SIST EN 62061:2005

SLOVENSKI SIST EN 62061:2005
STANDARD
december 2005
Varnost strojev – Funkcijska varnost na varnost vezanih električnih,
elektronskih in programirljivih elektronskih krmilnih sistemov (IEC
62061:2005)
Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems (IEC 62061:2005)
ICS 13.110; 25.040.40 Referenčna številka
©  Standard je založil in izdal Slovenski inštitut za standardizacijo. Razmnoževanje ali kopiranje celote ali delov tega dokumenta ni dovoljeno

EUROPEAN STANDARD EN 62061
NORME EUROPÉENNE
EUROPÄISCHE NORM April 2005
ICS 13.110; 25.040.99; 29.020
English version
Safety of machinery –
Functional safety of safety-related electrical,
electronic and programmable electronic control systems
(IEC 62061:2005)
Sécurité des machines –  Sicherheit von Maschinen –
Sécurité fonctionnelle des systèmes Funktionale Sicherheit
de commande électriques, électroniques sicherheitsbezogener elektrischer,
et électroniques programmables relatifs elektronischer und programmierbarer
à la sécurité elektronischer Steuerungssysteme
(CEI 62061:2005) (IEC 62061:2005)

This European Standard was approved by CENELEC on 2004-12-01. CENELEC members are bound to
comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and
notified to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden,
Switzerland and United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2005 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.

Ref. No. EN 62061:2005 E
Foreword
The text of document 44/460/FDIS, future edition 1 of IEC 62061, prepared by IEC TC 44, Safety of
machinery - Electrotechnical aspects, was submitted to the IEC-CENELEC parallel vote and was
approved by CENELEC as EN 62061 on 2004-12-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2005-11-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2007-12-01
This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and covers essential requirements of
EC Directive 98/37/EC. See Annex ZZ.
PROOF TEST INTERVAL AND LIFETIME
The following important information should be noted in relation to the requirements of this standard:
Where the probability of dangerous failure per hour (PFH ) is highly dependent upon proof testing (i.e.
D
tests intended to reveal faults not detected by diagnostic functions) then the proof test interval needs
to be shown as realistic and practicable in the context of the expected use of the safety-related
electrical control system (SRECS) (e.g. proof test intervals of less than 10 years can be unreasonably
short for many machinery applications).
CEN/TC114/WG6 have used a proof test interval (mission time) of 20 years to support the estimation
of mean time to dangerous failure (MTTF ) for the realization of designated architectures in Annex B
D
of prEN ISO 13849-1. Therefore, it is recommended that SRECS designers endeavour to use a 20
year proof test interval.
It is acknowledged that some subsystems and/or subsystem elements (e.g. electro-mechanical
components with high duty cycles) will require replacement within the SRECS proof test interval.
Proof testing involves detailed and comprehensive checks that can, in practice, only be performed
when the SRECS and/or its subsystems has been designed to facilitate proof testing (e.g. dedicated
test ports) and provided with necessary information (e.g. proof test instructions).
To ensure the validity of the proof test interval specified by the designer it is important that any other
necessary designated tests (e.g. functional tests) are also successfully performed at the SRECS.
Annexes ZA and ZZ have been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 62061:2005 was approved by CENELEC as a European
Standard without any modification.
__________
- 3 - EN 62061:2005
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
NOTE Where an international publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
Publication Year Title EN/HD Year
1) 2)
IEC 60204-1 - Safety of machinery - Electrical EN 60204-1 1997
equipment of machines + corr. September 1998
Part 1: General requirements
1) 2)
IEC 61000-6-2, - Electromagnetic compatibility (EMC) EN 61000-6-2 2001
mod. Part 6-2: Generic standards - Immunity
for industrial environments
IEC 61310 Series Safety of machinery - Indication, marking EN 61310 Series
and actuation
1) 2)
IEC 61508-2 - Functional safety of EN 61508-2 2001
electrical/electronic/programmable
electronic safety-related systems
Part 2: Requirements for
electrical/electronic/programmable
electronic safety-related systems

