BS EN 61508-2-2010 Functional safety of electrical electronic programmable electronic safety-related systems Requirements for electrical electronic programmable electronic safety-r.pdf

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationFunctional safety of electrical/electronic/programmable electronic safety-related systemsPart 2: Requirements for electrical/electronic/programmable electronic safety-related sys

2、temsBS EN 61508-2:2010National forewordThis British Standard is the UK implementation of EN 61508-2:2010. It isidentical to IEC 61508-2:2010. It supersedes BS EN 61508-2:2002 which iswithdrawn.The UK participation in its preparation was entrusted by Technical CommitteeGEL/65, Measurement and control

3、, to Subcommittee GEL/65/1, System considerations.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions of acontract. Users are responsible for its correct application. BSI 2010ISBN 9

4、78 0 580 56234 1ICS 13.260; 25.040.40; 29.020Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of the StandardsPolicy and Strategy Committee on 3 Ju 2010.Amendments issued since publicationAmd. No. Date Text affect

5、edBRITISH STANDARDBS EN 61508-2:2010ne0EUROPEAN STANDARD EN 61508-2 NORME EUROPENNE EUROPISCHE NORM May 2010 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marn

6、ix 17, B - 1000 Brussels 2010 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 61508-2:2010 E ICS 25.040.40 Supersedes EN 61508-2:2001English version Functional safety of electrical/electronic/programmable electronic safety-related

7、 systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems (IEC 61508-2:2010) Scurit fonctionnelle des systmes lectriques/lectroniques/lectroniques programmables relatifs la scurit - Partie 2: Exigences pour les systmes lectriques/lectroniques/lectroniqu

8、es programmables relatifs la scurit (CEI 61508-2:2010) Funktionale Sicherheit sicherheitsbezogener elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 2: Anforderungen an sicherheitsbezogene elektrische/elektronische/programmierbare elektronische Systeme (IEC 61508-2:2010) Thi

9、s European Standard was approved by CENELEC on 2010-05-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical ref

10、erences concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC

11、 member into its own language and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hun

12、gary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 61508-2:2010EN 61508-2:2010 - 2 - Foreword The text of document 65A/549/FDIS, future edition 2 of IEC

13、61508-2, prepared by SC 65A, System aspects, of IEC TC 65, Industrial-process measurement, control and automation, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as EN 61508-2 on 2010-05-01. This European Standard supersedes EN 61508-2:2001. It has the status of a basic s

14、afety publication according to IEC Guide 104. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights. The following dates were fixed: latest date

15、 by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-02-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2013-05-01 Annex ZA has been added by CENELEC. _ Endorsement not

16、ice The text of the International Standard IEC 61508-2:2010 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: 1 IEC 61511 series NOTE Harmonized in EN 61511 series (not

17、 modified). 2 IEC 62061 NOTE Harmonized as EN 62061. 3 IEC 61800-5-2 NOTE Harmonized as EN 61800-5-2. 4 IEC 61508-5:2010 NOTE Harmonized as EN 61508-5:2010 (not modified). 5 IEC 61508-6:2010 NOTE Harmonized as EN 61508-6:2010 (not modified). 6 IEC 60601 series NOTE Harmonized in EN 60601 series (par

18、tially modified). 7 IEC 61165 NOTE Harmonized as EN 61165. 8 IEC 61078 NOTE Harmonized as EN 61078. 9 IEC 61164 NOTE Harmonized as EN 61164. 10 IEC 62308 NOTE Harmonized as EN 62308. 11 IEC 61000-6-2 NOTE Harmonized as EN 61000-6-2. 12 ISO 14224 NOTE Harmonized as EN ISO 14224. 14 ISO 9000 NOTE Harm

19、onized as EN ISO 9000. 15 IEC 60300-3-2 NOTE Harmonized as EN 60300-3-2. _ BS EN 61508-2:2010- 3 - EN 61508-2:2010 Annex ZA (normative) Normative references to international publications with their corresponding European publications The following referenced documents are indispensable for the appli

