IEC 61508 separates the specification of the safety functions to be performed into two elements:

• the safety function requirements (what the function does); and
• the safety integrity requirements (the likelihood of a safety function being performed satisfactorily).

IEC 61508 does not stipulate what safety function requirements nor what safety integrity requirements are necessary for any particular application.

 

The safety integrity level (SIL 1, 2, 3 or 4) corresponds to a range of safety integrity values, measured in terms of average probability of failure to perform a safety function on demand or in terms of probability of dangerous failure of a safety function per hour.

The safety integrity level allocated to the E/E/PE safety-related system will affect the degree of rigour to which a requirement of the standard is to be satisfied. But other factors will also affect this (see 4.1 of IEC 61508-1).

Some elements of the standard make the dependence on safety integrity level explicit by grading the requirements, for example

• 7.6.2.11 and table 5 of IEC 61508-1;
• tables 2 and 3 and annexes A and B of IEC 61508-2; and
• annexes A and B of IEC 61508-3.

See also

• note 1 of 7.4.2.2 of IEC 61508-2 (a summary of the overall method for selecting a design approach to demonstrate achievement of a safety integrity level);
• 7.4.3 of IEC 61508-2 (requirements for hardware safety integrity); and
• 6.2.2 of IEC 61508-3 (software functional safety planning in relation to safety integrity).

This text contains extracts from the IEC Functional Safety Zone. All such extracts are copyright of International Electrotechnical Commission © 2005, IEC, Geneva, Switzerland. All rights reserved. IEC has no responsibility for the placement and context in which the extracts are reproduced. This notice takes precedence over any general copyright statement.