In the first part of this blog series (IEC 61508 The mother of all safety standards), we gave a brief introduction to IEC 61508 and additionally we mentioned the influence IEC 61508 has had on various other safety standards. In this second part of the blog we look at how both automotive and medical standards have been shaped based on IEC 61508 input.

 

ISO 26262 and the automotive link

The similarities between IEC 61508 and ISO 26262 are clear to see and ISO 26262 was very much derived from the former. There are however a few differences around the topics of dependent failures and metrics for failure rates and we will look at these in detail in the third part of this blog.

Some companies still use both of these standards during the analysis of hardware failure rates in their failure modes, effects and diagnostic analysis (FMEDA), as certification maybe required for both standards.

 

Taking a risk on ISO 14971

IEC 61508 is not listed in the bibliography of ISO 14971 nor its accompanying technical report ISO TR 24971, but the hazard analysis techniques are very similar to those defined in IEC 61508 and its predecessor IEC 1508 released back in the mid-1990s.

 

The techniques of risk estimation based on severity and probability of occurrence are similar to those defined in section 5 of ISO TR 24971. One of the problems in the medical device sector is there is not the level of detail in ISO 14971 nor IEC TR 24971 to explain these target metrics, in comparison to the definition in IEC 61508 part 1. This leaves the justification somewhat open for probability of failure in the semi-quantitative analysis as illustrated in Table 1:

Common terms Examples of probability range
Frequent ≥10−3
Probable <10−3 and ≥10−4
Occasional <10−4 and ≥10−5
Remote <10−5 and ≥10−6
Improbable <10−6

Table 1: ISO TR 24971 Semi-qualitative probabilities

 

It is common when auditing companies for ISO 14971, to see these suggested probabilities added to an FMEA, but this can understandably lead to difficulties in an audit, if there is no justification from where these values have been derived or more importantly how they have been met. The values originate from IEC 61508, and if to be used in medical device applications, then a justification of these values is necessary in the risk management plan and risk management report. References to IEC 61508 and a description of high or low demand mode systems and how these define the failure rate probabilities would be extremely helpful.

 

Influencing the IEC 62304 software lifecycle

Most people working with the software lifecycle model in IEC 62304 are familiar with the diagram illustrated in Figure 1, showing how IEC 61508 inspires IEC 62304. Let’s take a look at how IEC 61508 part 3 supports IEC 62304 activities. Both these standards use a V-model for the software development lifecycle, but as described in our blog post „The continuum of safety-related delivery“ there is a relatively free reign on the development lifecycle for software.

 

IEC 61508 has a more safety-oriented approach than IEC 62304, but the guidance from IEC 61508 in the area around requirements management is clear to see in IEC 62304 section 5.2. What would be even more helpful is if the guidance on software unit implementation in IEC 62304 section 5.5, could be expanded in line with IEC 61508-3 section 7.4 which gives more substantial guidance in this area.

 

Topics that don’t overlap include: validation as this is out with the scope of IEC 62304 and the challenging topic of software tool qualification, that would be a good addition to IEC 62304 if seeking more inspiration from IEC 61508.

 

IEC 61508. ISO 14971. ISO 26262

Figure 1: IEC 62304 and the relations to other standards

 

IEC 60601 where functional safety meets the medical device sector

We have discussed the topic of programmable electrical medical systems (PEMS) in previous blog posts (Making Sense of PEMS – Lorit Consultancy (lorit-consultancy.com). IEC 60601 does introduce this topic in section 14, but could benefit from more input of the type defined in IEC 61508, to help the reader understand topics such as systematic failures, diversity and redundancy better. Ultimately this an area where IEC 61508 would definitely come into the category of state of the art.

 

In summary IEC 61508 has played a key role in shaping both standards in the automotive and medical device sectors. There are areas in the medical device sector where further inspiration form IEC 61508 could be sought. In the final part of this blog series, we will compare the analysis techniques in IEC 61508 with other industry standards.

 

By Alastair Walker, Consultant

 

 

Do you want to learn more about the implementation of ISO 26262, IEC 62304, ISO 14971 or any other standard in the Automotive or Medical Device sector? We work remotely with you. Please contact us at info@lorit-consultancy.com for bespoke consultancy or join one of our upcoming online courses.