FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Definitions and abbreviations
Annex A (informative) Application of IEC 61508-2 and of
IEC 61508-3
A.1 - General
A.2 - Functional steps in the application of
IEC 61508-2
A.3 - Functional steps in the application of
IEC 61508-3
Annex B (informative) Example technique for evaluating
probabilities of hardware failure
B.1 - General
B.2 - Average probability of failure on demand (for
low demand mode of operation)
B.3 - Probability of failure per hour (for high demand
or continuous mode of operation
B.4 - References
Annex C (informative) Calculation of diagnostic coverage and
safe failure fraction: worked example
Annex D (informative) A methodology for quantifying the
effect of hardware-related common cause
failures in E/E/PE systems
D.1 - General
D.2 - Brief overview
D.3 - Scope of the methodology
D.4 - Points taken into account in the methodology
D.5 - Using the beta-factor to calculate the
probability of failure in an E/E/PE safety-
related system due to common cause failures
D.6 - Using the tables to estimate beta
D.7 - Examples of the use of the methodology
D.8 - References
Annex E (informative) Example applications of software safety
integrity tables of IEC 61508-3
E.1 - General
E.2 - Example for safety integrity level 2
E.3 - Example for safety integrity level 3
Bibliography
Figure 1 - Overall framework of IEC 61508
Figure A.1 - Application of IEC 61508-2
Figure A.2 - Application of IEC 61508-2 (continued)
Figure A.3 - Application of IEC 61508-3
Figure B.1 - Example configuration for two sensor channels
Figure B.2 - Subsystem structure
Figure B.3 - 1oo1 physical block diagram
Figure B.4 - 1oo1 reliability block diagram
Figure B.5 - 1oo2 physical block diagram
Figure B.6 - 1oo2 reliability block diagram
Figure B.7 - 2oo2 physical block diagram
Figure B.8 - 2oo2 reliability block diagram
Figure B.9 - 1oo2D physical block diagram
Figure B.10 - 1oo2D reliability block diagram
Figure B.11 - 2oo3 physical block diagram
Figure B.12 - 2oo3 reliability block diagram
Figure B.13 - Architecture of an example for low demand mode
of operation
Figure B.14 - Architecture of an example for high demand or
continuous mode of operation
Figure D.1 - Relationship of common cause failures to the
failures of individual channels
Table B.1 - Terms and their ranges used in this annex
(applies to 1oo1, 1oo2, 2oo2, 1oo2D and 2oo3)
Table B.2 - Average probability of failure on demand for a
proof test interval of six months and a mean time
to restoration of 8 h
Table B.3 - Average probability of failure on demand for a
proof-test interval of one year and mean time to
restoration of 8 h
Table B.4 - Average probability of failure on demand for a
proof-test interval of two years and mean time to
restoration of 8 h
Table B.5 - Average probability of failure on demand for a
proof-test interval of 10 years and mean time to
restoration of 8 h
Table B.6 - Average probability of failure on demand for the
sensor subsystem in the example for low demand
mode of operation (one year proof-test interval
and 8 h MTTR)
Table B.7 - Average probability of failure on demand for the
logic subsystem in the example for low demand
mode of operation (one year proof-test interval
and 8 h MTTR)
Table B.8 - Average probability of failure on demand for the
final element subsystem in the example for low
demand mode of operation (one year proof-test
interval and 8 h MTTR)
Table B.9 - Example for a non-perfect proof test
Table B.10 - Probability of failure per hour (in high demand
or continuous mode of operation) for a proof-
test interval of one month and a mean time to
restoration of 8 h
Table B.11 - Probability of failure per hour (in high demand
or continuous mode of operation) for a proof
test interval of three months and a mean time to
restoration of 8 h
Table B.12 - Probability of failure per hour (in high demand
or continuous mode of operation) for a proof
test interval of six months and a mean time to
restoration of 8 h
Table B.13 - Probability of failure per hour (in high demand
or continuous mode of operation) for a proof
test interval of one year and a mean time to
restoration of 8 h
Table B.14 - Probability of failure per hour for the sensor
subsystem in the example for high demand or
continuous mode of operation (six month proof-
test interval and 8 h MTTR)
Table B.15 - Probability of failure per hour for the logic
subsystem in the example for high demand or
continuous mode of operation (six month proof-
test interval and 8 h MTTR)
Table B.16 - Probability of failure per hour for the final
element subsystem in the example for high demand
or continuous mode of operation (six month
proof-test interval and 8 h MTTR)
Table C.1 - Example calculations for diagnostic coverage and
safe failure fraction
Table C.2 - Diagnostic coverage and effectiveness for
different subsystems
Table D.1 - Scoring programmable electronics or sensors/final
elements
Table D.2 - Value of Z: programmable electronics
Table D.3 - Value of Z: sensors or final elements
Table D.4 - Calculation of beta or betaD
Table D.5 - Example values for programmable electronics
Table E.1 - Software safety requirements specification (see
7.2 of IEC 61508-3)
Table E.2 - Software design and development: software
architecture design (see 7.4.3 of IEC 61508-3)
Table E.3 - Software design and development: support tools
and programming language (see 7.4.4 OF (IEC
61508-3)
Table E.4 - Software design and development: detailed design
(see 7.4.5 and 7.4.6 of IEC 61508-3) (this
includes software system design, software module
design and coding)
Table E.5 - Software design and development: software module
testing and integration (see 7.4.7 and 7.4.8 of
IEC 61508-3)
Table E.6 - Programmable electronics integration (hardware
and software) (see 7.5 of IEC 61508-3)
Table E.7 - Software safety validation (see 7.7 of IEC
61508-3)
Table E.8 - Software modification (see 7.8 of IEC 61508-3)
Table E.9 - Software verification (see 7.9 of part 3)
Table E.10 - Functional safety assessment (see clause 8 of
IEC 61508-3)
Table E.11 - Software safety requirements specification (see
7.2 of IEC 61508-3)
Table E.12 - Software design and development: software
architecture design (see 7.4.3 of IEC 61508-3)
Table E.13 - Software design and development: support tools
and programming language (see 7.4.4 of IEC
61508-3)
Table E.14 - Software design and development: detailed
design (see 7.4.5 and 7.4.6 of IEC 61508-3)
(this includes software system design, software
module design and coding)
Table E.15 - Software design and development: software
module testing and integration (see 7.4.7 and
7.4.8 of IEC 61508-3)
Table E.16 - Programmable electronics integration (hardware
and software) (see 7.5 of IEC 61508-3)
Table E.17 - Software safety validation (see 7.7 of IEC
61508-3)
Table E.18 - Modification (see 7.8 of IEC 61508-3)
Table E.19 - Software verification (see 7.9 of IEC 61508-3)
Table E.20 - Functional safety assessment (see clause of IEC
61508-3)