Activity
Mon
Wed
Fri
Sun
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
What is this?
Less
More
Memberships
Functional Safety Play Book
258 members • Free
6 contributions to Functional Safety Play Book
24d •
Quick question for the community
What's the most useful thing you've found here so far, and is there anything you wish was in there that isn't yet? Asking because I want to make sure what I build next actually reflects what engineers here need. Drop a comment below. ☺️
2 likes • 24d
My main benefit from this community, relates to seing how other people reflect and interpret on the requirements of 61508, while having a chance to provide my own interpretation, and getting it critiqued.
24d •
Hardware Fault Tolerance (HFT)
Hi all, Question on HFT ... As an example, If during design your SIF is required to have a minimum HFT of 1 (i.e. the system can withstand one dangerous failure to one channel) is 1oo2 still considered HFT = 1? Although I always believed this to be the case, I have seen an argument to say that this is actually not true as if one channel fails, you cannot continue to perform the safety function with one dangerous failure present, i.e. it then becomes a 1oo1 when a single fault occurs .... unless you have good enough Diagnostic Coverage (DC%) in each channel to detect the fault early; then this can be classed as 1oo2D (with diagnostics) and still claim HFT =1. Just wondering what other peoples thoughts are on this and if the above statement is correct? and if it is correct, then what kind of DC% would you be looking for to qualify your voted system as 1oo2D?
2 likes • 24d
@Anth Gunn and @Richard Kelly, please correct me if you see it differently, but in my understanding of 61508, a 1oo2 system would absolutely be a HFT=1 system (in my opinion it is even the textbook example of a HFT=1 solution). Whether it satisfies a SIL claim is a different matter that has two sides. The first side is the architecture constraint, as Richard points out wrt. Route 1H - The requirements are summarized in Table 2 for Type A components (61508-2 p. 26) and Table 3 for Type B components (61508-2 p. 27). For type B components, the architecture of a HFT=1 limits you to a SIL1 claim, if you have SFF of less than 60%. It doesnt mean that your system will reach SIL1, it just mean that if your dangerous detected and safe failures combined, reaches an SFF below 60%, you cannot go higher than SIL1. To reach SIL1, you need to reach the reliability goals, which is the second side of the matter. For your operating mode (low demand or high/continuous demand), you need to satisfy the PFDavg or PFH goals set by Table 2 and Table 3 (61508-1, p33-34), calculated based on architecture, diagnostic coverage, diagnostic inteval, proof test interval, etc. However, regardless of the result of your reliability analysis, the architecture contraint still limits the claimed SIL level. Let me know where im wrong.
Mar 11 •
📢 FSMS Templates — Now Live!
Following a number of requests from premium members, I'm pleased to let you know that the first documents from the Functional Safety Management System are now live in the Functional Safety Management System — IEC 61511 / IEC 61508 classroom. The following documents are now available: ✅ Functional Safety Management Plan (FSM-PLAN-001) ✅ Personnel Competency Management Procedure (FSM-PRC-COMP) ✅ Detailed Safety Requirements Specification (FSM-PRC-DSRS) More documents are being added regularly until the full management system is complete, including LOPA, SIL Verification, FSA, and more. A note on pricing 👇 The membership is currently available at a founders price — this will increase as the FSMS is completed. If you've been sitting on the fence, now is the time to join before the price goes up. Thanks for your patience while I've been putting this together — I'm committed to building something genuinely useful for you all.
1 like • Mar 12
Seems really detailed and meticulous - Looking forward to digging in deeper!
Mar 11 •
Cyber
Hi everyone, I’ve started looking into Cyber certifications and I’m wonder if anyone can recommend some. It’s not something I’m massively into but I don’t think I can avoid it any longer 😂
1 like • Mar 12
I completed my FS engineering certification with Tüv rheinland, and I really liked that course, so am I am looking into the CS certifications as well: https://www.tuv.com/landingpage/en/training-functional-safety-cyber-security/detail-pages/zertifikate/cs-specialist.html
Mar 9 •
Hi All - Systems that pre date 61508
Hi all thanks for the add, this looks like a really good way to share experience in the functional safety world. Thanks for setting up Richard. I have a question for you all on the requirements when adding a new SIF to an existing SIL2 system that was designed over 40 years ago and was never designed to 61508. What things would we consider to make this possible without a full system redesign.
0 likes • Mar 10
Does the need for a new SIF come from a modification to the system, or how is it motivated? In the machinery sector, modifications requiring additional safety functions, would typically be considered "a significant modification", potentially requiring a new CE-marking, including an assessment of the safety system as a whole.
1-6 of 6
@morten-juelsgaard-1685
Functional safety enginner, consultant, electronics development, compliance assessment.
Active 9d ago
Joined Mar 8, 2026
Denmark