IEC 61784-3:2021
(Main)Industrial communication networks - Profiles - Part 3: Functional safety fieldbuses - General rules and profile definitions
Industrial communication networks - Profiles - Part 3: Functional safety fieldbuses - General rules and profile definitions
IEC 61784-3:2021 explains some common principles that can be used in the transmission of safety-relevant messages among participants within a distributed network which use fieldbus technology in accordance with the requirements of IEC 61508 (all parts) for functional safety. These principles are based on the black channel approach. They can be used in various industrial applications such as process control, manufacturing automation and machinery.
Réseaux de communication industriels - Profils - Partie 3: Bus de terrain de sécurité fonctionnelle - Règles générales et définitions de profils
L'IEC 61784-3:2021 définit des principes communs qui peuvent être appliqués pour la transmission des messages relatifs à la sécurité entre les participants d'un réseau réparti, à l'aide de la technologie de bus de terrain conformément aux exigences de l'IEC 61508 (toutes les parties) sur la sécurité fonctionnelle. Ces principes s'appuient sur le principe de canal noir. Ils peuvent être utilisés dans différentes applications industrielles, par exemple la commande de processus, l'usinage automatique et les machines.
General Information
Relations
Overview
IEC 61784-3:2021 (consolidated with Amendment 1, 2024) defines general rules and profile definitions for functional safety fieldbuses within industrial communication networks. It explains common principles for transmitting safety-relevant messages between distributed participants using fieldbus technology in accordance with IEC 61508 functional safety requirements. The standard adopts the black channel approach and provides models, methods and requirements to achieve defined safety integrity levels (SILs) for safety communication.
Key topics and technical requirements
- Black channel principles - standardized approach where safety measures are applied end-to-end, independent of the underlying (possibly non‑safe) communication channel.
- Safety communication profile (FSCP) definitions - family-specific safety profiles for multiple fieldbus technologies (FOUNDATION™ Fieldbus, CIP™, PROFIBUS™/PROFINET™, INTERBUS®, CC‑Link™, EtherCAT™, Ethernet POWERLINK™, EPA®, RAPIEnet™, SafetyNET p™, etc.).
- Communication error taxonomy - corruption, loss, delay, insertion, repetition, incorrect sequence, masquerade and addressing errors.
- Deterministic remedial measures - examples such as sequence numbers, timestamps, time expectations, connection authentication, feedback messages, data integrity assurance and redundancy with cross‑checking.
- Residual error rate modelling - methods to estimate total residual error rate and relate it to SIL; includes general black channel models and legacy approaches (Annex F).
- CRC-based channel model - normative analysis and calculation methods for CRC error checking (Annex B).
- Verification and assessment guidance - implementation, verification of safety measures, safety manuals and installation guidance (Annex D and others).
- Implicit vs explicit safety mechanisms - analysis of different FSCP design choices and their impact on properness and residual error probabilities (Annex E and G).
Practical applications
IEC 61784-3 is applicable across industrial automation domains where safety communications are required, including:
- Process control plants (chemical, oil & gas)
- Manufacturing automation and robotics
- Machine safety systems and distributed control
- Any system using fieldbus or industrial Ethernet where functional safety (IEC 61508) is mandated
Who should use this standard
- Functional safety engineers and system architects designing safety communication
- Fieldbus and industrial network integrators implementing FSCPs
- Product developers of safety-capable controllers, I/O modules and gateways
- Certification bodies and assessors verifying SIL claims for safety communications
- Plant operators and maintenance teams responsible for safe installation and operation
Related standards
- IEC 61508 (functional safety of electrical/electronic/programmable systems)
- IEC 61158 (fieldbus specifications)
- Technology-specific profile standards referenced in Part 3 for each communication family
IEC 61784-3:2021 is the authoritative reference for designing, assessing and implementing functional safety communications over fieldbuses using the black channel approach, providing practical models, profile definitions and verification guidance for achieving required SIL targets.
Frequently Asked Questions
IEC 61784-3:2021 is a standard published by the International Electrotechnical Commission (IEC). Its full title is "Industrial communication networks - Profiles - Part 3: Functional safety fieldbuses - General rules and profile definitions". This standard covers: IEC 61784-3:2021 explains some common principles that can be used in the transmission of safety-relevant messages among participants within a distributed network which use fieldbus technology in accordance with the requirements of IEC 61508 (all parts) for functional safety. These principles are based on the black channel approach. They can be used in various industrial applications such as process control, manufacturing automation and machinery.
IEC 61784-3:2021 explains some common principles that can be used in the transmission of safety-relevant messages among participants within a distributed network which use fieldbus technology in accordance with the requirements of IEC 61508 (all parts) for functional safety. These principles are based on the black channel approach. They can be used in various industrial applications such as process control, manufacturing automation and machinery.
IEC 61784-3:2021 is classified under the following ICS (International Classification for Standards) categories: 25.040.40 - Industrial process measurement and control; 35.100.05 - Multilayer applications. The ICS classification helps identify the subject area and facilitates finding related standards.
IEC 61784-3:2021 has the following relationships with other standards: It is inter standard links to IEC 61784-3:2021/AMD1:2024, IEC 61784-3:2016/AMD1:2017, IEC 61784-3:2016. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
You can purchase IEC 61784-3:2021 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of IEC standards.
Standards Content (Sample)
IEC 61784-3 ®
Edition 4.1 2024-04
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.
IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.
Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC 61784-3 ®
Edition 4.1 2024-04
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 25.040.40, 35.100.05 ISBN 978-2-8322-8373-8
