EN 61508-6:2010
(Main)Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
IEC 61508-6:2010 contains information and guidelines on IEC 61508-2 and IEC 61508 3. Annex A gives a brief overview of the requirements of IEC 61508-2 and IEC 61508-3 and sets out the functional steps in their application. Annex B gives an example technique for calculating the probabilities of hardware failure and should be read in conjunction with 7.4.3 and Annex C of IEC 61508-2 and Annex D. Annex C gives a worked example of calculating diagnostic coverage and should be read in conjunction with Annex C of IEC 61508-2. Annex D gives a methodology for quantifying the effect of hardware-related common cause failures on the probability of failure. Annex E gives worked examples of the application of the software safety integrity tables specified in Annex A of IEC 61508-3 for safety integrity levels 2 and 3. This second edition cancels and replaces the first edition published in 1998. This edition constitutes a technical revision. It has been subject to a thorough review and incorporates many comments received at the various revision stages. NEW! Also available: IEC Standards+ 61508:2010, containing all parts, together with a commented Redline version. Changes made in this 2nd edition are highlighted and commented by a leading world expert.
Funktionale Sicherheit sicherheitsbezogener elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 6: Anwendungsrichtlinie für IEC 61508-2 und IEC 61508-3
Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques programmables relatifs à la sécurité - Partie 6: Lignes directrices pour l'application de la CEI 61508-2 et de la CEI 61508-3
La CEI 61508-6:2010 contient des informations et lignes directrices sur la CEI 61508-2 et la CEI 61508-3. L'Annexe A présente un bref aperçu des exigences de la CEI 61508-2 et de la CEI 61508-3 et établit les étapes fonctionnelles de leur application. L'Annexe B donne une technique servant d'exemple pour le calcul des probabilités de défaillance du matériel; il convient de la lire conjointement au 7.4.3 et à l'Annexe C de la CEI 61508-2, et à l'Annexe D. L'Annexe C donne un exemple élaboré de calcul de la couverture de diagnostic; il convient de la lire conjointement avec l'Annexe C de la CEI 61508-2. L'Annexe D donne une méthodologie de quantification de l'effet des défaillances de cause commune relatives au matériel sur la probabilité de défaillance. L'Annexe E donne des exemples d'application des tableaux d'intégrité de sécurité du logiciel spécifiés dans l'Annexe A de la CEI 61508-3 pour les niveaux 2 et 3 d'intégrité de sécurité. Cette deuxième édition annule et remplace la première édition publiée en 1998 dont elle constitue une révision technique. Elle a fait l'objet d'une révision approfondie et intègre de nombreux commentaires reçus lors des différentes phases de révision.
Funkcijska varnost električnih/elektronskih/elektronsko programirljivih varnostnih sistemov - 6. del: Smernice za uporabo IEC 61508-2 in IEC 61508-3 (IEC 61508-6:2010)
1.1 Ta del IEC 61508 vsebuje informacije in smernice o IEC 61508-2 in IEC 61508-3.
– dodatek A podaja kratek pregled zahtev IEC 61508-2 in IEC 61508-3 ter določa funkcijske stopnje pri njihovi uporabi;
– dodatek B podaja vzorčno tehniko za izračun verjetnosti okvare strojne opreme in se mora brati v povezavi s 7.4.3 in dodatkom C IEC 61508-2 in dodatkom D;
– dodatek C podaja zgled za izračun diagnostične pokritosti in se mora brati v povezavi z dodatkom C IEC 61508-2;
– dodatek D podaja metodologijo za kvantifikacijo učinka pogostih vzrokov okvar, povezanih s strojno opremo, na verjetnost okvare;
– dodatek E podaja zgled za uporabo preglednic celovite varnosti programske opreme, ki jih določa dodatek A IEC 61508-3, za raven celovite varnosti 2 in 3.
1.2 IEC 61508-1, IEC 61508-2, IEC 61508-3 in IEC 61508-4 so osnovne varnostne objave, čeprav ta status ne velja v okviru nezapletenih varnostnih sistemov E/E/PE (glej točko 3.4.3 IEC 61508-4). Kot osnovne varnostne objave so namenjeni temu, da jih uporabljajo tehnični odbori pri pripravi standardov v skladu z načeli, opredeljenimi v Vodilu IEC 104 in Vodilu ISO/IEC 51. IEC 61508-1, IEC 61508-2, IEC 61508-3 in IEC 61508-4 se lahko tudi uporabijo kot samostojne objave. Horizontalno varnostno delovanje tega mednarodnega standarda ne velja za medicinsko opremo v skladu s serijo IEC 60601.
