EN 61069-5:1995

SLOVENSKI STANDARD
01-november-1998
Industrial-process measurement and control - Evaluation of system properties for
the purpose of system assessment - Part 5: Assessment of system dependability
(IEC 61069-5:1994)
Industrial-process measurement and control - Evaluation of system properties for the
purpose of system assessment -- Part 5: Assessment of system dependability
Leittechnik für industrielle Prozesse - Ermittlung der Systemeigenschaften zum Zweck
der Eignungsbeurteilung eines Systems -- Teil 5: Eignungsbeurteilung der System-
Verläßlichkeit
Mesure et commande dans les processus industriels - Appréciation des propriétés d'un
système en vue de son évaluation -- Partie 5: Evaluation de la sûreté de fonctionnement
d'un système
Ta slovenski standard je istoveten z: EN 61069-5:1995
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

NORME CEI
INTERNATIONALE IEC
61069-5
INTERNATIONAL
Première édition
STANDARD
First edition
1994-12
Mesure et commande dans les processus
industriels –
Appréciation des propriétés d'un système
en vue de son évaluation –
Partie 5:
Evaluation de la sûreté de fonctionnement
d'un système
Industrial-process measurement and control –
Evaluation of system properties for
the purpose of system assessment –
Part 5:
Assessment of system dependability
© IEC 1994 Droits de reproduction réservés — Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in
utilisée sous quelque forme que ce soit et par aucun any form or by any means, electronic or mechanical,
procédé, électronique ou mécanique, y compris la photo- including photocopying and microfilm, without permission in
copie et les microfilms, sans l'accord écrit de l'éditeur. writing from the publisher.
International Electrotechnical Commission 3, rue de Varembé Geneva, Switzerland
Telefax: +41 22 919 0300 e-mail: inmail@iec.ch IEC web site http: //www.iec.ch
CODE PRIX
Commission Electrotechnique Internationale
V
PRICE CODE
International Electrotechnical Commission
IEC McHfayHapoAHaR 3neKTpoTexHwieceaR HOMHCCHA
Pour prix, voir catalogue en vigueur
• • For price, see current catalogue

– 3 –
1069-5©IEC:1994
CONTENTS
Page
FOREWORD 5
INTRODUCTION 9
Clause
1 Scope
2 Normative references
3 Definitions
4 Dependability properties
17 4.1 General
4.2 Dependability
4.3 Availability 19
4.4 Reliability
4.5 Maintainability
4.6 Credibility
4.7 Security
4.8 Integrity
5 Review of the system requirements document
6 Review of the system specification document 25
7 Assessment procedure
7.1 General
27 7.2 Analysis of the 'system requirements document and system specification document
7.3 Designing the assessment programme 31
7.4 Assessment programme
8 Evaluation techniques
8.1 General
8.2 Qualitative evaluation techniques
8.3 Quantitative evaluation techniques
9 Execution and reporting of the assessment
Figures
1 General layout of IEC 1069 11
2 Dependability hierarchy
Annexes
A Example of required information and documentation format for a master-slave
control task in a system requirements document
B Example of required information and documentation format for master-slave
control task in a system specification document
C Credibility tests
D Bibliography
1069-5 ©IEC:1994 —5—
INTERNATIONAL ELECTROTECHNICAL COMMISSION
INDUSTRIAL-PROCESS MEASUREMENT AND CONTROL -
EVALUATION OF SYSTEM PROPERTIES FOR
THE PURPOSE OF SYSTEM ASSESSMENT -
Part 5: Assessment of system dependability
FOREWORD
1) The IEC (International Electrotechnical Commission) is a worldwide organization for standardization
comprising all national electrotechnical committees (IEC National Committees). The object of the IEC is to
promote international cooperation on all questions concerning standardization in the electrical and
electronic fields. To this end and in addition to other activities, the IEC publishes International Standards.
Their preparation is entrusted to technical committees; any IEC National Committee interested in
the subject dealt with may participate in this preparatory work. International, governmental and
non-governmental organizations liaising with the IEC also participate in this preparation. The IEC
collaborates closely with the International Organization for Standardization (ISO) in accordance with
conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of the IEC on technical matters, prepared by technical committees on
which all the National Committees having a special interest therein are represented, express, as nearly as
possible, an international consensus of opinion on the subjects dealt with.
3) They have the form of recommendations for international use published in the form of standards, technical
reports or guides and they are accepted by the National Committees in that sense.
4) In order to promote international unification, IEC National Committees undertake to apply IEC International
Standards transparently to the maximum extent possible in their national and regional standards. Any
divergence between the IEC Standard and the corresponding national or regional standard shall be clearly
indicated in the latter.
International Standard IEC 1069-5 has been prepared by sub-committee 65A: System
aspects, of IEC technical committee 65: Industrial-process measurement and control.
The text of this part is based on the following documents:
DIS Report on voting
65A(CO)37 65A/166/RVD
Full information on the voting for the approval of this part can be found in the report on
voting indicated in the above table.
Annexes A, B, C and D are for information only.
The relation of this part to the other parts of IEC 1069 and the relative place of this part
within the standard is shown in figure 1.
Part 1 provides the overall guidance and as such is intended as a stand-alone
publication.
Part 2 details the assessment methodology.
Parts 3 to 8 provide guidance on the assessment of specific groups of properties.

