Last edit: 20/06/2023
Chapter 7 deals with the four Architectures of IEC 62061. IEC 62061 remains linked to IEC 61508 approach of Route 1H.
In low demand mode, components are classified as Type A or Type B and there are two different tables to be used to decide what is the maximum SIL that a Safety Subsystem can reach. In IEC 62061, one table only is defined for all types of components and its content is similar to the one used for Type B components.
In the context of hardware safety integrity, the highest level that can be claimed by a safety-related control Systems or SCS is limited by the hardware fault tolerances (HFT) and safe failure fractions (SFF) of the subsystem that carries out the safety function: the reference to be used is Table 6 shown hereafter.
Hereafter some excerpt from the chapter.
7.1.1 The Architectural Constraints
IEC 62061 remains linked to IEC 61508 approach of Route 1H, described in § 3.4.8.
In low demand mode, components are classified as Type A or Type B, and there are two different tables to be used to decide what is the maximum SIL that a Safety Subsystem can reach. In IEC 62061, one table only is defined for all types of components, and its content is similar to the one used for Type B components.
In the context of hardware safety integrity, the highest level that can be claimed by an safetyrelated control systems or SCS is limited by the hardware fault tolerances (HFT) and safe failure fractions (SFF) of the subsystem that carries out the safety function: the reference to be used is Table 7.1, same as table 6 in IEC 62061.
[…]
7.1.2.1 Differences with ISO 13849-1
Some of the differences between the two standards are the following:
- As explained in § 3.6.2, in IEC 62061 the risk of common cause failures is evaluated with a similar table to ISO 13849-1, however there is no minimum value for the scoring.
- In Category 2, ISO 13849-1 requires that the MTTFD of the Test Channel (TE) is not lower than half the MTTFD value of the functional channel. The equivalent of Category 2 in IEC 62061 is the Basic Subsystem Architecture C. In this case, however, there is no minimum reliability level of the Fault Handling Function (λD-FH). In case the value is not according to table H.3 of the standard, the simplified formula cannot be used for the calculation of the PFHD of the subsystem and
the general formula for Basic Subsystem Architecture C must be used. - In ISO 13849-1, the MTTFD of subsystems is limited to 100 years, except for Category 4; in IEC 62061, there is no limitation of the PFHD, even when architectural constraint is applied.
- IEC 62061 uses the acronym PFH but that is exactly the same parameter as the PFHD used in ISO 13849-1 (§ 4.5.1). The reason is to be in line with IEC 61508 series.
[…]
7.2.4.2 Basic Subsystem Architecture C with Fault Handling Done by the SCS
This one is the simplest situation, since the Diagnostic and Fault Reaction Functions (equivalent to TE and OTE in ISO 13849-1) are already part of the safety function, as shown in Figure 7.10.
The fault handling function is completely performed by a separate subsystem of the SCS, which is also involved in performing the safety function, thus contributing to its PFHD.
In other terms, in this case we can ignore the reliability of the Monitoring channel since that is already taken care while calculating the reliability of the Functional Channel.