REDLINE VERSION – 2 – IEC 61784-3:2021+AMD1:2024 CSV
© IEC 2024
CONTENTS
FOREWORD . 7
0 Introduction . 9
0.1 General . 9
0.2 Use of extended assessment methods in Edition 4 . 11
0.3 Patent declaration . 11
INTRODUCTION to Amendment 1 . 12
1 Scope . 13
2 Normative references . 13
3 Terms, definitions, symbols, abbreviated terms and conventions . 15
3.1 Terms and definitions . 15
3.2 Symbols and abbreviated terms . 22
3.2.1 Abbreviated terms . 22
3.2.2 Symbols . 23
4 Conformance . 23
5 Basics of safety-related fieldbus systems . 24
5.1 Safety function decomposition . 24
5.2 Communication system . 25
5.2.1 General . 25
5.2.2 IEC 61158 fieldbuses . 25
5.2.3 Communication channel types . 25
5.2.4 Safety function response time . 26
5.3 Communication errors . 26
5.3.1 General . 26
5.3.2 Corruption . 26
5.3.3 Unintended repetition . 27
5.3.4 Incorrect sequence . 27
5.3.5 Loss . 27
5.3.6 Unacceptable delay . 27
5.3.7 Insertion . 27
5.3.8 Masquerade. 27
5.3.9 Addressing . 27
5.4 Deterministic remedial measures . 28
5.4.1 General . 28
5.4.2 Sequence number. 28
5.4.3 Time stamp . 28
5.4.4 Time expectation . 28
5.4.5 Connection authentication . 28
5.4.6 Feedback message . 28
5.4.7 Data integrity assurance . 28
5.4.8 Redundancy with cross checking . 29
5.4.9 Different data integrity assurance systems .
5.5 Typical relationships between errors and safety measures . 29
5.6 Communication phases . 30
5.7 FSCP implementation aspects . 31
5.8 Models for estimation of the total residual error rate . 32
5.8.1 Applicability . 32
© IEC 2024
5.8.2 General models for black channel communications . 32
5.8.3 Identification of generic safety properties . 33
5.8.4 Assumptions for residual error rate calculations . 33
5.8.5 Residual error rates . 34
5.8.6 Data integrity . 36
5.8.7 Authenticity. 37
5.8.8 Timeliness . 39
5.8.9 Masquerade. 42
5.8.10 Calculation of the total residual error rates . 42
5.8.11 Total residual error rate and SIL . 44
5.8.12 Configuration and parameterization for an FSCP . 44
5.9 Relationship between functional safety and security . 46
5.10 Boundary conditions and constraints . 46
5.10.1 Electrical safety . 46
5.10.2 Electromagnetic compatibility (EMC) . 47
5.11 Installation guidelines . 47
5.12 Safety manual . 47
5.13 Safety policy . 48
6 Communication Profile Family 1 (FOUNDATION™ Fieldbus) – Profiles for functional
safety . 49
7 Communication Profile Family 2 (CIP™) and Family 16 (SERCOS®) – Profiles for
functional safety . 49
8 Communication Profile Family 3 (PROFIBUS™, PROFINET™) – Profiles for
functional safety . 49
9 Communication Profile Family 6 (INTERBUS®) – Profiles for functional safety . 50
10 Communication Profile Family 8 (CC-Link™) – Profiles for functional safety . 50
10.1 Functional Safety Communication Profile 8/1 . 50
10.2 Functional Safety Communication Profile 8/2 . 51
11 Communication Profile Family 12 (EtherCAT™) – Profiles for functional safety. 51
12 Communication Profile Family 13 (Ethernet POWERLINK™) – Profiles for
functional safety . 51
13 Communication Profile Family 14 (EPA®) – Profiles for functional safety . 51
14 Communication Profile Family 17 (RAPIEnet™) – Profiles for functional safety. 52
15 Communication Profile Family 18 (SafetyNET p™ Fieldbus) – Profiles for
functional safety .
Annex A (informative) Example functional safety communication models . 53
A.1 General . 53
A.2 Model A (single message, channel and FAL, redundant SCLs) . 53
A.3 Model B (full redundancy) . 53
A.4 Model C (redundant messages, FALs and SCLs, single channel) . 54
A.5 Model D (redundant messages and SCLs, single channel and FAL) . 54
Annex B (normative) Safety communication channel model using CRC-based error
checking . 56
B.1 Overview. 56
B.2 Channel model for calculations . 56
B.3 Bit error probability Pe . 57
B.4 Cyclic redundancy checking . 58
B.4.1 General . 58
B.4.2 Requirements for methods to calculate R . 58
CRC
REDLINE VERSION – 4 – IEC 61784-3:2021+AMD1:2024 CSV
© IEC 2024
Annex C (informative) Structure of technology-specific parts. 60
Annex D (informative) Assessment guideline . 63
D.1 Overview. 63
D.2 Channel types . 63
D.2.1 General . 63
D.2.2 Black channel . 63
D.2.3 White channel . 63
D.3 Data integrity considerations for white channel approaches . 64
D.3.1 General . 64
D.3.2 Models B and C . 64
D.3.3 Models A and D . 65
D.4 Verification of safety measures . 65
D.4.1 General . 65
D.4.2 Implementation . 66
D.4.3 Default safety action . 66
D.4.4 Safe state . 66
D.4.5 Transmission errors . 66
D.4.6 Safety reaction and response times . 66
D.4.7 Combination of measures . 66
D.4.8 Absence of interference . 67
D.4.9 Additional fault causes (white channel) . 67
D.4.10 Reference test beds and operational conditions . 67
D.4.11 Conformance tester . 67
Annex E (informative) Examples of implicit vs. explicit FSCP safety measures. 68
E.1 General . 68
E.2 Example fieldbus message with safety PDUs . 68
E.3 Model with completely explicit safety measures . 68
E.4 Model with explicit A-code and implicit T-code safety measures . 69
E.5 Model with explicit T-code and implicit A-code safety measures . 69
E.6 Model with split explicit and implicit safety measures . 70
E.7 Model with completely implicit safety measures . 71
E.8 Addition to Annex B – impact of implicit codes on properness . 71
Annex F (informative) Legacy models for estimation of the total residual error rate . 72
F.1 General . 72
F.2 Calculation of the residual error rate . 72
F.3 Total residual error rate and SIL . 74
Annex G (informative) Implicit data safety mechanisms for IEC 61784-3 functional
safety communication profiles (FSCPs) . 75
G.1 Overview. 75
G.2 Basic principles . 75
G.3 Problem statement: constant values for implicit data . 76
G.4 RP for FSCPs with random, uniformly distributed err . 79
impl
G.4.1 General . 79
i
G.4.2 Uniform distribution within the interval [0;2 -1], i ≥ r . 80
r
G.4.3 Uniform distribution in the interval [1;2 -1], i = r . 82
G.5 General case . 84
G.6 Calculation of P . 84
ID
Annex H (informative) Residual error probability for example CRC codes (tables for
verification of calculation methods) . 86
© IEC 2024
H.1 Overview. 86
H.2 Example of a 32-bit CRC. 86
H.3 Example of a 16-bit CRC. 91
H.4 Conclusion . 95
Annex I (informative) Comprehensive safety communication channel data integrity
model using CRC-based error checking . 97
I.1 Overview. 97
I.2 Basic principles . 97
I.3 General case . 98
I.4 Upper estimation . 98
Bibliography . 100
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 9
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 10
Figure 3 – Transitions from Ed. 2 to Ed. 4 and future Ed. 5 assessment methods . 11
Figure 4 – Safety communication as a part of a safety function . 24
Figure 5 – Example model of a functional safety communication system . 25
Figure 6 – Example of safety function response time components . 26
Figure 7 – Conceptual FSCP protocol model . 31
Figure 8 – FSCP implementation aspects. 31
Figure 9 – Black channel from an FSCP perspective . 32
Figure 10 – Model for authentication considerations . 37
Figure 11 – Fieldbus and internal address errors . 38
Figure 12 – Example of slowly increasing message latency . 40
Figure 13 – Example of an active network element failure . 41
Figure 14 – Example application 1 (m = 4) . 43
Figure 15 – Example application 2 (m = 2) . 43
Figure 16 – Example of configuration and parameterization procedures for FSCP . 45
Figure A.1 – Model A . 53
Figure A.2 – Model B . 54
Figure A.3 – Model C . 54
Figure A.4 – Model D . 55
Figure B.1 – Binary symmetric channel (BSC) . 56
Figure B.2 – Block codes for error detection . 57
Figure B.3 – Example of a block with a message part and a CRC signature . 58
Figure B.4 – Proper and improper CRC polynomials . 59
