SIST EN 62347:2008

SLOVENSKI STANDARD
SIST EN 62347:2008
01-januar-2008
Napotki za specifikacije sistemske zagotovljivosti (IEC 62347:2006)
Guidance on system dependability specifications
Anleitung zur Spezifikation der Zuverlässigkeit von Systemen
Lignes directrices pour les spécifications de sûreté de fonctionnement des systèmes
Ta slovenski standard je istoveten z: EN 62347:2007
ICS:
03.120.01 Kakovost na splošno Quality in general
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
SIST EN 62347:2008 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 62347:2008

---------------------- Page: 2 ----------------------

SIST EN 62347:2008


EUROPEAN STANDARD
EN 62347

NORME EUROPÉENNE
March 2007
EUROPÄISCHE NORM

ICS 03.120.01


English version


Guidance on system dependability specifications
(IEC 62347:2006)


Lignes directrices  Anleitung zur Spezifikation
pour les spécifications de sûreté der Zuverlässigkeit von Systemen
de fonctionnement des systèmes (IEC 62347:2006)
(CEI 62347:2006)




This European Standard was approved by CENELEC on 2007-03-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels


© 2007 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 62347:2007 E

---------------------- Page: 3 ----------------------

SIST EN 62347:2008
EN 62347:2007 - 2 -
Foreword
The text of document 56/1138/FDIS, future edition 1 of IEC 62347, prepared by IEC TC 56,
Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 62347 on 2007-03-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2007-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2010-03-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 62347:2006 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
IEC 60300-1 NOTE  Harmonized as EN 60300-1:2003 (not modified).
IEC 60300-2 NOTE  Harmonized as EN 60300-2:2004 (not modified).
IEC 61069 NOTE  Harmonized in EN 61069 series (not modified).
IEC 61069-1 NOTE  Harmonized as EN 61069-1:1993 (not modified).
ISO 9000 NOTE  Harmonized as EN ISO 9000:2005 (not modified).
__________

---------------------- Page: 4 ----------------------

SIST EN 62347:2008
- 3 - EN 62347:2007
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

1)
IEC 60050-191 - International Electrotechnical Vocabulary - -
(IEV) -
Chapter 191: Dependability and quality of
service


1)
ISO/IEC 15288 - Systems engineering - System life cycle - -
processes




1)
Undated reference.

---------------------- Page: 5 ----------------------

SIST EN 62347:2008

---------------------- Page: 6 ----------------------

SIST EN 62347:2008
NORME CEI
INTERNATIONALE
IEC



62347
INTERNATIONAL


Première édition
STANDARD

First edition

2006-11


Lignes directrices pour les spécifications de
sûreté de fonctionnement des systèmes

Guidance on system dependability specifications
© IEC 2006 Droits de reproduction réservés ⎯ Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any
utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including
électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from
microfilms, sans l'accord écrit de l'éditeur. the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
CODE PRIX
V
PRICE CODE
Commission Electrotechnique Internationale
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
Pour prix, voir catalogue en vigueur
For price, see current catalogue

---------------------- Page: 7 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 3 –
CONTENTS
FOREWORD.5
INTRODUCTION.9

1 Scope.11
2 Normative references .11
3 Terms and definitions .11
4 Concepts dealing with system dependability.13
4.1 Understanding the system .13
4.2 System life cycle .17
4.3 System operation .21
4.4 System operating profile.21
4.5 Dependability requirements .23
5 Procedure for specifying system dependability .27
5.1 System specification process .27
5.2 System dependability specification process.27
5.3 Determining dependability values .29
5.4 Procedural steps for determining system dependability requirements .31

Annex A (informative) Evaluation of dependability characteristics .39
Annex B (informative) An example on developing a system dependability specification
– A home security system .53

