Demonstration of dependability requirements - The dependability case

IEC 62741:2015 gives guidance on the content and application of a dependability case and establishes general principles for the preparation of a dependability case. This standard is written in a basic project context where a customer orders a system that meets dependability requirements from a supplier and then manages the system until its retirement. The methods provided in this standard may be modified and adapted to other situations as needed. The dependability case is normally produced by the customer and supplier but can also be used and updated by other organizations. For example, certification bodies and regulators may examine the submitted case to support their decisions and users of the system may update/expand the case, particularly where they use the system for a different purpose. Keywords: dependability, reliability, availability, maintainability, supportability, usability, testability, durability.

Leitfaden zur Darlegung von Zuverlässigkeitsanforderungen - Der Zuverlässigkeitsnachweis

Démonstration des exigences de sûreté de fonctionnement - Argumentaire dans le cadre de la sûreté de fonctionnement

L'IEC 62741:2015 fournit des lignes directrices concernant le contenu et l'application d'une étude de sûreté de fonctionnement et établit les principes généraux pour la préparation d'une étude de sûreté de fonctionnement. La présente norme est rédigée dans le cadre d'un projet de base où un client commande un système qui satisfait aux exigences de sûreté de fonctionnement d'un fournisseur et gère alors le système jusqu'à sa mise hors service. Les méthodes fournies dans cette norme peuvent être modifiées et adaptées aux autres situations, si nécessaire. L'étude de sûreté de fonctionnement est normalement produite par le client et le fournisseur et peut également être utilisée et mise à jour par d'autres organisations. Par exemple, les organismes de certification et législateurs peuvent examiner l'étude soumise pour étayer leurs décisions et les utilisateurs du système peuvent mettre à jour/développer l'étude, notamment lorsqu'ils utilisent le système à une autre fin. Mots clés: sûreté de fonctionnement, la fiabilité, la disponibilité, la maintenabilité, l'aptitude au soutien, l'utilisation, la testability, la durabilité.

Vodilo za predstavitev zahtev za zagotovljivost - Primer zagotovljivosti

Ta mednarodni standard nudi smernice glede vsebine in uporabe primera zagotovljivosti in vzpostavlja osnovne principe za pripravo primera zagotovljivosti. Ta standard je napisan v okviru osnovnega projekta, kjer stranka pri dobavitelju naroči sistem, ki ustreza zahtevam za zagotovljivost, in ga nato upravlja do konca življenjske dobe. Metodo, ki jo ta standard zagotavlja, se lahko po potrebi spremeni in prilagodi, da ustreza drugačnim situacijam. Primer zagotovljivosti navadno ustvarita stranka in dobavitelj, lahko pa ga uporabljajo in posodabljajo tudi druge organizacije. Na primer, certifikacijski in upravni organi lahko pregledajo dobljeni primer, da lahko podprejo svoje odločitve, uporabniki sistema pa lahko posodobijo/razširijo primer, posebej če uporabljajo sistem v drugačne namene.

General Information

Status
Published
Publication Date
26-Mar-2015
Technical Committee
Drafting Committee
Current Stage
6060 - Document made available
Due Date
27-Mar-2015
Completion Date
27-Mar-2015

Buy Standard

Standard
EN 62741:2015 - Vodni pretisk na sredini strani na PDF-str 30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45
English language
48 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day
Standard
EN 62741:2015 - brez vodnega pretiska, ker se tekst pri IEC standardu prestavi na sredino strani
English language
48 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN 62741:2015
01-september-2015
Vodilo za predstavitev zahtev za zagotovljivost - Primer zagotovljivosti

Guide to the demonstration of dependability requirements - The dependability case

Leitfaden zur Darlegung von Zuverlässigkeitsanforderungen - Der
Zuverlässigkeitsnachweis

Démonstration des exigences de sûreté de fonctionnement - Argumentaire dans le cadre

de la sûreté de fonctionnement
Ta slovenski standard je istoveten z: EN 62741:2015
ICS:
03.120.01 Kakovost na splošno Quality in general
21.020 Značilnosti in načrtovanje Characteristics and design of
strojev, aparatov, opreme machines, apparatus,
equipment
SIST EN 62741:2015 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 62741:2015
---------------------- Page: 2 ----------------------
SIST EN 62741:2015
EUROPEAN STANDARD EN 62741
NORME EUROPÉENNE
EUROPÄISCHE NORM
March 2015
ICS 21.020; 03.120.01
English Version
Demonstration of dependability requirements -
The dependability case
(IEC 62741:2015)