1) 2)
IEC 61508-3 - Part 3: Software requirements EN 61508-3 2001

EN ISO 12100-1 2003
ISO 12100-1 2003 Safety of machinery
Basic concepts, general principles for
design -- Part 1: Basic terminology,
methodology
ISO 12100-2 2003 Basic concepts, general principles for EN ISO 12100-2 2003
design -- Part 2: Technical principles

ISO 13849-1 1999 Safety of machinery - Safety-related parts - -
of control systems
Part 1: General principles for design

ISO 13849-2 2003 Part 2: Validation EN ISO 13849-2 2003

1)
ISO 14121 - Safety of machinery - -
Principles of risk assessment
1)
Undated reference.
2)
Valid edition at date of issue.

Annex ZZ
(informative)
Coverage of Essential Requirements of EC Directives
This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and within its scope the standard covers the
following essential requirements out of those given in Annex I of the EC Directive 98/37/EC:
– 1.2.1;
– 1.2.7.
Compliance with this standard provides one means of conformity with the specified essential
requirements of the Directive concerned.
WARNING: Other requirements and other EC Directives may be applicable to the products falling
within the scope of this standard.
__________
IEC 62061
Edition 1.0 2005-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Safety of machinery – Functional safety of safety-related electrical, electronic
and programmable electronic control systems

Sécurité des machines – Sécurité fonctionnelle des systèmes de commande
électriques, électroniques et électroniques programmables relatifs à la sécurité

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
XD
CODE PRIX
ICS 13.110; 25.040.99; 29.020 ISBN 2-8318-7818-7

– 2 – 62061 © IEC:2005
CONTENTS
FOREWORD.5
INTRODUCTION.7

1 Scope and object.10
2 Normative references .11
3 Terms, definitions and abbreviations .12
3.1 Alphabetical list of definitions .12
3.2 Terms and definitions .14
3.3 Abbreviations .22
4 Management of functional safety .23
4.1 Objective.23
4.2 Requirements.23
5 Requirements for the specification of Safety-Related Control Functions (SRCFs) .24
5.1 Objective.24
5.2 Specification of requirements for SRCFs .24
6 Design and integration of the safety-related electrical control system (SRECS) .27
6.1 Objective.27
6.2 General requirements.27
6.3 Requirements for behaviour (of the SRECS) on detection
of a fault in the SRECS .28
6.4 Requirements for systematic safety integrity of the SRECS .29
6.5 Selection of safety-related electrical control system .31
6.6 Safety-related electrical control system (SRECS) design and development .31
6.7 Realisation of subsystems .36
6.8 Realisation of diagnostic functions .52
6.9 Hardware implementation of the SRECS .53
6.10 Software safety requirements specification.53
6.11 Software design and development.54
6.12 Safety-related electrical control system integration and testing.62
6.13 SRECS installation .63
7 Information for use of the SRECS.63
7.1 Objective.63
7.2 Documentation for installation, use and maintenance .63
8 Validation of the safety-related electrical control system.64
8.1 General requirements.65
8.2 Validation of SRECS systematic safety integrity .65
9 Modification.66
9.1 Objective.66
9.2 Modification procedure .66
9.3 Configuration management procedures .67
10 Documentation .69

62061 © IEC:2005 – 3 –
Annex A (informative) SIL assignment .71
Annex B (informative)  Example of safety-related electrical control system (SRECS)
design using concepts and requirements of Clauses 5 and 6 .79
Annex C (informative) Guide to embedded software design and development.86
Annex D (informative) Failure modes of electrical/electronic components .95
Annex E (informative) Electromagnetic (EM) phenomenon and increased immunity
levels for SRECS intended for use in an industrial environment according to
IEC 61000-6-2 .100
Annex F (informative) Methodology for the estimation of susceptibility to common
cause failures (CCF).102

