61508-1¶
Not passed: 0
Passed: 61
N/A: 84
ID |
Title |
Status |
Derived |
|---|---|---|---|
EN-61508-1 clause 5.2.1: documentation sufficient for lifecycle phases |
PASS |
||
EN-61508-1 clause 5.2.2: documentation sufficient for management |
PASS |
||
EN-61508-1 clause 5.2.3: documentation sufficient for FSA |
PASS |
||
EN-61508-1 clause 5.2.4: documentation as stated by 61508 |
PASS |
||
EN-61508-1 clause 5.2.5: sufficient documentation availability |
PASS |
||
EN-61508-1 clause 5.2.6: accessible and accurate documentation |
PASS |
||
EN-61508-1 clause 5.2.7: document titles/index |
PASS |
||
EN-61508-1 clause 5.2.8: company procedures/practices |
PASS |
||
EN-61508-1 clause 5.2.9: documentation versioning |
PASS |
||
EN-61508-1 clause 5.2.10: searchable documentation structure |
PASS |
||
EN-61508-1 clause 5.2.11: document control scheme |
PASS |
||
EN-61508-1 clause 6.2.1: appoint responsibilities |
PASS |
||
EN-61508-1 clause 6.2.2: FS policy and strategy |
PASS |
||
EN-61508-1 clause 6.2.3: identify responsible persons |
PASS |
||
EN-61508-1 clause 6.2.4: communication procedures |
PASS |
||
EN-61508-1 clause 6.2.5: recommendation resolution procedures |
PASS |
||
EN-61508-1 clause 6.2.6: hazard-management procedures |
PASS |
||
EN-61508-1 clause 6.2.7: safety audit requirements |
PASS |
||
EN-61508-1 clause 6.2.8: modification procedures |
PASS |
||
EN-61508-1 clause 6.2.9: hazard info maintenance procedures |
PASS |
||
EN-61508-1 clause 6.2.10: procedure development guidelines |
PASS |
||
EN-61508-1 clause 6.2.11: emergency services training |
PASS |
||
EN-61508-1 clause 6.2.12: management and technical activities |
PASS |
||
EN-61508-1 clause 6.2.13: responsible persons competence |
PASS |
||
EN-61508-1 clause 6.2.14: competence appropriateness consideration |
PASS |
||
EN-61508-1 clause 6.2.15: responsible persons competence specification |
PASS |
||
EN-61508-1 clause 6.2.16: implement and monitor activities specified in 6.2.2 - 6.2.15 |
PASS |
||
EN-61508-1 clause 6.2.17: qms |
PASS |
||
EN-61508-1 clause 6.2.18: activities relating to the management of functional safety |
PASS |
||
EN-61508-1 clause 7.1.4.1: use overall safety lifecycle |
N/A |
||
EN-61508-1 clause 7.1.4.2: management shall run in parallell with lifecycle |
PASS |
||
EN-61508-1 clause 7.1.4.3: each phase shall be applied, or justified otherwise |
PASS |
||
EN-61508-1 clause 7.1.4.4: divide phases into activites, inputs, outputs. |
PASS |
||
EN-61508-1 clause 7.1.4.5: scope and inputs per phase as specified in table 1 |
PASS |
||
EN-61508-1 clause 7.1.4.6: outputs per phase as specified in table 1 |
PASS |
||
EN_61508_1 clause 7.1.4.7: lifecycle phase outputs shall meet requirements |
PASS |
||
EN-61508-1 clause 7.1.4.8: verification requirements shall be met |
PASS |
||
EN-61508-1 clause 7.2.2.1: EUC familiarity |
N/A |
||
EN-61508-1 clause 7.2.2.2: determine likely sources of hazards |
N/A |
||
EN-61508-1 clause 7.2.2.3: obtain info about hazards |
N/A |
||
EN-61508-1 clause 7.2.2.4: obtain safety regulations info |
N/A |
||
EN-61508-1 clause 7.2.2.5: consider hazards due to interaction with other EUCs |
N/A |
||
EN-61508-1 clause 7.2.2.6: document info from 7.2.2.1 - 7.2.2.5 |
N/A |
||
EN-61508-1 clause 7.3.2.1: define EUC boundary |
N/A |
||
EN-61508-1 clause 7.3.2.2: specify physical equipment in EUC |
N/A |
||
EN-61508-1 clause 7.3.2.3: specify external events to account for in risk analysis |
N/A |
||
EN-61508-1 clause 7.3.2.4: specify associated equipment and systems |
N/A |
||
EN-61508-1 clause 7.3.2.5: specify initiating event types |
N/A |
||
EN-61508-1 clause 7.3.2.6: document information aquired in 7.3 reqs |
N/A |
||
EN-61508-1 clause 7.4.2.1: create hazard and risk analysis |
N/A |
||
EN-61508-1 clause 7.4.2.2: hazard elimination or reduction considerations |
N/A |
||
EN-61508-1 clause 7.4.2.3: determine hazards for all circumstances |
N/A |
||
EN-61508-1 clause 7.4.2.4: determine event sequences leading to hazard |
N/A |
||
EN-61508-1 clause 7.4.2.5: specify hazard likelihood |
N/A |
||
EN-61508-1 clause 7.4.2.6: specify hazard event consequences |
N/A |
||
EN-61508-1 clause 7.4.2.7: estimate risk for all hazardous events |
N/A |
||
EN-61508-1 clause 7.4.2.8: 7.4 reqs be met by techniques |
N/A |
||
EN-61508-1 clause 7.4.2.9: techniques appropriateness factors |
N/A |
||
EN-61508-1 clause 7.4.2.10: hazard and risk analysis considerations |
N/A |
||
EN-61508-1 clause 7.4.2.11: document information in hazard and risk analysis |
N/A |
||
EN-61508-1 clause 7.4.2.12: maintain risk analysis info throughout safety lifecycle |
N/A |
||
EN-61508-1 clause 7.5.2.1: develop necessary safety functions based on risk analysis |
N/A |
||
EN-61508-1 clause 7.5.2.2: specify security requirements in vulnerability analysis |
N/A |
||
EN-61508-1 clause 7.5.2.3: determine SIL req for each safety function |
N/A |
||
EN-61508-1 clause 7.5.2.4: specify overall SIL reqs in terms of risk reduction/tolerable hazard rate |
N/A |
||
EN-61508-1 clause 7.5.2.5: EUC control system dangerous failure rate |
N/A |
||
EN-61508-1 clause 7.5.2.6: non-safety EUC control system failure rates |
N/A |
||
EN-61508-1 clause 7.5.2.7: safety EUC control system failure rates |
N/A |
||
EN-61508-1 clause 7.6.2.1: specification of safety-related systems |
N/A |
||
EN-61508-1 clause 7.6.2.2: overall safety functions for E/E/PE safety-related systems |
N/A |
||
EN-61508-1 clause 7.6.2.3: safety function allocation |
N/A |
||
EN-61508-1 clause 7.6.2.4: allocation shall subject to the requirements in 7.6.2.10 |
N/A |
||
EN-61508-1 clause 7.6.2.5: specification of safety integrity requirements |
N/A |
||
EN-61508-1 clause 7.6.2.6: appropiate techniques for allocation |
N/A |
||
EN-61508-1 clause 7.6.2.7: handling possiblity of common cause failures |
N/A |
||
EN-61508-1 clause 7.6.2.8: actions to take if requirements in 7.6.2.7 are not met |
N/A |
||
EN-61508-1 clause 7.6.2.9: specification once allocation has been sufficently progressed |
N/A |
||
EN-61508-1 clause 7.6.2.10: handling safety-related hardware with insufficient independance of implementaton |
N/A |
||
EN-61508-1 clause 7.6.2.11: SIL 4 safety function allocation process result |
N/A |
||
EN-61508-1 clause 7.6.2.12: allocating safety functions |
N/A |
||
EN-61508-1 clause 7.6.2.13: documentation of information and results from 7.6.2.1 to 7.6.2.12 |
N/A |
||
EN-61508-1 clause 7.7.2.1: specification of a plan |
N/A |
||
EN-61508-1 clause 7.7.2.2: hardware fault tolerance |
N/A |
||
EN-61508-1 clause 7.7.2.3: routine maintenance activities |
N/A |
||
EN-61508-1 clause 7.7.2.4: plan agreement for maintaning E/E/PE safety-related systems |
N/A |
||
EN-61508-1 clause 7.8.2.1: development of a plan |
N/A |
||
EN-61508-1 clause 7.8.2.2: 7.8.2.1 documentation |
N/A |
||
EN-61508-1 clause 7.9.2.1: plan for installation of E/E/PE safety-related systems |
N/A |
||
EN-61508-1 clause 7.9.2.2: plan for commissioning of E/E/PE safety-related systems |
N/A |
||
EN-61508-1 clause 7.9.2.3: documentation of installation and commissioning |
N/A |
||
EN-61508-1 clause 7.10.2.1: SSRS from safety requirements allocation |
PASS |
||
