1 Scope
1.1 This GB/T 20438 covers those aspects to be considered when electrical/electronic/programmable electronic (E/E/PE) systems are used to carry out safety functions. A major objective of GB/T 20438 is to facilitate the development of product and application sector national standards by the technical committees responsible for the product or application sector. This will allow all the relevant factors, associated with the product or application, to be fully taken into account and thereby meet the specific needs of users of the product and the application sector. A second objective of GB/T 20438 is to enable the development of E/E/PE safety-related systems where product or application sector national standards do not exist.
1.2 In particular, GB/T 20438
a) applies to safety-related systems when one or more of such systems incorporates electrical/electronic/programmable electronic elements;
Note 1: In the context of low complexity E/E/PE safety-related systems, certain requirements specified in GB/T 20438 may be unnecessary, and exemption from compliance with such requirements is possible (see 4.2, and the definition of a low complexity E/E/PE safety-related system in 3.4.3 of GB/T 20438.4-2017).
Note 2: Although a person can form part of a safety-related system (see 3.4.1 of GB/T 20438.4-2017), human factor requirements related to the design of E/E/PE safety-related systems are not considered in detail in GB/T 20438.
b) is generically-based and applicable to all E/E/PE safety-related systems irrespective of the application;
c) covers the achievement of a tolerable risk through the application of E/E/PE safety-related systems, but does not cover hazards arising from the E/E/PE equipment itself (for example electric shock);
d) applies to all types of E/E/PE safety-related systems, including protection systems and control systems;
e) does not cover E/E/PE systems where
——a single E/E/PE system is capable on its own of meeting the tolerable risk, and
——the required safety integrity of the safety functions of the single E/E/PE system is less than that specified for safety integrity level 1 (the lowest safety integrity level in GB/T 20438).
f) is mainly concerned with the E/E/PE safety-related systems whose failure could have an impact on the safety of persons and/or the environment; however, it is recognized that the consequences of failure could also have serious economic implications and in such cases GB/T 20438 could be used to specify any E/E/PE system used for the protection of
equipment or product;
Note 3: See 3.1.1 of GB/T 20438.4-2017.
g) considers E/E/PE safety-related systems and other risk reduction measures, in order that the safety requirements specification for the E/E/PE safety-related systems can be determined in a systematic, risk-based manner;
h) uses an overall safety lifecycle model as the technical framework for dealing systematically with the activities necessary for ensuring the functional safety of the E/E/PE safety-related systems;
Note 4: Although the overall safety lifecycle is primarily concerned with E/E/PE safety-related systems, it could also provide a technical framework for considering any safety-related system irrespective of the technology of that system (for example mechanical, hydraulic or pneumatic).
i) does not specify the safety integrity levels required for sector applications (which must be based on detailed information and knowledge of the sector application). The technical committees responsible for the specific application sectors shall specify, where appropriate, the safety integrity levels in the application sector standards;
j) provides general requirements for E/E/PE safety-related systems where no product or application sector standards exist;
k) requires malevolent and unauthorised actions to be considered during hazard and risk analysis. The scope of the analysis includes all relevant safety lifecycle phases;
Note 5: Other IEC/ISO standards address this subject in depth; see ISO/IEC/TR 19791 and IEC 62443 series.
