Functional safety of electrical/electronic/programmable electronic safety-related systems—Part 2:Requirements for electrical/electronic/programmable electronic safety-related systems
1 Scope
1.1 This part of the GB/T 20438 series
a) is intended to be used only after a thorough understanding of GB/T 20438.1, which provides the overall framework for the achievement of functional safety;
b) applies to any safety-related system, as defined by GB/T 20438.1, that contains at least one electrical, electronic or programmable electronic element;
c) applies to all elements within an E/E/PE safety-related system (including sensors, actuators and the operator interface);
d) specifies how to refine the E/E/PE system safety requirements specification, developed in accordance with GB/T 20438.1 (comprising the E/E/PE system safety functions requirements specification and the E/E/PE system safety integrity requirements specification), into the E/E/PE system design requirements specification;
e) specifies the requirements for activities that are to be applied during the design and manufacture of the E/E/PE safety-related systems (i.e. establishes the E/E/PE system safety lifecycle model) except software, which is dealt with in GB/T 20438.3 (see Figures 2 to 4). These requirements include the application of techniques and measures that are graded against the safety integrity level, for the avoidance of, and control of, faults and failures;
f) specifies the information necessary for carrying out the installation, commissioning and final safety validation of the E/E/PE safety-related systems;
g) does not apply to the operation and maintenance phase of the E/E/PE safety-related systems - this is dealt with in GB/T 20438.1. However, this part does provide requirements for the preparation of information and procedures needed by the user for the operation and maintenance of the E/E/PE safety-related systems;
h) specifies requirements to be met by the organisation carrying out any modification of the E/E/PE safety-related systems;
Note 1: This part is mainly directed at suppliers and/or in-company engineering departments, hence the inclusion of requirements for modification.
Note 2: The relationship between this part and GB/T 20438.3 is illustrated in Figure 4.
i) does not apply for medical equipment in compliance with the IEC 60601 series.
1.2 GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are basic safety publications, although this status does not apply in the context of low complexity E/E/PE safety-related systems (see 3.4.3 of GB/T 20438.4-2017). As basic safety publications, they are intended for use by technical committees in the preparation of standards in accordance with the principles contained in IEC Guide 104 and ISO/IEC Guide 51. GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are also intended for use as stand-alone standards. The horizontal safety function of GB/T 20438 does not apply to medical equipment in compliance with the IEC 60601 series.
1.3 One of the responsibilities of a technical committee is, wherever applicable, to make use of basic safety publications in the preparation of its publications. In this context, the requirements, test methods or test conditions of this basic safety publication will not apply unless specifically referred to or included in the publications prepared by those technical committees.
Note: The functional safety of an E/E/PE safety-related system can only be achieved when all related requirements are met. Therefore, it is important that all related requirements are carefully considered and adequately referenced.
1.4 Figure 1 shows the overall framework of the GB/T 20438 series and indicates the role that this part plays in the achievement of functional safety for E/E/PE safety-related systems. Annex A of GB/T 20438.6-2017 describes the application of GB/T 20438.2 and GB/T 20438.3.
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Definitions and abbreviations
4 Conformance to GB/T
5 Documentation
6 Management of functional safety
7 E/E/PE system safety lifecycle requirements
7.1 General
7.2 E/E/PE system design requirements specification
7.3 E/E/PE system safety validation planning
7.4 E/E/PE system design and development
7.5 E/E/PE system integration
7.6 E/E/PE system operation and maintenance procedures
7.7 E/E/PE system safety validation
7.8 E/E/PE system modification
7.9 E/E/PE system verification
8 Functional safety assessment
Annex A (Normative) Techniques and measures for E/E/PE safety-related systems – control of failures during operation
Annex B (Normative) Techniques and measures for E/E/PE safety-related systems - avoidance of systematic failures during the different phases of the lifecycle
Annex C (Normative) Diagnostic coverage and safe failure fraction
Annex D (Normative) Safety manual for compliant items
Annex E (Normative) Special architecture requirements for integrated circuits (ICs) with on-chip redundancy
Annex F (Informative) Techniques and measures for ASICs – avoidance of systematic failures
Bibliography
Figure 1 Overall framework of the GB/T 20438 series
Figure 2 E/E/PE system safety lifecycle (in realisation phase)
Figure 3 ASIC development lifecycle (the V-Model)
Figure 4 Relationship between and scope of GB/T 20438.2 and GB/T
Figure 5 Determination of the maximum SIL for specified architecture (E/E/PE safety-related subsystem comprising a number of series elements, see 7.4.4.2.3)
Figure 6 Determination of the maximum SIL for specified architecture (E/E/PE safety-related subsystem comprised of two subsystems X & Y, see 7.4.4.2.4)
Figure 7 Architectures for data communication
Table 1 Overview – realisation phase of the E/E/PE system safety lifecycle
