Institute of Measurement and Control. Functional Safety 2016

Page 3

Many of these concepts are specifically aimed at reducing systematic failures. Being systematic in our

approach is therefore, not surprisingly, a key aspect of combating systematic failures.

Adopting Relevant Techniques and Measures

In IEC61508 there are essentially three routes to achieving a specific systematic capability, Routes

1s, 2s and 3s. Route 1s is the route most often taken by product manufacturers, particularly for logic

solvers, and it involves the use of various techniques and measures (T&M’s) as outlined in tables

which are to be found in IEC61508-2 and IEC61508-3. These techniques and measures are

principally aimed at either controlling or avoiding systematic failures. There are selection criteria

included to help assess which techniques and measure should be selected and the degree of rigour

which should be employed depending on the targeted Systematic Capability.

Figure 2 An Example of Technique/Measure – Coded Processing

Route 2s is essentially a “proven in use” method and route 3s is more specialised and is specifically

for pre-existing software elements.

Software is of particular concern in relation to systematic error. It is difficult to assess software for

errors quantitatively so a more qualitative approach is typically used. The steps necessary to

maximise software safety integrity throughout the lifecycle are comprehensively addressed throughout

IEC 61508-3 and in the normative requirements contained in Annex A – which comprises 10 tables

covering the whole of the software lifecycle - and also in the associated informative aspects of Annex

B.

For a logic solver the target in terms of systematic capability is generally SC 3. This choice of SC level

dictates which of the various techniques and measures must be used. In some cases it is clear cut but

for some there are choices to be made. The degree of rigour with which these T&Ms have to be

implemented is also related to the SC level. The higher the SC the more rigour is required.

Some of the T&Ms relate to ways of working such as “Project Management”, some relate to the way

in which a product works and its functionality so the selection can vary depending on which

techniques are applicable, but the selections are documented, as is the rationale for compliance. The

chosen functionality to meet the T&M requirements forms part of the overall product requirements

specification and are implemented as part of the product lifecycle management with full traceability

back to IEC 61508. Functional Safety is included as part of product lifecycle management. Extra

checks are made at the relevant quality gates / stages to ensure the necessary steps have been

taken to comply. This applies throughout the lifecycle.