SIST EN 61511-1:2017

SLOVENSKI STANDARD
01-september-2017
1DGRPHãþD
SIST EN 61511-1:2007
Funkcijska varnost - Sistemi z varnostnimi instrumenti za sektor procesne
industrije - 1. del: Zahteve za ogrodja, definicije, zahteve za sistem ter strojno in
programsko opremo (IEC 61511-1:2016 + COR1:2016)
Functional safety - Safety instrumented systems for the process industry sector - Part 1:
Framework, definitions, system, hardware and application programming Requirements
(IEC 61511-1:2016 + COR1:2016)
Funktionale Sicherheit - Sicherheitstechnische Systeme für die Prozessindustrie - Teil 1:
Allgemeines, Begriffe, Anforderungen an Systeme, Hardware und
Anwendungsprogrammierung (IEC 61511-1:2016 + COR1:2016)
Sécurité fonctionnelle - Systèmes instrumentés de sécurité pour le secteur des industries
de transformation - Partie 1: Cadre, définitions, exigences pour le système, le matériel et
la programmation d'application (IEC 61511-1:2016 + COR1:2016)
Ta slovenski standard je istoveten z: EN 61511-1:2017
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 61511-1
NORME EUROPÉENNE
EUROPÄISCHE NORM
April 2017
ICS 13.110; 25.040.01 Supersedes EN 61511-1:2004
English Version
Functional safety - Safety instrumented systems for the process
industry sector - Part 1: Framework, definitions, system,
hardware and application programming Requirements
(IEC 61511-1:2016 + COR1:2016)
Sécurité fonctionnelle - Systèmes instrumentés de sécurité Funktionale Sicherheit - Sicherheitstechnische Systeme für
pour le secteur des industries de transformation - die Prozessindustrie - Teil 1: Allgemeines, Begriffe,
Partie 1: Cadre, définitions, exigences pour le système, le Anforderungen an Systeme, Hardware und
matériel et la programmation d'application Anwendungsprogrammierung
(IEC 61511-1:2016 + COR1:2016) (IEC 61511-1:2016 + COR1:2016)
This European Standard was approved by CENELEC on 2016-03-30. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 61511-1:2017 E
European foreword
The text of document 65A/777/FDIS, future edition 2 of IEC 61511-1, prepared by SC 65A “System
aspects” of IEC/TC 65 “Industrial-process measurement, control and automation" was submitted to the
IEC-CENELEC parallel vote and approved by CENELEC as EN 61511-1:2017.

The following dates are fixed:
(dop) 2017-10-21
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-04-21
standards conflicting with the
document have to be withdrawn
This document supersedes EN 61511-1:2004.

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.
Endorsement notice
The text of the International Standard IEC 61511-1:2016 + COR1:2016 was approved by CENELEC
as a European Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60300-3-2:2004 NOTE Harmonized as EN 60300-3-2:2005 (not modified).
IEC 61025 NOTE Harmonized as EN 61025.
IEC 61131-3:2013 NOTE Harmonized as EN 61131-3:2013 (not modified).
IEC 61131-6:2012 NOTE Harmonized as EN 61131-6:2012 (not modified).
IEC 61508-4:2010 NOTE Harmonized as EN 61508-4:2010 (not modified).
IEC 61508-6:2010 NOTE Harmonized as EN 61508-6:2010 (not modified).
IEC 61511-2 NOTE Harmonized as EN 61511-2.
IEC 61511-3 NOTE Harmonized as EN 61511-3.
IEC 61784-3:2010 NOTE Harmonized as EN 61784-3:2010 (not modified).
IEC 62682:2014 NOTE Harmonized as EN 62682:2015 (not modified).
1)
ISO 9000:2005 NOTE Harmonized as EN ISO 9000:2005 (not modified).
2)
ISO 9001:2008 NOTE Harmonized as EN ISO 9001:2008 (not modified).
3)
ISO 13849-1:2006 NOTE Harmonized as EN ISO 13849-1:2006 (not modified).
ISO 13849-2:2012 NOTE Harmonized as EN ISO 13849-2:2012 (not modified).
ISO 14224:2006 NOTE Harmonized as EN ISO 14224:2006 (not modified).

