IEC 62853:2018
(Main)Open systems dependability
Open systems dependability
IEC 62853:2018 provides guidance in relation to a set of requirements placed upon system life cycles in order for an open system to achieve open systems dependability. This document elaborates on IEC 60300-1 by providing details of the changes needed to accommodate the characteristics of open systems. It defines process views based on ISO/IEC/IEEE 15288:2015, which identifies the set of system life cycle processes. This document is applicable to life cycles of products, systems, processes or services involving hardware, software and human aspects or any integrated combinations of these elements. For open systems, security is especially important since the systems are particularly exposed to attack. This document can be used to improve the dependability of open systems and to provide assurance that the process views specific to open systems achieve their expected outcomes. It helps an organization define the activities and tasks that need to be undertaken to achieve dependability objectives in an open system, including dependability related communication, dependability assessment and evaluation of dependability throughout system life cycles.
Keywords: dependability of open systems
Sûreté de fonctionnement des systèmes ouverts
IEC 62853:2018 fournit des recommandations relatives à un ensemble d'exigences portant sur les cycles de vie des systèmes et visant à assurer la sûreté de fonctionnement des systèmes ouverts. Le présent document précise l'IEC 60300-1 en fournissant des détails sur les changements nécessaires pour s'adapter aux caractéristiques des systèmes ouverts. Il définit les vues de processus basées sur l'ISO/IEC/IEEE 15288:2015, qui identifie l'ensemble des processus du cycle de vie du système. Le présent document est applicable au cycle de vie des produits, des systèmes, des processus ou des services impliquant des aspects matériels, logiciels et humains ou toute combinaison intégrant ces éléments. La sécurité des systèmes ouverts est particulièrement importante, car ces systèmes sont fortement exposés aux attaques des logiciels malveillants. Le présent document peut être utilisé pour améliorer la sûreté de fonctionnement des systèmes ouverts et pour garantir que les vues de processus spécifiques aux systèmes ouverts donnent les résultats escomptés. Il aide les organismes à définir les activités et les tâches qui doivent être entreprises pour atteindre les objectifs de sûreté de fonctionnement dans un système ouvert, y compris en matière de communication relative à la sûreté de fonctionnement, ainsi que d'appréciation et d'évaluation de la sûreté de fonctionnement tout au long du cycle de vie du système.
Mots clés: sûreté de fonctionnement des systèmes ouverts
General Information
Standards Content (Sample)
IEC 62853
Edition 1.0 2018-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Open systems dependability
Sûreté de fonctionnement des systèmes ouverts
IEC 62853:2018-06(en-fr)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2018 IEC, Geneva, Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 113, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IECLe contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 21 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 16
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.
Recherche de publications IEC -
Glossaire IEC - std.iec.ch/glossary
webstore.iec.ch/advsearchform
67 000 entrées terminologiques électrotechniques, en anglais
La recherche avancée permet de trouver des publications IEC et en français, extraites des articles Termes et Définitions des
en utilisant différents critères (numéro de référence, texte, publications IEC parues depuis 2002. Plus certaines entrées
comité d’études,…). Elle donne aussi des informations sur les antérieures extraites des publications des CE 37, 77, 86 et
projets et les publications remplacées ou retirées. CISPR de l'IEC.IEC Just Published - webstore.iec.ch/justpublished Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just Si vous désirez nous donner des commentaires sur cette
Published détaille les nouvelles publications parues. publication ou si vous avez des questions contactez-nous:
Disponible en ligne et aussi une fois par mois par email. sales@iec.ch.---------------------- Page: 2 ----------------------
IEC 62853
Edition 1.0 2018-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Open systems dependability
Sûreté de fonctionnement des systèmes ouverts
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 03.100.40; 03.120.01; 21.020 ISBN 978-2-8322-5789-0
Warning! Make sure that you obtained this publication from an authorized distributor.
Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.