Démonstration des exigences de sûreté de fonctionnement Leitfaden zur Darlegung von Zuverlässigkeitsanforderungen

- Argumentaire dans le cadre de la sûreté de - Der Zuverlässigkeitsnachweis
fonctionnement (IEC 62741:2015)
(IEC 62741:2015)

This European Standard was approved by CENELEC on 2015-03-24. CENELEC members are bound to comply with the CEN/CENELEC

Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC

Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the

same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,

Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels

© 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN 62741:2015 E
---------------------- Page: 3 ----------------------
SIST EN 62741:2015
EN 62741:2015 - 2 -
Foreword

The text of document 56/1591/FDIS, future edition 1 of IEC 62741, prepared by IEC/TC 56

"Dependability" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as

EN 62741:2015.
The following dates are fixed:
• latest date by which the document has to be (dop) 2015-12-24
implemented at national level by
publication of an identical national
standard or by endorsement
(dow) 2018-03-24
• latest date by which the national
standards conflicting with the
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such

patent rights.
Endorsement notice

The text of the International Standard IEC 62741:2015 was approved by CENELEC as a European

Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60300-3-1 NOTE Harmonized as EN 60300-3-1.
IEC 60300-3-4 NOTE Harmonized as EN 60300-3-4.
IEC 61078 NOTE Harmonized as EN 61078.
IEC 62347 NOTE Harmonized as EN 62347.
IEC/ISO 31010 NOTE Harmonized as EN 31010.
IEC 62198 NOTE Harmonized as EN 62198.
---------------------- Page: 4 ----------------------
SIST EN 62741:2015
- 3 - EN 62741:2015
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are

indispensable for its application. For dated references, only the edition cited applies. For undated

references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:

www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60050-192 - International electrotechnical vocabulary - - -
Part 192: Dependability
IEC 60300-1 - Dependability management -- EN 60300-1 -
Part 1: Guidance for management and
application
ISO 31000 - Risk management - Principles and - -
guidelines
---------------------- Page: 5 ----------------------
SIST EN 62741:2015
---------------------- Page: 6 ----------------------
SIST EN 62741:2015
IEC 62741
Edition 1.0 2015-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Demonstration of dependability requirements – The dependability case
Démonstration des exigences de sûreté de fonctionnement – Argumentaire
dans le cadre de la sûreté de fonctionnement
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 03.120.01; 21.020 ISBN 978-2-8322-2247-8

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
SIST EN 62741:2015
– 2 – IEC 62741:2015 © IEC 2015
CONTENTS

FOREWORD ........................................................................................................................... 4

INTRODUCTION ..................................................................................................................... 6

1 Scope .............................................................................................................................. 7

2 Normative references ...................................................................................................... 7

3 Terms, definitions and abbreviations ............................................................................... 7

3.1 Terms and definitions .............................................................................................. 7

3.2 Abbreviations .......................................................................................................... 8

4 Background to the dependability case ............................................................................. 8

4.1 Principles and purpose ........................................................................................... 8

4.2 Relationship between the dependability case and dependability plans .................... 9

4.3 Progressive assurance of dependability ................................................................ 10

5 Principles of the dependability case ............................................................................... 11

5.1 Description of the dependability case .................................................................... 11

5.2 Making claims in the dependability case ............................................................... 12

5.3 Using evidence in the dependability case .............................................................. 13

5.4 Evidence framework .............................................................................................. 14

5.5 Dependability case report ..................................................................................... 16

6 Development of the dependability case .......................................................................... 16

6.1 General ................................................................................................................. 16

6.2 Preparation of the dependability case ................................................................... 17

6.3 Concept stage ....................................................................................................... 18

6.4 Development stage ............................................................................................... 19

6.5 Realization stage .................................................................................................. 19

6.6 Utilization stage .................................................................................................... 20

6.7 Enhancement stage .............................................................................................. 20

6.8 Retirement stage .................................................................................................. 20

7 Assessing the adequacy of evidence ............................................................................. 21

Annex A (informative) Evidence framework .......................................................................... 22

A.1 General ................................................................................................................. 22

A.2 Abbreviations used only in this annex ................................................................... 23

Annex B (informative) General requirements for the dependability case report ..................... 40

B.1 General ................................................................................................................. 40

B.2 Elements required for the dependability case report .............................................. 40

B.3 Context and assumptions ...................................................................................... 40

B.3.1 Stakeholders ................................................................................................. 40

B.3.2 System description ........................................................................................ 41

B.3.3 Dependability requirements ........................................................................... 41

B.3.4 Limitations on use ......................................................................................... 41

B.3.5 Assumptions .................................................................................................. 41

B.4 Risks .................................................................................................................... 41

