BS IEC 61508-6 : 2000 AMD 13784

FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Definitions and abbreviations
Annex A (informative) Application of IEC 61508-2 and of
                      IEC 61508-3
      A.1 - General
      A.2 - Functional steps in the application of
            IEC 61508-2
      A.3 - Functional steps in the application of
            IEC 61508-3
Annex B (informative) Example technique for evaluating
                      probabilities of hardware failure
      B.1 - General
      B.2 - Average probability of failure on demand (for
            low demand mode of operation)
      B.3 - Probability of failure per hour (for high demand
            or continuous mode of operation
      B.4 - References
Annex C (informative) Calculation of diagnostic coverage and
                      safe failure fraction: worked example
Annex D (informative) A methodology for quantifying the
                      effect of hardware-related common cause
                      failures in E/E/PE systems
      D.1 - General
      D.2 - Brief overview
      D.3 - Scope of the methodology
      D.4 - Points taken into account in the methodology
      D.5 - Using the beta-factor to calculate the
            probability of failure in an E/E/PE safety-
            related system due to common cause failures
      D.6 - Using the tables to estimate beta
      D.7 - Examples of the use of the methodology
      D.8 - References
Annex E (informative) Example applications of software safety
                      integrity tables of IEC 61508-3
      E.1 - General
      E.2 - Example for safety integrity level 2
      E.3 - Example for safety integrity level 3
Bibliography
Figure 1 - Overall framework of IEC 61508
Figure A.1 - Application of IEC 61508-2
Figure A.2 - Application of IEC 61508-2 (continued)
Figure A.3 - Application of IEC 61508-3
Figure B.1 - Example configuration for two sensor channels
Figure B.2 - Subsystem structure
Figure B.3 - 1oo1 physical block diagram
Figure B.4 - 1oo1 reliability block diagram
Figure B.5 - 1oo2 physical block diagram
Figure B.6 - 1oo2 reliability block diagram
Figure B.7 - 2oo2 physical block diagram
Figure B.8 - 2oo2 reliability block diagram
Figure B.9 - 1oo2D physical block diagram
Figure B.10 - 1oo2D reliability block diagram
Figure B.11 - 2oo3 physical block diagram
Figure B.12 - 2oo3 reliability block diagram
Figure B.13 - Architecture of an example for low demand mode
              of operation
Figure B.14 - Architecture of an example for high demand or
              continuous mode of operation
Figure D.1 - Relationship of common cause failures to the
             failures of individual channels
Table B.1 - Terms and their ranges used in this annex
            (applies to 1oo1, 1oo2, 2oo2, 1oo2D and 2oo3)
Table B.2 - Average probability of failure on demand for a
            proof test interval of six months and a mean time
            to restoration of 8 h
Table B.3 - Average probability of failure on demand for a
            proof-test interval of one year and mean time to
            restoration of 8 h
Table B.4 - Average probability of failure on demand for a
            proof-test interval of two years and mean time to
            restoration of 8 h
Table B.5 - Average probability of failure on demand for a
            proof-test interval of 10 years and mean time to
            restoration of 8 h
Table B.6 - Average probability of failure on demand for the
            sensor subsystem in the example for low demand
            mode of operation (one year proof-test interval
            and 8 h MTTR)
Table B.7 - Average probability of failure on demand for the
            logic subsystem in the example for low demand
            mode of operation (one year proof-test interval
            and 8 h MTTR)
Table B.8 - Average probability of failure on demand for the
            final element subsystem in the example for low
            demand mode of operation (one year proof-test
            interval and 8 h MTTR)
Table B.9 - Example for a non-perfect proof test
Table B.10 - Probability of failure per hour (in high demand
             or continuous mode of operation) for a proof-
             test interval of one month and a mean time to
             restoration of 8 h
Table B.11 - Probability of failure per hour (in high demand
             or continuous mode of operation) for a proof
             test interval of three months and a mean time to
             restoration of 8 h
Table B.12 - Probability of failure per hour (in high demand
             or continuous mode of operation) for a proof
             test interval of six months and a mean time to
             restoration of 8 h
Table B.13 - Probability of failure per hour (in high demand
             or continuous mode of operation) for a proof
             test interval of one year and a mean time to
             restoration of 8 h
Table B.14 - Probability of failure per hour for the sensor
             subsystem in the example for high demand or
             continuous mode of operation (six month proof-
             test interval and 8 h MTTR)
Table B.15 - Probability of failure per hour for the logic
             subsystem in the example for high demand or
             continuous mode of operation (six month proof-
             test interval and 8 h MTTR)
Table B.16 - Probability of failure per hour for the final
             element subsystem in the example for high demand
             or continuous mode of operation (six month
             proof-test interval and 8 h MTTR)
Table C.1 - Example calculations for diagnostic coverage and
            safe failure fraction
Table C.2 - Diagnostic coverage and effectiveness for
            different subsystems
Table D.1 - Scoring programmable electronics or sensors/final
            elements
Table D.2 - Value of Z: programmable electronics
Table D.3 - Value of Z: sensors or final elements
Table D.4 - Calculation of beta or betaD
Table D.5 - Example values for programmable electronics
Table E.1 - Software safety requirements specification (see
            7.2 of IEC 61508-3)
Table E.2 - Software design and development: software
            architecture design (see 7.4.3 of IEC 61508-3)
Table E.3 - Software design and development: support tools
            and programming language (see 7.4.4 OF (IEC
            61508-3)
Table E.4 - Software design and development: detailed design
            (see 7.4.5 and 7.4.6 of IEC 61508-3) (this
            includes software system design, software module
            design and coding)
Table E.5 - Software design and development: software module
            testing and integration (see 7.4.7 and 7.4.8 of
            IEC 61508-3)
Table E.6 - Programmable electronics integration (hardware
            and software) (see 7.5 of IEC 61508-3)
Table E.7 - Software safety validation (see 7.7 of IEC
            61508-3)
Table E.8 - Software modification (see 7.8 of IEC 61508-3)
Table E.9 - Software verification (see 7.9 of part 3)
Table E.10 - Functional safety assessment (see clause 8 of
             IEC 61508-3)
Table E.11 - Software safety requirements specification (see
             7.2 of IEC 61508-3)
Table E.12 - Software design and development: software
             architecture design (see 7.4.3 of IEC 61508-3)
Table E.13 - Software design and development: support tools
             and programming language (see 7.4.4 of IEC
             61508-3)
Table E.14 - Software design and development: detailed
             design (see 7.4.5 and 7.4.6 of IEC 61508-3)
             (this includes software system design, software
             module design and coding)
Table E.15 - Software design and development: software
             module testing and integration (see 7.4.7 and
             7.4.8 of IEC 61508-3)
Table E.16 - Programmable electronics integration (hardware
             and software) (see 7.5 of IEC 61508-3)
Table E.17 - Software safety validation (see 7.7 of IEC
             61508-3)
Table E.18 - Modification (see 7.8 of IEC 61508-3)
Table E.19 - Software verification (see 7.9 of IEC 61508-3)
Table E.20 - Functional safety assessment (see clause of IEC
             61508-3)

Provides guidelines and information on parts -2 an -3 of IEC 61508. Should be read in conjunction with certain sections of IEC 61508-2 and -3. Gives a brief outline of requirements of parts -2 and -3 of the standard, and sets out functional steps in their application. Covers an example technique to calculate probabilities of hardware failure, gives a worked example of calculating diagnostic coverage, gives a methodology for quantifying the effect of hardware-related common cause failures on the probability of failure, and gives worked exampleso of the application of the software safety integrity tables.