1)
Superseded by EN ISO 9000:2015 (ISO 9000:2015).
2)
Superseded by EN ISO 9001:2015 (ISO 9001:2015).
3)
Superseded by EN ISO 13849-1:2015 (ISO 13849-1:2015).
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu
Publication Year Title EN/HD Year

IEC 61508-1 2010 Functional safety of EN 61508-1 2010
electrical/electronic/programmable
electronic safety-related systems -
Part 1: General requirements
IEC 61508-2 2010 Functional safety of EN 61508-2 2010
electrical/electronic/programmable
electronic safety-related systems -
Part 2: Requirements for
electrical/electronic/programmable
electronic safety-related systems
IEC 61508-3 2010 Functional safety of EN 61508-3 2010
electrical/electronic/programmable
electronic safety-related systems -
Part 3: Software requirements
IEC 61511-1 ®
Edition 2.0 2016-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Functional safety – Safety instrumented systems for the process industry

sector –
Part 1: Framework, definitions, system, hardware and application programming

requirements
Sécurite fonctionnelle – Systèmes instrumentes de sécurité pour le secteur des

industries de transformation –

Partie 1: Cadre, définitions, exigences pour le système, le matériel et la

programmation d'application
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.110; 25.040.01 ISBN 978-2-8322-3159-3

– 2 – IEC 61511-1:2016  IEC 2016
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 9
2 Normative references. 12
3 Terms, definitions and abbreviations . 13
3.1 Terms . 13
3.2 Terms and definitions . 13
3.3 Abbreviations . 31
4 Conformance to the IEC 61511-1:2016 . 33
5 Management of functional safety . 33
5.1 Objective . 33
5.2 Requirements . 33
5.2.1 General . 33
5.2.2 Organization and resources . 33
5.2.3 Risk evaluation and risk management . 34
5.2.4 Safety planning . 34
5.2.5 Implementing and monitoring . 34
5.2.6 Assessment, auditing and revisions . 35
5.2.7 SIS configuration management . 37
6 Safety life-cycle requirements . 37
6.1 Objectives . 37
6.2 Requirements . 38
6.3 Application program SIS safety life-cycle requirements . 40
7 Verification . 43
7.1 Objective . 43
7.2 Requirements . 43
8 Process H&RA . 45
8.1 Objectives . 45
8.2 Requirements . 45
9 Allocation of safety functions to protection layers . 46
9.1 Objectives . 46
9.2 Requirements of the allocation process . 46
9.3 Requirements on the basic process control system as a protection layer . 49
9.4 Requirements for preventing common cause, common mode and dependent
failures . 50
10 SIS safety requirements specification (SRS) . 50
10.1 Objective . 50
10.2 General requirements . 50
10.3 SIS safety requirements . 50
11 SIS design and engineering . 53
11.1 Objective . 53
11.2 General requirements . 53
11.3 Requirements for system behaviour on detection of a fault . 54
11.4 Hardware fault tolerance . 55
11.5 Requirements for selection of devices . 56

IEC 61511-1:2016  IEC 2016 – 3 –
11.5.1 Objectives . 56
11.5.2 General requirements . 56
11.5.3 Requirements for the selection of devices based on prior use . 56
11.5.4 Requirements for selection of FPL programmable devices (e.g., field
devices) based on prior use . 57
11.5.5 Requirements for selection of LVL programmable devices based on
prior use . 58
11.5.6 Requirements for selection of FVL programmable devices . 59
11.6 Field devices . 59
11.7 Interfaces . 59
11.7.1 General . 59
11.7.2 Operator interface requirements . 59
11.7.3 Maintenance/engineering interface requirements . 60
11.7.4 Communication interface requirements . 60
11.8 Maintenance or testing design requirements . 61
11.9 Quantification of random failure . 61
12 SIS application program development . 63
12.1 Objective . 63
12.2 General requirements . 63
12.3 Application program design . 64
12.4 Application program implementation . 65
12.5 Requirements for application program verification (review and testing) . 66
12.6 Requirements for application program methodology and tools . 67
13 Factory acceptance test (FAT) . 68
13.1 Objective . 68
13.2 Recommendations. 68
14 SIS installation and commissioning . 69
14.1 Objectives . 69
14.2 Requirements . 69
15 SIS safety validation . 70
15.1 Objective . 70
15.2 Requirements . 70
16 SIS operation and maintenance . 73
16.1 Objectives . 73
16.2 Requirements . 73
16.3 Proof testing and inspection . 75
16.3.1 Proof testing . 75
16.3.2 Inspection . 76
16.3.3 Documentation of proof tests and inspection . 76
17 SIS modification . 76
17.1 Objectives . 76
17.2 Requirements . 77
18 SIS decommissioning . 77
18.1 Objectives . 77
18.2 Requirements . 78
19 Information and documentation requirements . 78
19.1 Objectives . 78
19.2 Requirements . 78

