SIST EN 62347:2008

SLOVENSKI STANDARD
SIST EN 62347:2008
01-januar-2008
Napotki za specifikacije sistemske zagotovljivosti (IEC 62347:2006)
Guidance on system dependability specifications
Anleitung zur Spezifikation der Zuverlässigkeit von Systemen

Lignes directrices pour les spécifications de sûreté de fonctionnement des systèmes

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

This European Standard was approved by CENELEC on 2007-03-01. CENELEC members are bound to comply

with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard

Up-to-date lists and bibliographical references concerning such national standards may be obtained on

This European Standard exists in three official versions (English, French, German). A version in any other

language made by translation under the responsibility of a CENELEC member into its own language and notified

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the

Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,

© 2007 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.

The text of document 56/1138/FDIS, future edition 1 of IEC 62347, prepared by IEC TC 56,

Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as

The text of the International Standard IEC 62347:2006 was approved by CENELEC as a European

In the official version, for Bibliography, the following notes have to be added for the standards indicated:

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD

Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any

utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including

électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from

International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland

Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch

FOREWORD...........................................................................................................................5

INTRODUCTION.....................................................................................................................9

1 Scope.............................................................................................................................11

2 Normative references .....................................................................................................11

3 Terms and definitions ......................................................................................................11

4 Concepts dealing with system dependability...................................................................13

4.1 Understanding the system .....................................................................................13

4.2 System life cycle ...................................................................................................17

4.3 System operation ..................................................................................................21

4.4 System operating profile........................................................................................21

4.5 Dependability requirements ...................................................................................23

5 Procedure for specifying system dependability ...............................................................27

5.1 System specification process ................................................................................27

5.2 System dependability specification process...........................................................27

5.3 Determining dependability values ..........................................................................29

5.4 Procedural steps for determining system dependability requirements ....................31

Annex A (informative) Evaluation of dependability characteristics ........................................39

Annex B (informative) An example on developing a system dependability specification

– A home security system ....................................................................................................53

Bibliography..........................................................................................................................69

Figure 1 – An example of system properties and related characteristics................................15

Figure 2 – Overview of system life cycle stages ....................................................................19

Figure 3 – Relationships of system operating profile and scenario in system operation .........23

Figure 4 – Overview of system specification process ............................................................29

Figure 5 – Steps for determining system dependability requirements ....................................33

Figure B.1 – System configuration for normal mode of operation...........................................61

Figure B.2 – System configuration for panic mode of operation.............................................63

Figure B.3 – System configuration for security service mode of operation .............................63

Table A.1 – Examples of influencing factors under each influencing condition.......................49

Table A.2 – Relationship of system properties with influencing conditions.............................51

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

International Standard IEC 62347 has been prepared by IEC technical committee 56:

Full information on the voting for the approval of this standard can be found in the report on

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The committee has decided that the contents of this publication will remain unchanged until

the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in

the data related to the specific publication. At this date, the publication will be

A system is a physical and/or virtual entity. It is necessary sometimes to define a system’s

boundary so that it can be distinguished or separated from other systems. A system interacts

with its surroundings or environment to fulfil a specific need or purpose, or to achieve a

defined objective. This is accomplished through the interaction of the system’s elements

representing the necessary functions designed to meet the intended objective. Determining

the functions needed to meet a specific objective represents the process of developing a

system specification. Detailed system design begins only after the functions have been

Systems may vary in their complexity structurally and functionally. A system can consist of

hardware, software, and human elements, or a combination of any of these elements to

perform the necessary functions. A system consisting of a single function can be a product,

such as a television set or a software program for lighting controls. A system performing

multiple functions can be a home theatre system or an aircraft. Individual systems with

defined boundaries can be joined together to form a complex set of interacting systems such

System specification establishes the envelope and boundary for the system. System structure

is often hierarchical linking subsystems and interacting systems. System specification is

applicable to all systems under the generic definition of system irrespective of its hierarchy. It

does not replace or substitute for use a product specification, which provides specific details

The dependability of a system infers that the system is perceived to be trustworthy and has

the ability to provide service upon demand as desirable performance attributes. Such

performance attributes can be achieved through the incorporation of dependability into the

functions. Dependability implies the awareness of user confidence acquired through prior

experience of the system with reliable performance results in meeting user expectations.

This International Standard provides the rationale on the importance of dependability in

system specification by functions. It presents a procedure for determining system

dependability requirements. For generic system operation, the process of determining the

functions needed to meet system dependability objective is described. For specific system

operation, the concept of an operating profile is introduced to establish the requirements of

functions in an environment relevant to the specific system operation. This International

Standard is based on the system model and categorization of functions established in the

IEC 61069 series. Relevant technical processes for the definition and analysis of system

requirements are adopted from ISO/IEC 15288. The procedural steps and processes for

determining system dependability requirements are presented with applicable examples.

International Standard extends the dependability specification process to address functions as

a prerequisite for system design. It complements IEC 60300-3-4 in specification of

This International Standard gives guidance on the preparation of system dependability

specifications. It provides a process for system evaluation and presents a procedure for

This International Standard is not intended for certification or to perform conformity

assessment for contractual purposes. It is not intended to change any rights or obligations

The following referenced documents are indispensable for the application of this document.