Bibliography.69

Figure 1 – An example of system properties and related characteristics.15
Figure 2 – Overview of system life cycle stages .19
Figure 3 – Relationships of system operating profile and scenario in system operation .23
Figure 4 – Overview of system specification process .29
Figure 5 – Steps for determining system dependability requirements .33
Figure B.1 – System configuration for normal mode of operation.61
Figure B.2 – System configuration for panic mode of operation.63
Figure B.3 – System configuration for security service mode of operation .63

Table A.1 – Examples of influencing factors under each influencing condition.49
Table A.2 – Relationship of system properties with influencing conditions.51

---------------------- Page: 8 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

GUIDANCE ON SYSTEM DEPENDABILITY SPECIFICATIONS


FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62347 has been prepared by IEC technical committee 56:
Dependability.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1138/FDIS 56/1161/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 9 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 7 –
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.

---------------------- Page: 10 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 9 –
INTRODUCTION
A system is a physical and/or virtual entity. It is necessary sometimes to define a system’s
boundary so that it can be distinguished or separated from other systems. A system interacts
with its surroundings or environment to fulfil a specific need or purpose, or to achieve a
defined objective. This is accomplished through the interaction of the system’s elements
representing the necessary functions designed to meet the intended objective. Determining
the functions needed to meet a specific objective represents the process of developing a
system specification. Detailed system design begins only after the functions have been
identified.
Systems may vary in their complexity structurally and functionally. A system can consist of
hardware, software, and human elements, or a combination of any of these elements to
perform the necessary functions. A system consisting of a single function can be a product,
such as a television set or a software program for lighting controls. A system performing
multiple functions can be a home theatre system or an aircraft. Individual systems with
defined boundaries can be joined together to form a complex set of interacting systems such
as a power distribution network or an internet protocol service.
System specification establishes the envelope and boundary for the system. System structure
is often hierarchical linking subsystems and interacting systems. System specification is
applicable to all systems under the generic definition of system irrespective of its hierarchy. It
does not replace or substitute for use a product specification, which provides specific details
of the product requirements.
The dependability of a system infers that the system is perceived to be trustworthy and has
the ability to provide service upon demand as desirable performance attributes. Such
performance attributes can be achieved through the incorporation of dependability into the
functions. Dependability implies the awareness of user confidence acquired through prior
experience of the system with reliable performance results in meeting user expectations.
This International Standard provides the rationale on the importance of dependability in
system specification by functions. It presents a procedure for determining system
dependability requirements. For generic system operation, the process of determining the
functions needed to meet system dependability objective is described. For specific system
operation, the concept of an operating profile is introduced to establish the requirements of
functions in an environment relevant to the specific system operation. This International
Standard is based on the system model and categorization of functions established in the
IEC 61069 series. Relevant technical processes for the definition and analysis of system
requirements are adopted from ISO/IEC 15288. The procedural steps and processes for
determining system dependability requirements are presented with applicable examples.
IEC 60300-1 and IEC 60300-2 are used to guide dependability management. This
International Standard extends the dependability specification process to address functions as
a prerequisite for system design. It complements IEC 60300-3-4 in specification of
dependability requirements for products and equipment. The technical process for
engineering dependability into systems is described in IEC 60300-3-15.

---------------------- Page: 11 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 11 –
GUIDANCE ON SYSTEM DEPENDABILITY SPECIFICATIONS



1 Scope
This International Standard gives guidance on the preparation of system dependability
specifications. It provides a process for system evaluation and presents a procedure for
determining system dependability requirements.
This International Standard is not intended for certification or to perform conformity
assessment for contractual purposes. It is not intended to change any rights or obligations
provided by applicable statutory or regulatory requirements.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60050(191), International Electrotechnical Vocabulary (IEV) – Chapter 191: Dependability
and quality of service
ISO/IEC 15288, Systems engineering – System life cycle processes
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050(191) and the
following apply.
3.1
system
set of interrelated or interacting elements
[ISO 9000:2005, 3.2.1]
NOTE 1 In the context of dependability, a system will have:
• a defined purpose expressed in terms of intended functions;
• stated conditions of operation/use; and
• defined boundaries.
NOTE 2 The structure of a system may be hierarchical.
[IEC 60300-1, 3.6]
NOTE 3 For some systems, such as Information Technology products, data is an important part of the system
elements.
3.2
operating profile
complete set of tasks to achieve a specific system objective
NOTE An operating profile is the sequence of tasks to be performed by the system to achieve its operational
objective. The operating profile represents a specific operating scenario for the system in operation.