Figure D.1 – Basic Markov model . 65
Figure E.1 – Example safety PDUs embedded in a fieldbus message . 68
Figure E.2 – Model with completely explicit safety measures . 68
Figure E.3 – Model with explicit A-code and implicit T-code safety measures . 69
Figure E.4 – Model with explicit T-code and implicit A-code safety measures . 70
Figure E.5 – Model with split explicit and implicit safety measures . 70
Figure E.6 – Model with completely implicit safety measures . 71
Figure F.1 – Example application 1 (m = 4) . 73
REDLINE VERSION – 6 – IEC 61784-3:2021+AMD1:2024 CSV
© IEC 2024
Figure F.2 – Example application 2 (m = 2) . 74
Figure G.1 – FSCP with implicit transmission of authenticity and/or timeliness codes . 76
Figure G.2 – Example of an incorrect transmission with multiple error causes . 77
Figure G.3 – Impact of errors in implicit data on the residual error probability . 78
Figure H.1 – Residual error probabilities (example of a 32-bit CRC – result 1) . 88
Figure H.2 – Residual error probabilities (example of a 32-bit CRC – result 2) . 88
Figure H.3 – Residual error probabilities (example of a 32-bit CRC – result 3) . 89
Figure H.4 – Residual error probabilities (example of a 32-bit CRC – result 4) . 89
Figure H.5 – Residual error probabilities (example of a 32-bit CRC – result 5) . 90
Figure H.6 – Residual error probabilities (example of a 32-bit CRC – result 6) . 90
Figure H.7 – Residual error probabilities (example of a 16-bit CRC – result 1) . 93
Figure H.8 – Residual error probabilities (example of a 16-bit CRC – result 2) . 93
Figure H.9 – Residual error probabilities (example of a 16-bit CRC – result 3) . 94
Figure H.10 – Residual error probabilities (example of a 16-bit CRC – result 4) . 94
Figure H.11 – Residual error probabilities (example of a 16-bit CRC – result 5) . 95
Figure H.12 – Example 1 of improper polynomial . 95
Figure H.13 – Example 2 of improper polynomial . 96
Table 1 – Overview of the effectiveness of the various measures on the possible errors
Typical relationships between errors and safety measures . 30
Table 2 – Typical relationship of residual error rate to SIL . 44
Table 3 – Typical relationship of residual error on demand to SIL . 44
Table 5 – Topics for the safety manual of products implementing IEC 61784-3-x . 47
Table 4 – Overview of profile identifier usable for FSCP 6/7 . 50
Table B.1 – Example dependency d and block bit length n . 57
min
Table C.1 – Common subclause structure for technology-specific parts . 60
Table F.1 – Definition of items used for calculation of the residual error rates . 73
Table F.2 – Typical relationship of residual error rate to SIL . 74
Table F.3 – Typical relationship of residual error on demand to SIL . 74
Table H.1 – Residual error probabilities (R ) for example CRC32 polynomial . 87
CRC1
Table H.2 – Residual error probabilities (R ) for example CRC16 polynomial . 92
CRC2
© IEC 2024
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) IEC draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC takes no position concerning the evidence, validity or applicability of any claimed patent rights in
respect thereof. As of the date of publication of this document, IEC had not received notice of (a) patent(s),
which may be required to implement this document. However, implementers are cautioned that this may not
represent the latest information, which may be obtained from the patent database available at
https://patents.iec.ch. IEC shall not be held responsible for identifying any or all such patent rights.
This consolidated version of the official IEC Standard and its amendment has been
prepared for user convenience.
IEC 61784-3 edition 4.1 contains the fourth edition (2021-02) [documents 65C/1067/FDIS
and 65C/1072/RVD] and its amendment 1 (2024-02) [documents 65C/1284/FDIS and
65C/1291/RVD].
In this Redline version, a vertical line in the margin shows where the technical content
is modified by amendment 1. Additions are in green text, deletions are in strikethrough
red text. A separate Final version with all changes accepted is available in this
publication.
REDLINE VERSION – 8 – IEC 61784-3:2021+AMD1:2024 CSV
© IEC 2024
International Standard IEC 61784-3 has been prepared by subcommittee 65C: Industrial
networks, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This fourth edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
• Contents of previous Annex F were corrected based on feedback from peer review and
subsequent analysis (in particular deletion of RP for data integrity, reduction of the
U
Equation for RR , and clarifications on the values of RP and R ).
A I T
• Additional assumptions for residual error rate calculations, clarification of assumption a).
• After correction, contents of previous Annex F were exchanged with the contents of
previous Subclause 5.8.
• Contents of Subclause 5.9 on security replaced by a simple reference to IEC 62443 in
accordance with Guide 120.
• Changes in Annex B: Dependency of this Annex B with the BSC model has been
highlighted. First two paragraphs and figure in Clause B.2 have been deleted because of
little relevance. The approximation Equation (B.4) has been deleted due to obsolescence,
based on the observations that the CRC shall be anyway explicitly calculated in order to
prove properness, and that it may produce optimistic results. Guidance for calculation of
R in B.4.2 has been reviewed.
CRC
• Changes in Annex D: Formula D.1 was changed from an approximation to a proper
Equation, with some adjustments, and contents of D.4.3 were clarified (default safety
action).
• New informative Annex H, providing additional guidance for the calculation of RCRC.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts of the IEC 61784-3 series, published under the general title Industrial
communication networks – Profiles – Functional safety fieldbuses, can be found on the IEC
website.
The committee has decided that the contents of this document and its amendment will remain
unchanged until the stability date indicated on the IEC website under webstore.iec.ch in the
data related to the specific document. At this date, the document will be
• reconfirmed,
• withdrawn, or
• revised.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
© IEC 2024
0 Introduction
0.1 General
The IEC 61158 (all parts) fieldbus standard together with its companion standards
IEC 61784-1 and IEC 61784-2 defines a set of communication protocols that enable
distributed control of automation applications. Fieldbus technology is now considered well
accepted and well proven. Thus, fieldbus enhancements continue to emerge, addressing
applications for areas such as real time and safety-related applications.
IEC 61784-3 (all parts) explains the relevant principles for functional safety communications
with reference to IEC 61508 (all parts) and specifies several safety communication layers
(profiles and corresponding protocols) based on the communication profiles and protocol
layers of IEC 61784-1, IEC 61784-2 and IEC 61158 (all parts). It does not cover electrical
safety and intrinsic safety aspects. It also does not cover security aspects, nor does it provide
any requirements for security.
Figure 1 shows the relationships between IEC 61784-3 (all parts) and relevant safety and
fieldbus standards in a machinery environment.
NOTE IEC 62061 specifies the relationship between PL (Category) and SIL.
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
REDLINE VERSION – 10 – IEC 61784-3:2021+AMD1:2024 CSV
© IEC 2024
Figure 2 shows the relationships between IEC 61784-3 (all parts) and relevant safety and
fieldbus standards in a process environment.
a
For specified electromagnetic environments; otherwise IEC 61326-3-1 or IEC 61000-6-7.