B.5 Dependability plan ................................................................................................ 42

B.6 The evidence framework ....................................................................................... 42

B.7 Body of evidence .................................................................................................. 42

B.8 Review of evidence to date ................................................................................... 42

B.9 Dependability claims and argument ....................................................................... 42

---------------------- Page: 8 ----------------------
SIST EN 62741:2015
IEC 62741:2015 © IEC 2015 – 3 –

B.10 Conclusions and recommendations ....................................................................... 42

Annex C (informative) Checklist of points for assessing the adequacy of evidence .............. 44

Bibliography .......................................................................................................................... 45

Figure 1 – Illustration of progressive assurance process ....................................................... 11

Figure 2 – The development of claims ................................................................................... 12

Figure 3 – Establishment and development of the evidence framework ................................. 15

Table A.1 – Evidence framework for system “X” .................................................................... 24

Table A.2 – Evidence framework for system Y ...................................................................... 28

---------------------- Page: 9 ----------------------
SIST EN 62741:2015
– 4 – IEC 62741:2015 © IEC 2015
INTERNATIONAL ELECTROTECHNICAL COMMISSION
______________
DEMONSTRATION OF DEPENDABILITY REQUIREMENTS –
THE DEPENDABILITY CASE
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

services carried out by independent certification bodies.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

International Standard IEC 62741 has been prepared by IEC technical committee 56:

Dependability.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1591/FDIS 56/1609/RVD

Full information on the voting for the approval of this standard can be found in the report on

voting indicated in the above table.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 10 ----------------------
SIST EN 62741:2015
IEC 62741:2015 © IEC 2015 – 5 –

The committee has decided that the contents of this publication will remain unchanged until

the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data

related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 11 ----------------------
SIST EN 62741:2015
– 6 – IEC 62741:2015 © IEC 2015
INTRODUCTION

Dependability is the ability to perform as and when required. Acceptable levels of

dependability are therefore essential for continued performance and optimized life cycle

costs.

In order to achieve dependability of a system, dependability requirements should be

established, the risks of not meeting them identified and a suitable set of activities developed

to meet and demonstrate the requirements and manage the risks. A dependability case

provides a convenient and convincing means of recording the output of these activities in a

single location and presenting an argument, supported by evidence, that risks have been

treated and that the necessary dependability has been or will be achieved and will continue to

be achieved over time. It serves as the main means of communication on dependability

among customers, suppliers and other stakeholders and promotes cooperation among them.

This is essential for dependability achievement and providing assurance as part of the

customer/supplier relationship.

Preparing a dependability case can also improve dependability through the actions taken to

prepare and develop the argument within the dependability case. It can improve the cost

effectiveness of a dependability programme because if an activity does not provide evidence

to support the case, this may indicate that the activity is not necessary.

The activities required for the achievement of dependability depend on the nature and

development state of the system and are likely to vary significantly from one project to

another.

Throughout this International Standard, the term "dependability" includes all aspects of

reliability, availability, maintainability and supportability, as well as other attributes such as

usability, testability and durability. In addition, dependability of a system includes all aspects

of that system, including components, processes, hardware, software and the interfaces

between them.

This standard is intended as guidance: the guidelines are not prescriptive in nature, they are

generic, they should be tailored to the specific objectives and are not exhaustive.

This standard does not address safety or the environment.
---------------------- Page: 12 ----------------------
SIST EN 62741:2015
IEC 62741:2015 © IEC 2015 – 7 –
DEMONSTRATION OF DEPENDABILITY REQUIREMENTS –
THE DEPENDABILITY CASE
1 Scope

This International Standard gives guidance on the content and application of a dependability

case and establishes general principles for the preparation of a dependability case.

This standard is written in a basic project context where a customer orders a system that

meets dependability requirements from a supplier and then manages the system until its

retirement. The methods provided in this standard may be modified and adapted to other

situations as needed.

The dependability case is normally produced by the customer and supplier but can also be

used and updated by other organizations. For example, certification bodies and regulators

may examine the submitted case to support their decisions and users of the system may

update/expand the case, particularly where they use the system for a different purpose.

2 Normative references

The following documents, in whole or in part, are normatively referenced in this document and

are indispensable for its application. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any
amendments) applies.

