A Change impact analysis for other safety standards
The safety analysis reported in this Safety Manual is executed according to IEC 61508 safety norm. This
appendix reports the outcomes of a change impact analysis with respect to different safety standards. The
following topics are considered for each addressed new safety standard:
• Differences in the suggested hardware architecture (architectural categories), and how to map to safety
architectures of IEC 61508.
• Differences in the safety integrity level definitions and metrics computation methods, and how to recompute
and judge the safety performances of STM32F2 Series devices according to the new standard.
• Work products required by the new safety norms, and how to remap or rework (if needed) the existing work
products resulting as output of the IEC 61508 compliance activity.
The safety standards examined within this change impact analysis are the followings:
• ISO 13849-1:2006, ISO 13849-2:2010 – Safety of machinery and Safety-related parts of control systems,
• IEC 62061:2012-11, ed. 1.1 –Safety of machinery and Functional safety of safety-related electrical,
electronic and programmable electronic control systems,
• IEC 61800-5-2:2007, ed.1.0 –Adjustable speed electrical power drive systems – Part 5-2: Safety
requirements – Functional,
• ISO 26262:2010 – Road vehicles - Electrical or electronic (EE) systems.
A.1 ISO 13849-1 / ISO 13849-2
The ISO 13849-1 is a type B1 standard. It provides a guideline for the development of safety-related parts of
machinery control systems (SRP or CS) including programmable electronics, hardware and software.
A.1.1 ISO 13849 architectural categories
The section §6.2 of ISO 13849 identifies five categories for the basic parameters, DC, MTTFd and CCF, reflecting
the expected resistance to faults of SRP or CS under design and needed for achieving the required PLr. For each
category, the standard suggests a typical architecture that meets the related requirements.
Considering ISO 13849 architectural categories defined in §6.2 and focusing on microcontrollers, Table 119.
presents a summary for end users willing to develop Logic Solver units suitable for safety critical channels and
performing a defined safety function.
The assumptions are listed hereafter:
1. The safety function is realized by combining in series the elements (SRP or CS) input system, signal
processing unit, output system.
2. The SRP or CSs elements may be assigned to one or different categories and different PLs.
3. The safety function is completely in the scope of the end user application.
4. The STM32F2 Series MCUs with the adoption of safety mechanism described in this Safety Manual as
single compliant item is by itself suitable for CM application up to PLd (equivalent to SIL2).
The ISO 13849 architectural categories for Logic Solver are shown in the following table.
Table 119. ISO 13849 architectural categories
Cat. Ref. § Summary Designated architecture of Logic
Block
diagram
B 6.2.3
The main category; occurrence of one fault can lead to the loss of the
safety function.
No need of DC and CCF (usually single channel), MTTFd is low or
medium.
Highest achievable is PL = b
Single channel architecture, one MCU in
1oo1
Refer to Section 3
Compliant item’s MTTFd = high
Figure 6.
UM1845
Change impact analysis for other safety standards
UM1845 - Rev 4
page 87/108
To Next Page
Loading...