Figure 2 – Relationships of IEC 61784-3 with other standards (process)
Safety communication layers which are implemented as parts of safety-related systems
according to IEC 61508 (all parts) provide the necessary confidence in the transportation of
messages (information) between two or more participants on a fieldbus in a safety-related
system, or sufficient confidence of safe behaviour in the event of fieldbus errors or failures.
Safety communication layers specified in IEC 61784-3 (all parts) do this in such a way that a
fieldbus can be used for applications requiring functional safety up to the Safety Integrity
Level (SIL) specified by its corresponding functional safety communication profile.
The resulting SIL claim of a system depends on the implementation of the selected functional
safety communication profile (FSCP) within this system – implementation of a functional
safety communication profile in a standard device is not sufficient to qualify it as a safety
device.
IEC 61784-3 (all parts) describes:
• basic principles for implementing the requirements of IEC 61508 (all parts) for safety-
related data communications, including possible transmission faults, remedial measures
and considerations affecting data integrity;
• functional safety communication profiles for several communication profile families in
IEC 61784-1 and IEC 61784-2, including safety layer extensions to the communication
service and protocols sections of IEC 61158 (all parts).
© IEC 2024
0.2 Use of extended assessment methods in Edition 4
This edition of the generic part of IEC 61784-3 (all parts) includes extended models for use
when estimating the total residual error rate for an FSCP. This value can be used to
determine if the FSCP meets the requirements of functional safety applications up to a given
SIL. These extended models for qualitative and quantitative safety determination methods are
detailed in Annex E and 5.8.
Upon publication of this new edition of the generic part, FSCPs shall be assessed using the
methods from this Edition 4, based on the extended models specified in 5.8 (derived from a
modified version of Annex F of Edition 3). The informative Annex F contains the legacy
models for reference purpose only.
Figure 3 shows the transitions from original assessment methods of Edition 2 to extended
assessment methods in this Edition 4 and the future Edition 5.
Key
DI Data Integrity
TADI Timeliness, Authenticity, Data Integrity
Figure 3 – Transitions from Ed. 2 to Ed. 4 and future Ed. 5 assessment methods
0.3 Patent declaration
The International Electrotechnical Commission (IEC) draws attention to the fact that it is
claimed that compliance with this document may involve the use of patents concerning
functional safety communication profiles for families 1, 2, 3, 6, 8, 12, 13, 14, 17 and 18 given
in IEC 61784-3-1, IEC 61784-3-2, IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8,
IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17 and IEC 61784-3-18.
IEC takes no position concerning the evidence, validity and scope of these patent rights.
The holders of these patent rights have assured IEC that they are willing to negotiate licences
under reasonable and non-discriminatory terms and conditions with applicants throughout the
world. In this respect, the statements of the holders of these patent rights are registered with
IEC. Information may be obtained from the patent database available at http://patents.iec.ch.
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights other than those in the patent database. IEC shall not be held
responsible for identifying any or all such patent rights.
REDLINE VERSION – 12 – IEC 61784-3:2021+AMD1:2024 CSV
© IEC 2024
INTRODUCTION to Amendment 1
This Amendment 1 discusses the concepts of a comprehensive channel model for data
integrity calculations for functional safety communications protocols (FSCPs) as specified in
where multiple contiguous bits are affected by a single fault.
It also reviews typical relationships between the possible errors and the various safety
measures which can be implemented.
© IEC 2024
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
1 Scope
This part of the IEC 61784-3 series explains some common principles that can be used in the
transmission of safety-relevant messages among participants within a distributed network
which use fieldbus technology in accordance with the requirements of IEC 61508 (all parts)
for functional safety. These principles are based on the black channel approach. They can be
used in various industrial applications such as process control, manufacturing automation and
machinery.
This part and the IEC 61784-3-x parts specify several functional safety communication
profiles based on the communication profiles and protocol layers of the fieldbus technologies
in IEC 61784-1, IEC 61784-2 and IEC 61158 (all parts). These functional safety
communication profiles use the black channel approach, as defined in IEC 61508. These
functional safety communication profiles are intended for implementation in safety devices
exclusively.
NOTE 1 Other safety-related communication systems meeting the requirements of IEC 61508 (all parts) can exist
that are not included in IEC 61784-3 (all parts).
NOTE 2 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such
as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
All systems are exposed to unauthorized access at some point of their life cycle. Additional
measures need to be considered in any safety-related application to protect fieldbus systems
against unauthorized access. IEC 62443 (all parts) will address many of these issues; the
relationship with IEC 62443 (all parts) is detailed in a dedicated subclause of this document.
NOTE 3 Implementation of a functional safety communication profile according to this document in a device is not
sufficient to qualify it as a safety device, as defined in IEC 61508 (all parts).
NOTE 4 The resulting SIL claim of a system depends on the implementation of the selected functional safety
communication profile within this system.
NOTE 5 Annex C explains the numbering scheme used for the technology-specific parts (IEC 61784-3-x) as well
as their common general structure.
NOTE 6 Annex D provides a guideline for the assessment and test of safety communication profiles as well as
safety-related devices using these profiles.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest
...
IEC 61784-3 ®
Edition 4.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC online collection - oc.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always
committee, …). It also gives information on projects, replaced have access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 000 terminological entries in English
details all new publications released. Available online and
and French, with equivalent terms in 18 additional languages.
once a month by email.
Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Recherche de publications IEC - IEC online collection - oc.iec.ch
webstore.iec.ch/advsearchform Découvrez notre puissant moteur de recherche et consultez
La recherche avancée permet de trouver des publications IEC gratuitement tous les aperçus des publications. Avec un
en utilisant différents critères (numéro de référence, texte, abonnement, vous aurez toujours accès à un contenu à jour
comité d’études, …). Elle donne aussi des informations sur adapté à vos besoins.
les projets et les publications remplacées ou retirées.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
Le premier dictionnaire d'électrotechnologie en ligne au
Restez informé sur les nouvelles publications IEC. Just
monde, avec plus de 22 000 articles terminologiques en
Published détaille les nouvelles publications parues.
anglais et en français, ainsi que les termes équivalents dans
Disponible en ligne et une fois par mois par email.
16 langues additionnelles. Egalement appelé Vocabulaire
Electrotechnique International (IEV) en ligne.
