image-blog-qac-iec-61508
January 31, 2019

What Is IEC 61508? Determining Safety Integrity Levels (SILs)

Security & Compliance
Static Analysis

IEC 61508 helps to ensure the functional safety of software for many industries. That is why one beneficial strategy is to use functional safety standards such as IEC 61508. Here, we explain what is IEC 61508 and provide safety integrity level (SIL) basics — including what is SIL and determining levels.

Read along or jump ahead to the section that interests you the most:

🎓 Learn How to Easily comply with iec 61508

Back to top

What Is IEC 61508?

IEC 61508 is an international functional safety standard and it provides a framework for safety lifecycle activities. Titled “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES)”, 61508 is the umbrella functional safety standard — and the source for industry-specific standards.

Here, we give an overview of the safety standard and Safety Integrity Level (SIL) basics — plus compliance tips for software development teams.

Back to top

IEC 61508 Overview

Functional safety is important in every industry. And it’s especially important for safety-critical industries.

IEC 61508 Scope

The standard covers safety-related systems that incorporate electrical/electronic /programmable electronic devices.

The standard specifically covers hazards that occur when safety functions fail. And the main goal of the safety standard is to reduce the risk of failure to a tolerable level.

What are the 8 Parts of IEC 61508?

The eight parts of the standard:

Part 0: Functional safety as it relates to the standard.

Part 1: General requirements.

Part 2: Requirements for E/E/PE safety-related systems.

Part 3: Software requirements.

Part 4: Definitions and abbreviations.

Part 5: Examples of methods for the determination of safety integrity levels.

Part 6: Guidelines on the application of Parts 2 and 3.

Part 7: Overview of techniques and measures.

Parts 1–3 contain the requirements of the standard. The rest spell out the guidelines and provide examples for development.

IEC 61508 Certification

The certification for development tools is optional. Although, it does provide peace of mind, and it makes tool qualification easier.

Ideally, all tools used in safety-critical product development would be certified against the safety standard. You should look for tools, like Helix QAC, that have been certified by an independent organization such as SGS-TÜV Saar, for use in the development of safety-critical systems.

Related Functional Safety Standards to IEC 61508

There are several industry-specific adaptations of the safety standard:

📕 Related Resource: Keep your software safe with our Functional Safety Guide.

 

Back to top

What Are Safety Integrity Level (SIL) Basics? And What Is a SIL? 

The safety standard focuses on functional safety. And, assigning a Safety Integrity Level (SIL) is an important component of functional safety.

What Is a SIL? IEC 61508

SIL is a relative level of risk reduction provided by a safety function.

SIL ratings correlate to the frequency and severity of hazards. They determine the performance required to maintain and achieve safety — and the probability of failure.

There are four SILs — SIL 1, SIL 2, SIL 3, and SIL 4. The higher the SIL, the greater the risk of failure. And the greater the risk of failure, the stricter the safety requirements.

Safety Integrity Level

Probability of Failure on Demand

Risk Reduction Factor

SIL 4

≥105 to <104

100,000 to 10,000

SIL 3

≥104 to <103

10,000 to 1,000

SIL 2

≥103 to <102

1,000 to 100

SIL 1

≥102 to <101

100 to 10

Note that SILs for the safety standard are quite different from ASILs for ISO 26262 — and safety levels from other standards.

Here’s how these levels roughly compare.

Functional Safety Standard

Safety Levels (Least to Most Stringent)

IEC 61508

-

SIL 1

SIL 2

SIL 3

Sil 4

ISO 26262

ASIL A

ASIL B

ASIL C

ASIL D

-

DO-178C

Level E

Level D

Level C

Level B

Level A

IEC 62304

Class A

Class B

Class C

EN 50128

SSIL 0

SSIL 1

SSIL 2

SSIL 3

SSIL 4

📕 Related Resource: Read about how ASIL is a key component of ISO 26262.

 

Hazard and Risk Analysis for Determining SILs

Ensuring functional safety requires a hazard analysis and risk assessment of equipment under control (EUC).

A hazard analysis identifies all possible hazards created by a product, process, or application. This determines the safety function requirements for the safety standard.

For each hazard you identify, you’ll need to do a risk assessment. This assesses the frequency or likelihood of a hazard occurring, as well as the severity of the consequences if it does occur. Risk assessments determine the safety integrity requirements for the safety standard. And they’re critical for determining the SIL required to reduce risk.

You can use either qualitative or quantitative analysis to assess risk. A specific method isn’t required. One way you can assess risk is to create a requirements traceability matrix and do a failure modes and effects analysis (FMEA).

Why Are SILs Important?

SIL ratings determine the functional safety requirements you’ll need to fulfill. There are different recommendations for software development and design techniques based on SILs.

These recommendations are as follows:

  • “HR” indicates that the method is highly recommended.
  • “R” indicates that the method is recommended.
  • “---” indicates that the method has no recommendation for or against being used.

For example, design and coding standards are recommended for SIL 1 and highly recommended for SILs 2, 3, and 4. And forward traceability is recommended for SILs 1 and 2 — and highly recommended for SILs 3 and 4.

Back to top

Guide to IEC 61508 Software Compliance

Complying with the safety standard — or its industry-specific variants — is important for all safety-critical developers. And it’s crucial to maintain compliance throughout the safety lifecycle of your products.

You’ll need to use specific methods (based on SILs) from the standard to avoid mistakes and errors throughout the lifecycle. But this can be difficult to enforce.

Here’s how you can make it easier.

IEC 61508: Establish Requirements Traceability

Fulfilling functional safety requirements — and proving you’ve met them — is a challenge.

Requirements need to be carried through into architecture, design, and coding. Testing needs to verify that requirements are fulfilled every step of the way. Only then can you validate the software meets the requirements of the safety standard.

Establishing requirements traceability makes verification and validation easier. Especially when you use a traceability tool, such as Helix ALM. Plus, it helps you analyze and reduce risk in development.

Learn more about leveraging traceability for safety standard compliance.

📕 Related Resource: Discover more about traceability for functional safety.

Apply a Coding Standard

Ensuring safe, secure, and reliable code can be difficult. Your code needs to fulfill specific design and coding guidelines based on SIL ratings.

Applying a coding standard (e.g., MISRA) makes it easier to verify your code against specific safety standard guidelines. Especially when you use a static analysis tool, such as Helix QAC or Klocwork .

See how easy Perforce static code analyzers make it to apply a functional safety coding standard.

➡️ Request Your Free 7-Day Trial

Back to top