On a general level, safety functions and their capability are classified with respect to the level of safety provided. In some standards, the classification refers to Safety Integrity Levels (SIL), in some others to Performance Levels (PL) and in some others to Levels or Criticality Categories. For example with respect to IEC 61508, the mother standard of functional safety, the highest level of protection is provided with SIL 4 functions. For a SIL 4 function, the frequency of dangerous failures is allowed to be in range from 10-8 to 10-9 per hour. That means on average one failure within 100 000 000 hours of operation, or one failure within 11 400 years of operation. These numbers probably also provide the answer to the question, what makes the development of safety systems challenging.
How it is possible to achieve such impressive numbers cannot be answered in a blog text, but perhaps with several hundred pages of standard texts. And to prove the achievement of such numbers, both quantitative and qualitative analyses and evidence are typically needed. However, some of the key characteristics in achieving safety, according to our experience, include the following.
These characteristics, by the way, appear in practically all of the referred standards in previous blog. Thus, it can be concluded with confidence that the basic approach to developing critical systems is to a large extent the same regardless of the application area.
Text: Timo Vepsäläinen