Service Clients - webstore.iec.ch/csc
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 61784-3 ®
Edition 4.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3: Functional safety fieldbuses – General rules and profile definitions
Réseaux de communication industriels – Profils –
Partie 3: Bus de terrain de sécurité fonctionnelle – Règles générales et
définitions de profils
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.100.05 ISBN 978-2-8322-9268-6
– 2 – IEC 61784-3:2021 © IEC 2021
CONTENTS
FOREWORD . 7
0 Introduction . 9
0.1 General . 9
0.2 Use of extended assessment methods in Edition 4 . 11
0.3 Patent declaration . 11
1 Scope . 12
2 Normative references . 12
3 Terms, definitions, symbols, abbreviated terms and conventions . 14
3.1 Terms and definitions . 14
3.2 Symbols and abbreviated terms . 21
3.2.1 Abbreviated terms . 21
3.2.2 Symbols . 22
4 Conformance . 22
5 Basics of safety-related fieldbus systems . 23
5.1 Safety function decomposition . 23
5.2 Communication system . 23
5.2.1 General . 23
5.2.2 IEC 61158 fieldbuses . 24
5.2.3 Communication channel types . 24
5.2.4 Safety function response time . 25
5.3 Communication errors . 25
5.3.1 General . 25
5.3.2 Corruption . 25
5.3.3 Unintended repetition . 26
5.3.4 Incorrect sequence . 26
5.3.5 Loss . 26
5.3.6 Unacceptable delay . 26
5.3.7 Insertion . 26
5.3.8 Masquerade. 26
5.3.9 Addressing . 26
5.4 Deterministic remedial measures . 27
5.4.1 General . 27
5.4.2 Sequence number. 27
5.4.3 Time stamp . 27
5.4.4 Time expectation . 27
5.4.5 Connection authentication . 27
5.4.6 Feedback message . 27
5.4.7 Data integrity assurance . 27
5.4.8 Redundancy with cross checking . 28
5.4.9 Different data integrity assurance systems . 28
5.5 Typical relationships between errors and safety measures . 28
5.6 Communication phases . 29
5.7 FSCP implementation aspects . 30
5.8 Models for estimation of the total residual error rate . 30
5.8.1 Applicability . 30
5.8.2 General models for black channel communications . 31
5.8.3 Identification of generic safety properties . 31
5.8.4 Assumptions for residual error rate calculations . 32
5.8.5 Residual error rates . 33
5.8.6 Data integrity . 35
5.8.7 Authenticity. 36
5.8.8 Timeliness . 38
5.8.9 Masquerade. 41
5.8.10 Calculation of the total residual error rates . 41
5.8.11 Total residual error rate and SIL . 43
5.8.12 Configuration and parameterization for an FSCP . 43
5.9 Relationship between functional safety and security . 45
5.10 Boundary conditions and constraints . 45
5.10.1 Electrical safety . 45
5.10.2 Electromagnetic compatibility (EMC) . 46
5.11 Installation guidelines . 46
5.12 Safety manual . 46
5.13 Safety policy . 46
6 Communication Profile Family 1 (FOUNDATION™ Fieldbus) – Profiles for functional
safety . 47
7 Communication Profile Family 2 (CIP™) and Family 16 (SERCOS®) – Profiles for
functional safety . 47
8 Communication Profile Family 3 (PROFIBUS™, PROFINET™) – Profiles for
functional safety . 48
9 Communication Profile Family 6 (INTERBUS®) – Profiles for functional safety . 48
10 Communication Profile Family 8 (CC-Link™) – Profiles for functional safety . 49
10.1 Functional Safety Communication Profile 8/1 . 49
10.2 Functional Safety Communication Profile 8/2 . 49
11 Communication Profile Family 12 (EtherCAT™) – Profiles for functional safety. 49
12 Communication Profile Family 13 (Ethernet POWERLINK™) – Profiles for
functional safety . 50
13 Communication Profile Family 14 (EPA®) – Profiles for functional safety . 50
14 Communication Profile Family 17 (RAPIEnet™) – Profiles for functional safety. 50
15 Communication Profile Family 18 (SafetyNET p™ Fieldbus) – Profiles for
functional safety . 51
Annex A (informative) Example functional safety communication models . 52
A.1 General . 52
A.2 Model A (single message, channel and FAL, redundant SCLs) . 52
A.3 Model B (full redundancy) . 52
A.4 Model C (redundant messages, FALs and SCLs, single channel) . 53
A.5 Model D (redundant messages and SCLs, single channel and FAL) . 53
Annex B (normative) Safety communication channel model using CRC-based error
checking . 55
B.1 Overview. 55
B.2 Channel model for calculations . 55
B.3 Bit error probability Pe . 56
B.4 Cyclic redundancy checking . 57
B.4.1 General . 57
B.4.2 Requirements for methods to calculate R . 57
CRC
Annex C (informative) Structure of technology-specific parts. 59
– 4 – IEC 61784-3:2021 © IEC 2021
Annex D (informative) Assessment guideline . 62
D.1 Overview. 62
D.2 Channel types . 62
D.2.1 General . 62
D.2.2 Black channel . 62
D.2.3 White channel . 62
D.3 Data integrity considerations for white channel approaches . 63
D.3.1 General . 63
D.3.2 Models B and C . 63
D.3.3 Models A and D . 64
D.4 Verification of safety measures . 64
D.4.1 General . 64
D.4.2 Implementation . 65
D.4.3 Default safety action . 65
D.4.4 Safe state . 65
D.4.5 Transmission errors . 65
D.4.6 Safety reaction and response times . 65
D.4.7 Combination of measures . 65
D.4.8 Absence of interference . 66
D.4.9 Additional fault causes (white channel) . 66
D.4.10 Reference test beds and operational conditions . 66
D.4.11 Conformance tester . 66
Annex E (informative) Examples of implicit vs. explicit FSCP safety measures. 67
E.1 General . 67
E.2 Example fieldbus message with safety PDUs . 67
E.3 Model with completely explicit safety measures . 67
E.4 Model with explicit A-code and implicit T-code safety measures . 68
E.5 Model with explicit T-code and implicit A-code safety measures . 68
E.6 Model with split explicit and implicit safety measures . 69
E.7 Model with completely implicit safety measures . 70
E.8 Addition to Annex B – impact of implicit codes on properness . 70
Annex F (informative) Legacy models for estimation of the total residual error rate . 71
F.1 General . 71
F.2 Calculation of the residual error rate . 71
F.3 Total residual error rate and SIL . 73
Annex G (informative) Implicit data safety mechanisms for IEC 61784-3 functional
safety communication profiles (FSCPs) . 74
G.1 Overview. 74
G.2 Basic principles . 74
G.3 Problem statement: constant values for implicit data . 75
G.4 RP for FSCPs with random, uniformly distributed err . 78
impl
G.4.1 General . 78
i
G.4.2 Uniform distribution within the interval [0;2 -1], i ≥ r . 79
r
G.4.3 Uniform distribution in the interval [1;2 -1], i = r . 81
G.5 General case . 83
G.6 Calculation of P . 83
ID
Annex H (informative) Residual error probability for example CRC codes (tables for
verification of calculation methods) . 85
H.1 Overview. 85
H.2 Example of a 32-bit CRC. 85
H.3 Example of a 16-bit CRC. 90
H.4 Conclusion . 94
Bibliography . 96
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 9
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 10
Figure 3 – Transitions from Ed. 2 to Ed. 4 and future Ed. 5 assessment methods . 11
Figure 4 – Safety communication as a part of a safety function . 23
Figure 5 – Example model of a functional safety communication system . 24
Figure 6 – Example of safety function response time components . 25
Figure 7 – Conceptual FSCP protocol model . 30
Figure 8 – FSCP implementation aspects. 30
Figure 9 – Black channel from an FSCP perspective . 31
Figure 10 – Model for authentication considerations . 36
Figure 11 – Fieldbus and internal address errors . 37
Figure 12 – Example of slowly increasing message latency . 39
Figure 13 – Example of an active network element failure . 40
Figure 14 – Example application 1 (m = 4) . 42
Figure 15 – Example application 2 (m = 2) . 42
Figure 16 – Example of configuration and parameterization procedures for FSCP . 44
Figure A.1 – Model A . 52