– 4 – IEC 61511-1:2016  IEC 2016
Bibliography . 80

Figure 1 – Overall framework of the IEC 61511 series . 8
Figure 2 – Relationship between IEC 61511 and IEC 61508 . 10
Figure 3 – Detailed relationship between IEC 61511 and IEC 61508 . 11
Figure 4 – Relationship between safety instrumented functions and other functions . 12
Figure 5 – Programmable electronic system (PES): structure and terminology . 24
Figure 6 – Example of SIS architectures comprising three SIS subsystems . 27
Figure 7 – SIS safety life-cycle phases and FSA stages . 38
Figure 8 – Application program safety life-cycle and its relationship to the SIS safety
life-cycle . 41
Figure 9 – Typical protection layers and risk reduction means . 49

Table 1 – Abbreviations used in IEC 61511 . 32
Table 2 – SIS safety life-cycle overview (1 of 2). 39
Table 3 – Application program safety life-cycle: overview (1 of 2) . 42
Table 4 – Safety integrity requirements: PFD . 47
avg
Table 5 – Safety integrity requirements: average frequency of dangerous failures of the
SIF . 47
Table 6 – Minimum HFT requirements according to SIL . 55

IEC 61511-1:2016  IEC 2016 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
FUNCTIONAL SAFETY –
SAFETY INSTRUMENTED SYSTEMS
FOR THE PROCESS INDUSTRY SECTOR –

Part 1: Framework, definitions, system,
hardware and application programming requirements

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61511-1 has been prepared by subcommittee 65A: System
aspects, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This second edition cancels and replaces the first edition published in 2003. This edition
constitutes a technical revision. This edition includes the following significant technical
changes with respect to the previous edition:
• references and requirements to software replaced with references and requirements to
application programming;
• functional safety assessment requirements provided with more detail to improve
management of functional safety.
• management of change requirement added;

– 6 – IEC 61511-1:2016  IEC 2016
• security risk assessment requirements added;.
• requirements expanded on the basic process control system as a protection layer;
• requirements for hardware fault tolerance modified and should be reviewed carefully to
understand user/integrator options.
The text of this standard is based on the following documents:
FDIS Report on voting
65A/777/FDIS 65A/784/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts in the IEC 61511 series, published under the general title Functional safety –
safety instrumented systems for the process industry sector, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
The contents of the corrigendum of September 2016 have been included in this copy.