l) does not cover the precautions that may be necessary to prevent unauthorized persons damaging, and/or otherwise adversely affecting, the functional safety of E/E/PE safety-related systems (see k) above);
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Definitions and abbreviations
4 Conformance to GB/T 2
5 Documentation
5.1 Objectives
5.2 Requirements
6 Management of functional safety
6.1 Objectives
6.2 Requirements
7 Overall safety lifecycle requirements
7.1 General
7.2 Concepts
7.3 Overall scope definition
7.4 Hazard and risk analysis
7.5 Overall safety requirements
7.6 Overall safety requirements allocation
7.7 Overall operation and maintenance planning
7.8 Overall safety validation planning
7.9 Overall installation and commissioning planning
7.10 E/E/PE system safety requirements specification
7.11 E/E/PE safety-related systems – realisation
7.12 Other risk reduction measures-specification and realisation
7.13 Overall installation and commissioning
7.14 Overall safety validation
7.15 Overall operation, maintenance and repair
7.16 Overall modification and retrofit
7.17 Decommissioning or disposal
7.18 Verification
8 Functional safety assessment
8.1 Objective
8.2 Requirements
Annex A (Informative) Example of a documentation structure
Bibliography
Figure 1 Overall framework of the GB/T 20438 series
Figure 2 Overall safety lifecycle
Figure 3 E/E/PE system safety lifecycle (in realisation phase)
Figure 4 Software safety lifecycle (in realisation phase)
Figure 5 Relationship of overall safety lifecycle to the E/E/PE system and software safety lifecycles
Figure 6 Allocation of overall safety requirements to E/E/PE safety-related systems and other risk reduction measures
Figure 7 Example of operations and maintenance activities model
Figure 8 Example of operation and maintenance management model
Figure 9 Example of modification procedure model
Figure A.1 Structuring information into document sets for user groups
Table 1 Overall safety lifecycle - overview
Table 2 Safety integrity levels – target failure measures for a safety function operating in low demand mode of operation
Table 3 Safety integrity levels – target failure measures for a safety function operating in high demand mode of operation or continuous mode of operation
Table 4 Minimum levels of independence of those carrying out functional safety assessment [overall safety lifecycle phases 1 to 8 and 12 to 16 inclusive (see Figure 2)]
Table 5 Minimum levels of independence of those carrying out functional safety assessment [overall safety lifecycle phases 9 and 10, including all phases of E/E/PE system and software safety lifecycles (see Figures 2, 3 and 4)]
Table A.1 Example of a documentation structure for information related to the overall safety lifecycle
Table A.2 Example of a documentation structure for information related to the E/E/PE system safety lifecycle
Table A.3 Example of a documentation structure for information related to the software safety lifecycle
1 Scope
1.1 This GB/T 20438 covers those aspects to be considered when electrical/electronic/programmable electronic (E/E/PE) systems are used to carry out safety functions. A major objective of GB/T 20438 is to facilitate the development of product and application sector national standards by the technical committees responsible for the product or application sector. This will allow all the relevant factors, associated with the product or application, to be fully taken into account and thereby meet the specific needs of users of the product and the application sector. A second objective of GB/T 20438 is to enable the development of E/E/PE safety-related systems where product or application sector national standards do not exist.
1.2 In particular, GB/T 20438
a) applies to safety-related systems when one or more of such systems incorporates electrical/electronic/programmable electronic elements;
Note 1: In the context of low complexity E/E/PE safety-related systems, certain requirements specified in GB/T 20438 may be unnecessary, and exemption from compliance with such requirements is possible (see 4.2, and the definition of a low complexity E/E/PE safety-related system in 3.4.3 of GB/T 20438.4-2017).
Note 2: Although a person can form part of a safety-related system (see 3.4.1 of GB/T 20438.4-2017), human factor requirements related to the design of E/E/PE safety-related systems are not considered in detail in GB/T 20438.
b) is generically-based and applicable to all E/E/PE safety-related systems irrespective of the application;
c) covers the achievement of a tolerable risk through the application of E/E/PE safety-related systems, but does not cover hazards arising from the E/E/PE equipment itself (for example electric shock);
d) applies to all types of E/E/PE safety-related systems, including protection systems and control systems;
e) does not cover E/E/PE systems where
——a single E/E/PE system is capable on its own of meeting the tolerable risk, and
——the required safety integrity of the safety functions of the single E/E/PE system is less than that specified for safety integrity level 1 (the lowest safety integrity level in GB/T 20438).
f) is mainly concerned with the E/E/PE safety-related systems whose failure could have an impact on the safety of persons and/or the environment; however, it is recognized that the consequences of failure could also have serious economic implications and in such cases GB/T 20438 could be used to specify any E/E/PE system used for the protection of
equipment or product;
Note 3: See 3.1.1 of GB/T 20438.4-2017.
