I have sat in a standardization meeting for an hour while the wording of one sentence was debated to everybody’s satisfaction. I have also sat in meetings where we debated what the existing standard means. Despite the effort what is written is often still not clear. In a previous blog I dealt with terminology used in standards and in an upcoming blog I will deal with gaining access to standards, how standards are written and other exciting topics on the same vein. Today let's try to clear up some misinterpretations and talk about how to read standards.
Firstly name and number of the standard can be significant. Most international consensus standards come from either the IEC or ISO. Sometimes the standard will be a joint one such as ISO/IEC 27001 and sometimes it can include the IEEE such as ISO/IEC/IEEE 15288. The most significant thing about the number is that multi-part standards such as ISO 26262, IEC 61508 and IEC 62443 will group the related parts together using an extension such as -1, -2 or even -3-1.
Sometimes you will see EN at the front of a standard such as EN 50402 which means that the standard is a European norm and a key enabler of the single European market. You may also see IEC TR or IEC TS at the start of the title to indicate a technical report or technical specification rather than a full standard. A technical specification is generally published when “the subject in question is still under development or where for any other reasons there is the future but no immediate possibility of an agreement to publish” as an international standard. An example is IEC TS 61508-3-1 on the reuse of preexisting software. Work is currently underway to incorporate the contents of this TS into the next revision of IEC 61508-3. A technical report is an informative document of some type for instance IEC/TR 62366-2:2016 which gives guidance on the application of usability engineering to medical devices.
Within a standard the first thing I look at is to see what is in scope. Sometimes you will be surprised as to what is in scope and what is out of scope. Take the toxic gas sensor safety standards – the scope of includes fixed and portable devices.
Figure 1 - example from the scope of a standard
It also says that it applies to both hardware and software and that it applies even for SIL 0 (doesn’t exist but you know what I mean) with additional requirements at SIL 1.
Similarly the scope of EN 50402 then clarifies when it applies instead of EN 50271 (including the higher SIL and for SIL 1 high demand). If you didn’t read the scope you might apply the wrong standard.
The next thing I believe is important to check is whether that part of the standard is normative or informative. For instance IEC 61508:2010 comes in seven parts but only four are normative and the other three are informative. Informative means that part of the standard gives only guidance on how to apply the other parts and doesn’t contain any requirements. Similarly the titles of Annexes to a standard will also say whether the Annex is normative or informative and all notes by definition are informative. Since only normative parts of the standards contain requirements if you want to claim compliance with the standard then normative vs informative is very important.
The ISO/IEC directives parts 1 and 2 give good guidance on what is in standards and how they should be written which aids in their interpretation – see https://www.iso.org/directives-and-policies.html where these documents are free to download and access.
Part 2 for instance describes the language to be used to express requirements, permissions etc.
Figure 2 - guidance on specifying requirements in a standard
There is another way to express requirements within the key IEC 61508 standards, the required techniques and measures are often specified as M, HR and R as shown below depending on the SIL (Unfortunately in the present version the definitions in the different parts of IEC 61508 are different and hopefully this will be resolved in the next edition). The definitions below are from IEC 61508-2:2010 Annex F.
Figure 3 - typical key from tables in IEC 61508 series
The sector specific standard ISO 26262 derived from IEC 61508 tends to use “+” and “++” to represent R and HR but the meanings are similar. In my view if something is recommended and you in your wisdom feel you know more than the committee who produced the standard and don’t need to complete that item, you need to document and justify your decision. For a recommended item I believe a relatively short justification is okay. For a highly recommended item a more comprehensive justification of why the item is not being done is required.
To claim compliance with a standard you need to show you have complied with all applicable requirements. This means that you may need to access several parts of a multi-part standard. For instance if you do a hardware only part according to IEC 61508 you need at least access to IEC 61508-1, IEC 61508-2. If you do a software part you probably need IEC 61508-1, IEC 61508-2 and IEC 61508-3 as part 3 makes several references back to part 2. In both cases you probably need access to part 4. In a future blog I will give some guidance on getting access to the standards. In general I like a paper copy of the standards because I like to underline and highlight the standards and write in notes once I achieve a level of insight on the standard. Reading parallel standards are a great way of getting such insight e.g. reading ISO 26262, IEC 61511 and the rail safety standards are particularly useful for to better understand IEC 61508. Often topics such as data driven devices can be treated better in one standard than another.
Standards can be hard to interpret and easy to misunderstand. Therefore a good book on the subject can often be a better read than the standard itself even if it is a lot longer. Although not a book, the IFA guidance on the application of ISO 13849 it is far more readable and comes with more examples that you could justify including in a standard– see https://www.dguv.de/medien/ifa/en/pub/rep/pdf/rep07/biar0208/rep22008e.pdf where the document is freely available.
Despite what I have said above a lot of effort goes into making standards more readable and understandable. It is very difficult to write something which cannot be misinterpreted which is why we have judges and a legal profession to interpret the law. Another similarity between standards and the law; it is hard to cope with every eventuality. In this regard standards often come in level A, B and C with IEC 61508 being a level A or basic safety standard able to cope with many application areas but at the cost of being more general in its composition to facilitate multiple possible applications. Level B and C standards are more specific and often easier to interpret.
Hopefully the above guidance will help you get more from the standards you do read.
This week’s video is from Hans Rousling where he talks about our ignorance of the world – hopefully standards play a part in reducing this ignorance – see https://www.youtube.com/watch?v=Sm5xF-UYgdg