EN-61508-1 clause 7.10.2.2: requirements for safety functions |
PASS |
||
EN-61508-1 clause 7.10.2.3: SSRS shall be available to the developers |
PASS |
||
EN-61508-1 clause 7.10.2.4: E/E/PE system safety requirement specification structure |
PASS |
||
EN-61508-1 clause 7.10.2.5: specification shall contain requirement functions and integrity from 7.10.2.6 and 7.10.2.7 |
PASS |
||
EN-61508-1 clause 7.10.2.6: system safety functions requirement specification content |
PASS |
||
EN-61508-1 clause 7.10.2.7: system safety integrity requirement specification content |
PASS |
||
EN-61508-1 clause 7.13.2.1: installation activities |
N/A |
||
EN-61508-1 clause 7.13.2.2: information documentation during installation |
N/A |
||
EN-61508-1 clause 7.13.2.3: comissioning activities |
N/A |
||
EN-61508-1 clause 7.13.2.4: information docucumentation requirements |
N/A |
||
EN-61508-1 clause 7.14.2.1: validation activities |
N/A |
||
EN-61508-1 clause 7.14.2.2: equipment for validation activities |
N/A |
||
EN-61508-1 clause 7.14.2.3: informational documentation during validation |
N/A |
||
EN-61508-1 clause 7.14.2.4: handling and documenting discrepencies for validation |
N/A |
||
EN-61508-1 clause 7.15.2.1: implementations |
N/A |
||
EN-61508-1 clause 7.15.2.2: implementation of items in 7.15.2.1 |
N/A |
||
EN-61508-1 clause 7.15.2.3: chronological documentation |
N/A |
||
EN-61508-1 clause 7.15.2.4: requirements for chronological documentation |
N/A |
||
EN-61508-1 clause 7.16.2.1: planning procedures |
N/A |
||
EN-61508-1 clause 7_16_2_2: initialization of modification and retrofit phase |
N/A |
||
EN-61508-1 clause 7.16.2.3: impact analysis |
N/A |
||
EN-61508-1 clause 7.16.2.4: documentation of 7.16.2.3 |
N/A |
||
EN-61508-1 clause 7.16.2.5: authorization dependencies |
N/A |
||
EN-61508-1 clause 7.16.2.6: handling modifications |
N/A |
||
EN-61508-1 clause 7.16.2.7: establishing and maintaining chronological documentation |
N/A |
||
EN-61508-1 clause 7.17.2.1: impact analysis prior to decommissioning/disposal activity |
N/A |
||
EN-61508-1 clause 7.17.2.2: documentation of 7.17.2.1 |
N/A |
||
EN-61508-1 clause 7.17.2.3: initiation of decommissioning/disposal phase |
N/A |
||
EN-61508-1 clause 7.17.2.4: decommissioning/disposal dependencies |
N/A |
||
EN-61508-1 clause 7.17.2.5: plan prior to decommissioning/disposal |
N/A |
||
EN_61508_1 clause 7.17.2.6: decommissioning/disposal impact on E/E/PE safety-related system |
N/A |
||
EN_61508_1 clause 7.17.2.7: maintaning and establishing chronological documentation |
N/A |
||
EN-61508-1 clause 7.18.2.1: a plan for the verification of each phase |
N/A |
||
EN_61508_1 clause 7.18.2.2: maintaning and establishing chronological documentation |
N/A |
||
EN-61508-1 clause 7.18.2.3: verification plan |
N/A |
||
EN-61508-1 clause 7.18.2.4: collecting information and documenting evidence of verification activities |
N/A |
||
EN-61508-1 clause 8.2.1: appointing people for FSA |
PASS |
||
EN-61508-1 clause 8.2.2: FSA accessing peoples involvement |
PASS |
||
EN-61508-1 clause 8.2.3: FSA application |
PASS |
||
EN-61508-1 clause 8.2.4: FSA considerations |
PASS |
||
EN-61508-1 clause 8.2.5: inclusion of relevent claims in FSA |
PASS |
||
EN-61508-1 clause 8.2.6: FSA may be carried out after each lifecycle phase |
PASS |
||
EN-61508-1 clause 8.2.7: FSA inclusion of evidence assessment |
PASS |
||
EN-61508-1 clause 8.2.8: FSA considerations |
PASS |
||
EN-61508-1 clause 8.2.9: FSA plan specification |
PASS |
||
EN-61508-1 clause 8.2.10: FSA plan approvement |
PASS |
||
EN-61508-1 clause 8.2.11: FSA documentation in accordance with the assessments plans |
PASS |
||
EN-61508-1 clause 8.2.12: relevant outputs of FSA shall be made available |
PASS |
||
EN-61508-1 clause 8.2.13: output of FSA inclusions |
PASS |
||
EN-61508-1 clause 8.2.14: FSA people shall be competent to requirements of 6.2.13 to 6.2.15 |
PASS |
||
EN-61508-1 clause 8.2.15: minimum level of independence for FSA shall be specified according to table 4 and 5 |
PASS |
||
EN-61508-1 clause 8.2.16: determining the level of independence in the cells of tables 4 and 5 |
PASS |
||
EN-61508-1 clause 8.2.17: consequence values for table 4 |
PASS |
||
EN-61508-1 clause 8.2.18: determining minimum levels of independence for table 5 |
PASS |
Requirement: EN-61508-1 clause 5.2.1: documentation sufficient for lifecycle phases EN_61508_1_5_2_1
|
The documentation shall contain sufficient information, for each phase of the overall, E/E/PE system and software safety lifecycles completed, necessary for effective performance of subsequent phases and verification activities. |
The documentation shall contain sufficient information required for the management of functional safety (Clause 6). |
The documentation shall contain sufficient information required for the implementation of a functional safety assessment, together with the information and results derived from any functional safety assessment. |
The information to be documented shall be as stated in the various clauses of this standard unless justified or shall be as specified in the product or application sector international standard relevant to the application. |
The availability of documentation shall be sufficient for the duties to be performed in respect of the clauses of this standard. |
The documentation shall:
|
The documentation or set of information shall have titles or names indicating the scope of the contents, and some form of index arrangement so as to allow ready access to the information required in this standard. |
The documentation structure may take account of company procedures and the working practices of specific product or application sectors. |
The documents or set of information shall have a revision index (version numbers) to make it possible to identify different versions of the document. |
The documents or set of information shall be so structured as to make it possible to search for relevant information. It shall be possible to identify the latest revision (version) of a document or set of information. |
All relevant documents shall be revised, amended, reviewed and approved under an appropriate document control scheme. |
An organisation with responsibility for an E/E/PE safety-related system, or for one or more phases of the overall, E/E/PE system or software safety lifecycle, shall appoint one or more persons to take overall responsibility for:
|
The policy and strategy for achieving functional safety shall be specified, together with the means for evaluating their achievement, and the means by which they are communicated within the organization. |
All persons, departments and organizations responsible for carrying out activities in the applicable overall, E/E/PE system or software safety lifecycle phases (including persons responsible for verification and functional safety assessment and, where relevant, licensing authorities or safety regulatory bodies) shall be identified, and their responsibilities shall be fully and clearly communicated to them. |
Procedures shall be developed for defining what information is to be communicated, between relevant parties, and how that communication will take place. |