For dated references, only the edition cited applies. For undated references, the latest edition

IEC 60050(191), International Electrotechnical Vocabulary (IEV) – Chapter 191: Dependability

For the purposes of this document, the terms and definitions given in IEC 60050(191) and the

NOTE 3 For some systems, such as Information Technology products, data is an important part of the system

NOTE An operating profile is the sequence of tasks to be performed by the system to achieve its operational

objective. The operating profile represents a specific operating scenario for the system in operation.

elementary operation performed by the system which, combined with other elementary

NOTE For some systems, information and data are important parts of the system elements.

combination of components that form the basic building block to perform a distinct function

NOTE An element may comprise hardware, software, information and/or human components.

condition set forth by external influencing elements and/or other factors that interact with and

A system is designed for a purpose. A system must have a defined objective to achieve its

purpose. The purpose of a home theatre system is to provide cinema-like entertainment in a

home environment. The objectives may include users’ perception of a clear picture vision and

superb sound quality, reliability and safety in operation, and ease of installation and upgrade.

A system may have a specific objective to perform a dedicated task, such as an aircraft

carrying cargo to reach a delivery target. The objectives of a system may include the com-

pletion of a sequence of tasks, such as delivering different payloads to different destinations.

Defining the system to meet its generic or specific objectives is an important prerequisite of

A system with multiple functions and complex operating scenario often involves external

interacting systems to achieve its objectives. A system may also evolve with time, resulting

from enhancements of its performance capability, to sustain service demands in operation

A system has a set of properties specifically assigned, selected or designed into the system

to meet its intended objectives. Specific system properties are used to develop the needed

functions to perform the tasks. These properties represent the special features or attributes

inherent in the system. They may be categorized in major groupings as defined in IEC 61069

series. Under each group is a set of characteristics relevant to and dominant in that group.

The functions are derived from those system properties by means of interacting elements

within the system. The interacting elements are designed to provide specific characteristics

capable of delivering the system functions and to carry out the tasks once these functions can

be realized. System characteristics may be qualitative or quantitative. Figure 1 shows an

Functionality Performance Operability Dependability Supportability Application specifics

••capa bility •• adequ acy •• a ccess ••availability ••serviceability •• saf ety

••cov erage •• r esponse time •• u ser-friendliness ••maintainability ••disposability •• im munity

NOTES Functionality: the extent to which the processing, monitoring and control functions are provided.

Performance: the extent to which the provided functions can be executed under defined operational

Operability: the extent to which information can be effectively communicated via the human interfaces

Dependability: the extent to which the system can be relied upon to perform its intended functions

under defined operational and environmental conditions at a given instant of time or over a given time

Supportability: the extent to which the system can be supported and maintained for continual

Application specifics: the extent to which the system can be designed for risk avoidance and risk

In order to determine which functions have the selected characteristics appropriate to

achieving a specific objective, it is necessary to define the conditions that the system is

capable of withstanding or meeting the demands and duration of the assigned tasks. The

following areas of influence or domains affecting the system should be considered:

A system dependability specification cannot be completed in isolation. It requires the input of

detailed information at the system planning stage to determine how the system is intended to

perform for the entire duration of its defined life. This effort is essential to permit identification

and selection of dependability and other relevant characteristics, and justification for design

Each influencing condition can be affected by various factors influencing the status of its

condition. For example, the task requirements imposed on the system could be influenced by

factors associated with the nature and duration of the task; the system environment could be

influenced by the temperature and humidity of the system ambience. Influencing factors are

not equal to the extent of their influence. Some factors are more prominent or dominant in the

Annex A provides typical examples of influencing factors on system functions to serve as

Establishing the relationships of system properties with influencing conditions can help

identify the relevance and criticality of a specific external condition influencing the design of a

function. The identification process will lead to the selection of specific properties and

associated characteristics that are needed for the function. The selected characteristics are

not exclusive to a specific function. The same characteristics may be needed in the design of

other functions. The importance of these characteristics is determined by an iterative process

for evaluation and design trade-off. The results derived from this evaluation can help

determine the system configuration and establish the appropriate system boundaries in

meeting the intended objective. The relevant information and data captured in this evaluation

process will form the basis for specifying the important characteristics in the design of system

The relationships of system properties with influencing conditions can be used as guidance

for evaluation of system functions. The identification of functions is presented in Annex A to

A system can consist of any combination of hardware, software, and human elements. System

functions can be realized by means of using hardware and/or software in their construction.

Some functions may involve human intervention to achieve their assigned tasks. For new

system development, system functions can be realized through engineering design and

production as described in IEC 60300-3-15 (under consideration). Sometimes it may be more

economical or expedient to modify an existing design or to utilize a commercial-off-the-shelf

(COTS) product to serve as the needed function. Evolving systems often require additional

functions for performance capability enhancement and removal of obsolete functions. In such

a case, the engineering effort would have to deal with legacy issues as described in Annex A.

A system, irrespective of its size and complexity, follows a life cycle progression from its initial

conception through to its eventual retirement. A system life cycle is generally represented by

a sequence of discrete stages. Each system life cycle stage can be further represented by

sub-stages to facilitate planning, operation and support. A typical system life cycle can consist

• Concept/definition: to identify system requirements and develop system specifications.

• Design/development: to conduct preliminary design and develop viable system functions

• Realization/implementation: to produce, out-source or acquire the system elements in

hardware and software forms for assembly of subsystems suitable for human interactions

• Operation/maintenance: to engage the system for provision of operational service and to

The description of system life cycle stages in Figure 2 is viewed from a generic systems