---------------------- Page: 12 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 13 –
3.3
function
elementary operation performed by the system which, combined with other elementary
operations (system functions), enables the system to perform a task
[IEC 61069-1, definition 2.2.5]
NOTE For some systems, information and data are important parts of the system elements.
3.4
element
combination of components that form the basic building block to perform a distinct function
NOTE An element may comprise hardware, software, information and/or human components.
3.5
influencing condition
condition set forth by external influencing elements and/or other factors that interact with and
affect system performance
NOTE Influencing conditions may also include regulations and constraints.
4 Concepts dealing with system dependability
4.1 Understanding the system
4.1.1 Purpose and objective
A system is designed for a purpose. A system must have a defined objective to achieve its
purpose. The purpose of a home theatre system is to provide cinema-like entertainment in a
home environment. The objectives may include users’ perception of a clear picture vision and
superb sound quality, reliability and safety in operation, and ease of installation and upgrade.
A system may have a specific objective to perform a dedicated task, such as an aircraft
carrying cargo to reach a delivery target. The objectives of a system may include the com-
pletion of a sequence of tasks, such as delivering different payloads to different destinations.
Defining the system to meet its generic or specific objectives is an important prerequisite of
specifying the system requirements.
A system with multiple functions and complex operating scenario often involves external
interacting systems to achieve its objectives. A system may also evolve with time, resulting
from enhancements of its performance capability, to sustain service demands in operation
and for market competition.
4.1.2 System properties and characteristics
A system has a set of properties specifically assigned, selected or designed into the system
to meet its intended objectives. Specific system properties are used to develop the needed
functions to perform the tasks. These properties represent the special features or attributes
inherent in the system. They may be categorized in major groupings as defined in IEC 61069
series. Under each group is a set of characteristics relevant to and dominant in that group.
The functions are derived from those system properties by means of interacting elements
within the system. The interacting elements are designed to provide specific characteristics
capable of delivering the system functions and to carry out the tasks once these functions can
be realized. System characteristics may be qualitative or quantitative. Figure 1 shows an
example of the system characteristics grouped under various system properties.

---------------------- Page: 13 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 15 –

System properties
Functionality Performance Operability Dependability Supportability Application specifics
••capa bility •• adequ acy •• a ccess ••availability ••serviceability •• saf ety
capacity precision interface reliability upgradeability security
•• •• •• •• •• ••
••cov erage •• r esponse time •• u ser-friendliness ••maintainability ••disposability •• im munity
••conf igurability •• repeat ability •• si mplicity ••maintenance
••program mability •• ro bustness support
IEC  2131/06
••expa ndability

NOTES Functionality: the extent to which the processing, monitoring and control functions are provided.
Performance: the extent to which the provided functions can be executed under defined operational
and environmental conditions.
Operability: the extent to which information can be effectively communicated via the human interfaces
and established protocols.
Dependability: the extent to which the system can be relied upon to perform its intended functions
under defined operational and environmental conditions at a given instant of time or over a given time
interval.
Supportability: the extent to which the system can be supported and maintained for continual
operation.
Application specifics: the extent to which the system can be designed for risk avoidance and risk
containment, such as security operational measures.