Procedures shall be developed for ensuring prompt follow-up and satisfactory resolution of recommendations relating to E/E/PE safety-related systems, including those arising from: a) hazard and risk analysis (see 7.4); b) functional safety assessment (see Clause 8); c) verification activities (see 7.18); d) validation activities (see 7.8 and 7.14); e) configuration management (see 6.2.10, 7.16, IEC 61508-2 and IEC 61508-3); f) incident reporting and analysis (see 6.2.6). |
Procedures shall be developed for ensuring that all detected hazardous events are analysed, and that recommendations are made to minimise the probability of a repeat occurrence. |
Requirements for periodic functional safety audits shall be specified, including: a) the frequency of the functional safety audits; b) the level of independence of those carrying out the audits; c) the necessary documentation and follow-up activities. |
Procedures shall be developed for: a) initiating modifications to the E/E/PE safety-related systems (see 7.16.2.2); b) obtaining approval and authority for modifications. |
Procedures shall be developed for maintaining accurate information on hazards and hazardous events, safety functions and E/E/PE safety-related systems. |
Procedures shall be developed for configuration management of the E/E/PE safety- related systems during the overall, E/E/PE system and software safety lifecycle phases, including in particular: a) the point, in respect of specific phases, at which formal configuration control is to be implemented; b) the procedures to be used for uniquely identifying all constituent parts of an item (hardware and software); c) the procedures for preventing unauthorized items from entering service. |
Training and information for the emergency services shall be provided where appropriate. |
Those individuals who have responsibility for one or more phases of the overall, E/E/PE system or software safety lifecycles shall, in respect of those phases for which they have responsibility and in accordance with the procedures defined in 6.2.1 to 6.2.11, specify all management and technical activities that are necessary to ensure the achievement, demonstration and maintenance of functional safety of the E/E/PE safety-related systems, including: a) the selected measures and techniques used to meet the requirements of a specified clause or subclause (see IEC 61508-2, IEC 61508-3 and IEC 61508-6); b) the functional safety assessment activities, and the way in which the achievement of functional safety will be demonstrated to those carrying out the functional safety assessment (see Clause 8); c) the procedures for analysing operations and maintenance performance, in particular for
|
Procedures shall be developed to ensure that all persons with responsibilities defined in accordance with 6.2.1 and 6.2.3 (i.e. including all persons involved in any overall, E/E/PE system or software lifecycle activity, including activities for verification, management of functional safety and functional safety assessment), shall have the appropriate competence (i.e. training, technical knowledge, experience and qualifications) relevant to the specific duties that they have to perform. Such procedures shall include requirements for the refreshing, updating and continued assessment of competence. |
The appropriateness of competence shall be considered in relation to the particular application, taking into account all relevant factors including: a) the responsibilities of the person; b) the level of supervision required; c) the potential consequences in the event of failure of the E/E/PE safety-related systems - the greater the consequences, the more rigorous shall be the specification of competence; d) the safety integrity levels of the E/E/PE safety-related systems - the higher the safety integrity levels, the more rigorous shall be the specification of competence; e) the novelty of the design, design procedures or application - the newer or more untried these are, the more rigorous shall be the specification of competence; f) previous experience and its relevance to the specific duties to be performed and the technology being employed - the greater the required competence, the closer the fit shall be between the competences developed from previous experience and those required for the specific activities to be undertaken; g) the type of competence appropriate to the circumstances (for example qualifications, experience, relevant training and subsequent practice, and leadership and decision-making abilities); h) engineering knowledge appropriate to the application area and to the technology; i) safety engineering knowledge appropriate to the technology; j) knowledge of the legal and safety regulatory framework; k) relevance of qualifications to specific activities to be performed. |
Requirement: EN-61508-1 clause 6.2.15: responsible persons competence specification EN_61508_1_6_2_15
|
The competence of all persons with responsibilities defined in accordance with 6.2.1 and 6.2.3 shall be documented. |
Requirement: EN-61508-1 clause 6.2.16: implement and monitor activities specified in 6.2.2 - 6.2.15 EN_61508_1_6_2_16
|
The activities specified as a result of 6.2.2 to 6.2.15 shall be implemented and monitored. |
Suppliers providing products or services to an organization having overall responsibility for one or more phases of the overall, E/E/PE system or software safety lifecycles (see 6.2.1), shall deliver products or services as specified by that organization and shall have an appropriate quality management system. |
Requirement: EN-61508-1 clause 6.2.18: activities relating to the management of functional safety EN_61508_1_6_2_18
|
Activities relating to the management of functional safety shall be applied at the relevant phases of the overall, E/E/PE system and software safety lifecycles (see 7.1.1.5). |
The overall safety lifecycle that shall be used as the basis for claiming conformance to this standard is that specified in Figure 2. If another overall safety lifecycle is used, it shall be specified as part of the management of functional safety activities (see Clause 6) and all the objectives and requirements in each clause or subclause in this standard shall be met. |
Requirement: EN-61508-1 clause 7.1.4.2: management shall run in parallell with lifecycle EN_61508_1_7_1_4_2
|
The requirements for the management of functional safety (see Clause 6) shall run in parallel with the overall safety lifecycle phases. |
Requirement: EN-61508-1 clause 7.1.4.3: each phase shall be applied, or justified otherwise EN_61508_1_7_1_4_3
|
Unless justified, each phase of the overall safety lifecycle shall be applied and the requirements met. |
Requirement: EN-61508-1 clause 7.1.4.4: divide phases into activites, inputs, outputs. EN_61508_1_7_1_4_4
|
Each phase of the overall safety lifecycle shall be divided into elementary activities with the scope, inputs and outputs specified for each phase. |
Requirement: EN-61508-1 clause 7.1.4.5: scope and inputs per phase as specified in table 1 EN_61508_1_7_1_4_5
|
