Functionally safe electrical, electronic and programmable electronic systems are known to be described in international standard IEC 61508 and in the essentially equivalent European standard EN 61508, also regarding their development, inter alia. The requirements for the development process of safe systems as specified therein lead to a significantly higher effort and required development budget as compared to the development of standard systems. Also, the requirements increase with increasing safety integrity level (“SIL”; SIL1 to SIL4).
The use of components which do not comply with the requirements of IEC 61508 for safe systems is also regulated normatively.
For example, Part 3 “Requirements on software” of IEC 61508, as amended by 2010 (IEC 61508-3:2010), specifies under paragraph 7.4.2.8:
“If the software implements both safety and non-safety functions, the entire software shall be treated as safety-related unless appropriate measures ensure that a failure of non-safety functions cannot adversely affect safety functions;
and under paragraph 7.4.2.9:
“If the software implements safety functions of different safety integrity levels, the entire software shall be treated as pertaining to the highest safety integrity level, unless sufficient independence between the safety functions of the different safety integrity levels can be demonstrated in the design. It has to be demonstrated that either (1) independence is achieved both in the space and time domains, or (2) any violation of independence can be mastered. Justification for this independence shall be documented.”
Thus, the term “safety integrity level” (SIL) defines, by the respective level, a specific measure for the necessary or achieved effectiveness of safety instrumented functions for risk reduction. If no safety-oriented requirements (also referred to as safety-related or safety-relevant within the context of the invention) apply, the development has to be carried out according to the normal standards of operational quality management. Further, the safety integrity level SIL1 has the lowest requirements. The higher the safety integrity level, the higher the safety requirements.