BS/EN 61508-2-2010 pdf download.Functional safety of electrical! electronic/programmable electronic safety-related systems Part 2: Requirements for electricaVelectronic/ programmable electronic safety-related systems.
software architecture, sensors, actuators, programmable electronics, ASICs, embedded software, application software, data etc.), shall meet all of the requirements a) to e) as follows:
a) the requirements for hardware safety integrity comprising:
— the architectural constraints on hardware safety integrity (see 7.4.4), and
– the requirements for quantifying the effect of random failures (see 7.4.5);
b) the special architecture requirements for ICs with on-chip redundancy (see Annex E), where relevant, unless justification can be given that the same level of independence between different channels is achieved by applying a different set of measures;
C) the requirements for systematic safety Integrity (systematic capability), which can be met by achieving one of the following compliance routes:
— Route is: compliance with the requirements for the avoidance of systematic faults (see 7,4.6 and IEC 61508-3) and the requirements for the control of systematic faults (see
7.4.7 and IEC 61508-3). or
— Route 2s: compliance with the requirements for evidence that the equipment Is proven in use (see 7.4.10). or
— Route (pre-existing software elements only): compliance with the requirements of
IEC 61508-3, 7.4.2.12;
NOTE The ‘S subscnpt in the above routes designates systematic safety integrity to distinguish it from
Route and Route 2H for hardware safety integrity
d) the requirements for system behaviour on detection of a fault (see 7.4.8);
e) the requirements for data communication processes (see 7.4.11).
7.4.2.3 Where an E/E/PE safety-related system is to implement both safety and non-safety functions, then all the hardware and software shall be treated as safety-related unless it can be shown that the implementation of the safety and non-safety functions is sufficiently independent (i.e. that the failure of any non-safety-related functions does not cause a dangerous failure of the safety-related functions).
NOTE 1 Sufficient independence of implementation is established by showing that the probability of a dependent failure between the non-safety and safely-related parts is sufficiently low in comparison with the highest safety integrity level associated with the safety functions involved
NOTE 2 Caution should be exercised if non-safely functions and safety functions are Implemented in the same E/E/PE safety-related system. While this is allowed in the standard, It may lead to greater complexity and increase the difficulty In carrying out E1EPE system safety lifecycle activities (for example design. validation, functional safety assessment and maintenance).
7.4.2.4 The requirements for hardware and software shall be determined by the safety integrity level of the safety function having the highest safety integrity level unless It can be shown that the implementation of the safety functions of the different safety integrity levels is sufficiently Independent.
NOTE 1 Sufficient independence of implementation Is established by showing that Ihe probability of a dependent failure between the parts Implementing safety functions of different Integrity levels is sufficiently low in companson with the highest safety integrity level associated with the safety functions involved,
NOTE 2 Where several safety functions are implemented in an EIEIPE safety-related system then ii will be necessary to consider the possibility that a single fault could cause a failure of several safety functions. In such a situation, it may be appropriate to determine the requirements for hardware and software on the basis of a higher safety integrity level than is associated with any one of the safety functions, depending on the risk associated with such a failure.
7.4.2.5 When independence between safety functions is required (see 7.4.2.3 and 7.4.2.4) then the following shall be documented during the design:
a) the method of achieving independence;
b) the justification of the method.
EXAMPLE Addressing foreseeable failure modes, that may undermine independence, and their failure rates, use of FMECA or dependant failure analysis.
7.4.2.6 The requirements for safety-related software (see IEC 61508-3) shall be made available to the developer of the E/E/PE safety-related system.
7.4.2.7 The developer of the EIEIPE safety-related system shall review the requirements for safety-related software and hardware to ensure that they are adequately specified. In particular, the EIEIPE system developer shall consider the following:
a) safety functions;
b) E/E/PE safety-related system safety integrity requirements;
C) equipment and operator interfaces.
7.4.2.8 The EIE/PE safety-related system design documentation shall specify those techniques and measures necessary during the E/E/PE system safety lifecycle phases to achieve the safety integrity level.
7.4.2.9 The EIE/PE safety-related system design documentation shall justify the techniques and measures chosen to form an integrated set that satisfies the required safety integrity level.
NOTE The adoption of an overall approach employing independent type approval of the EIEIPE safety-related systems (including sensors, actuators, etc) for hardware and software, diagnostic tests and programming tools, and using appropriate languages for software wherever possible, has the potential to reduce the complexity of E/EIPE system application engineering.
7.4.2.10 During the design and development activities, the significance (where relevant) of all hardware and software interactions shall be identified, evaluated and documented.BS/EN 61508-2-2010 pdf download.