1069-5 © I EC:1994 - 7 -
The division of properties in parts 3 to 8 have been chosen so as to group together related
properties.
IEC 1069 consists of the following parts, under the general title:
Industrial-process
measurement and control - Evaluation of system properties for the purpose of system
assessment:
Part 1: General considerations and methodology
Part
2: Assessment methodology
Part 3: Assessment of system functionality
(under consideration)
rt
Pa 4: Assessment of system pe rformance (under consideration)
Part
5: Assessment of system dependability
rt
Pa 6: Assessment of system operability (under consideration)
Part 7: Assessment of system safety
(under consideration)
Part
8: Assessment of non-task-related system properties (under consideration)

1069-5 © IEC:1994 _ 9 –
INTRODUCTION
This part of IEC 1069 deals with the method which should be used to assess the depend-
ability of industrial-process measurement and control systems. Assessment of a system is
the judgement, based on evidence, of the system's suitability for a specific mission or
class of missions.
To obtain total evidence would require a complete (i.e. under all influencing conditions)
evaluation of all system properties relevant to the specific mission or class of missions.
Since this is rarely practical, the rationale on which an assessment of a system should be
based is:
–
to identify the criticality of each of the relevant system properties;
–
to plan for evaluation of the relevant system properties with a cost-effective dedi-
cation of effort to the various properties.
In conducting an assessment of a system, it is crucial to bear in mind the need to gain a
maximum increase in confidence in the suitability of a system within practical cost and
time constraints.
An assessment can only be carried out if a mission has been stated (or given) or if any
mission can be hypothesized. In the absence of a mission, no assessment can be made;
however, evaluations (as defined in IEC 1069-1) can still be specified and be carried out
for use in assessments performed by others. In such cases, the standard can be used as a
guide for planning an evaluation and it provides procedures for performing evaluations,
since evaluations are an integral part of assessment.

1069-5 ©IEC:1994 - 11 -
Part 1:
General considerations
and methodology
Scope
Definitions
Basis of assessment
Assessment considerations
The system
Properties
Influencing conditions
Assessment procedures
Definition of the objective
Design and layout
Part 2:
Methodology
Analysis of objectives
Analysis of system requirements
Analysis of system specification
Planning
Design of assessment programme
Facilities
Expertise
Time
Funds
Protocol Execution of assessment programme
Monitor and control
Part 3: Functionality
Part 4: Performance
Part 5: Dependability
Part 6: Operability
Part 7: Safety
Part 8: NTR Properties
Assessment report
Figure 1 - General layout of IEC 1069

