oSIST prEN IEC 61508-5:2025

SLOVENSKI STANDARD
01-april-2025
Funkcijska varnost električnih/elektronskih/elektronsko programirljivih varnostnih
sistemov - 5. del: Primeri metod za ugotavljanje ravni celovite varnosti
Functional safety of electrical/electronic/programmable electronic safety-related systems
- Part 5: Examples of methods for the determination of safety integrity levels
Funktionale Sicherheit sicherheitsbezogener
elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 5: Beispiele
zur Ermittlung der Stufe der Sicherheitsintegrität (safety integrety level)
Sécurité fonctionnelle des systèmes électriques / électroniques / électroniques
programmables relatifs à la sécurité - Partie 5: Exemples de méthodes pour la
détermination des niveaux d'intégrité de sécurité
Ta slovenski standard je istoveten z: prEN IEC 61508-5:2025
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

65A/1167/CDV
COMMITTEE DRAFT FOR VOTE (CDV)

PROJECT NUMBER:
IEC 61508-5 ED3
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2025-02-14 2025-05-09
SUPERSEDES DOCUMENTS:
65A/1060A/CD, 65A/1079A/CC
IEC SC 65A : SYSTEM ASPECTS
SECRETARIAT: SECRETARY:
United Kingdom Ms Stephanie Lavy
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 8,TC 9,TC 22,TC 31,TC 44,TC 45,TC 56,TC 61,TC
62,TC 65,SC 65B,SC 65C,SC 65E,TC 66,TC 72, TC
77,TC 80,TC 108,SyC AAL,SyC SM,SC 41
ASPECTS CONCERNED:
Safety
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft
for Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some
Countries” clauses to be included should this proposal proceed. Recipients are reminded that the CDV stage is
the final stage for submitting ISC clauses. (SEE AC/22/2007 OR NEW GUIDANCE DOC).

TITLE:
Functional safety of electrical/electronic/programmable electronic safety-related systems -
Part 5: Examples of methods for the determination of safety integrity levels

PROPOSED STABILITY DATE: 2028
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

IEC CDV 61508-5  IEC 2025 – 2 – 65A/1167/CDV
1 CONTENTS
2 FOREWORD . 5
3 INTRODUCTION . 7
4 1 Scope . 9
5 2 Normative references . 11
6 3 Definitions and abbreviations . 11
7 Annex A (informative) Risk and safety integrity – General concepts . 12
8 A.1 General . 12
9 A.2 Necessary risk reduction . 12
10 A.2.1 Individual risk . 13
11 A.2.2 Societal risk . 13
12 A.2.3 Continuous improvement . 13
13 A.2.4 Risk profile . 14
14 A.3 Role of E/E/PE safety-related systems . 14
15 A.4 Safety integrity . 14
16 A.5 Modes of operation and SIL determination . 15
17 A.5.1 Safety integrity and risk reduction for low demand mode applications . 15
18 A.5.2 Safety integrity for high demand mode applications . 16
19 A.5.3 Safety integrity for continuous mode applications . 18
20 A.5.4 Common cause and dependency failures . 18
21 A.5.5 Safety integrity levels when multiple layers of protection are used . 20
22 A.5.6 General architecture in this standard . 20
23 A.6 Risk and safety integrity . 22
24 A.7 Safety integrity levels and systematic capability . 23
25 A.8 Allocation of safety requirements . 23
26 A.9 Mitigation systems . 24
27 Annex B (informative) Selection of methods for determining safety integrity level
28 requirements . 25
29 B.1 General . 25
30 B.2 The ALARP method . 25
31 B.3 Quantitative method of SIL determination . 25
32 B.4 The risk graph method . 26
33 B.5 Layer of protection analysis (LOPA) . 26
34 B.6 Hazardous event severity matrix . 27
35 Annex C (informative) ALARP and tolerable risk concepts . 28
36 C.1 General . 28
37 C.2 ALARP model . 28
38 C.2.1 Introduction . 28
39 C.2.2 Tolerable risk target . 29
40 Annex D (informative) Determination of safety integrity levels – A quantitative method . 31
41 D.1 General . 31
42 D.2 General method . 31
43 D.3 Example calculation . 32
44 Annex E (informative) Determination of safety integrity levels – Risk graph methods . 34
45 E.1 General . 34
46 E.2 Risk graph synthesis . 34

IEC CDV 61508-5  IEC 2025 – 3 – 65A/1167/CDV
47 E.3 Calibration . 35
48 E.4 Other possible risk parameters . 36
49 E.5 Risk graph implementation – general scheme . 36
50 E.6 Risk graph example . 37
51 Annex F (informative) Semi-quantitative method using layer of protection analysis
52 (LOPA) . 42
53 F.1 General . 42
54 F.1.1 Description . 42
55 F.1.2 Annex reference . 42
56 F.1.3 Method description . 42
57 F.2 Impact event . 42
58 F.3 Severity level . 42
59 F.4 Initiating cause . 42
60 F.5 Initiation likelihood . 43
61 F.6 Protection layers (PLs) . 46
62 F.6.1 General . 46
63 F.6.2 Basic control system . 46
64 F.6.3 Alarms . 46
65 F.7 Additional mitigation . 47
66 F.8 Intermediate event likelihood . 47
67 F.9 Safety integrity levels (SILs) . 47
68 F.10 Tolerable mitigated event likelihood . 48
69 Annex G (informative) Determination of safety integrity levels – A qualitative method –
70 hazardous event severity matrix . 49
71 G.1 General . 49
72 G.2 Hazardous event severity matrix . 49
73 Bibliography . 51
75 Figure 1 – Overall framework of the IEC 61508 series . 10
76 Figure A.1 – Risk reduction – general concepts (low demand mode of operation) . 16
77 Figure A.2 – Risk and safety integrity concept . 16
78 Figure A.3 – Risk diagram for high demand applications . 17
79 Figure A.4 – Risk diagram for continuous mode operation . 18
80 Figure A.5 – Illustration of common cause failures (CCFs) of elements in the EUC
81 control system and elements in the E/E/PE safety-related system . 19
82 Figure A.6 – Common cause between two E/E/PE safety-related systems . 20
83 Figure A.7 – Architecture where the control functions are not safety functions (EUC
84 control system is not a designated E/E/PE safety-related system) . 21
85 Figure A.8 – Architecture where the control functions are safety functions (EUC control
86 system is a designated E/E/PE safety-related system) . 22
87 Figure A.9 – Allocation of safety requirements to the E/E/PE safety-related systems,
88 and other risk reduction measures . 24
89 Figure C.1 – Tolerable risk and ALARP . 29
90 Figure D.1 – Safety integrity allocation – example for safety-related protection system . 33
91 Figure E.1 – Risk Graph: general scheme . 37
92 Figure E.2 – Risk graph – example (illustrates general principles only) . 38
93 Figure G.1 – Hazardous event severity matrix – example (illustrates general principles
94 only) . 50

IEC CDV 61508-5  IEC 2025 – 4 – 65A/1167/CDV
96 Table C.1 – Example of risk classification of accidents .
...