Table 2 Maximum allowable safety integrity level for a safety function carried out by a type A safety-related element or subsystem
Table 3 Maximum allowable safety integrity level for a safety function carried out by a type B safety-related element or subsystem
Table A.1 Faults or failures to be assumed when quantifying the effect of random hardware failures or to be taken into account in the derivation of safe failure fraction
Table A.2 Electrical components
Table A.3 Electronic components
Table A.4 Processing units
Table A.5 Invariable memory ranges
Table A.6 Variable memory ranges
Table A.7 I/O units and interface (external communication)
Table A.8 Data paths (internal communication)
Table A.9 Power supply
Table A.10 Program sequence (watch-dog)
Table A.11 Clock
Table A.12 Communication and mass storage
Table A.13 Sensors
Table A.14 Final elements (actuators)
Table A.15 Techniques and measures to control systematic failures caused by hardware design
Table A.16 Techniques and measures to control systematic failures caused by environmental stress or influences
Table A.17 Techniques and measures to control systematic operational failures
Table A.18 Effectiveness of techniques and measures to control systematic failures
Table B.1 Techniques and measures to avoid mistakes during specification of E/E/PE system design requirements (see 7.2)
Table B.2 Techniques and measures to avoid introducing faults during E/E/PE system design and development (see 7.4)
Table B.3 Techniques and measures to avoid faults during E/E/PE system integration (see 7.5)
Table B.4 Techniques and measures to avoid faults and failures during E/E/PE system operation and maintenance procedures (see 7.6)
Table B.5 Techniques and measures to avoid faults during E/E/PE system safety validation (see 7.7)
Table B.6 Effectiveness of techniques and measures to avoid systematic failures
Table E.1 Techniques and measures that increase βB-IC
Table E.2 Techniques and measures that decrease βB-IC
Table F.1 Techniques and measures to avoid introducing faults during ASIC’s design and development – full and semi-custom digital ASICs (see 7.4.6.7)
Table F.2 Techniques and measures to avoid introducing faults during ASIC design and development: User programmable ICs (FPGA/PLD/CPLD) (see 7.4.6.7)
GB/T 20438.2-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems—Part 2:Requirements for electrical/electronic/programmable electronic safety-related systems (English Version)
Standard No.
GB/T 20438.2-2017
Status
valid
Language
English
File Format
PDF
Word Count
35000 words
Price(USD)
580.0
Implemented on
2018-7-1
Delivery
via email in 1 business day
Detail of GB/T 20438.2-2017
Standard No.
GB/T 20438.2-2017
English Name
Functional safety of electrical/electronic/programmable electronic safety-related systems—Part 2:Requirements for electrical/electronic/programmable electronic safety-related systems
1 Scope
1.1 This part of the GB/T 20438 series
a) is intended to be used only after a thorough understanding of GB/T 20438.1, which provides the overall framework for the achievement of functional safety;
b) applies to any safety-related system, as defined by GB/T 20438.1, that contains at least one electrical, electronic or programmable electronic element;
c) applies to all elements within an E/E/PE safety-related system (including sensors, actuators and the operator interface);
d) specifies how to refine the E/E/PE system safety requirements specification, developed in accordance with GB/T 20438.1 (comprising the E/E/PE system safety functions requirements specification and the E/E/PE system safety integrity requirements specification), into the E/E/PE system design requirements specification;
e) specifies the requirements for activities that are to be applied during the design and manufacture of the E/E/PE safety-related systems (i.e. establishes the E/E/PE system safety lifecycle model) except software, which is dealt with in GB/T 20438.3 (see Figures 2 to 4). These requirements include the application of techniques and measures that are graded against the safety integrity level, for the avoidance of, and control of, faults and failures;
f) specifies the information necessary for carrying out the installation, commissioning and final safety validation of the E/E/PE safety-related systems;
g) does not apply to the operation and maintenance phase of the E/E/PE safety-related systems - this is dealt with in GB/T 20438.1. However, this part does provide requirements for the preparation of information and procedures needed by the user for the operation and maintenance of the E/E/PE safety-related systems;
h) specifies requirements to be met by the organisation carrying out any modification of the E/E/PE safety-related systems;
Note 1: This part is mainly directed at suppliers and/or in-company engineering departments, hence the inclusion of requirements for modification.
Note 2: The relationship between this part and GB/T 20438.3 is illustrated in Figure 4.
i) does not apply for medical equipment in compliance with the IEC 60601 series.
1.2 GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are basic safety publications, although this status does not apply in the context of low complexity E/E/PE safety-related systems (see 3.4.3 of GB/T 20438.4-2017). As basic safety publications, they are intended for use by technical committees in the preparation of standards in accordance with the principles contained in IEC Guide 104 and ISO/IEC Guide 51. GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are also intended for use as stand-alone standards. The horizontal safety function of GB/T 20438 does not apply to medical equipment in compliance with the IEC 60601 series.