IEC 60050-192, International Electrotechnical Vocabulary – Part 192: Dependability

IEC 60300-1, Dependability management – Part 1: Guidance for management and application

ISO 31000, Risk management – Principles and guidelines
3 Terms, definitions and abbreviations

For the purposes of this document, the terms and definitions given in IEC 60050-192, as well

as the following, apply.
3.1 Terms and definitions
3.1.1
dependability case

evidence-based, reasoned, traceable argument created to support the contention that a

defined system does and/or will satisfy the dependability requirements
3.1.2
evidence framework
structure identifying what evidence will be/has been produced and when
_____________
To be published.
---------------------- Page: 13 ----------------------
SIST EN 62741:2015
– 8 – IEC 62741:2015 © IEC 2015
3.1.3
off-the-shelf
OTS

non-developmental item of supply that is both commercial and sold in substantial quantities in

the commercial marketplace

Note 1 to entry: Sometimes referred to as COTS (commercial off-the-shelf) or MOTS (modified off-the-shelf).

3.1.4
customer

party which orders or specifies the item, including the dependability requirements

Note 1 to entry: This could be an organization, sponsor, department, company or an individual and can change

through the life cycle.
3.1.5
subsystem
part of a system, which is itself a system
3.1.6
supplier
party which supplies the item, which meets its dependability requirement

Note 1 to entry: This could be an organization, department, company or an individual and can change through the

life cycle.
3.1.7
system
defined set of items that collectively fulfil a requirement

Note 1 to entry: A system is considered to have a defined real or abstract boundary.

Note 2 to entry: External resources (from outside the system boundary) may be required for the system to

operate.

Note 3 to entry: A system structure may be hierarchical, e.g. system, subsystem, component, etc.

Note 4 to entry: Conditions of use and maintenance should be expressed or implied within the requirement.

3.2 Abbreviations
COTS Commercial off-the-shelf
FEM Finite element modelling
FMECA Failure mode, effects and criticality analysis
FTA Fault tree analysis
MOTS Modified off-the-shelf
OTS Off-the-shelf
4 Background to the dependability case
4.1 Principles and purpose

A dependability case provides a reasoned and traceable argument based on evidence that a

system satisfies the requirements and will continue to do so over time. It demonstrates why

certain activities have been undertaken and how they can be judged to be successful. For

maximum effectiveness it should be initiated at the concept stage, revised progressively

during a system life cycle and is typically summarized in dependability case reports at

predefined milestones. It records progress in obtaining evidence that dependability

requirements are met and remains with the system throughout its life cycle until retirement.

---------------------- Page: 14 ----------------------
SIST EN 62741:2015
IEC 62741:2015 © IEC 2015 – 9 –

The dependability case is of the greatest benefit for high value, low quantity systems where

direct evidence of dependability may be difficult or expensive to obtain. Since these systems

are often highly complex, involve novel technologies and have wide-ranging stakeholders, an

explicit argument is necessary in order to demonstrate their detailed dependability claims with

suitable evidence.
4.2 Relationship between the dependability case and dependability plans

Effective management of dependability requires organizational arrangements to implement

policy, activities implemented in dependability programmes and plans and processes for

performance evaluation, assurance and review.
A dependability programme involves

a) dependability plans, that define the activities, techniques and resources required to

achieve dependability,
b) methods for measurement and assessment,
c) assurance and review.
The objectives of a dependability plan include ensuring that

1) the dependability requirements of the customer are determined and demonstrated to be

understood by both the customer and supplier,
2) activities are planned, agreed and implemented to satisfy and demonstrate the
requirements and treat the risks of failure,

3) the customer is provided with assurance that the dependability requirements are being, or

will be, satisfied and that uncertainty in the dependability decreases over the course of the

plan.

The dependability case provides progressive assurance that dependability requirements are

being or will be satisfied and that uncertainty in the dependability is decreasing. In addition,

the case demonstrates that the activities in the plan achieve the requirements and treat the

risks. This forms part of the argument and evidence for why the system is, or will be,

dependable. The plan is usually based on standards and the organization’s experience in

managing dependability and is tailored, taking into account factors such as the relevant life

cycle stages, the organization’s context, resources available and the risks that need to be

managed.

The dependability plan and dependability case are often developed concurrently as both

include consideration of the risks of not meeting the requirements. However, the system might

meet the dependability requirements but it might not be possible to demonstrate that these

requirements have been met. This might be because there is no appropriate activity which

can demonstrate that the requirements have been met, or the cost or time required to do so

might be excessive. Therefore the dependability plan may also include activities specifically

intended to treat the risks of not being able to demonstrate that the requirements have been

met and these activities also provide evidence in the dependability case.

A register of risks produced as part of a dependability case should be coordinated with the

risks identified as part of planning the dependability programme and with the project risk

register. Activities proposed to treat the risks are included in the dependability plan and

examined as sources of evidence that risks have been treated. As the dependability plan is

implemented, the dependability case is populated with evidence of the successful

implementation of the plan. This provides progressive assurance that requirements are being

met. If sufficient evidence is not able to be obtained, then the dependability plan should be

modified accordingly.

