Professional Documents
Culture Documents
yaD 03 EERF
Software is no longer a bit-part contributor to electro-mechanical systems but is now the underlying technology providing
functional safety for products in many market segments. The requirement for software functional safety has therefore become a
LAIRT
critical topic in industrial automation, transportation, nuclear energy generation and similar sectors. IEC 61508:2010 “Functional
safety of electrical/electronic/programmable electronic safety-related systems” is widely accepted as a reference standard.
Although IEC 61508 is often applied directly in the development of safety critical systems, its generic nature also makes it an ideal
“blank canvas” for the derivation of industry and sector specific standards.
IEC 61508 and functional safety
What are IEC 61508 SILs (Safety Integrity Levels)?
What other standards are related to IEC 61508?
IEC 61508 and IEC 61511
IEC 61508 and ISO 26262
IEC 61508, ISO 13849, and IEC 62061
How does LDRA help with IEC 61508 compliance?
IEC 61508-3 §7.2: Software safety requirements specification
IEC 61508-3 §7.4.4: Requirements for support tools
IEC 61508-3 §7.4.5: Requirements for detailed design and development – software system design
IEC 61508-3 §7.4.7: Requirements for software module testing and §7.4.8: Requirements for software integration
testing
IEC 61508-3 §7.5: Programmable electronics integration
IEC 61508-3 §7.7: Software aspects of system safety validation
IEC 61508:2010 §7.8: Software modification
Tool Qualification
Further reading
IEC 61508 pdf free download
IEC 61508 further information
yaD 03 EERF
standard, “Examples of methods for the determination of safety integrity levels” which explains different quantitative approaches
LAIRT
to the derivation of SILs.
Annex A of that standard discusses the concept of “Necessary risk reduction”. Tolerable risk is dependent on such as the severity
of injury, the number of people exposed to danger, and the frequency and duration of that exposure.
The standard goes on to define Safety Integrity as “… the probability of a safety-related system satisfactorily performing the
required safety functions under all the stated conditions within a stated period of time”.
The SIL assigned to each safety function therefore depends the probability of failure, which can be derived in several different
ways. The higher the probability of failure, the higher the SIL (from SIL1, through SIL2 and SIL3, to SIL4) and the more demanding
the overheads on software development to make the risk acceptable.
The SIL safety categories are:
yaD 03 EERF
ISO 13849 “Safety of machinery — Safety-related parts of control systems” is one of two standards that are harmonized to the EU’s
Machinery Directive, with EN IEC 62061 “Safety of machinery, functional safety of safety-related electrical, electronic and
LAIRT
programmable electronic control systems” covering similar ground. A third standard IEC/ISO 17305 to merge the two has been
cancelled. In the meantime, ISO 13849-1 suggests that SRP/CS designed to an appropriate level in any of the standards ISO
13849, IEC 62061 and IEC 61508 can be combined.
yaD 03 EERF
LAIRT
IEC 61508-3 §7.5: Programmable electronics integration
The integrated software is to be proven on the target programmable electronic hardware to ensure compatibility and to meet the
requirements of the intended safety integrity level. The standard requires that both functional and “black box” tests are performed
to check the dynamic behaviour under real functional conditions
Structural code coverage analysis can be supported by unit test, system test, or a combination of the two, operating in tandem. For
instance, a preferred approach might be to use dynamic system test to generate coverage of most of the source code, and to
supplement it using unit tests to exercise code constructs which are inaccessible during normal operation.
To complete the structural coverage analysis, boundary values could be provided manually or generated automatically to check the
permissible and inadmissible ranges.
yaD 03 EERF
LAIRT
IEC 61508-3 §7.7: Software aspects of system safety validation
This section details how it is to be confirmed that the integrated system complies with the software safety requirements
specification at the required safety integrity level.
During development, the TBrun component of the LDRA tool suite is used to confirm that the functions of a system or program
behave as the specification dictates. The stored test data is reused for regression analysis to confirm ongoing adherence to the
specified requirements. Automated requirements tracing complements this approach by providing forward and backward
traceability between the software safety requirements specification and software safety validation plan.
Tool Qualification
The LDRA tool suite is TUV certified for security- and safety-critical development, including projects developed in accordance with
IEC 61508.
Where proof of fitness-for-purpose within a specified tool chain is required, the LDRA Tool Qualification Support Packs (TQSPs)
contain the test cases to demonstrate both the structural coverage analysis and programming rules checking capabilities of the
tool suite itself. In addition, associated documentation for the development and verification of the product is provided, including
plans, procedures, and expected results.
Further reading
yaD 03 EERF
Technical white paper: implementing IEC 61508:2010 with the LDRA tool suite
LAIRT
IEC 61508 further information
Functional safety with legacy software – case study
Process control gets serious with IEC 61508 and IEC 62443-4-1 in tandem
Clarifying and fulfilling test tool qualification requirements
The safety integrity levels of IEC 61508 and a revised proposal
Company
About Us
ISO and TÜV certification
Partners
Careers
Newsroom
Resource Centre
Blog
Contact Us
Email Us
Email: info@ldra.com
Call Us
EMEA: +44 (0)151 649 9300
USA: +1 (855) 855 5372
INDIA: +91 80 4080 8707
yaD 03 EERF
LAIRT