20、cation of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant

21、EN/HD applies. Publication Year Title EN/HD Year - - Relays with forcibly guided (mechanically linked) contacts EN 50205 - IEC 60947-5-1 - Low-voltage switchgear and controlgear - Part 5-1: Control circuit devices and switching elements - Electromechanical control circuit devices EN 60947-5-1 - IEC/

22、TS 61000-1-2 - Electromagnetic compatibility (EMC) - Part 1-2: General - Methodology for the achievement of functional safety of electrical and electronic systems including equipment with regard to electromagnetic phenomena - - IEC 61326-3-1 - Electrical equipment for measurement, control and labora

23、tory use - EMC requirements - Part 3-1: Immunity requirements for safety-related systems and for equipment intended to perform safety-related functions (functional safety) - General industrial applications EN 61326-3-1 - IEC 61508-1 2010 Functional safety of electrical/electronic/programmable electr

24、onic safety-related systems - Part 1: General requirements EN 61508-1 2010 IEC 61508-3 2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements EN 61508-3 2010 IEC 61508-4 2010 Functional safety of electrical/electronic/programmab

25、le electronic safety-related systems - Part 4: Definitions and abbreviations EN 61508-4 2010 IEC 61508-7 2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measuresEN 61508-7 2010 IEC 61784-3 - Industrial communication

26、networks - Profiles - Part 3: Functional safety fieldbuses - General rules and profile definitions EN 61784-3 - BS EN 61508-2:2010EN 61508-2:2010 - 4 - Publication Year Title EN/HD Year IEC 62280-1 - Railway applications - Communication, signalling and processing systems - Part 1: Safety-related com

27、munication in closed transmission systems - - IEC 62280-2 - Railway applications - Communication, signalling and processing systems - Part 2: Safety-related communication in open transmission systems - - IEC Guide 104 1997 The preparation of safety publications and the use of basic safety publicatio

28、ns and group safety publications - - ISO/IEC Guide 51 1999 Safety aspects - Guidelines for their inclusion in standards - - BS EN 61508-2:2010 2 61508-2 IEC:2010 CONTENTS INTRODUCTION.7 1 Scope.9 2 Normative references .12 3 Definitions and abbreviations12 4 Conformance to this standard.12 5 Documen

29、tation .13 6 Management of functional safety 13 7 E/E/PE system safety lifecycle requirements 13 7.1 General .13 7.1.1 Objectives and requirements general13 7.1.2 Objectives .13 7.1.3 Requirements 13 7.2 E/E/PE system design requirements specification .17 7.2.1 Objective .17 7.2.2 General .17 7.2.3

30、E/E/PE system design requirements specification18 7.3 E/E/PE system safety validation planning 19 7.3.1 Objective .19 7.3.2 Requirements 19 7.4 E/E/PE system design and development19 7.4.1 Objective .20 7.4.2 General requirements 20 7.4.3 Synthesis of elements to achieve the required systematic capa

31、bility22 7.4.4 Hardware safety integrity architectural constraints.23 7.4.5 Requirements for quantifying the effect of random hardware failures .32 7.4.6 Requirements for the avoidance of systematic faults .34 7.4.7 Requirements for the control of systematic faults.35 7.4.8 Requirements for system b

32、ehaviour on detection of a fault 35 7.4.9 Requirements for E/E/PE system implementation 36 7.4.10 Requirements for proven in use elements 38 7.4.11 Additional requirements for data communications 39 7.5 E/E/PE system integration.40 7.5.1 Objective .40 7.5.2 Requirements 40 7.6 E/E/PE system operatio

33、n and maintenance procedures .41 7.6.1 Objective .41 7.6.2 Requirements 41 7.7 E/E/PE system safety validation 42 7.7.1 Objective .42 7.7.2 Requirements 42 7.8 E/E/PE system modification.43 7.8.1 Objective .43 7.8.2 Requirements 43 7.9 E/E/PE system verification 44 7.9.1 Objective .44 BS EN 61508-2:

34、201061508-2 IEC:2010 3 7.9.2 Requirements 44 8 Functional safety assessment.46 Annex A (normative) Techniques and measures for E/E/PE safety-related systems control of failures during operation47 Annex B (normative) Techniques and measures for E/E/PE safety-related systems avoidance of systematic fa

35、ilures during the different phases of the lifecycle .62 Annex C (normative) Diagnostic coverage and safe failure fraction71 Annex D (normative) Safety manual for compliant items 74 Annex E (normative) Special architecture requirements for integrated circuits (ICs) with on-chip redundancy .76 Annex F

36、 (informative) Techniques and measures for ASICs avoidance of systematic failures .81 Bibliography89 Figure 1 Overall framework of the IEC 61508 series 11 Figure 2 E/E/PE system safety lifecycle (in realisation phase)14 Figure 3 ASIC development lifecycle (the V-Model)15 Figure 4 Relationship betwee

37、n and scope of IEC 61508-2 and IEC 61508-3 15 Figure 5 Determination of the maximum SIL for specified architecture (E/E/PE safety-related subsystem comprising a number of series elements, see 7.4.4.2.3) 28 Figure 6 Determination of the maximum SIL for specified architecture (E/E/PE safety-related su

38、bsystem comprised of two subsystems X has been conceived with a rapidly developing technology in mind; the framework is sufficiently robust and comprehensive to cater for future developments; enables product and application sector international standards, dealing with E/E/PE safety-related systems,

39、to be developed; the development of product and application sector international standards, within the framework of this standard, should lead to a high level of consistency (for example, of underlying principles, terminology etc.) both within application sectors and across application sectors; this

40、 will have both safety and economic benefits; provides a method for the development of the safety requirements specification necessary to achieve the required functional safety for E/E/PE safety-related systems; adopts a risk-based approach by which the safety integrity requirements can be determine

41、d; introduces safety integrity levels for specifying the target level of safety integrity for the safety functions to be implemented by the E/E/PE safety-related systems; NOTE 2 The standard does not specify the safety integrity level requirements for any safety function, nor does it mandate how the

42、 safety integrity level is determined. Instead it provides a risk-based conceptual framework and example techniques. BS EN 61508-2:2010 8 61508-2 IEC:2010 sets target failure measures for safety functions carried out by E/E/PE safety-related systems, which are linked to the safety integrity levels;

43、a low demand mode of operation, the lower limit is set at an average probability of a dangerous failure on demand of 105; a high demand or a continuous mode of operation, the lower limit is set at an average frequency of a dangerous failure of 109 h1; NOTE 3 A single E/E/PE safety-related system doe

44、s not necessarily mean a single-channel architecture. NOTE 4 It may be possible to achieve designs of safety-related systems with lower values for the target safety integrity for non-complex systems, but these limits are considered to represent what can be achieved for relatively complex systems (fo

45、r example programmable electronic safety-related systems) at the present time. sets requirements for the avoidance and control of systematic faults, which are based on experience and judgement from practical experience gained in industry. Even though the probability of occurrence of systematic failu

46、res cannot in general be quantified the standard does, however, allow a claim to be made, for a specified safety function, that the target failure measure associated with the safety function can be considered to be achieved if all the requirements in the standard have been met; introduces systematic

47、 capability which applies to an element with respect to its confidence that the systematic safety integrity meets the requirements of the specified safety integrity level; adopts a broad range of principles, techniques and measures to achieve functional safety for E/E/PE safety-related systems, but

48、does not explicitly use the concept of fail safe. However, the concepts of “fail safe” and “inherently safe” principles may be applicable and adoption of such concepts is acceptable providing the requirements of the relevant clauses in the standard are met. BS EN 61508-2:201061508-2 IEC:2010 9 FUNCT

49、IONAL SAFETY OF ELECTRICAL/ELECTRONIC/ PROGRAMMABLE ELECTRONIC SAFETY-RELATED SYSTEMS Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems 1 Scope 1.1 This part of the IEC 61508 series a) is intended to be used only after a thorough understanding of IEC 61508-1, which provides the overall framework for the achievement of functional safety; b) applies to any safety-related sy