Figure A.2 – Model B . 53
Figure A.3 – Model C . 53
Figure A.4 – Model D . 54
Figure B.1 – Binary symmetric channel (BSC) . 55
Figure B.2 – Block codes for error detection . 56
Figure B.3 – Example of a block with a message part and a CRC signature . 57
Figure B.4 – Proper and improper CRC polynomials . 58
Figure D.1 – Basic Markov model . 64
Figure E.1 – Example safety PDUs embedded in a fieldbus message . 67
Figure E.2 – Model with completely explicit safety measures . 67
Figure E.3 – Model with explicit A-code and implicit T-code safety measures . 68
Figure E.4 – Model with explicit T-code and implicit A-code safety measures . 69
Figure E.5 – Model with split explicit and implicit safety measures . 69
Figure E.6 – Model with completely implicit safety measures . 70
Figure F.1 – Example application 1 (m = 4) . 72
Figure F.2 – Example application 2 (m = 2) . 73
Figure G.1 – FSCP with implicit transmission of authenticity and/or timeliness codes . 75
Figure G.2 – Example of an incorrect transmission with multiple error causes . 76
Figure G.3 – Impact of errors in implicit data on the residual error probability . 77
Figure H.1 – Residual error probabilities (example of a 32-bit CRC – result 1) . 87
Figure H.2 – Residual error probabilities (example of a 32-bit CRC – result 2) . 87
– 6 – IEC 61784-3:2021 © IEC 2021
Figure H.3 – Residual error probabilities (example of a 32-bit CRC – result 3) . 88
Figure H.4 – Residual error probabilities (example of a 32-bit CRC – result 4) . 88
Figure H.5 – Residual error probabilities (example of a 32-bit CRC – result 5) . 89
Figure H.6 – Residual error probabilities (example of a 32-bit CRC – result 6) . 89
Figure H.7 – Residual error probabilities (example of a 16-bit CRC – result 1) . 92
Figure H.8 – Residual error probabilities (example of a 16-bit CRC – result 2) . 92
Figure H.9 – Residual error probabilities (example of a 16-bit CRC – result 3) . 93
Figure H.10 – Residual error probabilities (example of a 16-bit CRC – result 4) . 93
Figure H.11 – Residual error probabilities (example of a 16-bit CRC – result 5) . 94
Figure H.12 – Example 1 of improper polynomial . 94
Figure H.13 – Example 2 of improper polynomial . 95
Table 1 – Overview of the effectiveness of the various measures on the possible errors . 29
Table 2 – Typical relationship of residual error rate to SIL . 43
Table 3 – Typical relationship of residual error on demand to SIL . 43
Table 4 – Overview of profile identifier usable for FSCP 6/7 . 48
Table B.1 – Example dependency d and block bit length n . 56
min
Table C.1 – Common subclause structure for technology-specific parts . 59
Table F.1 – Definition of items used for calculation of the residual error rates . 72
Table F.2 – Typical relationship of residual error rate to SIL . 73
Table F.3 – Typical relationship of residual error on demand to SIL . 73
Table H.1 – Residual error probabilities (R ) for example CRC32 polynomial . 86
CRC1
Table H.2 – Residual error probabilities (R ) for example CRC16 polynomial . 91
CRC2
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC
Publication(s)"). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61784-3 has been prepared by subcommittee 65C: Industrial
networks, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This fourth edition cancels and replaces the third edition, published in 2016 and its
Amendment 1, published in 2017. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
• Contents of previous Annex F were corrected based on feedback from peer review and
subsequent analysis (in particular deletion of RP for data integrity, reduction of the
U
Equation for RR , and clarifications on the values of RP and R ).
A I T
• Additional assumptions for residual error rate calculations, clarification of assumption a).
– 8 – IEC 61784-3:2021 © IEC 2021
• After correction, contents of previous Annex F were exchanged with the contents of
previous Subclause 5.8.
• Contents of Subclause 5.9 on security replaced by a simple reference to IEC 62443 in
accordance with Guide 120.
• Changes in Annex B: Dependency of this Annex B with the BSC model has been
highlighted. First two paragraphs and figure in Clause B.2 have been deleted because of
little relevance. The approximation Equation (B.4) has been deleted due to obsolescence,
based on the observations that the CRC shall be anyway explicitly calculated in order to
prove properness, and that it may produce optimistic results. Guidance for calculation of
R in B.4.2 has been reviewed.
CRC
• Changes in Annex D: Formula D.1 was changed from an approximation to a proper
Equation, with some adjustments, and contents of D.4.3 were clarified (default safety
action).
• New informative Annex H, providing additional guidance for the calculation of RCRC.
The text of this International Standard is based on the following documents:
FDIS Report on voting
65C/1067/FDIS 65C/1072/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts of the IEC 61784-3 series, published under the general title Industrial
communication networks – Profiles – Functional safety fieldbuses, can be found on the IEC
website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
0 Introduction
0.1 General
The IEC 61158 (all parts) fieldbus standard together with its companion standards
IEC 61784-1 and IEC 61784-2 defines a set of communication protocols that enable
distributed control of automation applications. Fieldbus technology is now considered well
accepted and well proven. Thus, fieldbus enhancements continue to emerge, addressing
applications for areas such as real time and safety-related applications.
IEC 61784-3 (all parts) explains the relevant principles for functional safety communications
with reference to IEC 61508 (all parts) and specifies several safety communication layers
(profiles and corresponding protocols) based on the communication profiles and protocol
layers of IEC 61784-1, IEC 61784-2 and IEC 61158 (all parts). It does not cover electrical
safety and intrinsic safety aspects. It also does not cover security aspects, nor does it provide
any requirements for security.
Figure 1 shows the relationships between IEC 61784-3 (all parts) and relevant safety and
fieldbus standards in a machinery environment.
NOTE IEC 62061 specifies the relationship between PL (Category) and SIL.
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
– 10 – IEC 61784-3:2021 © IEC 2021
Figure 2 shows the relationships between IEC 61784-3 (all parts) and relevant safety and
fieldbus standards in a process environment.
a
For specified electromagnetic environments; otherwise IEC 61326-3-1 or IEC 61000-6-7.
Figure 2 – Relationships of IEC 61784-3 with other standards (process)
Safety communication layers which are implemented as parts of safety-related systems
according to IEC 61508 (all parts) provide the necessary confidence in the transportation of
messages (information) between two or more participants on a fieldbus in a safety-related
system, or sufficient confidence of safe behaviour in the event of fieldbus errors or failures.
Safety communication layers specified in IEC 61784-3 (all parts) do this in such a way that a
fieldbus can be used for applications requiring functional safety up to the Safety Integrity
Level (SIL) specified by its corresponding functional safety communication profile.
The resulting SIL claim of a system depends on the implementation of the selected functional
safety communication profile (FSCP) within this system – implementation of a functional
safety communication profile in a standard device is not sufficient to qualify it as a safety
device.
