Security requirement level

from Wikipedia, the free encyclopedia

The safety requirement level is a term from the field functional safety and is in international standards in accordance with IEC 61508 / IEC 61511 as a security level or safety integrity level (borrowed from the English , safety integrity level ' , shortly SIL ), respectively. It is used to assess electrical / electronic / programmable electronic (E / E / PE) systems with regard to the reliability of safety functions. The safety-related design principles that must be adhered to so that the risk of malfunction can be minimized result from the desired level .

Demarcation

In the safety standard EN 61508, developed from the international standard IEC 61508 , the safety integrity level is defined as follows:

"Four well-differentiated levels for specifying the requirement for the safety integrity of safety functions that are assigned to the E / E / PE safety-related system, with safety integrity level 4 representing the highest level of safety integrity and safety integrity level 1 being the lowest."

In industry, safety functions serve to protect the health of those employed there, the environment and goods. These safety functions are controlled by a safety circuit, which consists of various equipment such as B. sensors , control elements and actuators can be realized. The safety requirement level represents a measure of the reliability of the system depending on the risk. Processes with a lower risk are set up by a safety circuit with a lower level than processes with a higher risk. B. People can be killed. Typical safety functions are emergency shutdowns, switching off overheated devices or the monitoring of dangerous movements.

The operators of systems with safety-relevant functions define the safety integrity level for the respective safety function as part of a risk assessment . In accordance with this definition, the suitable devices are selected and combined into a system.

The device manufacturers assess their devices according to the standards. The manufacturer can do this on his own responsibility up to level 2; From level 3, this is carried out by an independent third party who issues a corresponding certificate after successful certification.

To determine the level of safety integrity, on the one hand, it is necessary to consider the failure behavior of the module under consideration. The assessment also assesses exactly whether there are redundant structures, what is the relationship between safe errors and unsafe errors, and whether the safety function must be viewed continuously or on request. The failure rates are then determined from this information. These characteristic values ​​are used to assess the safety integrity level according to the specifications of the standard.

However, considering the key figures is not sufficient for classifying the devices. It is also necessary to consider the service life of the device. Here z. B. considered the safety-related construction and similar areas. The set of standards specifies special measures for the individual levels of functional safety. This component is of particular importance when considering equipment with complex assemblies. B. Microprocessors that have an internal program. Here, special measures are set out in the standards in order to be able to react to programming errors. A particular problem here are z. B. represent errors that do not arise through own development activities, but are already contained in software tools such as compilers and the like. Only the consideration of all points allows an assessment to be made as to whether the equipment can be used in a safety circuit of the corresponding safety requirement level.

A classification of the individual assemblies according to the safety integrity level does not make sense because the standard requirements relate to the safety circuits. This means that the level can only be determined for the known interconnection of the various operating resources such as sensors, actuators, control elements, etc.

standardization

  • EN 61 508-1, Functional safety of electrical / electronic / programmable electronic safety-related systems - Part 1: General requirements (IEC 61508-1: 2010)
  • EN 61 508-2, Functional safety of electrical / electronic / programmable electronic safety-related systems - Part 2: Requirements for electrical / electronic / programmable electronic safety-related systems (IEC 61508-2: 2010)
  • EN 61 508-3, Functional safety of electrical / electronic / programmable electronic safety-related systems - Part 3: Requirements for software (IEC 61508-3: 2010)
  • EN 61 508-4, Functional safety of electrical / electronic / programmable electronic safety-related systems - Part 4: Terms and abbreviations (IEC 61508-4: 2010)
  • EN 61 508-5, Functional safety of safety-related electrical / electronic / programmable electronic systems - Part 5: Example for determining the level of safety integrity (IEC 61508-5: 2010)
  • EN 61 508-6, Functional safety of electrical / electronic / programmable electronic safety-related systems - Part 6: Application guideline for IEC 61508-2 and IEC 61508-3 (IEC 61508-6: 2010)
  • EN 61 508-7, Functional safety of electrical / electronic / programmable electronic safety-related systems - Part 7: Application notes on procedures and measures (IEC 61508-7: 2010)
  • EN 61 511-1, Functional safety - Safety systems for the process industry - Part 1: General, terms, requirements for systems, software and hardware (IEC 61511-1: 2003 + Corrigendum 2004)
  • EN 61 511-2, Functional safety - Safety systems for the process industry - Part 2: Instructions for the application of Part 1 (IEC 61511-2: 2003)
  • EN 61 511-3, Functional safety - Safety systems for the process industry - Part 3: Instructions for the determination of the required safety integrity level (IEC 61511-3: 2003 + Corrigendum 2004)
  • EN 50 129 Safety-relevant electronic systems for signaling technology
  • IEC 62304 - Medical Device Software

(Note: the above standards were published in Germany, Austria and Switzerland as national standards with the prefix DIN, ÖVE / ÖNORM or SN)

  • US RTCA DO-178B North American Avionics Software
  • US RTCA DO-254 North American Avionics Hardware
  • EUROCAE ED-12B European Airborne Flight Safety Systems
  • ISO 26262 - Road vehicles - Functional safety

Certification

  • PFD (probability of failure on demand)
  • RRF (risk reduction factor)
  • PFH (Probability of failure per hour)
  • MTBF (Mean Time Between Failures)
SIL PFD PFD (power) RRF PFH PFH (power) MTBF (h) MTBF (a)
1 0.1 ... 0.01 10 −1 ... 10 −2 00010 ... 100 0.00001 ... 0.000001 10 −5 ... 10 −6 100000 ... 1000000 10 ... 100
2 0.01 ... 0.001 10 −2 ... 10 −3 00100 ... 1,000 0.000001 ... 0.0000001 10 −6 ... 10 −7 1000000 ... 10000000 100 ... 1000
3 ,0.001 ... 0.000 1 10 −3 ... 10 −4 01,000 ... 10,000 0.0000001 ... 0.00000001 10 −7 ... 10 −8 10000000 ... 100000000 1000 ... 10000
4th 0.000 1 ... 0.000 01 10 −4 ... 10 −5 10,000 ... 100,000 0.00000001 ... 0.000000001 10 −8 ... 10 −9 100000000 ... 1000000000 10000 ... 100000

See also

literature

  • Josef Börcsök: Electronic security systems . Hüthig GmbH & Co. KG, Heidelberg 2004, ISBN 3-7785-2939-0 .
  • Josef Börcsök: Functional Safety Basics of safety systems . Hüthig GmbH & Co. KG, Heidelberg 2006, ISBN 3-7785-2985-4 .
  • Peter Wratil, Michael Kieviet: Security technology for components and systems . Hüthig GmbH & Co. KG, Heidelberg 2007, ISBN 3-7785-2984-6 .

supporting documents

  1. Security level (SIL) - ITWissen.info , July 17, 2016.