SIL mastery and certification management - Railway sector

Critical and safe systems are characterized by the fact that a failure can have serious consequences for human life, the economy and/or the environment. In a number of fields, including railways, there are standards which require the demonstration of the safety of the system. These standards are supplemented by European and/or national decrees and orders which describe the rules to be respected.

These standards recommend a separation of roles and responsibilities:

• a team is in charge of system implementation (development, verification and validation);

• while another is in charge of allocating SILs and demonstrating system safety (safety studies, safety documentation and analysis of work completeness);

• a third team, independent of the other two, is responsible for assessing the Safety Integrity Level (SIL) actually achieved. The assessment may or may not be formalized in the form of a certificate.

The railway reference system is made up of specific standards (CENELEC EN 50126, EN 50128 and EN 50129) which have been adapted from the generic IEC/IEC 61508 standard.

The IEC/IEC 61508 standard characterizes the requirements for demonstrating the safety of an electrical/electronic/programmable electronic system. This standard has been adapted for use in various fields (railway, automotive, etc.). IEC/IEC 61511 is dedicated to certified PLCs using standardized languages (IEC/IEC 1131).

This dossier successively describes :

• the normative context ;

• the process of allocating security levels from the impact of the feared event on the system to the lowest-level hardware and software elements;

• assessment and certification ;

• an introduction to the use of related standards: IEC/IEC 61508 and IEC/IEC 61511.