IndustryHub
LEARN / STANDARDS / IEC

IEC 61508

IEC 61508

Functional Safety of Electrical / Electronic / Programmable Electronic Safety-related Systems

IEC 61508 is the foundational, sector-independent standard for functional safety of electrical, electronic and programmable electronic (E/E/PE) safety-related systems. It is the parent framework from which IEC 61511 (process), IEC 62061 (machinery), ISO 26262 (automotive), IEC 61513 (nuclear) and EN 5012x (railway) are derived.

Body
IEC
Family
Functional Safety
First published
1998-2000
Latest revision
2010 (Edition 2)
Next revision
Edition 3 under development (expected 2027-2028)
Status
current
Access
Paid (IEC webstore — ~700 CHF for the 7 parts)

Document structure

IEC 61508-1

General requirements

Overall safety lifecycle (16 phases), management of functional safety, documentation, competence.

IEC 61508-2

Requirements for electrical/electronic/programmable electronic safety-related systems

Hardware design requirements : architectural constraints (Tables 2 + 3 — Type A vs B), HFT/SFF, diagnostic coverage, common cause failure (β-factor).

IEC 61508-3

Software requirements

Software safety lifecycle (V-model), techniques per SIL (Annex A/B Tables), software safety integrity levels.

IEC 61508-4

Definitions and abbreviations

Reference vocabulary — over 200 defined terms used consistently across IEC 61511 and other sector standards.

IEC 61508-5

Examples of methods for the determination of safety integrity levels

Risk-based, hazardous event severity matrix, and quantitative approaches. Largely superseded by sector standards' Annexes (IEC 61511-3, ISO 13849-1).

IEC 61508-6

Guidelines on the application of IEC 61508-2 and IEC 61508-3

The reference for PFD/PFH calculation. Simplified equations and tables for 1oo1, 1oo2, 2oo2, 1oo3, 2oo3 architectures. The math engine of every functional safety tool — including the [Functional Safety app](https://fs.industryhub.cloud) PFD module.

IEC 61508-7

Overview of techniques and measures

Catalogue of techniques referenced by SIL Tables in parts 2 and 3 (e.g., 'Failure detection by on-line monitoring', 'Static analysis', 'Defensive programming').

Key concepts

Electrical / Electronic / Programmable Electronic system(E/E/PE)
Any technology-based safety-related system : relay logic (E), discrete logic (E), microprocessor or FPGA based (PE). Excludes purely mechanical or pneumatic safety devices, which fall under other standards.
Safety Integrity Level(SIL)
Discrete level (1 to 4) defined here for the first time. SIL 1 ≈ 90-99% availability, SIL 4 ≈ 99.99-99.999%. Each sector adopted these levels with their own demand-mode/architecture-mode interpretation.
Low Demand Mode vs High Demand / Continuous Mode
Critical distinction in IEC 61508-4. Low Demand (demand rate < 1/year, e.g., a process trip system) → metric is PFDavg. High Demand or Continuous Mode (e.g., a machinery brake) → metric is PFH (Probability of dangerous Failure per Hour).
Probability of Failure on Demand(PFD / PFDavg)
For Low Demand Mode. SIL 1: 10⁻² ≤ PFD < 10⁻¹; SIL 2: 10⁻³ ≤ PFD < 10⁻²; SIL 3: 10⁻⁴ ≤ PFD < 10⁻³; SIL 4: 10⁻⁵ ≤ PFD < 10⁻⁴.
Probability of dangerous Failure per Hour(PFH)
For High Demand / Continuous Mode. SIL 1: 10⁻⁶ ≤ PFH < 10⁻⁵ per hour; SIL 2: 10⁻⁷ ≤ PFH < 10⁻⁶; SIL 3: 10⁻⁸ ≤ PFH < 10⁻⁷; SIL 4: 10⁻⁹ ≤ PFH < 10⁻⁸.
Type A vs Type B subsystem
Type A (clause 7.4.4.1.2) : all failure modes well-defined, predictable behavior in failure, sufficient field data. Type B = more complex (microprocessors, software). Tables 2 (Type A) and 3 (Type B) define HFT and SFF requirements per SIL — Type B is stricter.
Hardware Fault Tolerance(HFT)
Number of failures the subsystem can tolerate while still performing its safety function. HFT=0 → 1oo1 (any fault disables the function); HFT=1 → 1oo2 or 2oo3 (one fault tolerable); HFT=2 → 1oo3, 2oo4.
Safe Failure Fraction(SFF)
SFF = (λSD + λSU + λDD) / λtot. Fraction of failures that are either safe (S) or dangerous-but-detected (DD). High SFF → diagnostics catch most dangerous failures before they accumulate.
Diagnostic Coverage(DC)
Fraction of dangerous failures detected by built-in diagnostics. DC=99% means automated tests reveal 99 out of 100 dangerous failures. High DC reduces effective dangerous failure rate.
Common Cause Failure(CCF / β-factor)
When redundant channels fail from the same cause (fire, EMI, common manufacturing defect, software bug). Modeled with a β-factor (typically 2-10%). β=10% means 10% of dangerous failures occur simultaneously across all redundant channels — drastically degrades the benefit of redundancy.
Element / Subsystem
Hierarchical decomposition : an element is a basic building block (sensor, valve), a subsystem groups elements into a functional unit (input subsystem = sensor + signal conditioning). PFD/PFH computed at subsystem level.
Proof Test(PT)
Periodic full functional test that restores the subsystem to 'as-good-as-new'. Test interval T1 directly impacts PFDavg in low-demand mode. Imperfect proof test coverage (PTC < 100%) → residual failure modes accumulate.

