At first I was afraid, I was petrified… That was my initial reaction when I encountered functional safety. First, there was talk about IEC 61508 certification, the “mother of all safety standards”. No big deal for a new safety officer like myself — or so I thought. One tiny detail was revealed during the project, namely that the products were also going to be marketed in the USA. Hold on, they don’t even use IEC 61508? Excuse me? UL 1998 and UL 991? Well, okay, the standards won’t be that different; the priority is still functional safety. And while I was preoccupied with the UL standards, we received an order to make preparations for having our product certified under ISO 13849 for a customer… To keep it short, this was followed by ISO 26262, EN 50126/8 and IEC 61010/60601, and others. What did they even have in common? As a matter of interest, I then also conducted UL/IEC 60730, IEC 62061 and IEC 61511.
In this blog post, I hope to shed a little light on this seemingly endless expanse of standards.
First, here is an overview of the standards’ names:
|IEC 61508||Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES)|
|UL 1998||Standard for Software in Programmable Components|
|UL 991||Standard for Tests for Safety-Related Controls Employing Solid-State Devices|
|ISO 13849||General principles for design, provides safety requirements and guidance on the principles of design and integration of safety-related parts of control systems (hardware or software)|
|ISO 26262||Road vehicles – Functional safety|
|EN 50126||Railway Applications – The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS)|
|EN 50128||Railway applications – Communication, signalling and processing systems – Software for railway control and protection systems|
|IEC 61010||Safety requirements for electrical equipment for measurement, control, and laboratory use|
|IEC 60601||Medical electrical equipment- General requirements for basic safety and essential performance|
|IEC/UL 60730||Automatic electrical controls for household and similar use|
|IEC 62061||Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems|
|IEC 61511||Functional safety – Safety instrumented systems for the process industry sector|
So you can say that I’ve gained a certain overview of the various topics they cover in the meantime. However, I would also like to note that there are countless other standards concerning functional safety that I have not yet worked with.
Fundamental goals of all standards
In any event, I have since come back to my original opinion. That the standards essentially have the same structure and goals. Some standards make reference to others and attest to their integrity, or refer to other standards (example: ISO 13849 accepts the results of a development based on IEC 62061, or refers to the software portion of IEC 61508). Yet, the procedure always remains the same:
- Describe your product
a) What is the intended use?
b) What are the limits?
- What can go wrong?
a) Due to defects in the device – random failures
b) Due to faulty production – systematic failures
c) Due to improper use – foreseeable misuse
- What’s the worst that can happen?
- How can that be counteracted?
- Are the risk alleviation measures sufficient?
In summary identify and mitigate hazards.
The difference lies in the detail
The “beauty” of it is that different expressions are used in each case. If the summary of risks to be avoided is referred to as the “Functional Safety Concept” in the automotive world, one will not find a work product for this in IEC 61508, but rather a description thereof in the chapter titled “Requirements to the complete system”. But terms that deal with the likelihood of failures are also not uniform. In the rail industry, this is TFFR (“Tolerable Functional Failure Rate”); in IEC 61508, it is PFH (“Probable Failure Per Hour” (for high-demand systems — for low-demand, it is PFD, “Probable Failure on Demand”)); and ISO 26262 contains PMHF (“Probabilistic Metric for Random Hardware Failures”), while ISO 13849 simply uses MTTF (“Mean Time to Failure” – i.e. the inverse of the likelihood of failure). Essentially, it’s a dissemination of language as was the case at the Tower of Babel…
Benefits across industries
However, I recommend that everyone read through other industries’ standards. There is no optimal standard that explains everything completely and comprehensibly. For example, the medical device standards provide pragmatic guidance on defining intended use, while the automotive industry offers a clear list of work products that should be produced. The original standard IEC 61508, with its generic structure, provides a rich portfolio of various verification and validation methods.
In short: each additional standard gives a better insight into the world of functional safety and the opportunities that one can “realistically realise” in their own projects. Admittedly, this takes time and requires someone who likes to learn from other industries.
By Gerrit Steinöcker – Functional Safety Consultant