[SystemSafety] Third White Paper
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Wed Feb 20 14:47:26 CET 2013
On 2/20/13 2:11 PM, Peter Bernard Ladkin wrote:
> Neither through the IEC nor through the German standardisation agencies (DIN, DKE, VDA, etc) is it
> possible for two versions of a standard to be in force at the same time. There comes with a standard
> version a Publication Date, and on this date the new version comes into force and the old version is
> retracted. This is automatic.
Ingo Rolle, the permanent secretary of DKE GK914, just pointed out to me some complications to what
I said, for example the WWW page (in German)
http://www.dke.de/de/DKE-Arbeit/MitteilungenzurNormungsarbeit/2011/Seiten/DINEN61508Uebergangsfristen.aspx
This has to do with IEC 61508 version 2, in its German version designated VDE 0803.
[begin resume]
CENELEC, the European standardisation agency, recognised IEC 61508 V2 in May 2010, and set the
following deadlines for national adoption by its member states: 1 February 2011 for national
adoption and 1 May 2011 the retraction of contradictory national standards.
Germany published IEC 61508 V2 on 1 February 2011 and from that point on is to be taken as state of
the art (one says "state of the practice" in German, Stand der Praxis). However, it is explicitly
said in the German national foreword that previous versions (that is, Version 1) may be used up to 1
May 2013.
The reasons given for this are that
* the IEC 61508 series is intended to operate mainly as guidance for other committees producing
domain- or product-specific safety standards, and for this purpose specific deadlines are not decisive;
* The IEC 61508 series is not specifically associated with laws of the land, for which specific
validity dates are necessary;
* Use of and conformance to standards is a voluntary activity and is a matter for individual
responsibility; this is so also for use of new versions.
[end resume]
I find it a odd that the primary purpose of 61508 is considered to be the development of other
domain-specific standards. If you read the new version of 61511, the domain-specific safety standard
for the process industries, you'll read that for SW development it refers/defers to IEC 61508 Part
3. In this use, 61508 tells SW developers how to go about developing and qualifying their product.
Indeed, this guidance is what SW developers in Germany ask for. I would have thought that was the
primary purpose of 61508 Part 3.
That conformance to standards is voluntary is theoretically true but can be misleading. Laws of the
land often require explicit conformance with specific standards. In the UK there is an agency, HSE,
which amongst other things is tasked with evaluation of infrastructure accidents (where there is no
other specialist body to do so) and prosecution of those who might have engaged in negligent
behavior which led to the accident, including nowadays companies ("corporate manslaughter" is a
criminal offence in GB). HSE has explicitly said it takes conformance with IEC 61508 in domains in
which it primarily applies (e.g., not aerospace or medical) as the touchstone for whether to
prosecute or not. That makes the "voluntary" part of conformance somewhat theoretical.
PBL
--
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list