6.2 IEC 62061:2005+AMD1:2012+AMD2:2015
This standard is applicable in the specification, design and verification or validation of safety-related electrical
control systems (SRECS) of machines. SRECS is the electrical or electronics control system of the machine
which failure could lead to reduction or loss of safety. SRECS implements a safety-related control function (SRCF)
to prevent any increase of the risk.
Because STM32xx has been classified as Type B according IEC61508 (refer to Section 3.2.2 ), it must be
considered as a “complex component” in IEC62061 definition.
6.2.1 IEC 62061 architectural categories
IEC 62061 defines a set of basic system architectures to be used for the design of safety-related electrical
control systems (SRECS) implementing their SRCFs. The following table lists for each system architecture the
possible implementation/mapping by/to one of the IEC 61508 compliant architectures described in this manual in
Section 3 .
Safety metrics related to STM32xx MCU can be reused from IEC61508 analysis (refer to Device FMEDA), while
their combination with the ones related to other devices included in the system is full responsibility of End user.
Table 155. IEC 62061 architectural categories
IEC 62061
Link to IEC61508-compliant safety
architectures
Notes/constraints
Architecture Clause
A 6.7.8.2.2
Equivalent of 1oo1, with HFT = 0, no
diagnostic function(s) implemented.
-
B 6.7.8.2.3
Equivalent to 1oo2 with HFT = 1, a single
failure does not lead to the loss of SRCF.
No diagnostic function(s) implemented.
-
C 6.7.8.2.4 Equivalent of 1oo1 architecture.
All requirements related to 1oo1 architecture
must be implemented.
D 6.7.8.2.5 Equivalent of 1oo2 architecture.
All requirements related to 1oo2 architecture
must be implemented.
6.2.2 IEC 62061 safety metrics computation
The failure rate (λ) in T is the smaller proof test interval or the life time of the subsystem.
As seen in ISO 13849, the approximation §6.7.8.2.1 NOTE2 is still considered valid, hence
λ = 1 / MTTFd, where it is assumed that 1 >> λ x T.
So, as PFH
D
= λ
D
x 1h, so PFD = 1 / MTTFd.
Safety analysis executed for STM32L4 and STM32L4+ Series devices according to IEC 61508 is more and more
accurate for the definition of dangerous failure identifications that can be re-mapped in IEC 62061 domain. Thus,
values of λ, PFH and SFF that are reported in the FMEDA (refer to Section 4 Safety results), are still valid and
can be reused.
For evaluation of CCF in basic architectures with HFT = 1, End user can rely to what reported in
Section 4.2 Analysis of dependent failures, and to the guidelines included in IEC 61508:2010-6 Annex D.
Alternatively, End user can apply the simplified approach from the standard (refer to Annex F) to calculate the β
factor value to be used in formulas for PFD.
UM2305
IEC 62061:2005+AMD1:2012+AMD2:2015
UM2305 - Rev 10
page 98/110
To Next Page
Loading...
Need help?
General