Figure 1 – Relationship of IEC 62061 to other relevant standards .8
Figure 2 – Workflow of the SRECS design and development process .33
Figure 3 – Allocation of safety requirements of the function blocks to subsystems
(see 6.6.2.1.1) .34
Figure 4 – Workflow for subsystem design and development (see box 6B of Figure 2) .39
Figure 5 – Decomposition of a function block into redundant function block elements
and their associated subsystem elements .40
Figure 6 – Subsystem A logical representation .46
Figure 7 – Subsystem B logical representation .47
Figure 8 – Subsystem C logical representation .47
Figure 9 – Subsystem D logical representation .49
Figure A.1 – Workflow of SIL assignment process.72
Figure A.2 – Parameters used in risk estimation .73
Figure A.3 – Example proforma for SIL assignment process .78
Figure B.1 – Terminology used in functional decomposition .79
Figure B.2 – Example machine .80
Figure B.3 – Specification of requirements for an SRCF .80
Figure B.4 – Decomposition to a structure of function blocks .81
Figure B.5 – Initial concept of an architecture for a SRECS .82
Figure B.6 – SRECS architecture with diagnostic functions embedded within each
subsystem (SS1 to SS4) .83
Figure B.7 – SRECS architecture with diagnostic functions embedded within
subsystem SS3.84
Figure B.8 – Estimation of PFH for a SRECS.85
D
Table 1 – Recommended application of IEC 62061 and ISO 13849-1(under revision) .9
Table 2 – Overview and objectives of IEC 62061 .11
Table 3 – Safety integrity levels: target failure values for SRCFs .26
Table 4 – Characteristics of subsystems 1 and 2 used in this example.36
Table 5 – Architectural constraints on subsystems: maximum SIL that can be claimed
for a SRCF using this subsystem .42
Table 6 – Architectural constraints: SILCL relating to categories.42
Table 7 – Probability of dangerous failure .45
Table 8 – Information and documentation of a SRECS.69

– 4 – 62061 © IEC:2005
Table A.1 – Severity (Se) classification.74
Table A.2– Frequency and duration of exposure (Fr) classification .74
Table A.3– Probability (Pr) classification.75
Table A.4– Probability of avoiding or limiting harm (Av) classification .76
Table A.5– Parameters used to determine class of probability of harm (Cl) .76
Table A.6 – SIL assignment matrix.77
Table D.1 – Examples of the failure mode ratios for electrical/electronic components .95
Table E.1 – EM phenomenon and increased immunity levels for SRECS . 100
Table E.2 – Selected frequencies for RF field tests.101
Table E.3 – Selected frequencies for conducted RF tests . 101
Table F.1 – Criteria for estimation of CCF.102
Table F.2 – Estimation of CCF factor (β).103

62061 © IEC:2005 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY OF MACHINERY –
FUNCTIONAL SAFETY OF SAFETY-RELATED ELECTRICAL,
ELECTRONIC AND PROGRAMMABLE ELECTRONIC
CONTROL SYSTEMS
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62061 has been prepared by IEC technical committee 44: Safety
of machinery – Electrotechnical aspects.
The text of this standard is based on the following documents:
FDIS Report on voting
44/460/FDIS 44/470/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

– 6 – 62061 © IEC:2005
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
The contents of the corrigendum of July 2005 have been included in this copy.