IEC 61784-3 (all parts) describes:
• basic principles for implementing the requirements of IEC 61508 (all parts) for safety-
related data communications, including possible transmission faults, remedial measures
and considerations affecting data integrity;
• functional safety communication profiles for several communication profile families in
IEC 61784-1 and IEC 61784-2, including safety layer extensions to the communication
service and protocols sections of IEC 61158 (all parts).
0.2 Use of extended assessment methods in Edition 4
This edition of the generic part of IEC 61784-3 (all parts) includes extended models for use
when estimating the total residual error rate for an FSCP. This value can be used to
determine if the FSCP meets the requirements of functional safety applications up to a given
SIL. These extended models for qualitative and quantitative safety determination methods are
detailed in Annex E and 5.8.
Upon publication of this new edition of the generic part, FSCPs shall be assessed using the
methods from this Edition 4, based on the extended models specified in 5.8 (derived from a
modified version of Annex F of Edition 3). The informative Annex F contains the legacy
models for reference purpose only.
Figure 3 shows the transitions from original assessment methods of Edition 2 to extended
assessment methods in this Edition 4 and the future Edition 5.
Key
DI Data Integrity
TADI Timeliness, Authenticity, Data Integrity
Figure 3 – Transitions from Ed. 2 to Ed. 4 and future Ed. 5 assessment methods
0.3 Patent declaration
The International Electrotechnical Commission (IEC) draws attention to the fact that it is
claimed that compliance with this document may involve the use of patents concerning
functional safety communication profiles for families 1, 2, 3, 6, 8, 12, 13, 14, 17 and 18 given
in IEC 61784-3-1, IEC 61784-3-2, IEC 61784-3-3, IEC 61784-3-6, IEC 61784-3-8,
IEC 61784-3-12, IEC 61784-3-13, IEC 61784-3-14, IEC 61784-3-17 and IEC 61784-3-18.
IEC takes no position concerning the evidence, validity and scope of these patent rights.
The holders of these patent rights have assured IEC that they are willing to negotiate licences
under reasonable and non-discriminatory terms and conditions with applicants throughout the
world. In this respect, the statements of the holders of these patent rights are registered with
IEC. Information may be obtained from the patent database available at http://patents.iec.ch.
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights other than those in the patent database. IEC shall not be held
responsible for identifying any or all such patent rights.
– 12 – IEC 61784-3:2021 © IEC 2021
INDUSTRIAL COMMUNICATION NETWORKS –
PROFILES –
Part 3: Functional safety fieldbuses –
General rules and profile definitions
1 Scope
This part of the IEC 61784-3 series explains some common principles that can be used in the
transmission of safety-relevant messages among participants within a distributed network
which use fieldbus technology in accordance with the requirements of IEC 61508 (all parts)
for functional safety. These principles are based on the black channel approach. They can be
used in various industrial applications such as process control, manufacturing automation and
machinery.
This part and the IEC 61784-3-x parts specify several functional safety communication
profiles based on the communication profiles and protocol layers of the fieldbus technologies
in IEC 61784-1, IEC 61784-2 and IEC 61158 (all parts). These functional safety
communication profiles use the black channel approach, as defined in IEC 61508. These
functional safety communication profiles are intended for implementation in safety devices
exclusively.
NOTE 1 Other safety-related communication systems meeting the requirements of IEC 61508 (all parts) can exist
that are not included in IEC 61784-3 (all parts).
NOTE 2 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such
as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
All systems are exposed to unauthorized access at some point of their life cycle. Additional
measures need to be considered in any safety-related application to protect fieldbus systems
against unauthorized access. IEC 62443 (all parts) will address many of these issues; the
relationship with IEC 62443 (all parts) is detailed in a dedicated subclause of this document.
NOTE 3 Implementation of a functional safety communication profile according to this document in a device is not
sufficient to qualify it as a safety device, as defined in IEC 61508 (all parts).
NOTE 4 The resulting SIL claim of a system depends on the implementation of the selected functional safety
communication profile within this system.
NOTE 5 Annex C explains the numbering scheme used for the technology-specific parts (IEC 61784-3-x) as well
as their common general structure.
NOTE 6 Annex D provides a guideline for the assessment and test of safety communication profiles as well as
safety-related device
...
IEC 61784-3:2021は、産業通信ネットワークにおける機能安全ファイルバスに関する重要な基準を提供しています。この標準は、IEC 61508の要求に従った安全関連メッセージの転送に関する共通原則を説明しており、フィールドバス技術を利用する分散ネットワーク内の参加者間での通信に特化しています。特に、ブラックチャネルアプローチに基づいており、様々な産業用途に対応可能です。これにより、プロセス制御、製造自動化、機械制御などの分野での機能安全を確保するための信頼性の高い通信メカニズムを実現します。 この標準の強みは、機能安全におけるニーズに対して包括的なガイドラインを提供している点です。IEC 61784-3:2021は、複雑な産業環境において、多様なシステムや装置が相互に通信するための明確なプロファイル定義を含んでおり、これによりエンドユーザーはリスクを最小限に抑え、円滑な運用を維持することができます。安全関連メッセージの処理における統一基準を設けることで、異なるベンダーの装置間での互換性が向上し、使い勝手が増すと同時に、システム全体の安全性も向上します。 IEC 61784-3:2021は、その適用範囲の広さからも高く評価されており、特に安全性が重視される産業界においては不可欠なガイドラインとなっています。機能安全ファイルバスの導入を検討している企業にとって、この文書は、適正な技術選定やシステム設計を行う際の信頼できる参考資料となるでしょう。
La norme IEC 61784-3:2021 est un document essentiel dans le domaine des réseaux de communication industrielle, en particulier dans le contexte des bus de terrain dédiés à la sécurité fonctionnelle. Sa portée est définie par la nécessité d'établir des principes communs pour la transmission de messages pertinents en matière de sécurité entre les participants d'un réseau distribué utilisant la technologie des bus de terrain, conformément aux exigences de la norme IEC 61508. La norme met en avant l'approche du « black channel », qui est cruciale pour assurer l'intégrité et la sécurité des communications. Parmi les points forts de la norme IEC 61784-3:2021, on peut souligner son adaptabilité à divers environnements industriels, notamment le contrôle des procédés, l'automatisation de la fabrication et l'utilisation de machines. Cette flexibilité permet aux entreprises de l'intégrer efficacement dans une grande variété d'applications, assurant ainsi une interopérabilité élevée dans les systèmes de communication industrielle. En outre, la pertinence de la norme se manifeste par son alignement avec les exigences croissantes en matière de sécurité fonctionnelle dans un monde industriel en constante évolution. L'importance croissante de la sécurité dans les systèmes automatisés renforce la nécessité pour les organisations de se conformer à ces recommandations, afin de garantir non seulement la sécurité des opérations, mais également la protection des personnes et des biens. La norme IEC 61784-3:2021 représente donc un guide fondamental pour quiconque s'implique dans la mise en œuvre de systèmes de communication sécurisés au sein des infrastructures industrielles, contribuant ainsi à l'amélioration continue des standards de sécurité fonctionnelle dans le secteur.