® Registered trademark of the International Electrotechnical CommissionMarque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 3 ----------------------
– 2 – IEC 62853:2018 © IEC 2018
CONTENTS
FOREWORD ........................................................................................................................... 4
INTRODUCTION ..................................................................................................................... 6
1 Scope .............................................................................................................................. 7
2 Normative references ...................................................................................................... 7
3 Terms and definitions ...................................................................................................... 7
4 Open systems dependability .......................................................................................... 11
4.1 Open systems ....................................................................................................... 11
4.2 Dependability issues specific to open systems ...................................................... 12
4.3 Objective .............................................................................................................. 12
4.4 Achieving open systems dependability .................................................................. 13
4.5 Relationship to resilience and fault tolerance ........................................................ 13
5 Conformance ................................................................................................................. 14
6 Process views for achieving open systems dependability ............................................... 14
6.1 General ................................................................................................................. 14
6.2 Consensus Building process view ......................................................................... 15
6.2.1 Purpose ......................................................................................................... 15
6.2.2 Outcomes ...................................................................................................... 16
6.2.3 Processes, activities and tasks ...................................................................... 17
6.3 Accountability Achievement process view ............................................................. 20
6.3.1 Purpose ......................................................................................................... 20
6.3.2 Outcomes ...................................................................................................... 21
6.3.3 Processes, activities and tasks ...................................................................... 22
6.4 Failure Response process view ............................................................................. 30
6.4.1 Purpose ......................................................................................................... 30
6.4.2 Outcomes ...................................................................................................... 31
6.4.3 Processes, activities and tasks ...................................................................... 33
6.5 Change Accommodation process view .................................................................. 38
6.5.1 Purpose ......................................................................................................... 38
6.5.2 Outcomes ...................................................................................................... 39
6.5.3 Processes, activities and tasks ...................................................................... 40
Annex A (informative) Example life cycle models with open systems dependability ............. 49
A.1 General ................................................................................................................. 49
A.2 Dependable Engineering for Open Systems (DEOS) life cycle model .................... 49
A.3 Warranty Chain Management (WCM) life cycle model ........................................... 51
Annex B (informative) An example template for dependability cases ................................... 53
B.1 Overview............................................................................................................... 53
B.2 Consensus Building argument ............................................................................... 54
B.3 Accountability Achievement argument ................................................................... 56
B.4 Failure Response argument .................................................................................. 58
B.5 Change Accommodation argument ........................................................................ 61
Annex C (informative) Smart Grid ....................................................................................... 64
C.1 General ................................................................................................................. 64
C.2 Background........................................................................................................... 64
---------------------- Page: 4 ----------------------IEC 62853:2018 © IEC 2018 – 3 –
C.3 Construction of a smart grid dependability case .................................................... 64
C.3.1 General ......................................................................................................... 64
C.3.2 Steps for construction of a smart grid dependability case............................... 65
C.4 The Change Accommodation cycle ....................................................................... 68
C.5 The Failure Response Cycle ................................................................................. 69
Bibliography .......................................................................................................................... 70
Figure A.1 – DEOS life cycle model ([11], adjusted) .............................................................. 50
Figure A.2 – WCM life cycle model ....................................................................................... 52
Figure B.1 – Overall argument .............................................................................................. 53
Figure B.2 – Consensus Building 1 ....................................................................................... 54
Figure B.3 – Consensus Building 2 ....................................................................................... 55
Figure B.4 – Consensus Building 3 ....................................................................................... 55
Figure B.5 – Accountability Achievement 1 ........................................................................... 56
Figure B.6 – Accountability Achievement 2 ........................................................................... 57
Figure B.7 – Accountability Achievement 3 ........................................................................... 57
Figure B.8 – Accountability Achievement 4 ........................................................................... 58
Figure B.9 – Failure Response 1 ........................................................................................... 59
Figure B.10 – Failure Response 2 ......................................................................................... 59
Figure B.11 – Failure Response 3 ......................................................................................... 60
Figure B.12 – Failure Response 4 ......................................................................................... 60
Figure B.13 – Failure Response 5 ......................................................................................... 61
Figure B.14 – Failure Response 6 ......................................................................................... 61
Figure B.15 – Change Accommodation 1 .............................................................................. 62
Figure B.16 – Change Accommodation 2 .............................................................................. 62
Figure B.17 – Change Accommodation 3 .............................................................................. 63
Figure B.18 – Change Accommodation 4 .............................................................................. 63
---------------------- Page: 5 ----------------------– 4 – IEC 62853:2018 © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
OPEN SYSTEMS DEPENDABILITY
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in
addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses
arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62853 has been prepared by IEC technical committee 56:
Dependability.The text of this International Standard is based on the following documents:
FDIS Report on voting
56/1772/FDIS 56/1776/RVD
Full information on the voting for the approval of this International Standard can be found in the
report on voting indicated in the above table.This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
---------------------- Page: 6 ----------------------IEC 62853:2018 © IEC 2018 – 5 –
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under “http://webstore.iec.ch” in the data related to
the specific document. At this date, the document will be• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The ‘colour inside’ logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.