g) considers E/E/PE safety-related systems and other risk reduction measures, in order that the safety requirements specification for the E/E/PE safety-related systems can be determined in a systematic, risk-based manner;
h) uses an overall safety lifecycle model as the technical framework for dealing systematically with the activities necessary for ensuring the functional safety of the E/E/PE safety-related systems;
Note 4: Although the overall safety lifecycle is primarily concerned with E/E/PE safety-related systems, it could also provide a technical framework for considering any safety-related system irrespective of the technology of that system (for example mechanical, hydraulic or pneumatic).
i) does not specify the safety integrity levels required for sector applications (which must be based on detailed information and knowledge of the sector application). The technical committees responsible for the specific application sectors shall specify, where appropriate, the safety integrity levels in the application sector standards;
j) provides general requirements for E/E/PE safety-related systems where no product or application sector standards exist;
k) requires malevolent and unauthorised actions to be considered during hazard and risk analysis. The scope of the analysis includes all relevant safety lifecycle phases;
Note 5: Other IEC/ISO standards address this subject in depth; see ISO/IEC/TR 19791 and IEC 62443 series.
l) does not cover the precautions that may be necessary to prevent unauthorized persons damaging, and/or otherwise adversely affecting, the functional safety of E/E/PE safety-related systems (see k) above);
Contents of GB/T 20438.1-2017
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Definitions and abbreviations
4 Conformance to GB/T 2
5 Documentation
5.1 Objectives
5.2 Requirements
6 Management of functional safety
6.1 Objectives
6.2 Requirements
7 Overall safety lifecycle requirements
7.1 General
7.2 Concepts
7.3 Overall scope definition
7.4 Hazard and risk analysis
7.5 Overall safety requirements
7.6 Overall safety requirements allocation
7.7 Overall operation and maintenance planning
7.8 Overall safety validation planning
7.9 Overall installation and commissioning planning
7.10 E/E/PE system safety requirements specification
7.11 E/E/PE safety-related systems – realisation
7.12 Other risk reduction measures-specification and realisation
7.13 Overall installation and commissioning
7.14 Overall safety validation
7.15 Overall operation, maintenance and repair
7.16 Overall modification and retrofit
7.17 Decommissioning or disposal
7.18 Verification
8 Functional safety assessment
8.1 Objective
8.2 Requirements
Annex A (Informative) Example of a documentation structure
Bibliography
Figure 1 Overall framework of the GB/T 20438 series
Figure 2 Overall safety lifecycle
Figure 3 E/E/PE system safety lifecycle (in realisation phase)
Figure 4 Software safety lifecycle (in realisation phase)
Figure 5 Relationship of overall safety lifecycle to the E/E/PE system and software safety lifecycles
Figure 6 Allocation of overall safety requirements to E/E/PE safety-related systems and other risk reduction measures
Figure 7 Example of operations and maintenance activities model
Figure 8 Example of operation and maintenance management model
Figure 9 Example of modification procedure model
Figure A.1 Structuring information into document sets for user groups
Table 1 Overall safety lifecycle - overview
Table 2 Safety integrity levels – target failure measures for a safety function operating in low demand mode of operation
Table 3 Safety integrity levels – target failure measures for a safety function operating in high demand mode of operation or continuous mode of operation
Table 4 Minimum levels of independence of those carrying out functional safety assessment [overall safety lifecycle phases 1 to 8 and 12 to 16 inclusive (see Figure 2)]
Table 5 Minimum levels of independence of those carrying out functional safety assessment [overall safety lifecycle phases 9 and 10, including all phases of E/E/PE system and software safety lifecycles (see Figures 2, 3 and 4)]
Table A.1 Example of a documentation structure for information related to the overall safety lifecycle
Table A.2 Example of a documentation structure for information related to the E/E/PE system safety lifecycle
Table A.3 Example of a documentation structure for information related to the software safety lifecycle