The scope and inputs for each overall safety lifecycle phase shall be as specified in Table 1 unless justified as part of the management of functional safety activities (see Clause 6) or specified in the product or application sector international standard. |
Requirement: EN-61508-1 clause 7.1.4.6: outputs per phase as specified in table 1 EN_61508_1_7_1_4_6
|
The outputs from each phase of the overall safety lifecycle shall be those specified in Table 1 unless justified as part of the management of functional safety activities (see Clause 6) or specified in the product or application sector international standard. |
Requirement: EN_61508_1 clause 7.1.4.7: lifecycle phase outputs shall meet requirements EN_61508_1_7_1_4_7
|
The outputs from each phase of the overall safety lifecycle shall meet the objectives and requirements specified for each phase (see 7.2 to 7.17). |
The verification requirements that shall be met for each overall safety lifecycle phase are specified in 7.18. |
A thorough familiarity shall be acquired of the EUC, its required control functions and its physical environment. |
The likely sources of hazards, hazardous situations and harmful events shall be determined. |
Information about the determined hazards shall be obtained (for example, duration, intensity, toxicity, exposure limit, mechanical force, explosive conditions, reactivity, flammability etc.). |
Information about the current safety regulations (national and international) shall be obtained. |
Requirement: EN-61508-1 clause 7.2.2.5: consider hazards due to interaction with other EUCs EN_61508_1_7_2_2_5
|
Hazards, hazardous situations and harmful events due to interaction with other equipment or systems (installed or to be installed) of the EUC shall be considered together with other EUCs (installed or to be installed). |
The information and results acquired in 7.2.2.1 to 7.2.2.5 shall be documented. |
The boundary of the EUC and the EUC control system shall be defined so as to include all equipment and systems (including humans where appropriate) that are associated with relevant hazards and hazardous events. |
The physical equipment, including the EUC and the EUC control system, to be included in the scope of the hazard and risk analysis shall be specified. |
Requirement: EN-61508-1 clause 7.3.2.3: specify external events to account for in risk analysis EN_61508_1_7_3_2_3
|
The external events to be taken into account in the hazard and risk analysis shall be specified. |
The equipment and systems that are associated with the hazards and hazardous events shall be specified. |
The type of initiating events that need to be considered (for example component failures, procedural faults, human error, dependent failure mechanisms that can cause hazardous events) shall be specified. |
The information and results acquired in 7.3.2.1 to 7.3.2.5 shall be documented. |
A hazard and risk analysis shall be undertaken which shall take into account information from the overall scope definition phase (see 7.3). If decisions are taken at later stages in the overall, E/E/PE system or software safety lifecycle phases that may change the basis on which the earlier decisions were taken, then a further hazard and risk analysis shall be undertaken. |
Requirement: EN-61508-1 clause 7.4.2.2: hazard elimination or reduction considerations EN_61508_1_7_4_2_2
|
Consideration shall be given to the elimination or reduction of the hazards. |
The hazards, hazardous events and hazardous situations of the EUC and the EUC control system shall be determined under all reasonably foreseeable circumstances (including fault conditions, reasonably foreseeable misuse and malevolent or unauthorised action). This shall include all relevant human factor issues, and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorised action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out. |
Requirement: EN-61508-1 clause 7.4.2.4: determine event sequences leading to hazard EN_61508_1_7_4_2_4
|
The event sequences leading to the hazardous events determined in 7.4.2.3 shall be determined. |
The likelihood of the hazardous events for the conditions specified in 7.4.2.3 shall be evaluated. |
The consequences associated with the hazardous events determined in 7.4.2.3 shall be determined. |
The EUC risk shall be evaluated, or estimated, for each determined hazardous event. |
The requirements of 7.4.2.1 to 7.4.2.7 can be met by the application of either qualitative or quantitative hazard and risk analysis techniques (see IEC 61508-5). |
The appropriateness of the techniques, and the extent to which the techniques will need to be applied, will depend on a number of factors, including:
|
Requirement: EN-61508-1 clause 7.4.2.10: hazard and risk analysis considerations EN_61508_1_7_4_2_10
|
The hazard and risk analysis shall consider the following:
|
Requirement: EN-61508-1 clause 7.4.2.11: document information in hazard and risk analysis EN_61508_1_7_4_2_11
|
The information and results that constitute the hazard and risk analysis shall be documented. |
Requirement: EN-61508-1 clause 7.4.2.12: maintain risk analysis info throughout safety lifecycle EN_61508_1_7_4_2_12
|
The information and results that constitute the hazard and risk analysis shall be maintained for the EUC and the EUC control system throughout the overall safety lifecycle, from the hazard and risk analysis phase to the decommissioning or disposal phase. |
Requirement: EN-61508-1 clause 7.5.2.1: develop necessary safety functions based on risk analysis EN_61508_1_7_5_2_1
|
A set of all necessary overall safety functions shall be developed based on the hazardous events derived from the hazard and risk analysis. This shall constitute the specification for the overall safety functions requirements. |
Requirement: EN-61508-1 clause 7.5.2.2: specify security requirements in vulnerability analysis EN_61508_1_7_5_2_2
|
If security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements. |
Requirement: EN-61508-1 clause 7.5.2.3: determine SIL req for each safety function EN_61508_1_7_5_2_3
|
For each overall safety function, a target safety integrity requirement shall be determined that will result in the tolerable risk being met. Each requirement may be determined in a quantitative and/or qualitative manner. This shall constitute the specification for the overall safety integrity requirements. |
Requirement: EN-61508-1 clause 7.5.2.4: specify overall SIL reqs in terms of risk reduction/tolerable hazard rate EN_61508_1_7_5_2_4
|
The overall safety integrity requirements shall be specified in terms of either
|
Requirement: EN-61508-1 clause 7.5.2.5: EUC control system dangerous failure rate EN_61508_1_7_5_2_5
|
If, in assessing the EUC risk, the average frequency of dangerous failures of a single EUC control system function is claimed as being lower than 10E-5 dangerous failures per hour then the EUC control system shall be considered to be a safety-related control system subject to the requirements of this standard. |
Requirement: EN-61508-1 clause 7.5.2.6: non-safety EUC control system failure rates EN_61508_1_7_5_2_6
|
