In my last Blog, I promised a discussion on the various functional safety standards. As someone once said about standards, the great thing about standards is “that there are so many to choose from”.

IEC 61508 is what is referred to as an A level or basic standard. It is meant to be non-application specific and to be a general standard. From it are derived sector specific standards such as ISO 26262 for automotive or IEC 62061 for machinery. These sector specific standards are referred to as level B standards. The bottom tier of standards are level C standards and apply to specific pieces of equipment.

There are also some standards such as ISO 13849 or the avionics standards such as D0-254/D0-178C which are not derived from IEC 61508 but if you look at the table of contents in any of these you will note that they cover all the same areas and topics as IEC 61508. Some of these standards such as ISO 13849 refer back to IEC 61508 for complex technology or in the case of the medical standards for the detailed software techniques. Others such as the robot safety standard ISO 10218-1 give SIL and PL from IEC 61508 and ISO 13849 to specify the safety integrity requirements.

Standards are published by various groups including ISO, IEC, ISA, IEEE, UL, CENELEC and many others. The ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) are the two main international standards organizations and the members of these groups are the main standards bodies within a country. For instance, in Ireland the members are the NSAI (National standards authority of Ireland). Each national standards body can then nominate experts to take part in drafting and reviewing the standards. The group dealing with IEC 61508 are split into IEC TC 65/SC 65A/MT 61508-1/2 and IEC 61508/TC 65/SC 65A/MT 61508-3. These standards are meant to be developed by consensus and are therefore referred to as consensus standards. A criticism of this approach is that some people interpret the standards as being the minimum necessary on the basis that this was “all the committee could agree on”. There is some merit in this criticism in that compliance is the minimum you are required to do and in many cases it is also the most you are “required” to do. If consensus cannot be reached then sometimes a standard is not published but instead it is a technical specification. Within a standard such as IEC 61508 some of the parts will be normative and some of the parts will be informative. Normative parts contain the actual requirements of the standard and the informative parts give guidance on how to apply the normative parts.

The standards can be difficult to read and legalistic as shown below and I would advocate reading a good book on the topic if you want to get an overview of the topic. In a future blog, I will feature a functional safety book review. If you do insist on wanting to read the standards they cost in the region of $250/Euro 250 per standard and can be bought directly from the IEC, ISO or your national standards body (note – IEC 61508 is in 7 parts and ISO 26262 is in 10 so buying all the parts will cost upwards of Euro 2000).

Most standards also include the idea of tailoring whereby the standard needs to be interpreted depending on the task in hand and the non-relevant bits can be skipped. As Mike Miller a functional safety expert told us during a functional safety training course “Functional safety should be common sense written down”. When tailoring a standard, you should record the reasons for your decisions as to why you are skipping bits. If you don’t write down your reasons you could be accused of being negligent. If you write down your reasons for not performing some of the actions required then you are at worst stupid.

Sometimes the standards bodies cooperate and a standard can have multiple names such as IEC/ISO/IEEE 5288:2015 on Systems and Software engineering.

Complying with the standards is not normally legally necessary. However, it can be and things like the machinery directive within the EU insist that all machines must be design to “state of the art”. Complying with IEC 61508 and ISO 13849 given evidence that you followed a state of the art development process. Complying with standards such as IEC 61508 can also be put forward as part of the defence case if a company is sued as you have followed state of the art.

Video of the Day: I normally try to pick an entertaining video as the video of the day, this one is a bit alarmist but gives an idea of the importance of complying with the necessary standards -

Next Time: The discussion will be a more detailed look at IEC 61508 and the life cycle it advocates.


Notes: For more on level A, B and C standards see ISO 12100

Enjoying the Safety Matters series? Tell us by liking the blog posts or commenting below. You may find more Safety Matters blogs here.


Top Comments

  • The bottom tier of standards are level C standards and apply to specific pieces of equipment.

    Thanks for the excellent series so far! I've gone over the ISO 12100 to try and see how a…

    •  Analog Employees 
    over 2 years ago in reply to kalshecyraut

    Hi kalshecryaut,

                                  my next blog due to be published at the end of April 2018 will cover the topic of functional safety and security. I have often estimated the overlap between the domains to be as high as 90% but some experts believe it is only 60% to 70%. FIPS 140-2 is a straight cyber security standard with a specific emphasis on cryptographic functionality and so would not appear on a list of functional safety standards. However as you will see from my next blog you can't be safe unless you are also secure. 

  • The bottom tier of standards are level C standards and apply to specific pieces of equipment.

    Thanks for the excellent series so far! I've gone over the ISO 12100 to try and see how a NIST FIPS validation would fit into the Safety Standards you've covered so far, I thought for sure it would be included as one of the level C standards as each FIPS validation is tied to a unique operating environment but I can not find a reference to it.

    Could you do a post on how a FIPS 140-2 Level 1, 2, 3, or 4 validation pertains to any of the IEC standards if at all?


    Thanks for your consideration!