What Is IEC 61508? Plus Safety Integrity Level Basics
IEC 61508 is an international functional safety standard. It’s titled “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES)”.
IEC 61508 provides a framework for safety lifecycle activities. It’s the umbrella functional safety standard — and the source for industry-specific standards.
Here, we give an overview of IEC 61508 and Safety Integrity Level (SIL) basics — plus compliance tips for software development teams.
IEC 61508 Overview
Functional safety is important in every industry. And it’s especially important for safety-critical industries.
IEC 61508 Scope
IEC 61508 covers safety-related systems that incorporate electrical / electronic / programmable electronic devices.
The standard specifically covers hazards that occur when safety functions fail. And the main goal of IEC 61508 is to reduce the risk of failure to a tolerable level.
Parts of IEC 61508
There are eight parts in IEC 61508:
- Part 0: Functional safety and IEC 61508.
- Part 1: General requirements.
- Part 2: Requirements for E/E/PE safety-related systems.
- Part 3: Software requirements.
- Part 4: Definitions and abbreviations.
- Part 5: Examples of methods for the determination of safety integrity levels.
- Part 6: Guidelines on the application of Parts 2 and 3.
- Part 7: Overview of techniques and measures.
Parts 1–3 contain the requirements of the standard. The rest spell out the guidelines and provide examples for development.
IEC 61508 Certification for Tools
IEC 61508 certification for development tools is optional. But it does provide peace of mind. And it makes tool qualification easier.
Ideally, all tools used in safety-critical product development would be certified against IEC 61508. You should look for tools, like Helix QAC, that have been certified by an independent organization such as SGS-TÜV Saar, for use in the development of safety-critical systems.
Related Functional Safety Standards
There are several industry-specific adaptations of IEC 61508.
- for automotive electric/electronic systems.
- for railway applications.
- IEC 62304 for medical devices.
- for machinery system design.
Safety Integrity Level Basics
The IEC 61508 standard focuses on functional safety. And assigning Safety Integrity Levels (SILs) is an important component of functional safety.
What Is SIL?
SIL is a relative level of risk reduction provided by a safety function.
SIL ratings correlate to frequency and severity of hazards. They determine the performance required to maintain and achieve safety — and the probability of failure.
There are four SILs — SIL 1, SIL 2, SIL 3, and SIL 4. The higher the SIL, the greater the risk of failure. And the greater the risk of failure, the stricter the safety requirements.
|Safety Integrity Level||Probability of Failure on Demand||Risk Reduction Factor|
|SIL 4||≥105 to <104||100,000 to 10,000|
|SIL 3||≥104 to <103||10,000 to 1,000|
|SIL 2||≥103 to <102||1,000 to 100|
|SIL 1||≥102 to <101||100 to 10|
Note that SILs for IEC 61508 are quite different from ASILs for ISO 26262 — and safety levels from other standards.
Here’s how these levels roughly compare.
|Functional Safety Standard||Safety Levels (Least to Most Stringent)|
|IEC 61508||-||SIL 1||SIL 2||SIL 3||Sil 4|
|ISO 26262||ASIL A||ASIL B||ASIL C||ASIL D||-|
|DO-178C||Level E||Level D||Level C||Level B||Level A|
|IEC 62304||Class A|
|EN 50128||SSIL 0||SSIL 1||SSIL 2||SSIL 3||SSIL 4|
Hazard and Risk Analysis for Determining SILs
Ensuring functional safety requires a hazard analysis and risk assessment of equipment under control (EUC).
A hazard analysis identifies all possible hazards created by a product, process, or application. This determines the safety function requirements for IEC 61508.
For each hazard you identify, you’ll need to do a risk assessment. This assesses the frequency or likelihood of a hazard occurring, as well as the severity of the consequences if it does occur. Risk assessments determine the safety integrity requirements for IEC 61508. And they’re critical for determining the SIL required to reduce risk.
You can use either qualitative or quantitative analysis to assess risk. A specific method isn’t required. One way you can assess risk is to create a requirements traceability matrix and do a failure modes and effects analysis (FMEA).
Why SIL Is Important
SIL ratings determine the functional safety requirements you’ll need to fulfill. There are different recommendations for software development and design techniques based on SILs.
These recommendations are as follows:
- “HR” indicates that the method is highly recommended.
- “R” indicates that the method is recommended.
- “---” indicates that the method has no recommendation for or against being used.
For example, design and coding standards are recommended for SIL 1 and highly recommended for SILs 2, 3, and 4. And forward traceability is recommended for SILs 1 and 2 — and highly recommended for SILs 3 and 4.
Guide to IEC 61508 Software Compliance
Complying with IEC 61508 — or its industry-specific variants — is important for all safety-critical developers. And it’s crucial to maintain compliance throughout the safety lifecycle of your products.
You’ll need to use specific methods (based on SILs) from the standard to avoid mistakes and errors throughout the lifecycle. But this can be difficult to enforce.
Here’s how you can make it easier.
Establish Requirements Traceability
Fulfilling functional safety requirements — and proving you’ve met them — is a challenge.
Requirements need to be carried through into architecture, design, and coding. Testing needs to verify that requirements are fulfilled every step of the way. Only then can you validate the software meets the requirements of IEC 61508.
Establishing makes verification and validation easier. Especially when you use a traceability tool, such as . Plus, it helps you analyze and reduce risk in development.
Learn more about leveraging traceability for IEC 61508 compliance.
Apply a Coding Standard
Ensuring safe, secure, and reliable code can be difficult. Your code needs to fulfill specific design and coding guidelines based on SIL ratings.
Applying a (e.g., MISRA) makes it easier to verify your code against specific IEC 61508 guidelines. Especially when you use a static analyzer, such as .
Learn more about applying coding standards for IEC 61508 compliance.