Where failures of the EUC control system place a demand on one or more E/E/PE safety-related systems and/or other risk reduction measures, and where the intention is not to designate the EUC control system as a safety-related system, the following requirements shall apply: a) the rate of dangerous failure claimed for the EUC control system shall be supported by data acquired through one of the following:
b) the rate of dangerous failure that can be claimed for the EUC control system shall be no lower than 10E-5 dangerous failures per hour; c) all reasonably foreseeable dangerous failure modes of the EUC control system shall be taken into account in developing the specification for the overall safety requirements; d) the EUC control system shall be independent from the E/E/PE safety-related systems and other risk reduction measures. |
If the requirements of 7.5.2.6 a) to d) inclusive cannot be met, then the EUC control system shall be designated as a safety-related system. The safety integrity level of functions of the EUC control system shall be determined by the rate of dangerous failure that is claimed for the EUC control system in accordance with Table 3 (see Note 3 of 7.6.2.9). In such cases, the requirements in this standard, relevant to the allocated safety integrity level, shall apply to the EUC control system. |
The designated safety-related systems that are to be used to achieve the required functional safety shall be specified. The tolerable risk may be met by
|
Requirement: EN-61508-1 clause 7.6.2.2: overall safety functions for E/E/PE safety-related systems EN_61508_1_7_6_2_2
|
In allocating overall safety functions to the designated E/E/PE safety-related systems and other risk reduction measures, the skills and resources available during all phases of the overall safety lifecycle shall be considered. |
Each overall safety function, with its associated overall safety integrity requirement developed according to 7.5, shall be allocated to one or more of the designated E/E/PE safety- related systems and/or other risk reduction measures, so that the tolerable risk for the safety function is achieved. This allocation is iterative, and if it is found that the tolerable risk cannot be achieved, then the specifications for the EUC control system, the designated E/E/PE safety- related systems and the other risk reduction measures shall be modified and the allocation repeated. |
Requirement: EN-61508-1 clause 7.6.2.4: allocation shall subject to the requirements in 7.6.2.10 EN_61508_1_7_6_2_4
|
The allocation indicated in 7.6.2.3 shall be done in such a way that all overall safety functions are allocated and target failure measures are defined for each safety function (subject to the requirements specified in 7.6.2.10). |
Requirement: EN-61508-1 clause 7.6.2.5: specification of safety integrity requirements EN_61508_1_7_6_2_5
|
The safety integrity requirements for each safety function shall be specified in terms of either
|
The allocation of the safety integrity requirements shall be carried out using appropriate techniques for the combination of probabilities. |
Requirement: EN-61508-1 clause 7.6.2.7: handling possiblity of common cause failures EN_61508_1_7_6_2_7
|
The allocation shall proceed taking into account the possibility of common cause failures. If the EUC control system, E/E/PE safety-related systems and other risk reduction measures are to be treated as independent for the allocation, they shall:
Within common cause analysis, limiting and constraint conditions for the realisation of E/E/PE safety-related systems such as the aspect of necessary separation of different channels of an E/E/PE system, subsystem or element, for example by space, shall be checked - this may not allow for example for two channels/microprocessors on one board or for on-chip redundancy (see IEC 61508-2, Annex E). |
Requirement: EN-61508-1 clause 7.6.2.8: actions to take if requirements in 7.6.2.7 are not met EN_61508_1_7_6_2_8
|
If not all of the requirements in 7.6.2.7 can be met then the E/E/PE safety-related systems and the other risk reduction measures shall not be treated as independent for the purposes of the safety allocation. Instead, the allocation shall take into account relevant common cause failures between the EUC control system, the E/E/PE safety-related systems and the other risk reduction measures. |
Requirement: EN-61508-1 clause 7.6.2.9: specification once allocation has been sufficently progressed EN_61508_1_7_6_2_9
|
When the allocation has sufficiently progressed, the safety integrity requirements, for each safety function allocated to the E/E/PE safety-related system(s), shall be specified in terms of the safety integrity level in accordance with Table 2 or Table 3 and shall indicate whether the target failure measure is, either:
|
Requirement: EN-61508-1 clause 7.6.2.10: handling safety-related hardware with insufficient independance of implementaton EN_61508_1_7_6_2_10
|
For an E/E/PE safety-related system that implements safety functions of different safety integrity levels, unless it can be shown there is sufficient independence of implementation between these particular safety functions, those parts of the safety-related hardware and software where there is insufficient independence of implementation shall be treated as belonging to the safety function with the highest safety integrity level. Therefore, the requirements applicable to the highest relevant safety integrity level shall apply to all those parts. |
Requirement: EN-61508-1 clause 7.6.2.11: SIL 4 safety function allocation process result EN_61508_1_7_6_2_11
|
In cases where the allocation process results in the requirement for an E/E/PE safety-related system implementing a SIL 4 safety function then the following shall apply: a) There shall be a reconsideration of the application to determine if any of the risk parameters can be modified so that the requirement for a SIL 4 safety function is avoided. The review shall consider whether:
b) If after further consideration of the application, it is decided to implement the SIL 4 safety function then a further risk assessment shall be carried out using a quantitative method that takes into consideration potential common cause failures between the E/E/PE safety- related system and:
|
No single safety function in an E/E/PE safety-related system shall be allocated a target safety integrity lower than specified in Tables 2 and 3. That is, for safety-related systems operating in
|
Requirement: EN-61508-1 clause 7.6.2.13: documentation of information and results from 7.6.2.1 to 7.6.2.12 EN_61508_1_7_6_2_13
|
The information and results of the overall safety requirements allocation acquired in 7.6.2.1 to 7.6.2.12, together with any assumptions and justifications made (including assumptions concerning the other risk reduction measures that need to be managed throughout the life of the EUC), shall be documented. |