1.3 Ena od odgovornosti tehničnega odbora je, če je primerno, da uporabi temeljne varnostne objave pri pripravi svojih objav. V tem okviru zahteve, preskusne metode ali preskusni pogoji te temeljne varnostne objave ne veljajo, razen če se objave, ki so jih pripravili tehnični odbori, nanje izrecno sklicujejo ali jih vključujejo.
1.4 Slika 1 prikazuje celoten okvir serije IEC 61508 in nakazuje vlogo IEC 61508-6 pri doseganju funkcijske varnosti E/E/PE-varnostnih sistemov.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-maj-2011
1DGRPHãþD
SIST EN 61508-6:2007
)XQNFLMVNDYDUQRVWHOHNWULþQLKHOHNWURQVNLKHOHNWURQVNRSURJUDPLUOMLYLKYDUQRVWQLK
VLVWHPRYGHO6PHUQLFH]DXSRUDER,(&LQ,(&,(&
Functional safety of electrical/electronic/programmable electronic safety-related systems
- Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 (IEC 61508-
6:2010)
Funktionale Sicherheit sicherheitsbezogener
elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 6:
Anwendungsrichtlinie für IEC 61508-2 und IEC 61508-3 (IEC 61508-6:2010)
Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité - Partie 6: Lignes directrices pour l'application de la
CEI 61508-2 et de la CEI 61508-3 (CEI 61508-6:2010)
Ta slovenski standard je istoveten z: EN 61508-6:2010
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
EN 61508-6
NORME EUROPÉENNE
May 2010
EUROPÄISCHE NORM
ICS 25.040.40 Supersedes EN 61508-6:2001
English version
Functional safety of electrical/electronic/programmable electronic safety-
related systems -
Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
(IEC 61508-6:2010)
Sécurité fonctionnelle des systèmes Funktionale Sicherheit sicherheitsbezogener
électriques/électroniques/électroniques elektrischer/elektronischer/programmierbarer
programmables relatifs à la sécurité - elektronischer Systeme -
Partie 6: Lignes directrices Teil 6: Anwendungsrichtlinie für IEC 61508-2
pour l'application de la CEI 61508-2 und IEC 61508-3
et de la CEI 61508-3 (IEC 61508-6:2010)
(CEI 61508-6:2010)
This European Standard was approved by CENELEC on 2010-05-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.
CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
Management Centre: Avenue Marnix 17, B - 1000 Brussels
© 2010 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61508-6:2010 E
Foreword
The text of document 65A/553/FDIS, future edition 2 of IEC 61508-6, prepared by SC 65A, System
aspects, of IEC TC 65, Industrial-process measurement, control and automation, was submitted to the
IEC-CENELEC parallel vote and was approved by CENELEC as EN 61508-6 on 2010-05-01.
This European Standard supersedes EN 61508-6:2001.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent
rights.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2011-02-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2013-05-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 61508-6:2010 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
[1] IEC 61511 series NOTE Harmonized in EN 61511 series (not modified).
[2] IEC 62061 NOTE Harmonized as EN 62061.
[3] IEC 61800-5-2 NOTE Harmonized as EN 61800-5-2.
[4] IEC 61078:2006 NOTE Harmonized as EN 61078:2006 (not modified).
[5] IEC 61165:2006 NOTE Harmonized as EN 61165:2006 (not modified).
[16] IEC 61131-3:2003 NOTE Harmonized as EN 61131-3:2003 (not modified).
[18] IEC 61025:2006 NOTE Harmonized as EN 61025:2007 (not modified).
[26] IEC 60601 series NOTE Harmonized in EN 60601 series (partially modified).
[27] IEC 61508-1:2010 NOTE Harmonized as EN 61508-1:2010 (not modified).
[28] IEC 61508-5:2010 NOTE Harmonized as EN 61508-5:2010 (not modified).
[29] IEC 61508-7:2010 NOTE Harmonized as EN 61508-7:2010 (not modified).