62061 © IEC:2005 – 7 –
INTRODUCTION
As a result of automation, demand for increased production and reduced operator physical
effort, Safety-Related Electrical Control Systems (referred to as SRECS) of machines play an
increasing role in the achievement of overall machine safety. Furthermore, the SRECS
themselves increasingly employ complex electronic technology.
Previously, in the absence of standards, there has been a reluctance to accept SRECS in
safety-related functions for significant machine hazards because of uncertainty regarding the
performance of such technology.
This International Standard is intended for use by machinery designers, control system
manufacturers and integrators, and others involved in the specification, design and validation
of a SRECS. It sets out an approach and provides requirements to achieve the necessary
performance.
This standard is machine sector specific within the framework of IEC 61508. It is intended to
facilitate the specification of the performance of safety-related electrical control systems in
relation to the significant hazards (see 3.8 of ISO 12100-1) of machines.
This standard provides a machine sector specific framework for functional safety of a SRECS
of machines. It only covers those aspects of the safety lifecycle that are related to safety
requirements allocation through to safety validation. Requirements are provided for
information for safe use of SRECS of machines that can also be relevant to later phases of
the life of a SRECS.
There are many situations on machines where SRECS are employed as part of safety
measures that have been provided to achieve risk reduction. A typical case is the use of an
interlocking guard that, when it is opened to allow access to the danger zone, signals the
electrical control system to stop hazardous machine operation. Also in automation, the
electrical control system that is used to achieve correct operation of the machine process
often contributes to safety by mitigating risks associated with hazards arising directly from
control system failures. This standard gives a methodology and requirements to
• assign the required safety integrity level for each safety-related control function to be
implemented by SRECS;
• enable the design of the SRECS appropriate to the assigned safety-related control
function(s);
• integrate safety-related subsystems designed in accordance with ISO 13849 ;
• validate the SRECS.
This standard is intended to be used within the framework of systematic risk reduction
described in ISO 12100-1 and in conjunction with risk assessment according to the principles
described in ISO 14121 (EN 1050). A suggested methodology for safety integrity level (SIL)
assignment is given in informative Annex A.
Measures are given to co-ordinate the performance of the SRECS with the intended risk
reduction taking into account the probabilities and consequences of random or systematic
faults within the electrical control system.
Figure 1 shows the relationship of this standard to other relevant standards.
Table 1 gives recommendations on the recommended application of this standard and the
revision of ISO 13849-1.
– 8 – 62061 © IEC:2005
Design and risk asseessment of the machine
ISO 12100, Safety of machinery – Basic concept, general principles
for design
ISO 14121, Safety of machinery – Principles for risk assessement
Design of safety-related electrical, electronic and programmable elecronic control systems
(SRECS) for machinery
Methodology using:
Safety-related control functions
System-based approach
-  Quantitative index of safety:
- Index of safety:
Safety integrity level (SIL)
Category/performance level
-  SIL assignment methodology for
- Category assigned by
SRECS of machinery
qualitative risk graphing
- Architecture oriented
-  Architecture oriented
-  Requirements for
avoidance/control of systematic
failures
Design objective for the
SRECS
Relevant standards
Electrical safety aspects of machinery
Design of low complexity
IEC 60204-1, Safety of machinery -
subsystems to categories
Electrical equipment of machinery -
Part 1: General requirements
ISO 13849-1 and 2 Safety of
machinery – Safety related
parts of control systems (SRPCS)
- Part 1: General princples
for design and Part 2:
Design of complex subsystems Validation
to SILs
Non-electrical SRPCS
IEC 61508, Functional safety of
(mechanical,
electrical, electronic and
pneumatic, etc.)
programmable electronic safety -
related systems
Electrical SRPCS
IEC 62061
Safety of machinery -
Functional safety of
safety-related electrical,
electronic and programmable
Key:
electronic control systems
Electrical safety aspects
Functional safety aspects
Figure 1 – Relationship of IEC 62061 to other relevant standards
Information on the recommended application of IEC 62061 and ISO 13849-1
(under revision)
62061 © IEC:2005 – 9 –
IEC 62061 and ISO 13849-1 (under revision) specify requirements for the design and
implementation of safety-related control systems of machinery. The use of either of these
standards, in accordance with their scopes, can be presumed to fulfil the relevant essential
safety requirements. Table 1 summarises the scopes of IEC 62061 and ISO 13849-1(under
revision).
NOTE ISO 13849-1 is currently under preparation by ISO TC 199 and CEN TC 114.
Table 1 – Recommended application of IEC 62061 and ISO 13849-1(under revision)
Technology implementing the safety- ISO IEC 62061
related control function(s) 13849-1 (under revision)
A Non electrical, e.g. hydraulics X Not covered
B Electromechanical, e.g. relays, or non Restricted to designated All architectures and up to SIL 3
complex electronics architectures
(see Note 1) and up to PL=e
C Complex electronics, e.g. programmable Restricted to designated All architectures and up to SIL 3
architectures (see Note 1) and up
to PL=d
D A combined with B Restricted to designated X see Note 3
architectures (see Note 1) and up
to PL=e
E C combined with B Restricted to designated All architectures and up to SIL 3
architectures (see Note 1) and up
to PL=d
F C combined with A, or C combined with X see Note 2 X see Note 3
A and B
“X” indicates that this item is dealt with by the standard shown in the column heading.
NOTE 1 Designated architectures are defined in Annex B of EN ISO 13849-1(rev.) to give a simplified approach for
quantification of performance level.
NOTE 2 For complex electronics: Use of designated architectures according to EN ISO 13849-1(rev.) up to PL=d or
any architecture according to IEC 62061.
NOTE 3 For non-electrical technology use parts according to EN ISO 13849-1(rev.) as subsystems.

