IEC 61508ED2: series 03
[Author]
Renhong WENG, Safety, and Security, and RAMS investigator.
First: retrospeck overview
we can have more discussions deeper into IECs, as overviewed in the series 01:
| Part | Context | Mapping ISOs | ISOs Part |
| 1 | Concept: to be FSRs, allocation to E/E/PE systems Scope: define item boundary definition: attribute concerned Hazard and risk analysis: Safety functions, and safety integrity Installation, commissioning, safety validation Assessment Management | FSC Item definition HARA Production to decommissioning safety validation | ISOs-3 ISOs-4-safety validation ISOs-7 ISOs-2 |
Second: deeper into IECs-1
| Topic | IECs | ISOs |
| General requirements | 1/requries malevolent and unauthorised actions to be considered during hazard and risk analysis. 2/does not apply for medical equipment in compliance with the IEC 60601 series | |
| overall safety lifecycle requirements in 7.1.15 |
| |
| software safety lifecycle | Hardware and Software integration located in SW lifecycle | SW lifecycle in 26262 will include HW/SW into system safety development phase |
| Overall safety lifecycle | concept overall scope definition Hazard and risk analysis Overall safety requirements Overall safety requirements allocation Overall operation and maintenance planning Overall safety validation planning Overall installation and commissioning planning E/E/PE system safety requirements specification E/E/PE safety related systems: realisation Other risk reduction measures: specification and realisation Overall installation and commissioning Overall safety validation Overall operation, maintenance and repair Overall modification and retrofit Decommissioning or disposal | item definition HARA FSC, FSRs TSC, TSRs FSM HSIS HSR, SSR HARC, SARC, HW design, SW design, HW integration, SW integration HW int test, SW int test HW/SW int test system int test embedded SW item int test safety validation Rlease for production FUSA assessment production, development operation and decommissioning or disposal treatment |
| HARA | 7.4.1.1 including fault conditions and reasonably foreseeable misuse 7.4.1.2 Determine the event sequences leading to the hazardous events 7.4.2.3 The hazards, hazardous events and hazardous situations of the EUC and the EUC 7.4.2.4 The event sequences leading to the hazardous events determined in 7.4.2.3 shall be | 1/No detail description of misuse and its relationship with security related threats 2/No consideration of malevolent or unauthorised action in ISOs, howevery in the communication failure modes, we still can see ISOs regard masequerading as one of failure modes, which is not correct. 3/EVent sequence may also highlighted in HARA 4/ |
| Overall safety requirements | 7.5.2.2 If security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements. 7.5.2.5 If, in assessing the EUC risk, the average frequency of dangerous failures of a single | 1/No requirements in this field 2/No similar requirements in this field |
| Requirement allocation | 7.6.2.5 The safety integrity requirements for each safety function shall be specified in terms of either – the average probability of a dangerous failure on demand of the safety function, for a low demand mode of operation, or – the average frequency of a dangerous failure of the safety function [h-1] for a high demand or a continuous mode of operation. 7.6.2.6 The allocation of the safety integrity requirements shall be carried out using appropriate techniques for the combination of probabilities. 7.6.2.7 common cause failure design guideline 7.6.2.9 PFDavg is the average probability of dangerous failure on demand of safety function, on low demand, per time PFHavg is the average probability of dangerous failure on demand of safety functionm on high demand and continuous mode 7.6.2.11 SIL4 related safety consideration | 7.6.2.5/ N/A for this requirement 7.6.2.6/ Dependent analysis 7.6.2.7/Dedendent failure analysis 7.6.2.9/ Automotive safety only focus on high demand/continuous mode 7.6.2.11/ Comparable to ASIL D related countermeasures |
| Overall operation and maintenance planning | 7.7.2.2 Reliability like MTTR, Availability shall also be highlighted in the manual 7.7.2.3 The routine maintenance activities that are carried out to detect unrevealed faults | 1/Not in speciality in standard for highlight 2/61508 has following failure types: detected--automatic diagnosed tests, or connected safety logic solver undetected revealed- proof test,operator intervention, normal operation and maintenance, unrealed |
| Overall installation, and commissioning plan | 7.9 | No such chapters, a problems when dealing ISO-chapter 7 |
| E/E/PE system safety requirements specification | 7.10.2.7 f) the electromagnetic immunity limits that are required to achieve functional safety. These | 1/26262 no such discussions |
| Overall operation, maintenance and repair | 7.15.2.4 The exact requirements for chronological documentation will be dependent on the specific product or application and shall, where relevant, be detailed in product and applicationsector international standards, detail process see following: see note | 1/ISOs didnot have such detial requirements, but in SOTIF, it has |
| Overall modification and retrofit | 7.16 | 1/ISOs didnot have such detial requirements,but in SOTIF, it has |
| Functional safety assessment | 8 8.2.16 8.2.17 8.2.18 | ISO-2, but everything different, like confirmation measure |
Third: IECs diagram
-1, 7.15.2.4
IECs-1-7.16
Functional safety assessment
[Ref]
1.https://mp.weixin.qq.com/s?__biz=Mzg5NTIwMTEzOA==&mid=2247484182&idx=1&sn=977fdfac50965fb443adf5f849db36a7&chksm=c012b90bf765301dc9ca8420ebb939bb75798ef39462aa9b38d72910ce0a1c3908c99c4c1cd8&token=1295244017&lang=zh_CN#rd
- 用户评论