In a well managed project, the dependability plan and dependability case are fully integrated

with overall project management. In such a project, the use of the dependability case does not

incur an increase in overall workload, since the cost of constructing the case is recouped by

---------------------- Page: 15 ----------------------
SIST EN 62741:2015
– 10 – IEC 62741:2015 © IEC 2015

the saving from avoided miscommunication, avoided reworking caused by late discovery of

faults, avoided activities without demonstrable benefits and so forth.

In addition, preparing a dependability case assists the development of a cost-effective

dependability plan because evidence sought in support of the argument in the dependability

case can suggest activities which will improve the dependability plan. In addition, if an activity

in the plan is not part of an argument in the dependability case, it should be reviewed to

check that it performs a useful function in the plan. (Note that some activities in the

dependability plan are included to support other disciplines such as safety which do not

normally form part of the dependability case.)

The dependability plan and dependability case should be reviewed and updated in the event

of significant changes to the following:
– customer requirements or expectations;
– environment or interfacing systems;
– conditions of use or design intent;
– design;
– actual performance.
4.3 Progressive assurance of dependability

The dependability case provides an expanding body of evidence which aims to progressively

decrease the uncertainty around the achievement of the dependability requirements.

However, it is the norm rather than the exception that requirements, environments, etc.

change during the system life cycle. Therefore uncertainty might not always decrease. There

might be occasions, for example, when a different design option renders a proportion of the

evidence obsolete, leading to increased uncertainty. There might also be periods when no

evidence is provided, for example during testing prior to the release of test results, when

uncertainty remains unchanged. In addition, if new evidence conflicts with the existing

evidence, this might increase uncertainty.
Figure 1 illustrates two types of
...

SLOVENSKI STANDARD
SIST EN 62741:2015
01-september-2015
Vodilo za predstavitev zahtev za zagotovljivost - Primer zagotovljivosti

Guide to the demonstration of dependability requirements - The dependability case

Leitfaden zur Darlegung von Zuverlässigkeitsanforderungen - Der
Zuverlässigkeitsnachweis

Démonstration des exigences de sûreté de fonctionnement - Argumentaire dans le cadre

de la sûreté de fonctionnement
Ta slovenski standard je istoveten z: EN 62741:2015
ICS:
03.120.01 Kakovost na splošno Quality in general
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
SIST EN 62741:2015 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
EUROPEAN STANDARD EN 62741
NORME EUROPÉENNE
EUROPÄISCHE NORM
March 2015
ICS 21.020; 03.120.01
English Version
Demonstration of dependability requirements -
The dependability case
(IEC 62741:2015)

Démonstration des exigences de sûreté de fonctionnement Leitfaden zur Darlegung von Zuverlässigkeitsanforderungen

- Argumentaire dans le cadre de la sûreté de - Der Zuverlässigkeitsnachweis
fonctionnement (IEC 62741:2015)
(IEC 62741:2015)

This European Standard was approved by CENELEC on 2015-03-24. CENELEC members are bound to comply with the CEN/CENELEC

Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC

Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the

same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,

Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels

© 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN 62741:2015 E
---------------------- Page: 2 ----------------------
EN 62741:2015 - 2 -
Foreword

The text of document 56/1591/FDIS, future edition 1 of IEC 62741, prepared by IEC/TC 56

"Dependability" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as

EN 62741:2015.
The following dates are fixed:
• latest date by which the document has to be (dop) 2015-12-24
implemented at national level by
publication of an identical national
standard or by endorsement
(dow) 2018-03-24
• latest date by which the national
standards conflicting with the
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such

patent rights.
Endorsement notice

The text of the International Standard IEC 62741:2015 was approved by CENELEC as a European

Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60300-3-1 NOTE Harmonized as EN 60300-3-1.
IEC 60300-3-4 NOTE Harmonized as EN 60300-3-4.
IEC 61078 NOTE Harmonized as EN 61078.
IEC 62347 NOTE Harmonized as EN 62347.
IEC/ISO 31010 NOTE Harmonized as EN 31010.
IEC 62198 NOTE Harmonized as EN 62198.
---------------------- Page: 3 ----------------------
- 3 - EN 62741:2015
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are

indispensable for its application. For dated references, only the edition cited applies. For undated

references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:

www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60050-192 - International electrotechnical vocabulary - - -
Part 192: Dependability
IEC 60300-1 - Dependability management -- EN 60300-1 -
Part 1: Guidance for management and
application
ISO 31000 - Risk management - Principles and - -
guidelines
---------------------- Page: 4 ----------------------
IEC 62741
Edition 1.0 2015-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Demonstration of dependability requirements – The dependability case
Démonstration des exigences de sûreté de fonctionnement – Argumentaire
dans le cadre de la sûreté de fonctionnement
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 03.120.01; 21.020 ISBN 978-2-8322-2247-8