IEC 61511-1:2016  IEC 2016 – 7 –
INTRODUCTION
Safety instrumented systems (SISs) have been used for many years to perform safety
instrumented functions (SIFs) in the process industries. If instrumentation is to be effectively
used for SIFs, it is essential that this instrumentation achieves certain minimum standards
and performance levels.
The IEC 61511 series addresses the application of SISs for the process industries. The
IEC 61511 series also addresses a process Hazard and Risk Assessment (H&RA) to be
carried out to enable the specification for SISs to be derived. Other safety systems'
contributions are only considered with respect to the performance requirements for the SIS.
The SIS includes all devices necessary to carry out each SIF from sensor(s) to final
element(s).
The IEC 61511 series has two concepts which are fundamental to its application: SIS safety
life-cycle and safety integrity levels (SILs).
The IEC 61511 series addresses SISs which are based on the use of
electrical/electronic/programmable electronic technology. Where other technologies are used
for logic solvers, the basic principles of the IEC 61511 series should be applied to ensure the
functional safety requirements are met. The IEC 61511 series also addresses the SIS sensors
and final elements regardless of the technology used. The IEC 61511 series is process
industry specific within the framework of the IEC 61508 series.
The IEC 61511 series sets out an approach for SIS safety life-cycle activities to achieve these
minimum principles. This approach has been adopted in order that a rational and consistent
technical policy is used.
In most situations, safety is best achieved by an inherently safe process design. However in
some instances this is not possible or not practical. If necessary, this may be combined with a
protective system or systems to address any residual identified risk. Protective systems can
rely on different technologies (chemical, mechanical, hydraulic, pneumatic, electrical,
electronic, and programmable electronic). To facilitate this approach, the IEC 61511 series:
• addresses that a H&RA is carried out to identify the overall safety requirements;
• addresses that an allocation of the safety requirements to the SIS is carried out;
• works within a framework which is applicable to all instrumented means of achieving
functional safety;
• details the use of certain activities, such as safety management, which may be applicable
to all methods of achieving functional safety.
The IEC 61511 series on SIS for the process industry:
• addresses all SIS safety life-cycle phases from initial concept, design, implementation,
operation and maintenance through to decommissioning;
• enables existing or new country specific process industry standards to be harmonized with
the IEC 61511 series.
The IEC 61511 series is intended to lead to a high level of consistency (e.g., of underlying
principles, terminology, and information) within the process industries. This should have both
safety and economic benefits. Figure 1 below shows an overall framework of the IEC 61511
series.
In jurisdictions where the governing authorities (e.g., national, federal, state, province, county,
city) have established process safety design, process safety management, or other
regulations, these take precedence over the requirements defined in the IEC 61511 series.

– 8 – IEC 61511-1:2016  IEC 2016

Support
Technical
parts
requirements
PART 1
References
Clause 2
Development of the overall safety
PART 1
requirements (concept, scope definition,
hazard and risk assessment)
Definitions and
abbreviations
Clause 8
Clause 3
PART 1
PART 1
Conformance
Allocation of the safety requirements to
Clause 4
the safety instrumented functions and
development of the safety requirements
PART 1
specification
Management of
Clauses 9 and 10
functional safety
Clause 5
PART 1
PART 1
Safety life-cycle
Design phase for Design phase for
requirements
SIS application
safety
Clause 6
instrumented programming
PART 1
Clause 12
systems
Clause 11
Verification
Clause 7
PART 1
PART 1
Information
Factory acceptance testing,
requirements
installation and commissioning and
Clause 19
safety validation of safety
instrumented systems PART 1
Clauses 13, 14, and 15
Guideline for the
application of part 1
PART 1
PART 2
Operation and maintenance,
Guidance for the
modification and retrofit,
decommissioning or disposal of determination of the
required safety
safety instrumented systems
integrity levels
Clauses 16, 17, and 18
PART 3
IEC
Figure 1 – Overall framework of the IEC 61511 series

IEC 61511-1:2016  IEC 2016 – 9 –
FUNCTIONAL SAFETY –
SAFETY INSTRUMENTED SYSTEMS
FOR THE PROCESS INDUSTRY SECTOR –

Part 1: Framework, definitions, system,
hardware and application programming requirements