Notes & guidance

The grandfather standard

IEC 61508 is the horizontal functional safety standard — meaning it applies to no industry in particular and to all of them at once. Published 1998-2000 as a 7-part document, revised in 2010, it created the SIL framework that the entire safety industry now uses.

Every sector then wrote its own vertical standard that adapts IEC 61508 to its specifics:

Vertical sectorSector standardDifferences from IEC 61508
Process industryIEC 61511LOPA, Risk Graph, Operations + MOC emphasis
MachineryIEC 62061 + ISO 13849-1High-demand mode dominant, PL ↔ SIL mapping
AutomotiveISO 26262ASIL A-D instead of SIL, hazard-driven not risk-driven
RailwayEN 50126 / 50128 / 50129THR (Tolerable Hazard Rate) framework
NuclearIEC 61513Defense in depth, very prescriptive
MedicalIEC 62304 (software-centric)SoftRel + IEC 60601 mix

When to read IEC 61508 directly (vs. just your sector standard)

In daily process-industry work, you’ll mostly cite IEC 61511. But there are 4 situations where IEC 61508 itself is the right reference:

  1. You’re a vendor of safety components. You need to be certified per IEC 61508-2 (hardware) and IEC 61508-3 (software). Your datasheets state “Type B SIL 3 capable per IEC 61508-2” — not per IEC 61511.

  2. You design custom safety logic. If your SIS includes a custom microcontroller board or you write safety-related software (more than just configuration), parts -2 and -3 are mandatory.

  3. You’re doing the actual PFD math. The simplified equations and Markov reference cases live in IEC 61508-6. The Functional Safety app PFD engine implements exactly these formulas.

  4. You’re working in a sector without its own standard yet (some emerging fields — hydrogen storage, large battery storage, certain renewables). Then IEC 61508 itself is your reference.

The 16-phase lifecycle (same as IEC 61511)

1. Concept
2. Overall scope definition
3. Hazard and risk analysis
4. Overall safety requirements
5. Safety requirements allocation
6. Overall planning (operation/maintenance, safety validation, installation, commissioning)
7. Safety-related system design and development : E/E/PE
8. Safety-related system design : other technology
9. Safety-related system design : external risk reduction facilities
10. Overall installation and commissioning
11. Overall safety validation
12. Overall operation, maintenance, repair
13. Overall modification and retrofit
14. Decommissioning or disposal
15. Verification (cross-cutting)
16. Functional Safety Management and Assessment (cross-cutting)

IEC 61511 simplifies and reorders these into its own lifecycle, but the spine is the same.

The famous IEC 61508-6 tables

Most engineers never read parts 1-5 cover-to-cover. IEC 61508-6 is the one that gets used daily. It contains:

  • Annex B: Reference architectures with explicit PFD formulas
    • B.2 : 1oo1 — Single channel
    • B.3 : 1oo2 — Two channels in parallel, vote 1 (most common SIL 2/3)
    • B.4 : 2oo2 — Both must function
    • B.5 : 1oo2D — 1oo2 with diagnostics (degraded mode)
    • B.6 : 2oo3 — Vote 2 of 3 (high availability + high integrity)
  • Annex C: Common cause failure model (β and βD factors)
  • Annex D: Software techniques tables cross-reference

The Architecture PFD tool in the Functional Safety app implements all five reference architectures, plus configurable proof-test coverage, MTTR and β-factor.

Edition 3 — what’s coming (2027-2028)

The IEC SC 65A committee is working on Edition 3. Public commitments so far :

  • Better integration with cybersecurity (IEC 62443) — explicit clauses on security threats to safety functions
  • AI / machine learning component guidance (currently not addressed)
  • Updated software techniques tables for modern languages and toolchains
  • Tighter alignment with sector standards (61511, 62061, 26262) to reduce duplication

No firm publication date as of mid-2026. The current edition (2010) remains the active normative reference.

Applicable industries

  • Sector-independent (parent standard)
  • Process Industry → see IEC 61511
  • Machinery → IEC 62061 + ISO 13849
  • Automotive → ISO 26262
  • Railway → EN 50128 / EN 50129 / EN 50126
  • Nuclear → IEC 61513
  • Medical → IEC 62304
  • Aviation → DO-178C / DO-254 (related framework)

Related tools

Related apps

Related standards

References & further reading