---------------------- Page: 7 ----------------------– 6 – IEC 62853:2018 © IEC 2018
INTRODUCTION
Open systems are systems whose boundaries, functions and structure change over time and
which are recognized and described differently from various points of view. The dependability of
open systems is a key attribute for the life cycle of a system that operates for an extended period
of time in a real-world environment. Open systems dependability is the ability of open systems to
accommodate changes in purpose, objectives, environment and actual performance and to
continuously maintain accountability from stakeholders, in order to provide expected services as
and when required. The attributes of dependability, including availability, reliability,
maintainability and supportability, are the same for open systems as conventional systems but
they have to be considered in the context that no single stakeholder has a full understanding of
the system or its risks.For open systems, security is especially important since the systems are much exposed to
attack by malware. Since an open system changes continuously through its life, the design
process, e.g. modelled by the spiral product development model, will to some extent continue
during the whole lifetime of the system.This document elaborates on IEC 60300-1 by providing additional guidance for dependability
management of open systems.This document provides guidance on open systems dependability by using the four process
views, each of which selects and combines system life cycle processes, activities and tasks of
ISO/IEC/IEEE 15288: 2015.• Change Accommodation process view;
• Accountability Achievement process view;
• Failure Response process view;
• Consensus Building process view.
A dependability case that assures these process views is crucial for stakeholders to understand
and agree on the boundaries of their responsibilities, to assign accountability for implementation
and to duly manage changes in achieving open systems dependability.The intended audience for this document ranges from users, owners and customers to
organizations involved in and responsible for ensuring that open systems dependability
requirements are being met. Organizations include all types and sizes of corporations, public
and private institutions such as government agencies, business enterprises and non-profit
associations.---------------------- Page: 8 ----------------------
IEC 62853:2018 © IEC 2018 – 7 –
OPEN SYSTEMS DEPENDABILITY
1 Scope
This document provides guidance in relation to a set of requirements placed upon system life
cycles in order for an open system to achieve open systems dependability.This document elaborates on IEC 60300-1 by providing details of the changes needed to
accommodate the characteristics of open systems. It defines process views based on
ISO/IEC/IEEE 15288:2015, which identifies the set of system life cycle processes.
This document is applicable to life cycles of products, systems, processes or services involving
hardware, software and human aspects or any integrated combinations of these elements.
For open systems, security is especially important since the systems are particularly exposed to
attack.This document can be used to improve the dependability of open systems and to provide
assurance that the process views specific to open systems achieve their expected outcomes. It
helps an organization define the activities and tasks that need to be undertaken to achieve
dependability objectives in an open system, including dependability related communication,
dependability assessment and evaluation of dependability throughout system life cycles.
2 Normative referencesThe following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.IEC 60050-192, International Electrotechnical Vocabulary – Part 192: Dependability (available
at http://www.electropedia.org/)IEC 60300-1, Dependability management – Part 1: Guidance for management and application
ISO/IEC/IEEE 15288:2015, Systems and software engineering – System life cycle processes
3 Terms and definitionsFor the purposes of this document, the terms and definitions given in IEC 60050-192 and the
following apply.ISO and IEC maintain terminological databases for use in standardization at the following
addresses:• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
accountability
state of being answerable for decisions and activities to the organization’s governing bodies,
legal authorities and, more broadly, its stakeholders---------------------- Page: 9 ----------------------
– 8 – IEC 62853:2018 © IEC 2018
Note 1 to entry: Accountability includes answerability to society in general.