1069-5 © IEC:1994 - 13 -
INDUSTRIAL-
PROCESS MEASUREMENT AND CONTROL -
EVALUATION OF SYSTEM PROPERTIES FOR
THE PURPOSE OF SYSTEM ASSESSMENT -
Part 5: Assessment of system dependability
1 Scope
This part of IEC 1069 describes in detail the method to be used to systematically assess
the dependability of industrial-process measurement and control systems.
The assessment methodology detailed in IEC 1069-2 is applied to obtain the dependability
assessment programme.
The subsidiary dependability properties are analyzed, and criteria to be taken into account
when assessing dependability are described.
2 Normative references
The following normative documents contain provisions which, through reference in this
text, constitute provisions of this pa rt of IEC 1069. At the time of publication, the editions
indicated were valid. All normative documents are subject to revision, and pa rties making
agreements based on this pa rt of IEC 1069 are encouraged to investigate the possibility of
applying the most recent editions of the normative documents indicated below. Members
of IEC and ISO maintain registers of currently valid International Standards.
IEC 50(191): 1990,
International Electrotechnical Vocabulary (lEV) - Chapter 191:
Dependability and quality of service
IEC 68: Environmental testing
IEC 300-3-2: 1993,
Dependability management - Part 3: Application guide - Section 2:
Collection of dependability data from the field.
IEC 706-4: 1992, Guide on maintainability of equipment - Pa
rt 4 - Section 8: Maintenance
and maintenance support planning
IEC 801: Electromagnetic compatibility for industrial-process measurement and control
equipment
IEC 812: 1985,
Analysis techniques for system reliability - Procedure for failure mode and
effects analysis (FMEA)
IEC 863: 1986,
Presentation of reliability, maintainability and availability predictions
IEC 1000: Electromagnetic compatibility (EMC)
IEC 1025: 1990,
Fault tree analysis (FTA)
IEC 1069-1: 1991,
Industrial-process measurement and control - Evaluation of system
properties for the purpose of system assessment - Part 1: General considerations and
methodology
- 15 -
1069-5 © I EC:1994
IEC 1069-2: 1993, Industrial-process measurement and control - Evaluation of system
properties for the purpose of system assessment - Pa rt 2: Assessment methodology
IEC 1070: 1991, Compliance test procedures for steady-state availability
IEC 1078: 1991, Analysis techniques for dependability - Reliability block diagram method
IEC 1132: 199x, Failure rate prediction of items having a series structure (in preparation)
IEC 1165: 199x, Application of Markov techniques (in preparation)
3 Definitions
For the purpose of this part of IEC 1069 the following definitions apply.
The definitions marked with an * are identical with those given in IEC 50(191). In order
that the definitions are understood consistently throughout all parts of IEC 1069, these
definitions are commented upon in notes at the end of this clause.
The extent to which a system can be relied upon to perform
3.1 dependability:
exclusively and correctly a task under given conditions at a given instant of time or over a
given time interval, assuming that the required external resources are provided.
3.2 reliability*: The ability of an item to perform a required function under given
conditions for a given time inte rval.
3.3 maintainability`: The ability of an item under given conditions of use, to be retained
in, or restored to, a state in which it can perform a required function, when maintenance is
performed under given conditions and using stated procedures and resources.
3.4 availability*: The ability of an item to be in a state to perform a required function
under given conditions at a given instant or over a given time interval, assuming that the
required external resources are provided.
3.5 integrity: The assurance provided by a system that the tasks will be performed
correctly unless notice is given of any state of the system, which could lead to the
contrary.
3.6 security: The assurance provided by a system that any incorrect input, or un-
authorized access is denied.
3.7 credibility: The extent to which a system is able to recognize and signal the state of
the system and to withstand incorrect inputs or unauthorized access.
NOTE - For the purpose of this standard, it is understood that:
- "an item" is an industrial-process measurement and control system;
- "a required function" is a task. In case of an evaluation, a "task" should be understood as a "system
task". Task and function are defined in 2.2.4 and 2.2.5 of IEC 1069-1.

1069-5 ©IEC:1994 -17 -
4 Dependability properties
4.1 General
For a system to be dependable it is necessary that it is ready to perform its functions. This
is an availability issue and depends on the frequency of the system failures (reliability)
and the time necessary to restore the system (maintainability).
However, in practice, when the system is ready to perform its function, this does not mean
that it is sure that the functions are performed correctly.
This is a credibility issue, which depends:
- on the ability of the system to provide warning should it fail into
...