Figure 1 – Example of system properties and related characteristics
4.1.3 Influencing conditions
In order to determine which functions have the selected characteristics appropriate to
achieving a specific objective, it is necessary to define the conditions that the system is
capable of withstanding or meeting the demands and duration of the assigned tasks. The
following areas of influence or domains affecting the system should be considered:
• task requirements imposed on the system;
• human interface with the system;
• process involved with system operation;
• environment to which the system is exposed;
• support services available for the system;
• utilities needed to operate the system;
• external interacting systems;
• constraints and regulations.
A system dependability specification cannot be completed in isolation. It requires the input of
detailed information at the system planning stage to determine how the system is intended to
perform for the entire duration of its defined life. This effort is essential to permit identification
and selection of dependability and other relevant characteristics, and justification for design
trade-off and system optimization.

---------------------- Page: 14 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 17 –
4.1.4 Influencing factors
Each influencing condition can be affected by various factors influencing the status of its
condition. For example, the task requirements imposed on the system could be influenced by
factors associated with the nature and duration of the task; the system environment could be
influenced by the temperature and humidity of the system ambience. Influencing factors are
not equal to the extent of their influence. Some factors are more prominent or dominant in the
extent of their influence while others may have less influence or be negligible.
Annex A provides typical examples of influencing factors on system functions to serve as
criteria for evaluation of system dependability characteristics.
4.1.5 Relationships of system properties with influencing conditions
Establishing the relationships of system properties with influencing conditions can help
identify the relevance and criticality of a specific external condition influencing the design of a
function. The identification process will lead to the selection of specific properties and
associated characteristics that are needed for the function. The selected characteristics are
not exclusive to a specific function. The same characteristics may be needed in the design of
other functions. The importance of these characteristics is determined by an iterative process
for evaluation and design trade-off. The results derived from this evaluation can help
determine the system configuration and establish the appropriate system boundaries in
meeting the intended objective. The relevant information and data captured in this evaluation
process will form the basis for specifying the important characteristics in the design of system
functions.
The relationships of system properties with influencing conditions can be used as guidance
for evaluation of system functions. The identification of functions is presented in Annex A to
facilitate determination of relevant dependability characteristics.
4.1.6 Realization of system functions
A system can consist of any combination of hardware, software, and human elements. System
functions can be realized by means of using hardware and/or software in their construction.
Some functions may involve human intervention to achieve their assigned tasks. For new
system development, system functions can be realized through engineering design and
production as described in IEC 60300-3-15 (under consideration). Sometimes it may be more
economical or expedient to modify an existing design or to utilize a commercial-off-the-shelf
(COTS) product to serve as the needed function. Evolving systems often require additional
functions for performance capability enhancement and removal of obsolete functions. In such
a case, the engineering effort would have to deal with legacy issues as described in Annex A.
4.2 System life cycle
A system, irrespective of its size and complexity, follows a life cycle progression from its initial
conception through to its eventual retirement. A system life cycle is generally represented by
a sequence of discrete stages. Each system life cycle stage can be further represented by
sub-stages to facilitate planning, operation and support. A typical system life cycle can consist
of the following identifiable stages as shown in Figure 2.

---------------------- Page: 15 ----------------------

SIST EN 62347:2008
62347 © IEC:2006 – 19 –

System life cycle stages
Concept/ Design/ Realization/ Operation/
Retirement/
Enhancement
Development
Definition Implementation Maintenance
Decommission
IEC  2132/06

Figure 2 – Overview of system life cycle stages
The objective of each life cycle stage is presented as follows:
• Concept/definition: to identify system requirements and develop system specifications.
• Design/development: to conduct preliminary design and develop viable system functions
to meet performance objectives.
• Realization/implementation: to produce, out-source or acquire the system elements in
hardware and software forms for assembly of subsystems suitable for human interactions
as needed in system operation.
• Operation/maintenance: to engage the system for provision of operational service and to
sustain the prescribed level of system performance capability.
• Enhancement: to improve the system performance with additional features.
• Retirement/decommission: to end the existence of the system entity.
The description of system life cycle stages in Figure 2 is viewed from a generic systems
engineering perspective. There
...