IEC 61508 includes functional safety requirements for software development teams.
January 31, 2019

What Is IEC 61508? Plus Safety Integrity Level Basics

Security & Compliance
Static Analysis

IEC 61508 is an international functional safety standard. It’s titled “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES)”.

IEC 61508 provides a framework for safety lifecycle activities. It’s the umbrella functional safety standard — and the source for industry-specific standards.

Here, we give an overview of IEC 61508 and Safety Integrity Level (SIL) basics — plus compliance tips for software development teams.

IEC 61508 Overview

Functional safety is important in every industry. And it’s especially important for safety-critical industries.

IEC 61508 Scope

IEC 61508 covers safety-related systems that incorporate electrical / electronic / programmable electronic devices.

The standard specifically covers hazards that occur when safety functions fail. And the main goal of IEC 61508 is to reduce the risk of failure to a tolerable level.

Parts of IEC 61508

There are eight parts in IEC 61508:

  • Part 0: Functional safety and IEC 61508.
  • Part 1: General requirements.
  • Part 2: Requirements for E/E/PE safety-related systems.
  • Part 3: Software requirements.
  • Part 4: Definitions and abbreviations.
  • Part 5: Examples of methods for the determination of safety integrity levels.
  • Part 6: Guidelines on the application of Parts 2 and 3.
  • Part 7: Overview of techniques and measures.

Parts 1–3 contain the requirements of the standard. The rest spell out the guidelines and provide examples for development.

IEC 61508 Certification for Tools

IEC 61508 certification for development tools is optional. But it does provide peace of mind. And it makes tool qualification easier.

Ideally, all tools used in safety-critical product development would be certified against IEC 61508. You should look for tools, like Helix QAC, that have been certified by an independent organization such as SGS-TÜV Saar, for use in the development of safety-critical systems.

Related Functional Safety Standards

There are several industry-specific adaptations of IEC 61508.

These include:

Explore Functional Safety >>

Safety Integrity Level Basics

The IEC 61508 standard focuses on functional safety. And assigning Safety Integrity Levels (SILs) is an important component of functional safety.

What Is SIL?

SIL is a relative level of risk reduction provided by a safety function.

SIL ratings correlate to frequency and severity of hazards. They determine the performance required to maintain and achieve safety — and the probability of failure.

There are four SILs — SIL 1, SIL 2, SIL 3, and SIL 4. The higher the SIL, the greater the risk of failure. And the greater the risk of failure, the stricter the safety requirements.

Safety Integrity LevelProbability of Failure on DemandRisk Reduction Factor
SIL 4≥105 to <104100,000 to 10,000
SIL 3≥104 to <10310,000 to 1,000
SIL 2≥103 to <1021,000 to 100
SIL 1≥102 to <101100 to 10

Note that SILs for IEC 61508 are quite different from ASILs for ISO 26262 — and safety levels from other standards.

Here’s how these levels roughly compare.

Functional Safety StandardSafety Levels (Least to Most Stringent)
IEC 61508-SIL 1SIL 2SIL 3Sil 4
ISO 26262ASIL AASIL BASIL CASIL D-
DO-178CLevel ELevel DLevel CLevel BLevel A
IEC 62304Class A
Class B
Class C
EN 50128SSIL 0SSIL 1SSIL 2SSIL 3SSIL 4

Learn more about ASIL in ISO 26262 >>

Hazard and Risk Analysis for Determining SILs

Ensuring functional safety requires a hazard analysis and risk assessment of equipment under control (EUC).

A hazard analysis identifies all possible hazards created by a product, process, or application. This determines the safety function requirements for IEC 61508.

For each hazard you identify, you’ll need to do a risk assessment. This assesses the frequency or likelihood of a hazard occurring, as well as the severity of the consequences if it does occur. Risk assessments determine the safety integrity requirements for IEC 61508. And they’re critical for determining the SIL required to reduce risk.

You can use either qualitative or quantitative analysis to assess risk. A specific method isn’t required. One way you can assess risk is to create a requirements traceability matrix and do a failure modes and effects analysis (FMEA).

Why SIL Is Important

SIL ratings determine the functional safety requirements you’ll need to fulfill. There are different recommendations for software development and design techniques based on SILs.

These recommendations are as follows:

  • “HR” indicates that the method is highly recommended.
  • “R” indicates that the method is recommended.
  • “---” indicates that the method has no recommendation for or against being used.

For example, design and coding standards are recommended for SIL 1 and highly recommended for SILs 2, 3, and 4. And forward traceability is recommended for SILs 1 and 2 — and highly recommended for SILs 3 and 4.

Guide to IEC 61508 Software Compliance

Complying with IEC 61508 — or its industry-specific variants — is important for all safety-critical developers. And it’s crucial to maintain compliance throughout the safety lifecycle of your products.

You’ll need to use specific methods (based on SILs) from the standard to avoid mistakes and errors throughout the lifecycle. But this can be difficult to enforce.

Here’s how you can make it easier.

Establish Requirements Traceability

Fulfilling functional safety requirements — and proving you’ve met them — is a challenge.

Requirements need to be carried through into architecture, design, and coding. Testing needs to verify that requirements are fulfilled every step of the way. Only then can you validate the software meets the requirements of IEC 61508.

Establishing requirements traceability makes verification and validation easier. Especially when you use a traceability tool, such as Helix ALM. Plus, it helps you analyze and reduce risk in development.

Learn more about leveraging traceability for IEC 61508 compliance.

Traceability for IEC 61508

Apply a Coding Standard

Ensuring safe, secure, and reliable code can be difficult. Your code needs to fulfill specific design and coding guidelines based on SIL ratings.

Applying a coding standard (e.g., MISRA) makes it easier to verify your code against specific IEC 61508 guidelines. Especially when you use a static analyzer, such as Helix QAC.

Learn more about applying coding standards for IEC 61508 compliance.

Coding Standards for IEC 61508