Note 2 to entry: Description in ISO 26000:2010 [1]: Accountability involves an obligation on management to be
answerable to the controlling interests of the organization and on the organization to be answerable to legal
authorities with regard to laws and regulations. Accountability for the overall impact of its decisions and activities on
society and the environment also implies that the organization’s answerability to those affected by its decisions and
activities, as well as to society in general, varies according to the nature of the impact and the circumstances.
Note 3 to entry: The definition in ISO 15489-1:2001 [2]: principle that individuals, organizations and the community
are responsible for their actions and may be required to explain them to others.[SOURCE: ISO 26000:2010, 2.1, modified – Notes to entry have been added.]
3.2
assurance case
reasoned, auditable artefact created that supports the contention that its top-level claim (or set
of claims) is satisfied, including systematic argumentation and its underlying evidence and
explicit assumptions that support the claim(s)Note 1 to entry: An assurance case contains the following and their relationships:
– one or more claims about properties;– arguments that logically link the evidence and any assumptions to the claim(s);
– a body of evidence and possibly assumptions supporting these arguments for the claim(s);
– justification of choice of top-level claim and the method of reasoning.Note 2 to entry: An assurance case can be understood as a reasoned and compelling argument, supported by a body
of evidence, that a system, service or organization will operate as intended for a defined application in a defined
environment and defined lifetime.[SOURCE: ISO/IEC 15026-1:2013 [3], 3.1.3, modified – Note 2 to entry has been added.]
3.3change accommodation
set of activities which modify and adapt a system to changes in its purpose, objectives,
environment or actual performance that require re-establishment of stakeholders’ consensus on
the system3.4
consensus
general agreement, characterized by the absence of sustained opposition to substantial issues
by any important part of the concerned interests and by a process that involves seeking to take
into account the views of all parties concerned and to reconcile any conflicting arguments
Note 1 to entry: Consensus need not imply unanimity.[SOURCE: ISO/IEC Guide 2:2004 [4], 1.7]
3.5
dependability case
evidence-based, reasoned, traceable argument created to support the contention that a defined
system does and/or will satisfy the dependability requirementsNote 1 to entry: A dependability case is an assurance case whose top-level claim is about dependability.
[SOURCE: IEC 62741:2015, 3.1.1, modified – Note 1 to entry has been added.]3.6
dependability communication
continual and iterative process that a stakeholder conducts to provide, share or obtain
information, and to engage in dialogue with other stakeholders regarding the management of
dependability---------------------- Page: 10 ----------------------
IEC 62853:2018 © IEC 2018 – 9 –
Note 1 to entry: The role of dependability communication in the management of open systems dependability is not
unlike that of risk communication in risk management.Note 2 to entry: See the definition of the term “communication and consultation” in ISO Guide 73:2009 [5], 3.2.1.
3.7environment
context determining the setting and circumstances of all influences upon a system
[SOURCE: ISO/IEC/IEEE 42010:2011 [6], 3.8]3.8
failure response
set of activities initiated immediately when a failure is predicted or detected in order to prevent
the failure or minimize its effect, to analyse its causes and prevent its recurrence and to fulfil
accountability3.9
frame of reference
set of conventions for the construction, interpretation and use of documents describing a
common understanding of and explicit agreements on a system, its purpose, objectives,
environment, actual performance, life cycle and changes thereof3.10
interaction error
error that occurs due to the interactions between items despite each item’s performance
meeting the specification3.11
monitoring
determining the status of a system, a process or an activity
Note 1 to entry: To determine the status there may be a need to check, supervise or critically observe.
[SOURCE: ISO 22301:2012 [7], 3.29]3.12
open system
system whose boundaries, functions and structure change over time and is recognized and
described differently from various points of viewNote 1 to entry: Changes include not only adaptation with specific purpose but also spontaneous evolution. For
example, they include spontaneous and uncoordinated changes within a system that spans multiple domains with
different authorities.Note 2 to entry: An open system’s boundaries, functions and structure are not only changing with time but can be
vague at any point in time and recognized differently by different stakeholders. This refines the definition of system in
IEC 60050-192 for a given level of abstraction and a given viewpoint. A boundary can have a clear definition at one
level of abstraction, but it could become more vague at a more detailed level. The level of details necessary for a
purpose or for a stakeholder need not be predetermin...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.