Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related syst
1 Scope
1.1 GB/T 20438.2
a) is intended to be used only after a thorough understanding of GB/T 20438.1, which provides the overall framework for the achievement of functional safety;
b) applies to any safety-related system, as defined by GB/T 20438.1, which contains at least one electrical, electronic or programmable electronic based component;
c) applies to all subsystems and their components within an E/E/PE safety-related system (including sensors, actuators and the operator interface);
d) specifies how to refine the information developed in accordance with GB/T 20438.1, concerning the overall safety requirements and their allocation to E/E/PE safety-related systems, and specifies how the overall safety requirements are refined into E/E/PES safety functions requirements and E/E/PES safety integrity requirements;
e) specifies requirements for activities that are to be applied during the design and manufacture of the E/E/PE safety-related systems (i.e. establishes the E/E/PES safety lifecycle model), except for software, which is dealt with by GB/T 20438.3 (see Figures 2 and 3); these requirements include the application of techniques and measures, which are graded against the safety integrity level, for the avoidance of, and control of, faults and failures;
f) specifies the information necessary for carrying out the installation, commissioning and final safety validation of the E/E/PE safety-related systems;
g) does not apply to the operation and maintenance phase of the E/E/PE safety-related systems – this is dealt with in GB/T 20438.1. However, GB/T 20438.2 does provide requirements for the preparation of information and procedures needed by the user for the operation and maintenance of the E/E/PE safety-related systems;
h) specifies requirements to be met by the organization carrying out any modification of the E/E/PE safety-related systems.
Note 1: This part of GB/T 20438 is mainly directed at suppliers and/or in-company engineering departments, hence the inclusion of requirements for modification.
Note 2: The relationship between GB/T 20438.2 and GB/T 20438.3 is illustrated in Figure 3.
1.2 GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are basic safety publications, although this status does not apply in the context of low complexity E/E/PE safety-related systems (see 3.4.4 of GB/T 20438.4-2006). As basic safety publications, they are intended for use by technical committees in the preparation of standards in accordance with the principles contained in IEC Guide 104 and ISO/IEC Guide 51. GB/T 20438 is also intended for use as a stand-alone standard.
One of the responsibilities of a technical committee is, wherever applicable, to make use of basic safety publications in the preparation of its publications. In this context, the requirements, test methods or test conditions of this basic safety publication will not apply unless specifically referred to or included in the publications prepared by those technical committees.
Note: The functional safety of an E/E/PE safety-related system can only be achieved when all related requirements are met. Therefore, it is important that all related requirements are carefully considered and adequately referenced.
1.3 Figure 1 shows the overall framework for parts 1 to 7 of GB/T 20438 and indicates the role that GB/T 20438.2 plays in the achievement of functional safety for E/E/PE safety-related systems. Appendix A of GB/T 20438.6-2006 describes the application of GB/T 20438.2 and GB/T 20438.3.
2 Normative References
The following normative documents contain provisions which, through reference in this text, constitute provisions of this part of GB/T 20438.2. For dated references, subsequent amendments to, or revisions of, any of these publications do not apply. However, parties to agreements based on this part are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below. For undated references, the latest edition of the normative document referred to applies.
GB/T 20438.1-2006 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems — Part 1: General Requirements (IEC 61508-1:1998, IDT)
GB/T 20438.3-2006 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems — Part 3: Software Requirements (IEC 61508-3:1998, IDT)
GB/T 20438.4-2006 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems — Part 4: Definitions and Abbreviations (IEC 61508-4:1998, IDT)
GB/T 20438.5-2006 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems — Part 5: Examples of Methods for the Determination of Safety Integrity Levels (IEC 61508-5:1998, IDT)
GB/T 20438.6-2006 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems — Part 6: Guidelines on the Application of GB/T 20438.2 and GB/T 20438.3 (IEC 61508-6:2000, IDT)
GB/T 20438.7-2006 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems — Part 7: Overview of Techniques and Measures (IEC 61508-7:2000, IDT)
Foreword IV
Introduction V
1 Scope
2 Normative References
3 Definitions and Abbreviations
4 Conformance to This Standard
5 Documentation
6 Management of Functional Safety
7 E/E/PES Safety Lifecycle Requirements
7.1 General
7.2 E/E/PES safety requirements specification
7.3 E/E/PES safety validation planning
7.4 E/E/PES design and development
7.5 E/E/PES integration
7.6 E/E/PES operation and maintenance procedures
7.7 E/E/PES safety validation
7.8 E/E/PES modification
7.9 E/E/PES verification
8 Functional Safety Assessment
Appendix A (Normative) Techniques and Measures for E/E/PE Safety-related Systems: Control of Failures During Operation
Appendix B (Normative) Techniques and Measures for E/E/PE Safety-related Systems: Avoidance of Systematic Failures During the Different Phases of the Lifecycle
Appendix C (Informative) Diagnostic Coverage and Safe Failure Fraction
Bibliography
Table 1 Overview — Realisation Phase of the E/E/PES Safety Lifecycle
Table 2 Hardware Safety Integrity: Architectural Constraints on Type A Safety-related Subsystems
Table 3 Hardware Safety Integrity: Architectural Constraints on Type B Safety-related Subsystems
Table A.1 Faults or Failures to be Detected During Operation or to be Analysed in the Derivation of Safe Failure Fraction
Table A.2 Electrical Subsystems
Table A.3 Electronic Subsystems
Table A.4 Processing Units
Table A.5 Invariable Memory Ranges
Table A.6 Variable Memory Ranges
Table A.7 I/O Units and Interface (External Communication)
Table A.8 Data Paths (Internal Communication)
Table A.9 Power Supply
Table A.10 Program Sequence (Watch-dog)
Table A.11 Ventilation and Heating System (If Necessary)
Table A.12 Clock
Table A.13 Communication and Mass-storage
Table A.14 Sensors
Table A.15 Final Elements (Actuators)
Table A.16 Techniques and Measures to Control Systematic Failures Caused by Hardware and Software Design
Table A.17 Techniques and Measures to Control Systematic Failures Caused by Environmental Stress or Influences
Table A.18 Techniques and Measures to Control Systematic Operational Failures
Table A.19 Effectiveness of Techniques and Measures to Control Systematic Failures
Table B.1 Recommendations to Avoid Mistakes During Specification of E/E/PES Requirements (See 7.2)
Table B.2 Recommendations to Avoid Introducing Faults During E/E/PES Design and Development (See 7.2)
Table B.3 Recommendations to Avoid Faults During E/E/PES Integration (See 7.5)
Table B.4 Recommendations to Avoid Faults and Failures During E/E/PES Operation and Maintenance Procedures (See 7.6)
Table B.5 Recommendations to Avoid Faults During E/E/PES Safety Validation (see 7.7)
Table B.6 Effectiveness of Techniques and Measures to Avoid Systematic Failures
Figure 1 Overall Framework of GB/T 20438
Figure 2 E/E/PES Safety Lifecycle (in Realisation Phase)
Figure 3 Relationship and Scope for GB/T 20438.2 and GB/T 20438.3
Figure 4 Relationship between the Hardware and Software Architectures of Programmable Electronics
Figure 5 Example Limitation on Hardware Safety Integrity for a Single-channel Safety Function
Figure 6 Example Limitation on Hardware Safety Integrity for a Multiple-channel Safety Function