IEC 61508: The Standard for Functional Safety from Concept to Operation

Functional safety is paramount in industries where system failure can endanger human life. The IEC 61508 standard provides a set of rules and constraints for the design, maintenance and operation of safety-critical systems. 

In this article, we delve into the key elements of IEC 61508 compliance, exploring the importance of safety integrity levels (SILs), the challenges of ensuring hardware-software compatibility, and the critical role of thorough validation and testing.  

We also discuss how industry-specific standards, such as ISO 10218 for robotics and IEC 61800-5-2 for variable frequency drives, build on the principles of IEC 61508 to address specific needs. Finally, we highlight how Promwad effectively navigates these challenges to deliver safety-critical systems that adhere to the highest standards. 

Table of contents

IEC 61508 Overview

IEC 61508 Standard Compliance

Safety-Oriented Design in Compliance with IEC 61508

Challenges in IEC 61508 Compliance and How Promwad Overcomes Them
 

IEC 61508 is an international standard that establishes a framework for functional safety in industrial systems. The IEC 61508 latest edition is the second edition, published in 2010. 

This standard provides a structured approach to ensuring that safety-related systems operate reliably under predefined conditions and covers the entire safety lifecycle – from concept and design to operation and maintenance.  

The key components of a device or system that perform automated safety functions include sensors, control logic, and actuators. These elements operate within a hardware architecture that may include microprocessors or FPGA to process safety-related decisions. 

IEC 61508 involves a qualitative assessment of the possibility of hazardous operating scenarios and the definition of safety measures to prevent or manage systematic failures and to detect, control or mitigate the effects of random hardware errors. 

One of the core concepts of IEC 61508 is safety integrity level, a quantitative measure of the risk reduction provided by a safety system. SIL is categorised into four levels, where SIL 1 represents the lowest and SIL 4 the highest level of risk reduction. SIL certification is achieved through a rigorous process that includes many steps. 

SIL standard levels

IEC 61508 is important in industrial automation with its clear framework for assessing risks and implementing safety mechanisms.  

In sectors like manufacturing, process automation, and machine safety, it ensures compliance with functional safety requirements. However, industries such as wind energy and nuclear power follow their own dedicated safety standards, such as IEC 61400-1 for wind turbines and IEC 61513 for nuclear power plants. 

Implementing IEC 61508 ensures that all components work correctly even under faulty conditions, mitigating risks and protecting human lives. 

In the field of robotics, the use of autonomous and collaborative robots has amplified the importance of functional safety and IEC 61508. Robots working alongside humans must adhere to safety standards to prevent accidents caused by software malfunctions or hardware failures. By following IEC 61508, developers can create systems with built-in fault tolerance. 

Examples of critical systems in software engineering include medical devices, air traffic control systems and industrial process controllers. 

Two types of failures: random and systematic 

Functional safety and the SIL depend on addressing two types of failures: 

• Random hardware failures occur unpredictably due to wear-out, material defects, or environmental influences. They are addressed through diagnostic coverage, failure rate estimation, self-checking mechanisms, and hardware fault tolerance techniques. 
   
• Systematic failures result from design, implementation, or procedural errors and require rigorous development processes, adherence to safety standards, formal verification, and robust software/hardware validation to prevent them. 
   

IEC 61508 introduces terms such as random capability and systematic capability, representing the system's resilience against these types of failures.  

Key measures include functional safety management, lifecycle implementation, avoidance of systematic failures in both system design and safety software development and assessment to verify compliance with these requirements.  

Compliance with IEC 61508 is not just about meeting regulatory requirements – it’s about demonstrating a commitment to safety, reliability, and innovation. For companies operating in high-stakes industries, following this standard enhances trust with stakeholders and opens doors to new markets where functional safety is a priority.  

The requirements of IEC 61508 have effectively addressed the unique challenges of various industries. Today, industry-specific functional safety standards based on IEC 61508 have become prevalent in transportation, household appliances and more. 

IEC 61508 is divided into seven parts. The first three parts contain the essential requirements, while the remaining four are supplementary. These include: 

• Part 1. General requirements. It outlines broad requirements for systems and sets the tone for the standard. 

• Part 2. Requirements for E/E/PE safety-related systems.

• Part 3. Software requirements with specific measures for preventing safety-critical software faults. 

The other parts provide guidance, terminology, and methods to implement and assess functional safety within IEC 61508. 

The key to analysing and organising these requirements lies in classification. Requirements are typically grouped by their focus, such as documentation, functional safety management, and lifecycle structure. 

Examples of industry safety standards based on the principles of IEC 61508 are ISO 10218 and IEC 61800-5-2. Both standards take their underlying principles from IEC 61508, utilising its structure to meet specific industry needs.  

While IEC 61508 serves as a comprehensive functional safety standard, these specialised standards apply its risk-based approach to specific applications: 

ISO 10218 and IEC 61800-5-2 can be seen as practical extensions of IEC 61508, translating its high-level safety principles into practical requirements for specific technologies.  

