IEC 61508ED2: series 01
[Author]
Renhong WENG, Safety, and Security, and RAMS investigator.
ZERO: why come back IEC 61508ED2
First: vehicle future
we can obviously see the vehicle future:
automated
electricity
co-sharing
Connected
Under this tendency, in traditional safety area, there is not enough for ISO 26262 to cover the functional safety topic.
We have to go back to IEC 61508ED2 for some aspiration and image, and that is why this series of article coming out.
when we review the power from ISOs, not enough, then we come to IECs.
Please do not be impetuous, I am here to cooperate with everything and hope our CHINA safety security, and RAMS to be better, we will be together and for the future.
Contact me if you had any questions, and i will try my best.
Abbreviation IECs as IEC 61508, ISOs as ISO 26262.
Second: Comparison
IEC 61508-2010 version defines with scope of EE and programmable electronic, here we states:
Electrical: to be in high voltage, like in A(normally 16~60VDC), B(normally 60VDC~1000VDC), or even higher high voltage circuits, parts, components, etc
ELectronic: to be in communication, embedded, or relatively functionality
Programmable electronic: to be programmable, no matter OTP, PLD, CPLD, ASIC, FPGA, etc embeded systems.
Without consideration of open source software, as well as COTS developed in open source way.
Without considerations of complex SW, like Operation Systems.
Not based on V cycle, at least no obvious style
Process, CMMI and ASPICE are optional, but not mandatory
Normally, the IECs scope similar to ISOs, however, IECs have some problems when combating following topics:
AI related, quantum calcualtor, etc
Further innovation technologies
Mechatronic related system
And ISOs:
Vehicle quality standard leading to scope difference, and standard background difference
Complexity difference, ISOs will deal with more motivated, and high complexity products, which means more system safety consideration, rather than only single or pure safety chain developed.
Reliability difference. IECs focus on the reliability block chain, and FTA to derive out more good behaviour and fault theory, but ISOs, normally to say, in the application more often in FTA and FMEA better, but in reliability block chain, hardly we will use this, since difference distributions, we have to deal with the mechanical and difference materials as well.
Same problems of without consideration of open source COTS, and complex software behaviour, like operation system.
V model based, too rigid, not enough flexibility.
Process, CMMI and ASPICE proposed
Not good enough when dealing AI, and future the not only the perception, but also the judgement by AI algorithm
SOTIF related cannot solved.
Based more on systematic engineering, and reliability.
Third: Chapter discussion
| Part | Context | Mapping ISOs | ISOs Part | Comment |
| 1 | Concept: to be FSRs, allocation to E/E/PE systems Scope: define item boundary definition: attribute concerned Hazard and risk analysis: Safety functions, and safety integrity Installation, commissioning, safety validation Assessment Management | FSC Item definition HARA Production to decommissioning safety validation | ISOs-3 ISOs-4-safety validation ISOs-7 ISOs-2 | |
| 2 | Realization | HW System | ISOs-4 ISOs-5 Part of ISOs-11 | |
| 3 | Realization in SW | SW | ISOs-6 ISOs-8 | |
| 4 | definition | ISOs-1 | ||
| 5 | SILs example | ISOs-10 | ||
| 6 | Guidelines of 2 and 3 | ISOs-10 | ||
| 7 | Overview | ISOs-10 |
Note: exida of Europe and America quite good at IEC 61508, as for their high competency and tons of PhDs developing most powerful greatness.
[Reference]
No reference.
- 用户评论