1.3 One of the responsibilities of a technical committee is, wherever applicable, to make use of basic safety publications in the preparation of its publications. In this context, the requirements, test methods or test conditions of this basic safety publication will not apply unless specifically referred to or included in the publications prepared by those technical committees.
Note: The functional safety of an E/E/PE safety-related system can only be achieved when all related requirements are met. Therefore, it is important that all related requirements are carefully considered and adequately referenced.
1.4 Figure 1 shows the overall framework of the GB/T 20438 series and indicates the role that this part plays in the achievement of functional safety for E/E/PE safety-related systems. Annex A of GB/T 20438.6-2017 describes the application of GB/T 20438.2 and GB/T 20438.3.
Contents of GB/T 20438.2-2017
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Definitions and abbreviations
4 Conformance to GB/T
5 Documentation
6 Management of functional safety
7 E/E/PE system safety lifecycle requirements
7.1 General
7.2 E/E/PE system design requirements specification
7.3 E/E/PE system safety validation planning
7.4 E/E/PE system design and development
7.5 E/E/PE system integration
7.6 E/E/PE system operation and maintenance procedures
7.7 E/E/PE system safety validation
7.8 E/E/PE system modification
7.9 E/E/PE system verification
8 Functional safety assessment
Annex A (Normative) Techniques and measures for E/E/PE safety-related systems – control of failures during operation
Annex B (Normative) Techniques and measures for E/E/PE safety-related systems - avoidance of systematic failures during the different phases of the lifecycle
Annex C (Normative) Diagnostic coverage and safe failure fraction
Annex D (Normative) Safety manual for compliant items
Annex E (Normative) Special architecture requirements for integrated circuits (ICs) with on-chip redundancy
Annex F (Informative) Techniques and measures for ASICs – avoidance of systematic failures
Bibliography
Figure 1 Overall framework of the GB/T 20438 series
Figure 2 E/E/PE system safety lifecycle (in realisation phase)
Figure 3 ASIC development lifecycle (the V-Model)
Figure 4 Relationship between and scope of GB/T 20438.2 and GB/T
Figure 5 Determination of the maximum SIL for specified architecture (E/E/PE safety-related subsystem comprising a number of series elements, see 7.4.4.2.3)
Figure 6 Determination of the maximum SIL for specified architecture (E/E/PE safety-related subsystem comprised of two subsystems X & Y, see 7.4.4.2.4)
Figure 7 Architectures for data communication
Table 1 Overview – realisation phase of the E/E/PE system safety lifecycle
Table 2 Maximum allowable safety integrity level for a safety function carried out by a type A safety-related element or subsystem
Table 3 Maximum allowable safety integrity level for a safety function carried out by a type B safety-related element or subsystem
Table A.1 Faults or failures to be assumed when quantifying the effect of random hardware failures or to be taken into account in the derivation of safe failure fraction
Table A.2 Electrical components
Table A.3 Electronic components
Table A.4 Processing units
Table A.5 Invariable memory ranges
Table A.6 Variable memory ranges
Table A.7 I/O units and interface (external communication)
Table A.8 Data paths (internal communication)
Table A.9 Power supply
Table A.10 Program sequence (watch-dog)
Table A.11 Clock
Table A.12 Communication and mass storage
Table A.13 Sensors
Table A.14 Final elements (actuators)
Table A.15 Techniques and measures to control systematic failures caused by hardware design
Table A.16 Techniques and measures to control systematic failures caused by environmental stress or influences
Table A.17 Techniques and measures to control systematic operational failures
Table A.18 Effectiveness of techniques and measures to control systematic failures
Table B.1 Techniques and measures to avoid mistakes during specification of E/E/PE system design requirements (see 7.2)
Table B.2 Techniques and measures to avoid introducing faults during E/E/PE system design and development (see 7.4)
Table B.3 Techniques and measures to avoid faults during E/E/PE system integration (see 7.5)
Table B.4 Techniques and measures to avoid faults and failures during E/E/PE system operation and maintenance procedures (see 7.6)
Table B.5 Techniques and measures to avoid faults during E/E/PE system safety validation (see 7.7)
Table B.6 Effectiveness of techniques and measures to avoid systematic failures
Table E.1 Techniques and measures that increase βB-IC
Table E.2 Techniques and measures that decrease βB-IC
Table F.1 Techniques and measures to avoid introducing faults during ASIC’s design and development – full and semi-custom digital ASICs (see 7.4.6.7)
Table F.2 Techniques and measures to avoid introducing faults during ASIC design and development: User programmable ICs (FPGA/PLD/CPLD) (see 7.4.6.7)