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 5 ----------------------
– 2 – IEC 62741:2015 © IEC 2015
CONTENTS

FOREWORD ........................................................................................................................... 4

INTRODUCTION ..................................................................................................................... 6

1 Scope .............................................................................................................................. 7

2 Normative references ...................................................................................................... 7

3 Terms, definitions and abbreviations ............................................................................... 7

3.1 Terms and definitions .............................................................................................. 7

3.2 Abbreviations .......................................................................................................... 8

4 Background to the dependability case ............................................................................. 8

4.1 Principles and purpose ........................................................................................... 8

4.2 Relationship between the dependability case and dependability plans .................... 9

4.3 Progressive assurance of dependability ................................................................ 10

5 Principles of the dependability case ............................................................................... 11

5.1 Description of the dependability case .................................................................... 11

5.2 Making claims in the dependability case ............................................................... 12

5.3 Using evidence in the dependability case .............................................................. 13

5.4 Evidence framework .............................................................................................. 14

5.5 Dependability case report ..................................................................................... 16

6 Development of the dependability case .......................................................................... 16

6.1 General ................................................................................................................. 16

6.2 Preparation of the dependability case ................................................................... 17

6.3 Concept stage ....................................................................................................... 18

6.4 Development stage ............................................................................................... 19

6.5 Realization stage .................................................................................................. 19

6.6 Utilization stage .................................................................................................... 20

6.7 Enhancement stage .............................................................................................. 20

6.8 Retirement stage .................................................................................................. 20

7 Assessing the adequacy of evidence ............................................................................. 21

Annex A (informative) Evidence framework .......................................................................... 22

A.1 General ................................................................................................................. 22

A.2 Abbreviations used only in this annex ................................................................... 23

Annex B (informative) General requirements for the dependability case report ..................... 40

B.1 General ................................................................................................................. 40

B.2 Elements required for the dependability case report .............................................. 40

B.3 Context and assumptions ...................................................................................... 40

B.3.1 Stakeholders ................................................................................................. 40

B.3.2 System description ........................................................................................ 41

B.3.3 Dependability requirements ........................................................................... 41

B.3.4 Limitations on use ......................................................................................... 41

B.3.5 Assumptions .................................................................................................. 41

B.4 Risks .................................................................................................................... 41

B.5 Dependability plan ................................................................................................ 42

B.6 The evidence framework ....................................................................................... 42

B.7 Body of evidence .................................................................................................. 42

B.8 Review of evidence to date ................................................................................... 42

B.9 Dependability claims and argument ....................................................................... 42

---------------------- Page: 6 ----------------------
IEC 62741:2015 © IEC 2015 – 3 –

B.10 Conclusions and recommendations ....................................................................... 42

Annex C (informative) Checklist of points for assessing the adequacy of evidence .............. 44

Bibliography .......................................................................................................................... 45

Figure 1 – Illustration of progressive assurance process ....................................................... 11

Figure 2 – The development of claims ................................................................................... 12

Figure 3 – Establishment and development of the evidence framework ................................. 15

Table A.1 – Evidence framework for system “X” .................................................................... 24

Table A.2 – Evidence framework for system Y ...................................................................... 28

---------------------- Page: 7 ----------------------
– 4 – IEC 62741:2015 © IEC 2015
INTERNATIONAL ELECTROTECHNICAL COMMISSION
______________
DEMONSTRATION OF DEPENDABILITY REQUIREMENTS –
THE DEPENDABILITY CASE
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

services carried out by independent certification bodies.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

International Standard IEC 62741 has been prepared by IEC technical committee 56:

Dependability.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1591/FDIS 56/1609/RVD

Full information on the voting for the approval of this standard can be found in the report on

voting indicated in the above table.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 8 ----------------------
IEC 62741:2015 © IEC 2015 – 5 –

The committee has decided that the contents of this publication will remain unchanged until

the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data

related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 9 ----------------------
– 6 – IEC 62741:2015 © IEC 2015
INTRODUCTION

Dependability is the ability to perform as and when required. Acceptable levels of

dependability are therefore essential for continued performance and optimized life cycle

costs.

