EN 61508-3:2001

6/29(16., 6,67(1

67$1'$5'
MDQXDU
)XQNFLMVNDYDUQRVWHOHNWULþQLKHOHNWURQVNLKSURJUDPLUOMLYLKHOHNWURQVNLK
YDUQRVWQLKVLVWHPRYGHO3URJUDPVNH]DKWHYH,(&
SRSUDYHN
LVWRYHWHQ(1
)XQFWLRQDOVDIHW\RIHOHFWULFDOHOHFWURQLFSURJUDPPDEOHHOHFWURQLFVDIHW\UHODWHG
V\VWHPV3DUW6RIWZDUHUHTXLUHPHQWV,(&&RUULJHQGXP
,&6 5HIHUHQþQDãWHYLOND

6,67(1HQ
!"#$%&’( )&!*+,%- .
EUROPEAN STANDARD EN 61508-3
NORME EUROPÉENNE
EUROPÄISCHE NORM December 2001
ICS 25.040.40
English version
Functional safety of electrical/electronic/programmable electronic
safety-related systems
Part 3: Software requirements
(IEC 61508-3:1998 + corrigendum 1999)
Sécurité fonctionnelle des systèmes Funktionale Sicherheit
électriques/électroniques/électroniques sicherheitsbezogener elektrischer/
programmables relatifs à la sécurité elektronischer/programmierbarer
Partie 3: Prescriptions concernant les elektronischer Systeme
logiciels Teil 3: Anforderungen an Software
(CEI 61508-3:1998 + corrigendum 1999) (IEC 61508-3:1998 + Corrigendum 1999)
This European Standard was approved by CENELEC on 2001-07-03. CENELEC members are bound to
comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and
notified to the Central Secretariat has the same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Czech Republic,
Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands,
Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom.
CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
Central Secretariat: rue de Stassart 35, B - 1050 Brussels
© 2001 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61508-3:2001 E
Foreword
The text of the International Standard IEC 61508-3:1998 including its corrigendum April 1999,
prepared by SC 65A, System aspects, of IEC TC 65, Industrial-process measurement and control,
was submitted to the Unique Acceptance Procedure and was approved by CENELEC as EN 61508-3
on 2001-07-03 without any modification.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2002-08-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2004-08-01
Annexes designated "normative" are part of the body of the standard.
Annexes designated "informative" are given for information only.
In this standard, annexes A, B and ZA are normative and annex C is informative.
Annex ZA has been added by CENELEC.
IEC 61508 is a basic safety publication covering the functional safety of electrical, electronic and
programmable electronic safety-related systems. The scope states:
"This International Standard covers those aspects to be considered when electrical/electronic/
programmable electronic systems (E/E/PESs) are used to carry out safety functions. A major objective
of this standard is to facilitate the development of application sector international standards by the
technical committees responsible for the application sector. This will allow all the relevant factors
associated with the application, to be fully taken into account and thereby meet the specific needs of
the application sector. A dual objective of this standard is to enable the development of
electrical/electronic/programmable electronic (E/E/PE) safety-related systems where application sector
international standards may not exist".
The CENELEC Report R0BT-004, ratified by 103 BT (March 2000) accepts that some IEC standards,
which today are either published or under development, are sector implementations of IEC 61508. For
example:
� IEC 61511, Functional safety - Safety instrumented systems for the process industry sector;
� IEC 62061, Safety of machinery – Functional safety of electrical, electronic and programmable
electronic control systems;
� IEC 61513, Nuclear power plants – Instrumentation and control for systems important to safety –
General requirements for systems.
The railways sector has also developed a set of European Standards (EN 50126; EN 50128 and
prEN 50129).
NOTE  EN 50126 and EN 50128 were based on earlier drafts of IEC 61508. prEN 50129 is based on the principles of the
latest version of IEC 61508.
This list does not preclude other sector implementations of IEC 61508 which could be currently under
development or published within IEC or CENELEC.
__________
- 3 - EN 61508-3:2001
Endorsement notice
The text of the International Standard IEC 61508-3:1998 including its corrigendum April 1999 was
approved by CENELEC as a European Standard without any modification.
__________
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
This European Standard incorporates by dated or undated reference, provisions from other
publications. These normative references are cited at the appropriate places in the text and the
publications are listed hereafter. For dated references, subsequent amendments to or revisions of any
of these publications apply to this European Standard only when incorporated in it by amendment or
revision. For undated references the latest edition of the publication referred to applies (including
amendments).
NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
Publication Year Title EN/HD Year
IEC 61508-1 1998 Functional safety of EN 61508-1 2001
+ corr. May 1999 electrical/electronic/programmable
electronic safety-related systems
Part 1: General requirements
IEC 61508-2 2000 Part 2: Requirements for EN 61508-2 2001
electrical/electronic/programmable
electronic safety-related systems
IEC 61508-4 1998 Part 4: Definitions and abbreviations EN 61508-4 2001
+ corr. April 1999
IEC 61508-5 1998 Part 5: Examples of methods for the EN 61508-5 2001
+ corr. April 1999 determination of safety integrity levels
IEC 61508-6 2000 Part 6: Guidelines on the application of EN 61508-6 2001
IEC 61508-2 and IEC 61508-3
IEC 61508-7 2000 Part 7: Overview of techniques and EN 61508-7 2001
measures
ISO/IEC Guide 51 1990 Guidelines for the inclusion of safety--
aspects in standards
IEC Guide 104 1997 The preparation of safety publications--
and the use of basic safety publications
and group safety publications
INTERNATIONAL IEC
STANDARD
61508-3
First edition
1998-12
BASIC SAFETY PUBLICATION
Functional safety of electrical/electronic/
programmable electronic safety-related systems –
Part 3:
Software requirements
 IEC 1998 Copyright - all rights reserved
No part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical,
including photocopying and microfilm, without permission in writing from the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch  Web: www.iec.ch
PRICE CODE
X
Commission Electrotechnique Internationale
International Electrotechnical Commission
Международная Электротехническая Комиссия
For price, see current catalogue