– 10 – 62061 © IEC:2005
SAFETY OF MACHINERY –
FUNCTIONAL SAFETY OF SAFETY-RELATED ELECTRICAL,
ELECTRONIC AND PROGRAMMABLE ELECTRONIC
CONTROL SYSTEMS
1 Scope
This International Standard specifies requirements and makes recommendations for the
design, integration and validation of safety-related electrical, electronic and programmable
electronic control systems (SRECS) for machines (see Notes 1 and 2). It is applicable to
control systems used, either singly or in combination, to carry out safety-related control
functions on machines that are not portable by hand while working, including a group of
machines working together in a co-ordinated manner.
NOTE 1 In this standard, the term “electrical control systems” is used to stand for ”Electrical, Electronic and
Programmable Electronic (E/E/PE) control systems” and “SRECS” is used to stand for “safety-related electrical,
electronic and programmable electronic control systems”.
NOTE 2 In this standard, it is presumed that the design of complex programmable electronic subsystems or
subsystem elements conforms to the relevant requirements of IEC 61508. This standard provides a methodology
for the use, rather than development, of such subsystems and subsystem elements as part of a SRECS.
This standard is an application standard and is not intended to limit or inhibit technological
advancement. It does not cover all the requirements (e.g. guarding, non-electrical interlocking
or non-electrical control) that are needed or required by other standards or regulations in
order to safeguard persons from hazards. Each type of machine has unique requirements to
be satisfied to provide adequate safety.
This standard:
– is concerned only with functional safety requirements intended to reduce the risk of injury
or damage to the health of persons in the immediate vicinity of the machine and those
directly involved in the use of the machine;
– is restricted to risks arising directly from the hazards of the machine itself or from a group
of machines working together in a co-ordinated manner;
NOTE 3 Requirements to mitigate risks arising from other hazards are provided in relevant sector standards.
For example, where a machine(s) is part of a process activity, the machine electrical control system functional
safety requirements should, in addition, satisfy other requirements (e.g. IEC 61511) insofar as safety of the
process is concerned.
– does not specify requirements for the performance of non-electrical (e.g. hydraulic,
pneumatic) control elements for machines;
NOTE 4 Although the requirements of this standard are specific to electrical control systems, the framework
and methodology specified can be applicable to safety-related parts of control systems employing other
technologies.
– does not cover electrical hazards arising from the electrical control equipment itself (e.g.
electric shock – see IEC 60204–1).

62061 © IEC:2005 – 11 –
The objectives of specific Clauses in IEC 62061 are as given in Table 2.
Table 2 – Overview and objectives of IEC 62061
Clause Objective
4: To specify the management and technical activities which are necessary for the achievement of
Management the required functional safety of the SRECS.
of functional
safety
5: To set out the procedures to specify the requirements for safety-related control functions. These
Requirements requirements are expressed in terms of functional requirements specification, and safety integrity
for the requirements specification.
specification of
safety-related
control
functions
6: To specify the selection criteria and/or the design and implementation methods of the SRECS to
Design and meet the functional safety requirements. This includes:
integration of
the safety- selection of the system architecture,
related
electrical selection of the safety-related hardware and software,
control system
design of hardware and software,

verification that the designed hardware and software meets the functional safety requirements.
7: To specify requirements for the information for use of the SRECS, which has to be supplied with
Information for the machine. This includes:
use of the
machine provision of the user manual and procedures,