__________
- 3 - EN 61508-6:2010
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
Publication Year Title EN/HD Year
IEC 61508-2 2010 Functional safety of EN 61508-2 2010
electrical/electronic/programmable electronic
safety-related systems -
Part 2: Requirements for
electrical/electronic/programmable electronic
safety-related systems
IEC 61508-3 2010 Functional safety of EN 61508-3 2010
electrical/electronic/programmable electronic
safety-related systems -
Part 3: Software requirements
IEC 61508-4 2010 Functional safety of EN 61508-4 2010
electrical/electronic/programmable electronic
safety-related systems -
Part 4: Definitions and abbreviations
IEC 61508-6 ®
Edition 2.0 2010-04
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Functional safety of electrical/electronic/programmable electronic safety-related
systems –
Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
Sécurité fonctionnelle des systèmes électriques/électroniques/électroniques
programmables relatifs à la sécurité –
Partie 6: Lignes directrices pour l'application de la CEI 61508-2 et de la
CEI 61508-3
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
XE
CODE PRIX
ICS 25.040.40 ISBN 978-2-88910-529-8
– 2 – 61508-6 © IEC:2010
CONTENTS
FOREWORD.6
INTRODUCTION.8
1 Scope.10
2 Normative references .12
3 Definitions and abbreviations.12
Annex A (informative) Application of IEC 61508-2 and of IEC 61508-3.13
Annex B (informative) Example of technique for evaluating probabilities of hardware
failure .21
Annex C (informative) Calculation of diagnostic coverage and safe failure fraction –
worked example.76
Annex D (informative) A methodology for quantifying the effect of hardware-related
common cause failures in E/E/PE systems.80
Annex E (informative) Example applications of software safety integrity tables of
IEC 61508-3 .95
Bibliography.110
Figure 1 – Overall framework of the IEC 61508 series .11
Figure A.1 – Application of IEC 61508-2 .17
Figure A.2 – Application of IEC 61508-2 (Figure A.1 continued).18
Figure A.3 – Application of IEC 61508-3 .20
Figure B.1 – Reliability Block Diagram of a whole safety loop .22
Figure B.2 – Example configuration for two sensor channels.26
Figure B.3 – Subsystem structure .29
Figure B.4 – 1oo1 physical block diagram .30
Figure B.5 – 1oo1 reliability block diagram.31
Figure B.6 – 1oo2 physical block diagram .32
Figure B.7 – 1oo2 reliability block diagram.32
Figure B.8 – 2oo2 physical block diagram .33
Figure B.9 – 2oo2 reliability block diagram.33
Figure B.10 – 1oo2D physical block diagram.33
Figure B.11 – 1oo2D reliability block diagram .34
Figure B.12 – 2oo3 physical block diagram .34
Figure B.13 – 2oo3 reliability block diagram.35
Figure B.14 – Architecture of an example for low demand mode of operation.40
Figure B.15 – Architecture of an example for high demand or continuous mode of
operation .49
Figure B.16 – Reliability block diagram of a simple whole loop with sensors organised
into 2oo3 logic .51
Figure B.17 – Simple fault tree equivalent to the reliability block diagram presented on
Figure B.1.52
Figure B.18 – Equivalence fault tree / reliability block diagram.52
Figure B.19 – Instantaneous unavailability U(t) of single periodically tested
components .54
Figure B.20 – Principle of PFD calculations when using fault trees.55
avg
61508-6 © IEC:2010 – 3 –
Figure B.21 – Effect of staggering the tests .56
Figure B.22 – Example of complex testing pattern .56
Figure B.23 – Markov graph modelling the behaviour of a two component system .58
Figure B.24 – Principle of the multiphase Markovian modelling .59
Figure B.25 – Saw-tooth curve obtained by multiphase Markovian approach.60
Figure B.26 – Approximated Markovian model .60
Figure B.27 – Impact of failures due to the demand itself.61
Figure B.28 – Modelling of the impact of test duration.61
Figure B.29 – Multiphase Markovian model with both DD and DU failures.62
Figure B.30 – Changing logic (2oo3 to 1oo2) instead of repairing first failure.63
Figure B.31 – "Reliability" Markov graphs with an absorbing state .63
Figure B.32 – "Availability" Markov graphs without absorbing states .65
Figure B.33 – Petri net for modelling a single periodically tested component.66
Figure B.34 – Petri net to model common cause failure and repair resources.69
Figure B.35 – Using reliability block diagrams to build Petri net and auxiliary Petri net
for PFD and PFH calculations .70
Figure B.36 – Simple Petri net for a single component with revealed failures and
repairs .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.