ISO 17305 - WD 4 summary


Date:   2015-04-03

ISO/IEC WD 17305.4


Secretariat:   AFNOR/UNM

Safety of machinery — Design of control system to realize safety functions

Sécurité des machines — Conception du système de commande pour réaliser les fonctions de sécurité




Initial situation of the project

Objectives of the project

Position of this document within the structure of machinery safety standards

1          Scope

2          Normative references

3          Terms and definitions, symbols and abbreviated terms

3.1        Terms and definitions

4          Overview of the design process of an SCS

4.1        Objective

4.2        Design process

4.3        Safety plan

4.4        Design Modification

5          Specification of a safety function

5.1        General

5.2        General description of the safety function

5.3        Detailed description of the functional requirement

5.4        Required safety integrity for a safety function

5.5        Documentation of the safety function

5.6        Example of safety functions

6          Design of a SCS to perform a safety function

6.1        General

6.2        Basic methodology – Use of subsystems

6.3        Design of the SCS by the integration of subsystems

7          Design and development of subsystems

7.1        General

7.2        Subsystem design and development process

7.3        Requirements for the selection and design of subsystem and subsystem elements

7.4        Categories as architectural constraints of a subsystem

7.5        Probability of dangerous random hardware failures of subsystems

8          Software

8.1        General

8.2        Introduction of SW routes

8.3        Software Safety Requirements Specification

8.4        Coding

8.5        Testing of SWR1

9          Validation process

9.1        Validation principles

9.2        Validation of the safety function on the machine

10         Documentation

10.1      Technical documentation

10.2      Information for use of the SCS

Annex A (Informative)  Determination of required safety integrity

A.1       General

A.2       Graph assignment for PL/SIL

A.3       Matrix assignment for PL/SIL

A.4       Overlapping hazards.

Annex B (informative)  Block method and safety-related block diagram

B.1       Block-method

B.2       Safety-related block diagram

Annex C (informative)  Examples of MTTFd values for single components

C.1       General

C.2       Good engineering practices method

C.3       Hydraulic components

C.4       MTTFd of pneumatic, mechanical and electromechanical components

C.5       MTTFd data of electrical components

C.6       Passive components

Annex D (informative)  Parts count method

D.1       Parts count method

D.2       MTTFd for different channels, symmetrization of MTTFd for each channel

Annex E (informative)   Estimation of average DC (DCavg)

E.1       Examples for diagnostic coverage (DC)

E.2       Estimation of average DC (DCavg)

Annex F (informative)  Methodology for the estimation of susceptibility to common cause failures (CCF) (suitable for Annex K.3 and K.4)

F.1       General

F.2       Methodology suitable for Annex K.3

F.3       Methodology suitable for Annex K.4

Annex G (Informative)   Risk quantification mode

G.1       General

Annex H (Void)

Annex I (informative)  Examples for the machine builder implementing ISO/IEC 17305

I.1        General

Annex J (informative)  Software

J.1        Cause & Effect Table

J.2        Example 1

J.3        Example 2

J.4        Example 3

J.5        Programming guideline

Annex K (informative)  Simplified approaches to evaluating the PFHd of a subsystem

K.1       General

K.2       Table allocation approach

K.3       Numerical approach

K.4       Formulas

K.5       Description of the output part of the safety function by Category

Annex L (informative)   Example of verification of fault behaviour and diagnostic means

L.1       General

L.2       Description of machine

L.3       Specification of safety function requirements

L.4       Design of SCS

L.5       Validation

Annex M (informative)   Basic and well-tried safety principles

M.1       General

M.2       Verification principles for mechanical elements

M.3       Verification principles for pneumatic elements

M.4       Verification principles for hydraulic elements

M.5       Verification principles for electromechanical and electronic elements

Annex N (Void)

Annex R (informative)  Generic approaches to determine the reliability indicator for devices in functional safety applications (Guideline).


R.1       The foundation of statistics-based safety engineering

R.2       Reference Values for Devices

R.3       Determination of reliability indicator based on calculation methods

R.4       Determination of reliability indicator based on test methods

R.5       Determination of reliability indicator based on the evaluation of field failures

R.6       Estimation of the ratio of dangerous failure (RDF)

R.7       Estimation of the MTTFd for the whole Subsystem and symmetrization per channel

R.8       Bibliography

1.1        Databases


In total more than 200 pages