provision of the maintenance manual and procedures.
8: To specify the requirements for the validation process to be applied to the SRECS. This includes
Validation of inspection and testing of the SRECS to ensure that it achieves the requirements stated in the
the safety- safety requirements specification.
related
electrical
control system
9: To specify the requirements for the modification procedure that has to be applied when modifying
Modification of the SRECS. This includes:
the safety-
related modifications to any SRECS are properly planned and verified prior to making the change;
electrical
control system the safety requirements specification of the SRECS is satisfied after any modifications have taken
place.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60204–1, Safety of machinery – Electrical equipment of machines – Part 1: General
requirements
IEC 61000-6-2, Electromagnetic compatibility (EMC) – Part 6-2: Generic standards –
Immunity for industrial environments

– 12 – 62061 © IEC:2005
IEC 61310 (all parts), Safety of machinery – Indication, marking and actuation
IEC 61508-2, Functional safety of electrical/electronic/ programmable electronic safety-related
systems – Part 2: Requirements for electrical/electronic/programmable electronic safety-
related systems
IEC 61508-3, Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 3: Software requirements
ISO 12100-1:2003, Safety of machinery – Basic concepts, general principles for design –
Part 1: Basic terminology, methodology
ISO 12100-2:2003, Safety of machinery – Basic concepts, general principles for design –
Part 2: Technical principles
ISO 13849-1:1999, Safety of machinery – Safety related parts of control systems – Part 1:
General principles for design
ISO 13849-2:2003, Safety of machinery – Safety-related parts of control systems – Part 2:
Validation
ISO 14121, Safety of machinery – Principles of risk assessment
3 Terms, definitions and abbreviations
3.1 Alphabetical list of definitions
Term Definition
number
application software 3.2.46
architectural constraint 3.2.36
architecture 3.2.35
common cause failure 3.2.43
complex component 3.2.8
control function 3.2.14
dangerous failure 3.2.40
demand 3.2.25
diagnostic coverage 3.2.38
electrical control system 3.2.3
embedded software 3.2.47
failure 3.2.39
fault 3.2.30
fault tolerance 3.2.31
full variability language (FVL) 3.2.48
function block 3.2.32
function block element 3.2.33
62061 © IEC:2005 – 13 –
functional safety 3.2.9
hardware safety integrity 3.2.20
hazard (from machinery) 3.2.10
hazardous situation 3.2.11
high demand or continuous mode 3.2.27
limited variability language (LVL) 3.2.49
low complexity component 3.2.7
low demand mode 3.2.26
machine control system 3.2.2
machinery (machine) 3.2.1
mean time to failure (MTTF) 3.2.34
probability of dangerous failure per hour (PFH) 3.2.28
D
proof test 3.2.37
protective measure 3.2.12
random hardware failure 3.2.44
risk 3.2.13
safe failure 3.2.41
safe failure fraction 3.2.42
safety function 3.2.15
safety integrity 3.2.19
safety integrity level (SIL) 3.2.23
safety-related control function (SRCF) 3.2.16
safety-related electrical control system (SRECS) 3.2.4
safety-related software 3.2.50
SIL claim limit 3.2.24
software safety integrity 3.2.21
SRECS diagnostic function 3.2.17
SRECS fault reaction function 3.2.18
subsystem 3.2.5
subsystem element 3.2.6
systematic failure 3.2.45
systematic safety integrity 3.2.22
target failure value 3.2.29
validation 3.2.52
verification 3.2.51
– 14 – 62061 © IEC:2005
3.2 Terms and definitions
For the purposes of this standard, the following terms and definitions apply.
3.2.1
machinery
assembly of linked parts or components, at least one of which moves, with the appropriate
machine actuators, control and power circuits, joined together for a specific application, in
particular for the processing, treatment, moving or packaging of a material.
The terms “machinery” and “machine” also cover an assembly of machines which, in order to
achieve the same end, are arranged and controlled so that they function as an integral whole.
[ISO 12100-1:2003, 3.1]
3.2.2
machine control system
system which responds to an input from, for example, the process, other machine elements,
an operator, external control equipment, and generates an output(s) causing the machine to
behave in the intended manner
3.2.3
electrical control system
all the electrical, electronic and programmable electronic parts of the machine control system
used to provide, for example, operational control, monitoring, interlocking, communications,
protection and safety-related control functions
NOTE Safety-related control functions can be performed by an electrical control system that is either integral to or
independent of those parts of a machine’s control system that perform non-safety-related functions.
3.2.4
Safety-Related Electrical Control System
SRECS
electrical control system of a machine whose failure can result in an immediate increase of
the risk(s)
NOTE A SRECS includes all parts of an electrical control system whose failure may result in a reduction or loss of
functional safety and this can comprise both electrical power circuits and control circuits.
3.2.5
subsystem
entity of the top-level architectural design of the SRECS where a failure of any subsystem will
result in a failure of a safety-related control function
NOTE 1 A complete subsystem can be made up from a number of identifiable and separate subsystem elements,
which when put together implement the function blocks allocated to the subsystem.
NOTE 2 This definition is a limitation of the general definition of IEC 61508-4: `set of elements which interact
according to a design, where an element of a system can be another system, called a subsystem, which may
include hardware, software and human interaction.
NOTE 3 This differs from common language where “subsystem” may mean any sub-divided part of an entity, the
term “subsystem” is used in this standard within a strongly defined hierarchy of terminology: “subsystem” is the first
level subdivision of a system. The parts resulting from further subdivision of a subsystem are called “subsystem
elements”.
3.2.6
subsystem element
part of a subsystem, comprising a single component or any group of components

