IEC 61508ED2: series 04
[Author]
Renhong WENG, Safety, and Security, and RAMS investigator.
First: IECs introduction
ISO 26262 directly to study only the functional safety, which is only part of the overall safety of items.
However, IECs mentioned and will dedicate into:
1.will consider all relevant, overall, E/E/PE system and software safety lifecycle
2.provides a method for the development of the safety requirements specification necessary to achieve the required functional safety for E/E/PE safety-related systems;
3.set target failure measures for safety functions carried out by E/E/PE safety-related systems, which are linked to the safety integrity levels;
4.a low demand mode of operation, the lower limit is set at an average probability of a dangerous failure on demand of 10^-5;
5.a high demand or a continuous mode of operation, the lower limit is set at an average frequency of a dangerous failure of 10^-9;
6.compared to ISOs, IECs introduces systematic capability which applies to an element with respect to its confidence that the systematic safety integrity meets the requirements of the specified safety integrity level;
In comparison, ISOs directly to say:
1.itself not deal with the other safety like in hydraulic, mechanical etc safety;
2.in first edition,<3kg passeger cars are applied, in second edition, all of the vehicles including T & B will as well applied;
3.No systematic capability level to highlight if we have some confidence level for the ASIL to accomplish, but we only some systematic measurements to ensure the accomplishment of ASIL level; present unfortunately, the ASIL accomplishment level in software still a problem to ensure if the robustness or confidence level is enough.
4.No low demand of vehicle requirements for PFD, but automotive directly use the PFH similarity of PMHF to describe the things. In detail, the table lists as the comparison between the two:
| IEC 61508ED2 | High demand or continuous mode | ISO26262ED2 | |
| PFH | PMHF | ||
| SIL1 | 1000fit~10000fit | ASILA | <1000fit |
| SIL2 | 100fit~1000fit | ASILB | <100fit |
| SIL3 | 10fit~100fit | ASILC | <100fit |
| SIL4 | 1fit~10fit | ASILD | <10fit |
Here, very different is in the SIL2, SIL3, and ASIL B, ASIL C.
We wondering if there are some difference between the industry control or automobile, we have to have such difference deviations:
1.automobile puts higher requirements in ASIL level, compared to SIL level, due to the higher reliability requirements in the automotive grade EE hardware components, compared to industry control
2.IEC61508 has one extra system capability to check the confidence level of SIL accomplishment, however, in ISOs we didnot have, and we put more stringent things in ASIL level
3.ASIL considerations different. ASIL has one more index is human controlability value, nevertheless, the ASIL puts higher demand in controllability, and that puts more factors in ASIL, we have to check it more deeper.
Second: IECs system safety lifecycle
ISOs system safety lifecycle:
Third: Comparison
| IECs specialty | ISOs specialty | ||
| 10.2 | E/E/PE system safety validation planning | Allocated into System A.1, System A.2 | Technical safety concept |
| 10.4 | Part 5: Product development at the hardware level Part 6: Product development at the software level | Hardware-software integration and testing | |
| 10.6 | E/E/PE system safety validation | System integration and testing | |
Thanks for your time!
- 用户评论