Die Norm IEC 61784-3:2021 behandelt die wichtigen Prinzipien der industriellen Kommunikationsnetzwerke mit einem speziellen Fokus auf funktionale Sicherheit in Feldbus-Systemen. Dieser Standard bietet eine umfassende Übersicht zu den Anforderungen und Definitionen von Profilen, die für die sichere Übertragung von sicherheitsrelevanten Nachrichten innerhalb verteilter Netzwerke von entscheidender Bedeutung sind. Ein herausragender Aspekt der IEC 61784-3:2021 ist der Einsatz des sogenannten Black-Channel-Ansatzes. Dieser Ansatz ermöglicht eine ausreichende Flexibilität und Anpassungsfähigkeit bei der Übertragung von Daten, was in den verschiedenen Bereichen der Industrie, wie der Prozesskontrolle, der Fertigungsautomatisierung und der Maschinensteuerung von enormer Bedeutung ist. Die im Standard festgelegten allgemeinen Regeln und Profildefinitionen ermöglichen es Unternehmen, ihre Kommunikationssysteme gemäß den Anforderungen von IEC 61508 zu gestalten, was zu einer höheren Sicherheit und Zuverlässigkeit bei der Datenübertragung führt. Ein weiterer Vorteil des Standards ist seine Relevanz für eine Vielzahl industrieller Anwendungen, was ihn zu einem wesentlichen Dokument für Fachleute und Unternehmen macht, die sich mit funktionalen Sicherheitsanforderungen auseinandersetzen. Die Norm trägt dazu bei, einen einheitlichen Rahmen zu schaffen, innerhalb dessen sichere und effiziente Kommunikationsmethoden für unterschiedliche Systeme und Technologien entwickelt werden können. Insgesamt stellt die IEC 61784-3:2021 eine wertvolle Ressource dar, die robuste Lösungen für die Herausforderungen der funktionalen Sicherheit in industriellen Kommunikationsnetzwerken bietet und somit die Effizienz und Sicherheit in verschiedenen Anwendungsbereichen nachhaltig verbessert.
IEC 61784-3:2021 is a pivotal standard that addresses the integration of functional safety in industrial communication networks, specifically focusing on fieldbuses. The scope of this standard outlines essential principles for transmitting safety-relevant messages among network participants that leverage fieldbus technology. By adhering to the requirements set forth in IEC 61508, the standard provides a robust framework for ensuring functional safety across various applications, including process control, manufacturing automation, and machinery management. One of the standout strengths of IEC 61784-3:2021 is its comprehensive coverage of the "black channel" approach, which forms the foundation for ensuring reliable communication in safety-critical environments. This approach is advantageous for organizations aiming to enhance safety protocols within their operations, as it provides a generalized method for safety message transmission, independent of the fieldbus implementation specifics. Additionally, the standard is highly relevant in today's industrial landscape, where increasing automation and connectivity in manufacturing processes demand stringent safety measures. By integrating the principles of functional safety with fieldbus technology, IEC 61784-3:2021 enables organizations to align their safety communication strategies with global best practices, thereby reducing risks associated with safety failures. The document is not only applicable to a broad range of industrial sectors but also acts as a benchmark for best practices in functional safety communications. Its clear definitions and guidelines help streamline the implementation of safety measures, making it an invaluable resource for professionals engaged in the design and maintenance of industrial communication systems. The upcoming amendment, IEC 61784-3:2021+AMD1:2024, is expected to further enhance its capability, ensuring that it remains at the forefront of functional safety in industrial communication networks.
IEC 61784-3:2021 표준은 산업 통신망의 안전성 및 효율성을 지원하기 위해 중요한 역할을 합니다. 이 표준은 안전 관련 메시지를 전송할 때 사용할 수 있는 공통 원칙들을 설명하고 있으며, 이러한 원칙들은 기능 안전을 위한 IEC 61508의 요구 사항에 부합하는 필드버스 기술을 사용하는 분산 네트워크 내에서의 적용에 초점을 맞추고 있습니다. 첫째로, IEC 61784-3:2021의 강점 중 하나는 블랙 채널 접근 방식을 기반으로 하여 안전 메시지 전송의 신뢰성을 높이는 것입니다. 이 접근 방식은 다양한 산업 응용 프로그램, 예를 들어 프로세스 제어, 제조 자동화 및 기계 시스템 등에서 유용하게 적용될 수 있습니다. 이는 안전성에 대한 높은 기준을 요구하는 산업 환경에서 특히 중요한 요소입니다. 둘째, 이 표준은 기능 안전 프로파일의 정의와 일반 규칙을 명확하게 제시함으로써, 산업계 종사자들이 안전 관련 메시지 전송을 보다 쉽게 이해하고 적용할 수 있도록 돕습니다. 이러한 명확한 규정은 또한 다양한 필드버스 구성 요소 간의 상호 운용성을 개선하여 시스템 통합을 촉진합니다. 셋째, IEC 61784-3:2021은 안전성과 효율성을 동시에 강조하며, 산업 자동화 시스템이 보다 안전하게 운영될 수 있도록 합니다. 이 표준의 적용은 시스템의 기능적 안전성을 보장할 뿐만 아니라, 전체적인 시스템 신뢰성에도 기여합니다. 이러한 특성 덕분에 IEC 61784-3:2021 표준은 산업 통신 네트워크와 관련된 모든 이해관계자에게 필수적인 문서로 자리 잡고 있으며, 안전과 효율성을 동시에 추구하는 현대 산업 환경에서 그 중요성이 더욱 부각되고 있습니다.
IEC 61784-3:2021 is a standard that outlines general rules and profile definitions for functional safety fieldbuses in industrial communication networks. It provides principles for transmitting safety-relevant messages within a distributed network using fieldbus technology. These principles are based on the black channel approach and are applicable in sectors such as process control, manufacturing automation, and machinery. The standard aligns with the requirements of IEC 61508 for functional safety.
IEC 61784-3:2021は、産業通信ネットワークにおけるプロファイルの一般的なルールと定義について説明しています。この規格は、機能的な安全性の要件に基づいて、フィールドバス技術を使用する分散ネットワーク内の参加者間で安全に関連するメッセージを伝送するための一般的な原則を提供しています。これらの原則は、ブラックチャネルアプローチに基づいており、プロセス制御、製造自動化、機械などのさまざまな産業アプリケーションに適用することができます。この規格は、機能的な安全性に関するIEC 61508の要件と一致しています。
IEC 61784-3:2021은 산업 통신 네트워크에 대한 일반적인 규칙과 프로필 정의를 설명합니다. 이 표준은 기능적 안전성을 위해 IEC 61508의 요구 사항에 따라 필드버스 기술을 사용하는 분산 네트워크의 참여자들 간에 안전 관련 메시지를 전송하는 데에 사용할 수 있는 일반적인 원칙을 제시합니다. 이러한 원칙은 블랙 채널 접근 방식에 기반하며, 프로세스 제어, 제조 자동화, 기계 등 다양한 산업 응용 분야에 적용될 수 있습니다. 이 표준은 기능적 안전성을 위한 IEC 61508의 요구 사항과 일치합니다.
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...