In order to achieve dependability of a system, dependability requirements should be

established, the risks of not meeting them identified and a suitable set of activities developed

to meet and demonstrate the requirements and manage the risks. A dependability case

provides a convenient and convincing means of recording the output of these activities in a

single location and presenting an argument, supported by evidence, that risks have been

treated and that the necessary dependability has been or will be achieved and will continue to

be achieved over time. It serves as the main means of communication on dependability

among customers, suppliers and other stakeholders and promotes cooperation among them.

This is essential for dependability achievement and providing assurance as part of the

customer/supplier relationship.

Preparing a dependability case can also improve dependability through the actions taken to

prepare and develop the argument within the dependability case. It can improve the cost

effectiveness of a dependability programme because if an activity does not provide evidence

to support the case, this may indicate that the activity is not necessary.

The activities required for the achievement of dependability depend on the nature and

development state of the system and are likely to vary significantly from one project to

another.

Throughout this International Standard, the term "dependability" includes all aspects of

reliability, availability, maintainability and supportability, as well as other attributes such as

usability, testability and durability. In addition, dependability of a system includes all aspects

of that system, including components, processes, hardware, software and the interfaces

between them.

This standard is intended as guidance: the guidelines are not prescriptive in nature, they are

generic, they should be tailored to the specific objectives and are not exhaustive.

This standard does not address safety or the environment.
---------------------- Page: 10 ----------------------
IEC 62741:2015 © IEC 2015 – 7 –
DEMONSTRATION OF DEPENDABILITY REQUIREMENTS –
THE DEPENDABILITY CASE
1 Scope

This International Standard gives guidance on the content and application of a dependability

case and establishes general principles for the preparation of a dependability case.

This standard is written in a basic project context where a customer orders a system that

meets dependability requirements from a supplier and then manages the system until its

retirement. The methods provided in this standard may be modified and adapted to other

situations as needed.

The dependability case is normally produced by the customer and supplier but can also be

used and updated by other organizations. For example, certification bodies and regulators

may examine the submitted case to support their decisions and users of the system may

update/expand the case, particularly where they use the system for a different purpose.

2 Normative references

The following documents, in whole or in part, are normatively referenced in this document and

are indispensable for its application. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any
amendments) applies.

IEC 60050-192, International Electrotechnical Vocabulary – Part 192: Dependability

IEC 60300-1, Dependability management – Part 1: Guidance for management and application

ISO 31000, Risk management – Principles and guidelines
3 Terms, definitions and abbreviations

For the purposes of this document, the terms and definitions given in IEC 60050-192, as well

as the following, apply.
3.1 Terms and definitions
3.1.1
dependability case

evidence-based, reasoned, traceable argument created to support the contention that a

defined system does and/or will satisfy the dependability requirements
3.1.2
evidence framework
structure identifying what evidence will be/has been produced and when
_____________
To be published.
---------------------- Page: 11 ----------------------
– 8 – IEC 62741:2015 © IEC 2015
3.1.3
off-the-shelf
OTS

non-developmental item of supply that is both commercial and sold in substantial quantities in

the commercial marketplace

Note 1 to entry: Sometimes referred to as COTS (commercial off-the-shelf) or MOTS (modified off-the-shelf).

3.1.4
customer

party which orders or specifies the item, including the dependability requirements

Note 1 to entry: This could be an organization, sponsor, department, company or an individual and can change

through the life cycle.
3.1.5
subsystem
part of a system, which is itself a system
3.1.6
supplier
party which supplies the item, which meets its dependability requirement

Note 1 to entry: This could be an organization, department, company or an individual and can change through the

life cycle.
3.1.7
system
defined set of items that collectively fulfil a requirement

Note 1 to entry: A system is considered to have a defined real or abstract boundary.

Note 2 to entry: External resources (from outside the system boundary) may be required for the system to

operate.

Note 3 to entry: A system structure may be hierarchical, e.g. system, subsystem, component, etc.

Note 4 to entry: Conditions of use and maintenance should be expressed or implied within the requirement.

3.2 Abbreviations
COTS Commercial off-the-shelf
FEM Finite element modelling
FMECA Failure mode, effects and criticality analysis
FTA Fault tree analysis
MOTS Modified off-the-shelf
OTS Off-the-shelf
4 Background to the dependability case
4.1 Principles and purpose

A dependability case provides a reasoned and traceable argument based on evidence that a

system satisfies the requirements and will continue to do so over time. It demonstrates why

certain activities have been undertaken and how they can be judged to be successful. For

maximum effectiveness it should be initiated at the concept stage, revised progressively

during a system life cycle and is typically summarized in dependability case reports at

predefined milestones. It records progress in obtaining evidence that dependability

requirements are met and remains with the system throughout its life cycle until retirement.