A plan shall be prepared that shall specify the following: a) the routine actions that need to be carried out to maintain the required functional safety of the E/E/PE safety-related systems; b) the actions and constraints that are necessary (for example during start-up, normal operation, routine testing, foreseeable disturbances, faults and shutdown) to prevent an unsafe state, to reduce the demands on the E/E/PE safety-related system, or reduce the consequences of the harmful events; c) the documentation that needs to be maintained showing results of functional safety audits and tests; d) the documentation that needs to be maintained on all hazardous events and all incidents with the potential to create a hazardous event; e) the scope of the maintenance activities (as distinct from the modification activities); f) the actions to be taken in the event of hazardous events occurring; g) the contents of the chronological documentation of operation and maintenance activities (see 7.15). |
The plan shall ensure, that if any subsystem of an E/E/PE safety related system with a hardware fault tolerance of zero is taken off-line for testing, the continuing safety of the EUC shall be maintained by additional measures and constraints. The safety integrity provided by the additional measures and constraints shall be at least equal to the safety integrity provided by the E/E/PE safety-related system during normal operation. In the case of any subsystem of an E/E/PE safety related system with a hardware fault tolerance greater than zero then at least one channel of the E/E/PE safety-related system shall remain in operation during testing and the testing shall be completed within the MTTR assumed in the calculations carried out to determine compliance with the target failure measure. |
The routine maintenance activities that are carried out to detect unrevealed faults shall be determined by a systematic analysis. |
Requirement: EN-61508-1 clause 7.7.2.4: plan agreement for maintaning E/E/PE safety-related systems EN_61508_1_7_7_2_4
|
The plan for maintaining the E/E/PE safety-related systems shall be agreed upon with those responsible for the operation and maintenance of
|
A plan shall be developed that shall include the following: a) details of when the validation shall take place; b) details of those who shall carry out the validation; c) specification of the relevant modes of the EUC operation with their relationship to the E/E/PE safety-related system, including where applicable
d) specification of the E/E/PE safety-related systems that need to be validated for each mode of EUC operation before commissioning commences; e) the technical strategy for the validation (for example analytical methods, statistical tests, etc.); f) the measures, techniques and procedures that shall be used for confirming that the allocation of safety functions has been carried out correctly; this shall include confirmation that each safety function conforms
g) specific reference to each element contained in the outputs from 7.5 and 7.6; h) the required environment in which the validation activities are to take place (for example, for tests this would include calibrated tools and equipment); i) the pass and fail criteria; j) the policies and procedures for evaluating the results of the validation, particularly failures. |
The information from 7.8.2.1 shall be documented and shall constitute the plan for the overall safety validation of the E/E/PE safety-related systems. |
Requirement: EN-61508-1 clause 7.9.2.1: plan for installation of E/E/PE safety-related systems EN_61508_1_7_9_2_1
|
A plan for the installation of the E/E/PE safety-related systems shall be developed, specifying a) the installation schedule; b) those responsible for different parts of the installation; c) the procedures for the installation; d) the sequence in which the various elements are integrated; e) the criteria for declaring all or parts of the E/E/PE safety-related systems ready for installation and for declaring installation activities complete; f) procedures for the resolution of failures and incompatibilities. |
Requirement: EN-61508-1 clause 7.9.2.2: plan for commissioning of E/E/PE safety-related systems EN_61508_1_7_9_2_2
|
A plan for the commissioning of the E/E/PE safety-related systems shall be developed, specifying: a) the commissioning schedule; b) those responsible for different parts of the commissioning; c) the procedures for the commissioning; d) the relationships to the different steps in the installation; e) the relationships to the validation. |
Requirement: EN-61508-1 clause 7.9.2.3: documentation of installation and commissioning EN_61508_1_7_9_2_3
|
The overall installation and commissioning planning shall be documented. |
Requirement: EN-61508-1 clause 7.10.2.1: SSRS from safety requirements allocation EN_61508_1_7_10_2_1
|
The E/E/PE system safety requirements specification shall be derived from the allocation of safety requirements specified in 7.6 together with all relevant information related to the application. This information shall be made available to the E/E/PE safety-related system developer. |
The E/E/PE system safety requirements specification shall contain requirements for the safety functions and their associated safety integrity levels. |
Requirement: EN-61508-1 clause 7.10.2.3: SSRS shall be available to the developers EN_61508_1_7_10_2_3
|
The E/E/PE system safety requirements specification shall be made available to the developer of the E/E/PE safety-related system. |
Requirement: EN-61508-1 clause 7.10.2.4: E/E/PE system safety requirement specification structure EN_61508_1_7_10_2_4
|
The E/E/PE system safety requirements specification shall be expressed and structured in such a way that it
|
Requirement: EN-61508-1 clause 7.10.2.5: specification shall contain requirement functions and integrity from 7.10.2.6 and 7.10.2.7 EN_61508_1_7_10_2_5
|
The specification of the E/E/PE system safety requirements shall contain the requirements for the E/E/PE system safety functions (see 7.10.2.6) and the requirements for E/E/PE system safety integrity (see 7.10.2.7). |
Requirement: EN-61508-1 clause 7.10.2.6: system safety functions requirement specification content EN_61508_1_7_10_2_6
|
The E/E/PE system safety functions requirements specification shall contain: a) a description of all the safety functions necessary to achieve the required functional safety, which shall, for each safety function,
b) response time performance (i.e. the time within which it is necessary for the safety function to be completed); c) E/E/PE safety-related system and operator interfaces that are necessary to achieve the required functional safety; d) all information relevant to functional safety that may have an influence on the E/E/PE safety-related system design; e) all interfaces, necessary for functional safety, between the E/E/PE safety-related systems and any other systems (either within, or outside, the EUC); f) all relevant modes of operation of the EUC, including:
g) all required modes of behaviour of the E/E/PE safety-related systems shall be specified. In particular, the failure behaviour and the required response in the event of failure (for example alarms, automatic shut-down, etc.) of the E/E/PE safety-related systems. |
Requirement: EN-61508-1 clause 7.10.2.7: system safety integrity requirement specification content EN_61508_1_7_10_2_7
|
