EN 62061:2005

SLOVENSKI SIST EN 62061:2005
STANDARD
december 2005
Varnost strojev – Funkcijska varnost na varnost vezanih električnih,
elektronskih in programirljivih elektronskih krmilnih sistemov (IEC
62061:2005)
Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems (IEC 62061:2005)
ICS 13.110; 25.040.40 Referenčna številka
©  Standard je založil in izdal Slovenski inštitut za standardizacijo. Razmnoževanje ali kopiranje celote ali delov tega dokumenta ni dovoljeno

EUROPEAN STANDARD EN 62061
NORME EUROPÉENNE
EUROPÄISCHE NORM April 2005
ICS 13.110; 25.040.99; 29.020
English version
Safety of machinery –
Functional safety of safety-related electrical,
electronic and programmable electronic control systems
(IEC 62061:2005)
Sécurité des machines –  Sicherheit von Maschinen –
Sécurité fonctionnelle des systèmes Funktionale Sicherheit
de commande électriques, électroniques sicherheitsbezogener elektrischer,
et électroniques programmables relatifs elektronischer und programmierbarer
à la sécurité elektronischer Steuerungssysteme
(CEI 62061:2005) (IEC 62061:2005)

This European Standard was approved by CENELEC on 2004-12-01. CENELEC members are bound to
comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and
notified to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden,
Switzerland and United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2005 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.

Ref. No. EN 62061:2005 E
Foreword
The text of document 44/460/FDIS, future edition 1 of IEC 62061, prepared by IEC TC 44, Safety of
machinery - Electrotechnical aspects, was submitted to the IEC-CENELEC parallel vote and was
approved by CENELEC as EN 62061 on 2004-12-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2005-11-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2007-12-01
This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and covers essential requirements of
EC Directive 98/37/EC. See Annex ZZ.
PROOF TEST INTERVAL AND LIFETIME
The following important information should be noted in relation to the requirements of this standard:
Where the probability of dangerous failure per hour (PFH ) is highly dependent upon proof testing (i.e.
D
tests intended to reveal faults not detected by diagnostic functions) then the proof test interval needs
to be shown as realistic and practicable in the context of the expected use of the safety-related
electrical control system (SRECS) (e.g. proof test intervals of less than 10 years can be unreasonably
short for many machinery applications).
CEN/TC114/WG6 have used a proof test interval (mission time) of 20 years to support the estimation
of mean time to dangerous failure (MTTF ) for the realization of designated architectures in Annex B
D
of prEN ISO 13849-1. Therefore, it is recommended that SRECS designers endeavour to use a 20
year proof test interval.
It is acknowledged that some subsystems and/or subsystem elements (e.g. electro-mechanical
components with high duty cycles) will require replacement within the SRECS proof test interval.
Proof testing involves detailed and comprehensive checks that can, in practice, only be performed
when the SRECS and/or its subsystems has been designed to facilitate proof testing (e.g. dedicated
test ports) and provided with necessary information (e.g. proof test instructions).
To ensure the validity of the proof test interval specified by the designer it is important that any other
necessary designated tests (e.g. functional tests) are also successfully performed at the SRECS.
Annexes ZA and ZZ have been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 62061:2005 was approved by CENELEC as a European
Standard without any modification.
__________
- 3 - EN 62061:2005
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
NOTE Where an international publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
Publication Year Title EN/HD Year
1) 2)
IEC 60204-1 - Safety of machinery - Electrical EN 60204-1 1997
equipment of machines + corr. September 1998
Part 1: General requirements
1) 2)
IEC 61000-6-2, - Electromagnetic compatibility (EMC) EN 61000-6-2 2001
mod. Part 6-2: Generic standards - Immunity
for industrial environments
IEC 61310 Series Safety of machinery - Indication, marking EN 61310 Series
and actuation
1) 2)
IEC 61508-2 - Functional safety of EN 61508-2 2001
electrical/electronic/programmable
electronic safety-related systems
Part 2: Requirements for
electrical/electronic/programmable
electronic safety-related systems