1 Scope
This part of IEC 61511 gives requirements for the specification, design, installation, operation
and maintenance of a safety instrumented system (SIS), so that it can be confidently
entrusted to achieve or maintain a safe state of the process. IEC 61511-1 has been
developed as a process sector implementation of IEC 61508:2010.
In particular, IEC 61511-1:
a) specifies the requirements for achieving functional safety but does not specify who is
responsible for implementing the requirements (e.g., designers, suppliers,
owner/operating company, contractor). This responsibility will be assigned to different
parties according to safety planning, project planning and management, and national
regulations;
b) applies when devices that meets the requirements of the IEC 61508 series published in
2010, or IEC 61511-1:2016 [11.5], is integrated into an overall system that is to be used
for a process sector application. It does not apply to manufacturers wishing to claim that
devices are suitable for use in SISs for the process sector (see IEC 61508-2:2010 and
IEC 61508-3:2010);
c) defines the relationship between IEC 61511 and IEC 61508 (see Figures 2 and 3);
d) applies when application programs are developed for systems having limited variability
language or when using fixed programming language devices, but does not apply to
manufacturers, SIS designers, integrators and users that develop embedded software
(system software) or use full variability languages (see IEC 61508-3:2010);
e) applies to a wide variety of industries within the process sector for example, chemicals, oil
and gas, pulp and paper, pharmaceuticals, food and beverage, and non-nuclear power
generation;
NOTE 1 Within the process sector some applications may have additional requirements that have to be
satisfied.
f) outlines the relationship between SIFs and other instrumented functions (see Figure 4);
g) results in the identification of the functional requirements and safety integrity requirements
for the SIF taking into account the risk reduction achieved by other methods;
h) specifies life-cycle requirements for system architecture and hardware configuration,
application programming, and system integration;
i) specifies requirements for application programming for users and integrators of SISs.
j) applies when functional safety is achieved using one or more SIFs for the protection of
personnel, protection of the general public or protection of the environment;
k) may be applied in non-safety applications for example asset protection;
l) defines requirements for implementing SIFs as a part of the overall arrangements for
achieving functional safety;
m) uses a SIS safety life-cycle (see Figure 7) and defines a list of activities which are
necessary to determine the functional requirements and the safety integrity requirements
for the SIS;
– 10 – IEC 61511-1:2016  IEC 2016
n) specifies that a H&RA is to be carried out to define the safety functional requirements and
safety integrity levels (SIL) of each SIF;
NOTE 2 Figure 9 presents an overview of risk reduction means.
o) establishes numerical targets for average probability of failure on demand (in demand
mode) and average frequency of dangerous failures (in demand mode or continuous
mode) for each SIL;
p) specifies minimum requirements for hardware fault tolerance (HFT);
q) specifies measures and techniques required for achieving the specified SIL;
r) defines a maximum level of functional safety performance (SIL 4) which can be achieved
for a SIF implemented according to IEC 61511-1;
s) defines a minimum level of functional safety performance (SIL 1) below which
IEC 61511-1 does not apply;
t) provides a framework for establishing the SIL but does not specify the SIL required for
specific applications (which should be established based on knowledge of the particular
application and on the overall targeted risk reduction);
u) specifies requirements for all parts of the SIS from sensor to final element(s);
v) defines the information that is needed during the SIS safety life-cycle;
w) specifies that the design of the SIS takes into account human factors;
x) does not place any direct requirements on the individual operator or maintenance person:
PROCESS SECTOR
SAFETY
INSTRUMENTED
SYSTEM
STANDARDS
Safety
Manufacturers and
instrumented
suppliers of
systems designers,
devices
integrators and
users
IEC 61508
IEC 61511
IEC
Figure 2 – Relationship between IEC 61511 and IEC 61508
NOTE 3 IEC 61508 is also used by safety instrumented designers, integrators and users where directed in
IEC 61511.
IEC 61511-1:2016  IEC 2016 – 11 –
PROCESS SECTOR
SAFETY
INSTRUMENTED
SYSTEM STANDARDS
PROCESS
PROCESS
SECTOR
SECTOR
SOFTWARE AND
HARDWARE
APPLICATION
PROGRAM
DEVELOPING USING PRIOR USING DEVELOPING DEVELOPING DEVELOPING
NEW USE HARDWARE EMBEDDED APPLICATION APPLICATION
HARDWARE HARDWARE DEVELOPED (SYSTEM) PROGRAM PROGRAM
DEVICES DEVICES AND SOFTWARE USING FULL USING LIMITED
ASSESSED VARIABILITY VARIABILITY
ACCORDING LANGUAGES OR FIXED
TO IEC 61508  PROGRAM
LANGUAGES
FOLLOW FOLLOW FOLLOW FOLLOW FOLLOW FOLLOW
IEC 61508 IEC 61511 IEC 61511 IEC 61508-3 IEC 61508-3 IEC 61511
IEC
Figure 3 – Detailed relationship between IEC 61511 and IEC 61508
NOTE 4 Subclause 7.2.2 in IEC 61511-1:2016 and IEC 61511-2:2016 contain guidance on handling integration of sub-systems that comply with other standards (such as
machinery , burner, etc.).
– 12 – IEC 61511-1:2016  IEC 2016