The E/E/PE system safety integrity requirements specification shall contain: a) the safety integrity level for each safety function and, when required, a specified value for the target failure measure; b) the mode of operation (low demand, high demand or continuous) of each safety function; c) the required duty cycle and lifetime; d) the requirements, constraints, functions and facilities to enable the proof testing of the E/E/PE hardware to be undertaken; e) the extremes of all environmental conditions that are likely to be encountered during the E/E/PE system safety lifecycle including manufacture, storage, transport, testing, installation, commissioning, operation and maintenance; f) the electromagnetic immunity limits that are required to achieve functional safety. These limits should be derived taking into account both the electromagnetic environment and the required safety integrity levels (see IEC/TS 61000-1-2); g) limiting and constraint conditions for the realisation of E/E/PE safety-related systems due to the possibility of common cause failures (see 7.6.2.7). |
Installation activities shall be carried out in accordance with the plan for the installation of the E/E/PE safety-related systems (see 7.9). |
Requirement: EN-61508-1 clause 7.13.2.2: information documentation during installation EN_61508_1_7_13_2_2
|
The information documented during installation shall include
|
Commissioning activities shall be carried out in accordance with the plan for the commissioning of the E/E/PE safety-related systems. |
Requirement: EN-61508-1 clause 7.13.2.4: information docucumentation requirements EN_61508_1_7_13_2_4
|
The information documented during commissioning shall include
|
Validation activities shall be carried out in accordance with the overall safety validation plan for the E/E/PE safety-related systems (see 7.8). |
All equipment used for quantitative measurements as part of the validation activities shall be calibrated against a specification traceable to a national standard or to the vendor specification. |
Requirement: EN-61508-1 clause 7.14.2.3: informational documentation during validation EN_61508_1_7_14_2_3
|
The information documented during validation shall include
|
Requirement: EN-61508-1 clause 7.14.2.4: handling and documenting discrepencies for validation EN_61508_1_7_14_2_4
|
When discrepancies occur between expected and actual results, the analysis made, and the decisions taken on whether to continue the validation or issue a change request and return to an earlier part of the validation, shall be documented. |
The following shall be implemented:
|
Implementation of the items specified in 7.15.2.1 shall include initiation of the following actions:
|
Chronological documentation of operation, repair and maintenance of the E/E/PE safety-related systems shall be maintained which shall contain the following information:
|
Requirement: EN-61508-1 clause 7.15.2.4: requirements for chronological documentation EN_61508_1_7_15_2_4
|
The exact requirements for chronological documentation will be dependent on the specific product or application and shall, where relevant, be detailed in product and application sector international standards. |
Prior to carrying out any modification or retrofit activity, procedures shall be planned (see 6.2.8). |
Requirement: EN-61508-1 clause 7_16_2_2: initialization of modification and retrofit phase EN_61508_1_7_16_2_2
|
The modification and retrofit phase shall be initiated only by the issue of an authorized request under the procedures for the management of functional safety (see 6.2.8). The request shall detail the following:
|
An impact analysis shall be carried out that shall include an assessment of the impact of the proposed modification or retrofit activity on the functional safety of any E/E/PE safety-related system. The assessment shall include a hazard and risk analysis sufficient to determine the breadth and depth to which subsequent overall, E/E/PE system or software safety lifecycle phases will need to be undertaken. The assessment shall also consider the impact of other concurrent modification or retrofit activities, and shall also consider the functional safety both during and after the modification and retrofit activities have taken place. |
The results described in 7.16.2.3 shall be documented. |
Authorization to carry out the required modification or retrofit activity shall be dependent on the results of the impact analysis. |
All modifications that have an impact on the functional safety of any E/E/PE safety- related system shall initiate a return to an appropriate phase of the overall, E/E/PE system or software safety lifecycles. All subsequent phases shall then be carried out in accordance with the procedures specified for the specific phases in accordance with the requirements in this standard. |
Requirement: EN-61508-1 clause 7.16.2.7: establishing and maintaining chronological documentation EN_61508_1_7_16_2_7
|
Chronological documentation shall be established and maintained that shall document details of all modifications and retrofits, and shall include references to:
|
Requirement: EN-61508-1 clause 7.17.2.1: impact analysis prior to decommissioning/disposal activity EN_61508_1_7_17_2_1
|
Prior to any decommissioning or disposal activity, an impact analysis shall be carried out that shall include an assessment of the impact of the proposed decommissioning or disposal activity on the functional safety of any E/E/PE safety-related system associated with the EUC. The impact analysis shall also consider adjacent EUCs and the impact on their E/E/PE safety-related systems. The assessment shall include a hazard and risk analysis sufficient to determine the necessary breadth and depth of subsequent overall, E/E/PE system or software safety lifecycle phases. |
The results described in 7.17.2.1 shall be documented. |
Requirement: EN-61508-1 clause 7.17.2.3: initiation of decommissioning/disposal phase EN_61508_1_7_17_2_3
|
The decommissioning or disposal phase shall only be initiated by the issue of an authorized request under the procedures for the management of functional safety (see Clause 6). |
Authorization to carry out the required decommissioning or disposal shall be dependent on the results of the impact analysis. |
Prior to decommissioning or disposal taking place a plan shall be prepared that shall include procedures for:
|
Requirement: EN_61508_1 clause 7.17.2.6: decommissioning/disposal impact on E/E/PE safety-related system EN_61508_1_7_17_2_6
|
If any decommissioning or disposal activity has an impact on the functional safety of any E/E/PE safety-related system, this shall initiate a return to the appropriate phase of the overall, E/E/PE system or software safety lifecycles. All subsequent phases shall then be carried out in accordance with the procedures specified in this standard for the safety integrity levels of the safety functions implemented by the E/E/PE safety-related systems. |
Requirement: EN_61508_1 clause 7.17.2.7: maintaning and establishing chronological documentation EN_61508_1_7_17_2_7
|