---------------------- Page: 12 ----------------------
IEC 62741:2015 © IEC 2015 – 9 –

The dependability case is of the greatest benefit for high value, low quantity systems where

direct evidence of dependability may be difficult or expensive to obtain. Since these systems

are often highly complex, involve novel technologies and have wide-ranging stakeholders, an

explicit argument is necessary in order to demonstrate their detailed dependability claims with

suitable evidence.
4.2 Relationship between the dependability case and dependability plans

Effective management of dependability requires organizational arrangements to implement

policy, activities implemented in dependability programmes and plans and processes for

performance evaluation, assurance and review.
A dependability programme involves

a) dependability plans, that define the activities, techniques and resources required to

achieve dependability,
b) methods for measurement and assessment,
c) assurance and review.
The objectives of a dependability plan include ensuring that

1) the dependability requirements of the customer are determined and demonstrated to be

understood by both the customer and supplier,
2) activities are planned, agreed and implemented to satisfy and demonstrate the
requirements and treat the risks of failure,

3) the customer is provided with assurance that the dependability requirements are being, or

will be, satisfied and that uncertainty in the dependability decreases over the course of the

plan.

The dependability case provides progressive assurance that dependability requirements are

being or will be satisfied and that uncertainty in the dependability is decreasing. In addition,

the case demonstrates that the activities in the plan achieve the requirements and treat the

risks. This forms part of the argument and evidence for why the system is, or will be,

dependable. The plan is usually based on standards and the organization’s experience in

managing dependability and is tailored, taking into account factors such as the relevant life

cycle stages, the organization’s context, resources available and the risks that need to be

managed.

The dependability plan and dependability case are often developed concurrently as both

include consideration of the risks of not meeting the requirements. However, the system might

meet the dependability requirements but it might not be possible to demonstrate that these

requirements have been met. This might be because there is no appropriate activity which

can demonstrate that the requirements have been met, or the cost or time required to do so

might be excessive. Therefore the dependability plan may also include activities specifically

intended to treat the risks of not being able to demonstrate that the requirements have been

met and these activities also provide evidence in the dependability case.

A register of risks produced as part of a dependability case should be coordinated with the

risks identified as part of planning the dependability programme and with the project risk

register. Activities proposed to treat the risks are included in the dependability plan and

examined as sources of evidence that risks have been treated. As the dependability plan is

implemented, the dependability case is populated with evidence of the successful

implementation of the plan. This provides progressive assurance that requirements are being

met. If sufficient evidence is not able to be obtained, then the dependability plan should be

modified accordingly.

In a well managed project, the dependability plan and dependability case are fully integrated

with overall project management. In such a project, the use of the dependability case does not

incur an increase in overall workload, since the cost of constructing the case is recouped by

---------------------- Page: 13 ----------------------
– 10 – IEC 62741:2015 © IEC 2015

the saving from avoided miscommunication, avoided reworking caused by late discovery of

faults, avoided activities without demonstrable benefits and so forth.

In addition, preparing a dependability case assists the development of a cost-effective

dependability plan because evidence sought in support of the argument in the dependability

case can suggest activities which will improve the dependability plan. In addition, if an activity

in the plan is not part of an argument in the dependability case, it should be reviewed to

check that it performs a useful function in the plan. (Note that some activities in the

dependability plan are included to support other disciplines such as safety which do not

normally form part of the dependability case.)

The dependability plan and dependability case should be reviewed and updated in the event

of significant changes to the following:
– customer requirements or expectations;
– environment or interfacing systems;
– conditions of use or design intent;
– design;
– actual performance.
4.3 Progressive assurance of dependability

The dependability case provides an expanding body of evidence which aims to progressively

decrease the uncertainty around the achievement of the dependability requirements.

However, it is the norm rather than the exception that requirements, environments, etc.

change during the system life cycle. Therefore uncertainty might not always decrease. There

might be occasions, for example, when a different design option renders a proportion of the

evidence obsolete, leading to increased uncertainty. There might also be periods when no

evidence is provided, for example during testing prior to the release of test results, when

uncertainty remains unchanged. In addition, if new evidence conflicts with the existing

evidence, this might increase uncertainty.

Figure 1 illustrates two types of product development: new development and MOTS. The

vertical axis represents the level of uncertainty identified at any point in the project. As the

quantity of dependability evidence increases, the uncertainty generally reduces and

progressive assurance is obtained.

The horizontal axis represents the time into the project, from the start of the concept stage

"a", through start of develo
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.