Start
Is this an
No Yes
Instrumented
function?
No
Safety
Yes No Yes
Safety
instrumented
Function?
function?
Continuous
Demand
Not relevant Mode?
Other
Continuous
Other means of Demand mode
instrumented
Mode SIF
Mode SIF
risk reduction means of risk
reduction
Standard specifies activities which are to be carried out but requirements are not detailed
IEC
Figure 4 – Relationship between safety instrumented functions and other functions
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 61508-1:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 1: General Requirements
IEC 61508-2:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 2: Requirements for electrical/electronic/programmable electronic
safety-related systems
IEC 61508-3:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 3: Software requirements

IEC 61511-1:2016  IEC 2016 – 13 –
3 Terms, definitions and abbreviations
3.1 Terms
Terms are listed alphabetically in 3.2.
3.2 Terms and definitions
For the purposes of this document, the following definitions apply.
In some cases these definitions differ from the definitions of the same terms in IEC 61508-4:2010. In some cases
this is due to the terminology used in the process sector. In other cases these definitions have been aligned with
other relevant definitive references (e.g., IEC 60050 the International Electrotechnical Vocabulary,
ISO/IEC Guide 51:2013). However, unless otherwise stated, there is no difference in the technical meaning
between these definitions and the definitions of the same terms in IEC 61508-4:2010.
3.2.1
architecture
configuration
specific configuration of hardware and software components in a system
Note 1 to entry: In the IEC 61511 series this can mean, for example, arrangement of SIS subsystems, the internal
structure of a SIS subsystem or the internal structure of SIS application programs.
3.2.2
asset protection
function allocated to a system and designed for the purpose of preventing loss or damage to
assets
3.2.3
basic process control system
BPCS
system which responds to input signals from the process, its associated equipment, other
programmable systems and/or operators and generates output signals causing the process
and its associated equipment to operate in the desired manner but which does not perform
any SIF
Note 1 to entry: A BPCS includes all of the devices necessary to ensure that the process operates in the desired
manner.
Note 2 to entry: A BPCS typically may implement various functions such as process control functions,
monitoring, and alarms.
3.2.4
bypass
action or facility to prevent all or parts of the SIS functionality from being executed
Note 1 to entry: Examples of bypassing include:
– the input signal is blocked from the trip logic while still presenting the input parameters and alarm to the
operator;
– the output signal from the trip logic to a final element is held in the normal state preventing final element
operation;
– a physical bypass line is provided around the final element;
– preselected input state (e.g., on/off input) or set is forced by means of an engineering tool (e.g., in the
application program).
Note 2 to entry: Other terms are also used to refer to bypassing, such as override, defeat, disable, force, or
inhibit or muting.
3.2.5
channel
device or group of devices that independently perform(s) a specified function

– 14 – IEC 61511-1:2016  IEC 2016
Note 1 to entry: The devices within a channel could include input/output (I/O) devices, logic solvers, sensors, and
final elements.
Note 2 to entry: A dual channel (i.e., a two-channel) configuration is one with two channels that independently
perform the same function. Channels may be identical or diverse.
Note 3 to entry: The term can be used to describe a complete system or a portion of a system (e.g., sensors or
final elements).
Note 4 to entry: Channel describes SIS hardware architectural features often used to meet hardware fault
tolerance requirements.
3.2.6
common cause
3.2.6.1
common cause failures, pl
concurrent failures of different devices, resulting from a single event, where these failures are
not consequences of each other
Note 1 to entry: All the failures due to a common cause do not necessarily occur exactly at the same time and this
may allow time to detect the occurrence of the common cause before a SIF is actually failed.
Note 2 to entry: Common cause failures can also lead to common mode failures.
Note 3 to entry: The potential for common cause failures reduces the effect of system redundancy or fault
tolerance (e.g., increases the probability of failure of two or more channels in a multiple channel system).
Note 4 to entry: Common cause failures are dependent failures. They may be due to external events (e.g.,
temperature, humidity, overvoltage, fire, and corrosion), systematic fault (e.g., design, assembly or installation
errors, bugs), human error (e.g., misuse), etc.
Note 5 to entry: By extension, a common cause failure (in singular form) is a failure belonging to a set of
concurrent failures (plural form) according to 3.2.6.1 definition.
3.2.6.2
common mode failures, pl
concurrent failures of different devices characterized by the same failure mode (i.e., identical
faults)
Note 1 to entry: Common mode failures may have different causes.
Note 2 to entry: Common mode failures can also be the result of common cause failures (
...