Chronological documentation shall be established and maintained that shall document details of the decommissioning or disposal activities and shall include references to:
|
Requirement: EN-61508-1 clause 7.18.2.1: a plan for the verification of each phase EN_61508_1_7_18_2_1
|
For each phase of the overall, E/E/PE system and software safety lifecycles, a plan for the verification shall be established concurrently with the development for the phase. |
Requirement: EN_61508_1 clause 7.18.2.2: maintaning and establishing chronological documentation EN_61508_1_7_18_2_2
|
The verification plan shall document or refer to the criteria, techniques, tools to be used in the verification activities. |
The verification shall be carried out according to the verification plan. |
Requirement: EN-61508-1 clause 7.18.2.4: collecting information and documenting evidence of verification activities EN_61508_1_7_18_2_4
|
Information on the verification activities shall be collected and documented as evidence that the phase being verified has, in all respects, been satisfactorily completed. |
One or more persons shall be appointed to carry out one or more functional safety assessments in order to arrive at a judgement on the adequacy of:
|
Those carrying out a functional safety assessment shall have access to all persons involved in any overall, E/E/PE system or software safety lifecycle activity and all relevant information and equipment (both hardware and software). |
A functional safety assessment shall be applied to all phases throughout the overall, E/E/PE system and software safety lifecycles, including documentation, verification and management of functional safety. |
Those carrying out a functional safety assessment shall consider the activities carried out and the outputs obtained during each phase of the overall, E/E/PE system and software safety lifecycles and judge whether adequate functional safety has been achieved based on the objectives and requirements in this standard. |
All relevant claims of compliance made by suppliers and other parties responsible for achieving functional safety shall be included in the functional safety assessment. |
Requirement: EN-61508-1 clause 8.2.6: FSA may be carried out after each lifecycle phase EN_61508_1_8_2_6
|
A functional safety assessment may be carried out after each phase of the overall, E/E/PE system and software safety lifecycles, or after a number of safety lifecycle phases, subject to the overriding requirement that a functional safety assessment shall be undertaken prior to the determined hazards being present. |
A functional safety assessment shall include assessment of the evidence that functional safety audit(s) have been carried out (either full or partial) relevant to its scope. |
Each functional safety assessment shall consider at least the following:
|
Each functional safety assessment shall be planned. The plan shall specify all information necessary to facilitate an effective assessment, including:
|
Prior to a functional safety assessment taking place, its plan shall be approved by those carrying it out and by those responsible for the management of functional safety. |
Requirement: EN-61508-1 clause 8.2.11: FSA documentation in accordance with the assessments plans EN_61508_1_8_2_11
|
At the conclusion of a functional safety assessment, those carrying out the assessment shall document, in accordance with the assessment’s plans and terms of reference:
|
Requirement: EN-61508-1 clause 8.2.12: relevant outputs of FSA shall be made available EN_61508_1_8_2_12
|
The relevant outputs of the functional safety assessment of a compliant item shall be made available to those having responsibilities for any overall, E/E/PE system or software safety lifecycle activity including the designers and assessors of the E/E/PE safety-related system. The output of the assessment of the E/E/PE safety-related system shall be made available to the E/E/PE system integrator. |
The output of the functional safety assessment of a compliant item shall include the following information to facilitate the re-use of the assessment results in the context of a larger system (see Annex D of IEC 61508-2; Annex D of IEC 61508-3 and 3.8.17 of IEC 61508-4). a) the precise identification of the compliant item including the version of its hardware and software; b) the conditions assumed during the assessment (e.g. the conditions of use of the E/E/PE safety-related system); c) reference to the documentation evidence on which the assessment conclusion was based; d) the procedures, methods and tools used for assessing the systematic capability along with the justification of its effectiveness; e) the procedures, methods and tools used for assessing the hardware safety integrity together with the justification of the approach adopted and the quality of the data (e.g. the failure rate/distribution data sources); f) the assessment results obtained in relation to the requirements of this standard and to the specification of the safety characteristics of the compliant item in its safety manual; g) the accepted deviations to IEC 61508 requirements, with corresponding explanation and / or reference to evidence contained in documentation. |
Requirement: EN-61508-1 clause 8.2.14: FSA people shall be competent to requirements of 6.2.13 to 6.2.15 EN_61508_1_8_2_14
|
Those carrying out a functional safety assessment shall be competent for the activities to be undertaken, according to the requirements of 6.2.13 to 6.2.15. |
Requirement: EN-61508-1 clause 8.2.15: minimum level of independence for FSA shall be specified according to table 4 and 5 EN_61508_1_8_2_15
|
The minimum level of independence of those carrying out a functional safety assessment shall be as specified in Tables 4 and 5. Product and application sector international standards may specify, with respect to compliance to their standards, different levels of independence to those specified in Tables 4 and 5. The tables shall be interpreted as follows:
|
Requirement: EN-61508-1 clause 8.2.16: determining the level of independence in the cells of tables 4 and 5 EN_61508_1_8_2_16
|
In the context of Tables 4 and 5, only cells marked X, X1, X2 or Y shall be used as a basis for determining the level of independence. For cells marked X1 or X2, either X1 or X2 is applicable (not both), depending on a number of factors specific to the application. The rationale for choosing X1 or X2 should be detailed. Factors that will make X2 more appropriate than X1 are:
|
In the context of Table 4, the consequence values for the specified level of independence are:
The consequences specified in Table 4 are those that would arise in the event of failure of all the risk reduction measures including the E/E/PE safety-related systems. |
Requirement: EN-61508-1 clause 8.2.18: determining minimum levels of independence for table 5 EN_61508_1_8_2_18
|
In the context of Table 5, the minimum levels of independence shall be based on the safety function, carried out by the E/E/PE safety-related system, that has the highest safety integrity level or for elements/subsystems, the highest systematic capability, specified in terms of the safety integrity level. |