Summary of "IEC 61508 Overview"

IEC 61508 — Overview

Purpose and scope

Functional safety (per IEC 61508): prevent dangerous failures where possible; where failures occur, ensure they lead to a safe or known state; reduce risk to a tolerable level by applying safety functions.

IEC 61508 is an international, generic functional-safety standard for electrical, electronic and programmable electronic safety‑related systems (E/E/PE systems). It covers the full lifecycle from concept through design, realization, operation/maintenance, to decommissioning. Domain-specific standards (for example ISO 26262 for automotive, and standards for rail and aerospace) are derived from IEC 61508.

Two core concepts (pillars)

1. Safety lifecycle — structured phases for managing safety from concept to disposal.
2. Probabilistic failure approach — use of probability metrics (and demand modes) to allocate Safety Integrity Levels (SILs).

Structure of the standard

IEC 61508 is organized into seven parts grouped by purpose:

• Parts 1–3: normative requirements (what to implement)
  • Part 1: general requirements
  • Part 2: E/E/PE system requirements (hardware/architecture)
  • Part 3: software requirements
• Part 4: definitions and abbreviations
• Parts 5–7: guidance, methods and examples (how to apply Parts 1–3), including methods for SIL calculation, application guidelines, and techniques/measures

Safety lifecycle (16 phases)

The safety lifecycle is presented as 16 phases grouped into three major groups.

Analysis (phases 1–5)

1. Phase 1: Concept
2. Phase 2: Scope definition
3. Phase 3: Hazard and Risk Analysis (HARA)
4. Phase 4: Overall safety requirements formulation
5. Phase 5: Safety requirements allocation to items/subsystems

Realization (phases 6–13)

1. Phase 6: Planning (including operation & maintenance planning)
2. Phase 7: Overall safety validation planning (installation/commissioning planning)
3. Phases 8–13: Design, implementation, integration, installation, commissioning, and safety validation of the safety-related system (this includes treatment of other technologies and external risk‑reduction facilities; some topics may be out of scope)

Operation, maintenance and decommissioning (phases 14–16)

1. Phase 14: Operation and maintenance
2. Phase 15: Modification, repair and retrofit (managing changes across lifecycle)
3. Phase 16: Decommissioning and disposal (safe end-of-life handling)

Key lifecycle principles

• Address safety across the entire lifecycle — optimal (cost‑effective) safety is achieved when addressed early and throughout.
• Zero risk is impossible; focus on reducing probabilities of hazardous events and reducing non‑tolerable risks.
• Avoid repeating errors from prior phases — use verification, root‑cause analysis and strengthened V&V to prevent recurrence.

Hazard and Risk Analysis (HARA)

For each hazardous event associated with the Equipment Under Control (EUC), estimate risk using qualitative or quantitative techniques.

Likelihood (six-category scale with approximate failure-per-year ranges as given in IEC 61508):

• Frequent (≥ 10^‑3 / year)
• Probable (~10^‑3 to 10^‑4 / year)
• Occasional (~10^‑4 to 10^‑5 / year)
• Remote (~10^‑5 to 10^‑6 / year)
• Improbable (~10^‑6 to 10^‑7 / year)
• Incredible (< 10^‑7 / year)

Consequence categories:

• Catastrophic (multiple deaths)
• Critical (single death)
• Marginal (major injury)
• Negligible (minor injury)

Combine likelihood and consequence in a risk matrix to assign a risk class (1–4):

• Class 1: Unacceptable (immediate risk reduction required)
• Class 2: Undesirable (tolerable only if reduction impracticable or costs grossly disproportionate)
• Class 3: Tolerable (if cost of reduction exceeds benefit)
• Class 4: Acceptable (monitoring may be needed)

Safety Integrity Levels (SILs)

SILs provide targets for required safety performance of safety functions. Three measures are used to determine/justify a SIL:

1. Systematic capability (SC) — a design/process quality measure (quality management, V&V, failure mode analysis). Each component has an SC rating; the overall function’s SIL is limited by the lowest SC among used devices.
2. Architectural constraints — design/diagnostic measures and redundancy requirements defined in Parts 2 and 3.
3. Probabilistic failure metrics — allowable frequency/probability of dangerous failure, differing by demand mode:
   • Low-demand mode (intermittent demand, ≤ 1 demand/year): SIL is expressed as a target probability of failure on demand (PFDavg).
   • High-demand/continuous mode (>1 demand/year or continuous operation): SIL is expressed as a frequency (dangerous failures per hour or year).

Note: SIL 1 through SIL 4 correspond to progressively stricter allowable probabilities/frequencies of dangerous failure. (Consult the standard for precise numerical limits.)

Verification and testing

• Verification and validation (V&V) activities must be aligned with the SIL assigned to each safety function.
• For software: rigorous testing and coverage criteria are expected (statement coverage, branch coverage, function coverage, MCDC where applicable).
• Quality control, structured processes, and documented V&V justify that the implemented system attains the target SIL.

Relationship to other standards and practices

• ISO 26262 (automotive) is derived from IEC 61508 and provides automotive-specific HARA and processes.
• Other domain standards for rail, aerospace, etc., follow IEC 61508 principles while adding domain-specific constraints.
• Coding and tool guidance commonly referenced in industry (e.g., MISRA for C/C++) are used under domain standards like ISO 26262; IEC 61508 is more flexible about methods and allows multiple techniques for HARA and assessment.

Practical methodology (recommended steps)

1. Initiate concept and define scope (Phases 1–2).
2. Perform HARA for the Equipment Under Control (Phase 3):
   • Identify hazardous events.
   • Choose qualitative or quantitative assessment.
   • Assign likelihood and consequence categories.
   • Determine risk class from the risk matrix.
3. Define overall safety requirements (Phase 4) and allocate safety requirements to system elements (Phase 5).
4. Plan realization activities (Phase 6): project planning, operation & maintenance planning.
5. Plan validation & commissioning (Phase 7).
6. Realize the safety-related system (Phases 8–13):
   • Design per required SIL (consider SC, architecture, probabilistic targets).
   • Implement hardware and software according to Parts 2 and 3.
   • Apply quality control, V&V, failure analysis, diagnostics.
   • Install and commission; carry out safety validation in the target environment.
7. Verify testing coverage for software modules (statement, branch, MCDC, etc.) and document verification evidence.
8. Operate and maintain (Phase 14): monitor performance, perform repairs, ensure continued compliance.
9. Manage modifications/retrofits with change control and re-assessment (Phase 15).
10. Decommission and dispose safely when the system reaches end-of-life (Phase 16).

Speakers / referenced sources

• Speaker/presenter: safety expert (single presenter in the source video).
• Standards / organizations referenced: IEC (IEC 61508), ISO (ISO 26262), MISRA (coding guidelines), and general reference to domain standards derived from IEC 61508 (rail, aeronautics).

Category

Educational

---

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

---

Is the summary off?

If you think the summary is inaccurate, you can reprocess it with the latest model.

Reprocess summary

Video