61508-3  IEC:1998 – 3 –
CONTENTS
Page
FOREWORD . 7
INTRODUCTION . 9
Clause
1 Scope. 13
2 Normative references. 19
3 Definitions and abbreviations . 19
4 Conformance to this standard . 19
5 Documentation . 19
6 Software quality management system . 21
6.1 Objectives. 21
6.2 Requirements . 21
7 Software safety lifecycle requirements . 23
7.1 General . 23
7.2 Software safety requirements specification. 35
7.3 Software safety validation planning . 39
7.4 Software design and development. 43
7.5 Programmable electronics integration (hardware and software) . 55
7.6 Software operation and modification procedures. 57
7.7 Software safety validation . 57
7.8 Software modification. 61
7.9 Software verification . 65
8 Functional safety assessment . 73
Annex A (normative) Guide to the selection of techniques and measures . 75
Annex B (normative) Detailed tables . 87
Annex C (informative) Bibliography . 95
Tables
1 Software safety lifecycle: overview. 29
A.1 Software safety requirements specification (see 7.2). 77
A.2 Software design and development: software architecture design (see 7.4.3). 77
A.3 Software design and development: support tools and programming language
(see 7.4.4). 79
A.4 Software design and development: detailed design (see 7.4.5 and 7.4.6) . 79

61508-3  IEC:1998 – 5 –
Table Page
A.5 Software design and development: software module testing and integration
(see 7.4.7 and 7.4.8) . 81
A.6 Programmable electronics integration (hardware and software) (see 7.5) . 81
A.7 Software safety validation (see 7.7) . 81
A.8 Modification (see 7.8) . 83
A.9 Software verification (see 7.9) . 83
A.10 Functional safety assessment (see clause 8) . 85
B.1 Design and coding standards (referenced by table A.4). 87
B.2 Dynamic analysis and testing (referenced by tables A.5 and A.9) . 87
B.3 Functional and black-box testing (referenced by tables A.5, A.6 and A.7) . 89
B.4 Failure analysis (referenced by table A.10) . 89
B.5 Modelling (referenced by table A.7). 89
B.6 Performance testing (referenced by tables A.5 and A.6) . 91
B.7 Semi-formal methods (referenced by tables A.1, A.2 and A.4) . 91
B.8 Static analysis (referenced by table A.9) . 91
B.9 Modular approach (referenced by table A.4). 93
Figures
1 Overall framework of this standard. 17
2 E/E/PES safety lifecycle (in realisation phase) . 25
3 Software safety lifecycle (in realisation phase) . 25
4 Relationship between and scope of IEC 61508-2 and 61508-3 . 27
5 Software safety integrity and the development lifecycle (the V-model) . 27
6 Relationship between the hardware and software architectures of programmable
electronics. 35

61508-3  IEC:1998 – 7 –
FUNCTIONAL SAFETY OF
ELECTRICAL/ELECTRONIC/PROGRAMMABLE ELECTRONIC
SAFETY-RELATED SYSTEMS –
Part 3: Software requirements
FOREWORD
1) The IEC (International Electrotechnical Commission) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of the IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, the IEC publish
...