What we know today as functional safety started with the IEC 61508 standard, released in 1998. The IEC 61508 standard is a generic functional safety standard which can be applied to any kind of safety system as long as the safety system has elements based on electrical, electronic or programmable electronic (E/E/PE) technology. This does not mean that the whole safety system needs to be based on E/E/PE technology. The safety system is allowed to have elements based on other technologies like mechanical, electro-mechanical or even pneumatic elements.
IEC 61508 has changed the safety world for good.
Contact me about IEC 61508
The IEC 61508 is a complete standard and it addresses requirements over the full lifecycle of the safety system. This means that it is a standard that affects any stakeholder of a safety system, including:
And within these companies basically any department is affected. It is not a standard that can just be dumped on the desk of the hardware and software engineers to be dealt with. The standard has requirements for all stakeholders.
When the IEC 61508 standard was released in 1998, it was the only international standard in the world addressing E/E/PE based safety systems. Any kind of safety system, in any kind of industry, could potentially be addressed by this standard. When it was released not every industry embraced it (immediately). Today though, it is seen as the mother of all functional safety requirements, for any industry sector or application specific functional safety standards.
The standard itself consists of the following seven parts:
Not all parts of the standard are normative. “Normative” means that the requirements in that part need to be met in order to be able to state that you comply with the standard. Only parts 1-4 are normative. Parts 5, 6 and 7 are only informative. “Informative” means you do not need to comply with it. You can take it as extra information, as example or additional guidance on how to interpret the standard.
Part 1 is called “General requirements” but it is much more than that. The part not only holds the general requirements that apply to documentation and functional safety management. It also holds the requirements for the end-users, or better, the process owners. Remember IEC 61508 is a general purpose standard and this “process” can be anything. It can be a roller coaster at a fun park, a heart pump in a hospital, an oil platform, a chemical plant, a road tunnel or even a revolving door at an airport. It does not matter what the process is, if there is no sector specific functional safety standard then IEC 61508 can always be applied.
Part 1 also addresses the lifecycle requirements for the process owners and requires, for example, a hazard and risk analysis to be performed on the process. If the hazard and risk analysis identifies hazards that need to be protected by a safety system, then the standard sends you to part 2, if you implement this safety system (partly) in E/E/PE hardware. If the hardware also holds software, then you also need to apply part 3 of this standard.
Thus part 1 helps identify the needed safety functions and part 2 and 3 actually designs and develops the safety system and is mainly the play ground for hardware and software engineers and system integrators. Part 4, the last normative part, has an overview of all the terms, abbreviations and their definitions used in the standard. Sometimes these definitions make things much clearer, sometimes you still do not understand what they are talking about. Don’t forget it is an international standard written by participants from the whole world and from any kind of industry. In the end the standard is a big international compromise and although its intentions are good, it is not always easy to understand and thus to apply.
Today the IEC 61508 standard is seen as an umbrella standard. This means that many industries and applications have written their own functional safety standard addressing functional safety requirements specifically to their needs using IEC 61508 as their framework.
Yes, IEC 61508 is a standard that addresses a safety system over its full lifecycle. End the lifecycle starts with the enduser.
Yes, IEC 61508 is one of the few generic standards that have requirements for hardware and software used in safety systems. Every safety product should use as basis IEC 61508. Today there are also application specific standards. Usually they go hand in hand with IEC 61508.
Yes but there is a condition. At least one of the devices in the safety function that you are building needs to be electrical/electronic/programmable electronic. Most safety functions today include mechanical devices as well. Any device that you use, to built a safety function that falls under IEC 61508, needs to comply with IEC 61508. It does not matter of which technology these devices are. In practice you see electrical, electronic, programmable electronic, mechanical, and electromechanical devices and even pneumatic systems.
Of course. The intention with safety systems is usually protect people and environment. But the functional safety principle can easily be applied to any kind of “problem”. Wether it is financial loss, image loss, or any other kind of loss a company might endure.
The theoretical answer is: No, not at all. The word certification does not even exist in the requirements of the standard. The only thing the standards requires besides that work that needs to be done is verification, validation and assessment.
The practical answer is: Without certification nothing works in the functional safety world. Everything basically needs to be certified. This is driven from industry though, not from the standard.
Yes. We have developed the Risknowlogy Certification Program. Through this program we certify elements, products, solutions, systems, organisations and professionals according to IEC 61508 and other functional safety standards.
If you use, for example, a product in a safety loop then this product needs to be compliant. In theory you have two options to proof whether the product is compliant, or not. Either you analyse the product yourself, or you buy independently certified devices. The first is not an option for the simple reasons that first of all the supplier of the product does give you access to the internals of a device and second of all even if they did, do you have the knowledge and the time to go and analyse it? Certification is a convenient why to have an independent party, like Risknowlogy, confirm that a product is compliant.