oSIST prEN IEC 61508-7:2025

SLOVENSKI STANDARD
01-april-2025
Funkcijska varnost električnih/elektronskih/elektronsko programirljivih varnostnih
sistemov - 7. del: Pregled tehnik in ukrepov
Functional safety of electrical/electronic/programmable electronic safety-related systems
- Part 7: Overview of techniques and measures
Funktionale Sicherheit sicherheitsbezogener
elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 7: Überblick
über Verfahren und Maßnahmen
Sécurité fonctionnelle des systèmes électriques / électroniques / électroniques
programmables relatifs à la sécurité - Partie 7: Présentation de techniques et mesures
Ta slovenski standard je istoveten z: prEN IEC 61508-7:2025
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

65A/1168/CDV
COMMITTEE DRAFT FOR VOTE (CDV)

PROJECT NUMBER:
IEC 61508-7 ED3
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2025-02-14 2025-05-09
SUPERSEDES DOCUMENTS:
65A/1062A/CD, 65A/1081A/CC
IEC SC 65A : SYSTEM ASPECTS
SECRETARIAT: SECRETARY:
United Kingdom Ms Stephanie Lavy
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 8,TC 9,TC 22,TC 31,TC 44,TC 45,TC 56,TC 61,TC
62,TC 65,SC 65B,SC 65C,SC 65E,TC 66,TC 72, TC
77,TC 80,TC 108,SyC AAL,SyC SM,SC 41
ASPECTS CONCERNED:
Safety
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft
for Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some
Countries” clauses to be included should this proposal proceed. Recipients are reminded that the CDV stage is
the final stage for submitting ISC clauses. (SEE AC/22/2007 OR NEW GUIDANCE DOC).

TITLE:
Functional safety of electrical/electronic/programmable electronic safety-related systems -
Part 7: Overview of techniques and measures

PROPOSED STABILITY DATE: 2028
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

IEC CDV 61508-7  IEC 2025 – 2 – 65A/1168/CDV
1 CONTENTS
3 FOREWORD . 8
4 INTRODUCTION . 10
5 1 Scope . 12
6 2 Normative references . 14
7 3 Definitions and abbreviations . 14
8 Annex A (informative) Overview of techniques and measures for E/E/PE safety-related
9 systems: control of random hardware failures (see IEC 61508-2) . 15
10 A.1 Electric . 15
11 A.1.1 Failure detection by on-line monitoring . 15
12 A.1.2 Monitoring of relay contacts . 15
13 A.1.3 Comparator . 15
14 A.1.4 Majority voter . 16
15 A.1.5 Idle current principle (de-energised to trip) . 16
16 A.2 Electronic. 16
17 A.2.1 Tests by redundant hardware . 16
18 A.2.2 Dynamic principles . 16
19 A.2.3 Standard test access port and boundary-scan architecture . 17
20 A.2.4 (Not used) . 17
21 A.2.5 Monitored redundancy . 17
22 A.2.6 Electrical/electronic components with automatic check . 17
23 A.2.7 Analogue signal monitoring . 18
24 A.2.8 De-rating . 18
25 A.3 Processing units . 18
26 A.3.1 Self-test by software: limited number of patterns (one-channel) . 18
27 A.3.2 Self-test by software: walking bit (one-channel) . 18
28 A.3.3 Self-test supported by hardware (one-channel) . 19
29 A.3.4 Coded processing (one-channel) . 19
30 A.3.5 Reciprocal comparison by software . 19
31 A.4 Invariable memory ranges . 19
32 A.4.1 Word-saving multi-bit redundancy (for example ROM monitoring with a
33 modified Hamming code) . 19
34 A.4.2 Modified checksum . 20
35 A.4.3 Signature of one word (8-bit) . 20
36 A.4.4 Signature of a double word (16-bit) . 20
37 A.4.5 Block replication (for example double ROM with hardware or software
38 comparison) . 20
39 A.5 Variable memory ranges . 21
40 A.5.1 RAM test "checkerboard" . 21
41 A.5.2 RAM test "walkpath" . 21
42 A.5.3 RAM test "galpat" or "transparent galpat". 21
43 A.5.4 RAM test "Abraham" . 22
44 A.5.5 One-bit redundancy (for example RAM monitoring with a parity bit) . 22
45 A.5.6 RAM monitoring with a modified Hamming code, or detection of data
46 failures with error-detection-correction codes (EDC) . 22
47 A.5.7 Double RAM with hardware or software comparison and read/write test. 22
48 A.5.8 RAM test "march” . 23

IEC CDV 61508-7  IEC 2025 – 3 – 65A/1168/CDV
49 A.6 I/O-units and interfaces (external communication) . 23
50 A.6.1 Test pattern . 23
51 A.6.2 Code protection . 23
52 A.6.3 Multi-channel parallel output . 24
53 A.6.4 Monitored outputs . 24
54 A.6.5 Input comparison/voting . 24
55 A.7 Data paths (internal communication) . 24
56 A.7.1 One-bit hardware redundancy . 24
57 A.7.2 Multi-bit hardware redundancy . 24
58 A.7.3 Complete hardware redundancy . 25
59 A.7.4 Inspection using test patterns . 25
60 A.7.5 Transmission redundancy . 25
61 A.7.6 Information redundancy . 25
62 A.8 Power supply . 25
63 A.8.1 Overvoltage protection with safety shut-off . 25
64 A.8.2 Voltage control (secondary) . 26
65 A.8.3 Power-down with safety shut-off . 26
66 A.9 Temporal and logical program sequence monitoring . 26
67 A.9.1 Watch-dog with separate time base without time-window . 26
68 A.9.2 Watch-dog with separate time base and time-window . 26
69 A.9.3 Logical monitoring of program sequence. 26
70 A.9.4 Combination of temporal and logical monitoring of program sequences . 27
71 A.9.5 Temporal monitoring with on-line check . 27
72 A.10 Ventilation and heating . 27
73 A.10.1 Temperature sensor . 27
74 A.10.2 Fan control . 27
75 A.10.3 Actuation of the safety shut-off via thermal fuse. 27
76 A.10.4 Staggered message from thermo-sensors and conditional alarm . 27
77 A.10.5 Connection of forced-air cooling and status indication . 28
78 A.11 Communication and mass-storage . 28
79 A.11.1 Separation of electrical energy lines from information lines . 28
80 A.11.2 Spatial separation of multiple lines . 28
81 A.11.3 Design for immunity to electromagnetic interference . 28
82 A.11.4 Antivalent signal transmission. 29
83 A.12 Sensors . 29
84 A.12.1 Reference sensor . 29
85 A.12.2 Positive-activated switch . 29
86 A.13 Final elements (actuators) . 30
87 A.13.1 Monitoring . 30
88 A.13.2 Cross-monitoring of multiple actuators . 30
89 A.14 Measures against the physical environment . 30
90 Annex B (informative) Overview of techniques and measures for E/E/PE safety related
91 systems: avoidance of systematic failures (see IEC 61508-2 and IEC 61508-3) . 31
92 B.1 General measures and techniques . 31
93 B.1.1 Project management . 31
94 B.1.2 Documentation . 32
95 B.1.3 Separation of E/E/PE system safety functions from non-safety functions . 33
96 B.1.4 Diverse hardware . 33
97 B.1.5 Traceability . 33

IEC CDV 61508-7  IEC 2025 – 4 – 65A/1168/CDV
98 B.1.6 Functional Safety Assurance Role Independence . 34
99 B.2 E/E/PE system design requirements specification . 36
100 B.2.1 Structured specification . 36
101 B.2.2 Formal methods .
...