62061 © IEC:2005 – 15 –
3.2.7
low complexity component
component in which
– the failure modes are well-defined; and
– the behaviour under fault conditions can be completely defined
[IEC 61508-4, 3.4.4 modified]
NOTE 1 Behaviour of the low complexity component under fault conditions may be determined by analytical
and/or test methods.
NOTE 2 A subsystem or subsystem element comprising one or more limit switches, operating, possibly via
interposing electro-mechanical relays, one or more contactors to de-energise an electric motor is an example of a
low complexity component.
3.2.8
complex component
component in which
– the failure modes are not well-defined; or
– the behaviour under fault conditions cannot be completely defined
3.2.9
functional safety
part of the safety of the machine and the machine control system which depends on the
correct functioning of the SRECS, other technology safety-related systems and external risk
reduction facilities
[IEC 61508-4, 3.1.9 modified]
NOTE 1 This standard only considers the functional safety that depends on the correct functioning of the SRECS
in machinery applications.
NOTE 2 ISO/IEC Guide 51 defines safety as freedom from unacceptable risk.
3.2.10
hazard (from machinery)
potential source of physical injury or damage to health
[ISO 12100-1: 2003, 3.6 modified]
NOTE The term hazard can be qualified in order to define its origin or the nature of the expected harm (e.g.
electric shock hazard, crushing hazard, cutting hazard, toxic hazard, fire hazard).
3.2.11
hazardous situation
circumstance in which a person is exposed to a hazard(s)
[ISO 12100-1:2003, 3.9 modified]
3.2.12
protective measure
measure intended to achieve risk reduction
[ISO 12100-1:2003, 3.18 modified]

– 16 – 62061 © IEC:2005
3.2.13
risk
combination of the probability of occurrence of harm and the severity of that harm
ISO 12100-1:2003, 3.11]
3.2.14
control function
function that evaluates input information or signals and produces output information or
activities
3.2.15
safety function
function of a machine whose failure can result in an immediate increase of the risk(s)
[ISO 12100-1:2003, 3.28]
NOTE This definition differs from the definitions in IEC 61508-4 and ISO 13849-1.
3.2.16
Safety-Related Control Function
SRCF
control function implemented by a SRECS with a specified integrity level that is intended to
maintain the safe condition of the machine or prevent an immediate increase of the risk(s)
3.2.17
SRECS diagnostic function
function intended to detect faults in the SRECS and produce a specified output inf
...