1) 2)
IEC 61508-3 - Part 3: Software requirements EN 61508-3 2001

EN ISO 12100-1 2003
ISO 12100-1 2003 Safety of machinery
Basic concepts, general principles for
design -- Part 1: Basic terminology,
methodology
ISO 12100-2 2003 Basic concepts, general principles for EN ISO 12100-2 2003
design -- Part 2: Technical principles

ISO 13849-1 1999 Safety of machinery - Safety-related parts - -
of control systems
Part 1: General principles for design

ISO 13849-2 2003 Part 2: Validation EN ISO 13849-2 2003

1)
ISO 14121 - Safety of machinery - -
Principles of risk assessment
1)
Undated reference.
2)
Valid edition at date of issue.

Annex ZZ
(informative)
Coverage of Essential Requirements of EC Directives
This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and within its scope the standard covers the
following essential requirements out of those given in Annex I of the EC Directive 98/37/EC:
– 1.2.1;
– 1.2.7.
Compliance with this standard provides one means of conformity with the specified essential
requirements of the Directive concerned.
WARNING: Other requirements and other EC Directives may be applicable to the products falling
within the scope of this standard.
__________
IEC 62061
Edition 1.0 2005-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Safety of machinery – Functional safety of safety-related electrical, electronic
and programmable electronic control systems

Sécurité des machines – Sécurité fonctionnelle des systèmes de commande
électriques, électroniques et électroniques programmables relatifs à la sécurité

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
XD
CODE PRIX
ICS 13.110; 25.040.99; 29.020 ISBN 2-8318-7818-7

– 2 – 62061 © IEC:2005
CONTENTS
FOREWORD.5
INTRODUCTION.7

1 Scope and object.10
2 Normative references .11
3 Terms, definitions and abbreviations .12
3.1 Alphabetical list of definitions .12
3.2 Terms and definitions .14
3.3 Abbreviations .22
4 Management of functional safety .23
4.1 Objective.23
4.2 Requirements.23
5 Requirements for the specification of Safety-Related Control Functions (SRCFs) .24
5.1 Objective.24
5.2 Specification of requirements for SRCFs .24
6 Design and integration of the safety-related electrical control system (SRECS) .27
6.1 Objective.27
6.2 General requirements.27
6.3 Requirements for behaviour (of the SRECS) on detection
of a fault in the SRECS .28
6.4 Requirements for systematic safety integrity of the SRECS .29
6.5 Selection of safety-related electrical control system .31
6.6 Safety-related electrical control system (SRECS) design and development .31
6.7 Realisation of subsystems .36
6.8 Realisation of diagnostic functions .52
6.9 Hardware implementation of the SRECS .53
6.10 Software safety requirements specification.53
6.11 Software design and development.54
6.12 Safety-related electrical control system integration and testing.62
6.13 SRECS installation .63
7 Information for use of the SRECS.63
7.1 Objective.63
7.2 Documentation for installation, use and maintenance .63
8 Validation of the safety-related electrical control system.64
8.1 General requirements.65
8.2 Validation of SRECS systematic safety integrity .65
9 Modification.66
9.1 Objective.66
9.2 Modification procedure .66
9.3 Configuration management procedures .67
10 Documentation .69

62061 © IEC:2005 – 3 –
Annex A (informative) SIL assignment .71
Annex B (informative)  Example of safety-related electrical control system (SRECS)
design using concepts and requirements of Clauses 5 and 6 .79
Annex C (informative) Guide to embedded software design and development.86
Annex D (informative) Failure modes of electrical/electronic components .95
Annex E (informative) Electromagnetic (EM) phenomenon and increased immunity
levels for SRECS intended for use in an industrial environment according to
IEC 61000-6-2 .100
Annex F (informative) Methodology for the estimation of susceptibility to common
cause failures (CCF).102

Figure 1 – Relationship of IEC 62061 to other relevant standards .8
Figure 2 – Workflow of the SRECS design and development process .33
Figure 3 – Allocation of safety requirements of the function blocks to subsystems
(see 6.6.2.1.1) .
...