ISO 10218 focuses on the functional safety of industrial robots and robotic systems and provides guidelines for their design, integration and operation. This standard is important to ensure safe interaction between humans and robots, especially in environments where robots work in close proximity to operators.  

IEC 61800-5-2 addresses the functional safety of VFDs (variable frequency drives), which are required to control motor systems in industrial automation. This standard defines requirements for safety functions such as safe torque off (STO), safe stop and safe speed control.

Compliance with IEC 61508 is essential for improving safety, reducing legal risk and ensuring system reliability. For organisations committed to excellence, aligning with global safety standards and implementing robust design practices isn't just a regulatory requirement – it's a move towards safer and future-proof operations. 

The pros of complying with IEC 61508 are obvious, but here are the risks of non-compliance:  
 

1) Safety hazards

Non-compliant systems lack the rigor needed to detect and mitigate failures. In industrial automation, for instance, this can lead to equipment malfunctions, exposing workers and the environment to life-threatening hazards. For example, failures in robotic or power engineering systems could result in fires, explosions, or toxic releases. 
 

2) Legal liabilities

Governments and regulatory bodies enforce safety compliance to protect public welfare. Non-compliance can lead to civil lawsuits filed by affected parties and regulatory penalties or sanctions, which may halt operations until compliance is achieved. 

3) Financial penalties 

Non-compliance can incur significant costs associated with litigation, fines, or retrofitting systems to meet safety standards. You are also risky with loss of market trust and reputational damage, leading to diminished customer confidence and business opportunities. 

Among the standard itself, it important to adhere SIL, which quantifies the risk reduction a safety system provides. The levels range from SIL 1 (lowest) to SIL 4 (highest), with each step indicating an order-of-magnitude improvement in safety. 

Compliance with SILs ensures that safety systems are designed to meet the relevant risk thresholds. It requires careful design, testing and verification to ensure fault-tolerant operation: redundancy mechanisms to eliminate accidental equipment failures and robust processes to prevent systematic errors. 

IEC 61508 is the standard of choice for ensuring functional safety throughout the entire life cycle of production. In the below we review the key aspects of safety-oriented design according to IEC 61508. 
 

Risk assessment and hazard analysis

Safety-oriented design starts with risk assessment and hazard analysis. Techniques such as HAZOP (hazard and operability study) and FMEA (failure modes and effects analysis) are commonly used to categorise hazards according to severity and probability. As a result, SIL levels are clearly defined, based on which safety measures commensurate with the identified risks are designed and implemented. 
 

Safety design and architecture

Safety integrity is achieved through a strong architecture that includes redundancy, fault tolerance and fault-tolerant mechanisms. The system architecture is designed to meet the required SIL level through a combination of hardware and safety-critical software strategies.

For example, dual channel systems with different redundancies reduce the risk of common mode failures, and watchdogs and hardware diagnostics provide real-time monitoring capabilities. 
 

Coding standards

The development of safety-critical software adheres to strict coding standards. For example, C++ uses MISRA C and AUTOSAR C++ 14 to provide safe programming practices such as avoiding dynamic memory allocation and ensuring deterministic behavior. 
 

Formal verification and testing

A key aspect of IEC 61508 compliance is a structured verification and validation (V&V) process, following the V-model approach. This includes design verification through reviews and static analysis, as well as validation via unit, integration, and system testing to ensure functional safety. 

Techniques such as model checking and theorem proving can be used to mathematically verify the correctness of the system, providing an additional level of assurance. 
 

Static code analysis, error testing, and real-time monitoring

Static code analysis tools, such as Coverity and Polyspace, are essential in detecting vulnerabilities, enforcing coding standards, and identifying potential defects early in development. These tools are complemented by dynamic testing techniques, including runtime error detection and fuzz testing (primarily for security testing).

Additionally, real-time system monitoring is used in deployed applications to track performance metrics, detect runtime anomalies, and ensure system stability under operational conditions. 
 

Compliance documents

IEC 61508 emphasises complex documentation to support certification and traceability. Key documents include safety plans, traceability matrices, verification and validation reports and certification-ready documentation. 

With these challenges, developers ensure that safety-critical systems meet the requirements of IEC 61508, which leads to lives and infrastructure protection in high-risk industries. 

Meeting the functional safety IEC 61508 standard presents challenges, from managing system complexity to maintaining rigorous test and validation processes. Promwad has developed proven strategies to overcome these challenges and create safety-critical systems that comply with industry expectations. 
 

Issue #1. Managing complexity in software systems

Modern industrial automation software is becoming increasingly complex, integrating real-time data processing, advanced control algorithms and hardware-software interaction.  

This complexity must be carefully managed to ensure functional safety, cybersecurity, and system reliability, particularly in mission-critical applications such as industrial robotics and process control. Achieving this balance requires structured software development processes, adherence to industry standards, and rigorous verification methods.