations of SIL/PL certification is typically carried out by a notified body, accredited
national testing laboratory, or by an organization in accordance with EN ISO/IEC 17025:2005.
Devices with less than SIL 3/PL e capability shall be permitted, provided the SIL/PL requirements for
the loop (safety function) are determined and calculated.
When the SIL is determined by prior use (i.e. proven in use), the requirements in EN 61511 (all parts)
shall be followed.
All requirements in the safety manual for the device shall be adhered to such as the proof test interval.
NOTE 2 See Annex C for examples of determining SIL/PL.
15

---------------------- Page: 17 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020 (E)

Figure 6 — Hardware configuration of Method C
4.2.4.2 Requirements for application software
4.2.4.1.1 In accordance with the required safety integrity level, the chosen programmable protective
equipment and its software shall meet the safety integrity requirements of the particular application:
— correctness of functionality;
— sequencing and time-related information;
— timing constraints;
— concurrency (software interrupts should be avoided);
16

---------------------- Page: 18 ----------------------
oSIST prEN 746-11:2020
prEN 746-11:2020(E)
— data structures and properties;
— design assumptions and dependencies;
— testability.
4.2.4.1.2 The proof of the items listed in 4.2.4.1.1 has to be carried out by verification and validation
steps according to the design and development phases within the life cycle of the software, including
— validity of the software requirement specification and
— completeness, consistency, understandability, and unambiguousness of documentation and
programs.
The application design representations shall be based on a notation (e.g. functional diagram), which is
unambiguously defined or restricted to unambiguously defined features; as far as practicable, the
application design shall minimize the safety-related part of the software. Where the software is to
implement both safety and non-safety functions then all of the software shall be treated as safety-
related, unless adequate independence between the functions can be demonst
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.