Institute of Measurement and Control. Functional Safety 2016
Page 3
Many of these concepts are specifically aimed at reducing systematic failures. Being systematic in our
approach is therefore, not surprisingly, a key aspect of combating systematic failures.
Adopting Relevant Techniques and Measures
In IEC61508 there are essentially three routes to achieving a specific systematic capability, Routes
1s, 2s and 3s. Route 1s is the route most often taken by product manufacturers, particularly for logic
solvers, and it involves the use of various techniques and measures (T&M’s) as outlined in tables
which are to be found in IEC61508-2 and IEC61508-3. These techniques and measures are
principally aimed at either controlling or avoiding systematic failures. There are selection criteria
included to help assess which techniques and measure should be selected and the degree of rigour
which should be employed depending on the targeted Systematic Capability.
Figure 2 An Example of Technique/Measure – Coded Processing
Route 2s is essentially a “proven in use” method and route 3s is more specialised and is specifically
for pre-existing software elements.
Software is of particular concern in relation to systematic error. It is difficult to assess software for
errors quantitatively so a more qualitative approach is typically used. The steps necessary to
maximise software safety integrity throughout the lifecycle are comprehensively addressed throughout
IEC 61508-3 and in the normative requirements contained in Annex A – which comprises 10 tables
covering the whole of the software lifecycle - and also in the associated informative aspects of Annex
B.
For a logic solver the target in terms of systematic capability is generally SC 3. This choice of SC level
dictates which of the various techniques and measures must be used. In some cases it is clear cut but
for some there are choices to be made. The degree of rigour with which these T&Ms have to be
implemented is also related to the SC level. The higher the SC the more rigour is required.
Some of the T&Ms relate to ways of working such as “Project Management”, some relate to the way
in which a product works and its functionality so the selection can vary depending on which
techniques are applicable, but the selections are documented, as is the rationale for compliance. The
chosen functionality to meet the T&M requirements forms part of the overall product requirements
specification and are implemented as part of the product lifecycle management with full traceability
back to IEC 61508. Functional Safety is included as part of product lifecycle management. Extra
checks are made at the relevant quality gates / stages to ensure the necessary steps have been
taken to comply. This applies throughout the lifecycle.