Unlocking the Secrets of IEC 61508 Systematic Capability

Systematic capability (SC) is a crucial concept introduced in the second edition of IEC 61508:2010. SC is defined as a measure of the confidence that the systematic safety integrity of an element meets the requirements of the specified Safety Integrity Level (SIL).

August 2, 2024
Functional Safety, IEC 61508, Systematic Capability, Technical Blog
3 min read

Introduction to Systematic Capability

Systematic capability (SC) is a crucial concept introduced in the second edition of IEC 61508:2010. This standard is applicable for the functional safety of electrical/electronic/programmable electronic (E/E/PE) safety-related systems. SC measures the confidence that an element’s systematic safety integrity meets the required Safety Integrity Level (SIL). The scale ranges from SC 1 to SC 4 (IEC 61508-2:2010, Clause 7.4.2.2).

What is Systematic Safety Integrity?

Systematic safety integrity refers to the probability that an E/E/PE safety-related system will perform its intended safety functions under all specified conditions within a given period (IEC 61508-4:2010, Clause 3.5.4). Unlike hardware safety integrity, which deals with random hardware failures, systematic safety integrity focuses on issues such as design errors, incorrect usage, and software-related failures. Organisations mitigate these risks by applying rigorous processes throughout the system lifecycle (IEC 61508-2:2010, Annex B; IEC 61508-3:2010, Annex A).

Why is Systematic Capability Important?

The second edition of IEC 61508 introduced SC to address inconsistencies from the first edition regarding systematic integrity. SC provides a standardised method for assessing and ensuring systematic safety integrity across various systems. A well-defined SC process increases confidence that safety functions will operate correctly, reducing systematic failure risks (IEC 61508-2:2010, Clause 7.4.2.2).

Routes to Achieve Systematic Capability

IEC 61508:2010 outlines three routes to achieve systematic capability:

Route 1S: Designed in Accordance with IEC 61508

This approach requires designing elements and components according to IEC 61508:2010. It includes applying measures to prevent and control systematic faults, as specified in different sections of the standard. When followed correctly, these measures ensure that the element achieves the systematic capability necessary for the intended SIL level (IEC 61508-2:2010, Clause 7.4.2.2).

Route 2S: Proven in Use

This route establishes SC based on historical performance data, also known as the proven-in-use concept. Organisations must evaluate past usage data to confirm that an element consistently meets safety requirements. It must consider any modifications and the context of the new application to ensure that systematic failures are not introduced (IEC 61508-2:2010, Clause 7.4.10).

Route 3S: Pre-existing Software Elements

This route applies to pre-existing software elements and involves specific requirements for software systematic capability as outlined in IEC 61508-3:2010. It includes measures to control software-induced systematic failures and ensure that the software meets the required SIL level (IEC 61508-3:2010, Clause 7.4.2.12).

Assessing Systematic Capability

A structured assessment process helps determine an element’s systematic capability. Follow these steps:

Step-by-Step Assessment Process

  1. Identify the Element:Define the component that requires SC assessment.
  2. Select the Route:Choose the appropriate route (Route 1S, Route 2S, or Route 3S) based on the element’s design, usage history, or software nature.
  3. Apply Measures:Implement the necessary measures to avoid and control systematic faults as specified in IEC 61508:2010 (IEC 61508-2:2010, Clause 7.4.6 and 7.4.7).
  4. Evaluate SC Level:Verify that all required measures align with the intended SIL level.
  5. Document and Justify:Record the assessment process, including any deviations and justifications for not implementing certain measures.

Example Assessments

Lets have a look at some examples of how Systematic Capability is used in practice.

Example 1: Elements from the Same ManufacturerÂ

An input subsystem uses two pressure transmitters from the same manufacturer in a 1oo2 voting arrangement. Both transmitters have a SC of 2. Despite meeting the hardware fault tolerance for SIL 3, the systematic capability remains at SC 2 due to the likelihood of common systematic failures (IEC 61508-2:2010, Clause 7.4.3.3).

Example 2: Elements from Different Manufacturers

An input subsystem uses two pressure transmitters from different manufacturers in a 1oo2 voting arrangement. Each transmitter has an SC of 2. The diversity in design and manufacturing reduces the likelihood of common systematic failures, allowing the combined SC to be increased to 3, meeting the requirements for SIL 3 (IEC 61508-2:2010, Clause 7.4.3.3).

To summarise. Systematic capability is a vital aspect of ensuring the functional safety of E/E/PE safety-related systems. By understanding and applying the routes to achieve SC, organisations can enhance the reliability and safety of their systems, meeting the stringent requirements of IEC 61508:2010. Over the next few weeks we will look more in depth into the different routes and how an organisation can show compliance with the requirements of the standard.

You may also like