IEC 61508 functional safety software support

SafeCode Consulting provides IEC 61508 functional safety software support for safety instrumented systems and safety-related control applications — from initial SIL determination and software safety requirements through verification, validation, and the functional safety assessment evidence that independent assessors require. SafeCode's consulting staff bring direct production program experience in functional safety software to every engagement.

What IEC 61508 compliance requires from software

IEC 61508 addresses the full safety lifecycle of electrical, electronic, and programmable electronic safety-related systems. The software portions of the standard — Parts 3 and 7 — impose specific requirements on how safety functions are specified, implemented, and verified based on the Safety Integrity Level (SIL) assigned to each safety function. Higher SILs impose progressively more rigorous requirements on software architecture, coding practices, verification methods, and independence.

The most common failure points in IEC 61508 software efforts are SIL allocations that are not properly justified, software safety requirements that do not correctly implement the safety function specification, verification methods that are insufficient for the claimed SIL, and software architecture that does not adequately control systematic failure modes. SafeCode addresses each of these at the engineering level.

IEC 61508 software support areas

• SIL assessment support — Reviewing SIL determinations and software SIL allocations against the system hazard and risk analysis.
• Software safety requirements — Deriving and documenting software safety requirements from the safety function specification with correct traceability. See Requirements engineering services.
• Software architecture — Designing software architectures that satisfy IEC 61508 requirements for modularity, fault detection, and systematic failure avoidance at the applicable SIL.
• Verification and validation — Verification planning and execution using methods appropriate to the SIL — including static analysis, formal methods where applicable, and dynamic testing with structural coverage. See Verification and assurance services.
• Coding standards and practice — Establishing and reviewing coding standards appropriate to the SIL, including language subsets and prohibited constructs.
• IEC 62443 cybersecurity alignment — Supporting integration of IEC 62443-4-1 Secure Development Lifecycle requirements alongside IEC 61508 lifecycle processes, where connected safety instrumented systems require both functional safety and cybersecurity compliance.
• Functional safety assessment support — Preparing the software lifecycle evidence package that an independent functional safety assessor will examine.
• Program recovery — Correcting SIL justification, requirements, verification, and documentation gaps on programs already underway.

Safety integrity levels supported

• SIL 1 — Low demand and high demand safety functions
• SIL 2 — Medium integrity safety functions
• SIL 3 — High integrity safety functions

Regulatory and standards context

• IEC 61508:2010 — Functional safety of E/E/PE safety-related systems, Parts 1–7; currently under revision with the first major update since 2010 expected to formally integrate cybersecurity requirements and AI/ML guidance
• IEC 62443 series — Cybersecurity for industrial automation and control systems; IEC 62443-4-1 defines the Secure Development Lifecycle requirements for product manufacturers and is explicitly referenced in the IEC 61508 revision
• IEC 61511 — Functional safety for the process industry sector
• IEC 62061 — Functional safety of machinery
• ISO 26262 — Road vehicles functional safety (shares structural roots with IEC 61508)

Common questions

What is a Safety Integrity Level and how does it affect software requirements? A Safety Integrity Level (SIL 1 through SIL 4) quantifies the required risk reduction that a safety function must achieve. The SIL assigned to a safety function determines which software development techniques are required or recommended — higher SILs require more rigorous architecture constraints, coding practices, and verification methods. Incorrectly assigned SILs or verification methods insufficient for the claimed SIL are among the most common gaps found during functional safety assessment.

How do functional safety and cybersecurity requirements interact under IEC 61508? Safety and security were historically treated as separate concerns, but connected safety instrumented systems now face both simultaneously. A cybersecurity attack that disables a safety function is a safety failure — and IEC 61508's pending revision makes this explicit by formally integrating cybersecurity requirements aligned with IEC 62443. In practice, a program doing rigorous IEC 61508 lifecycle work is well-positioned for IEC 62443-4-1 compliance because the two standards share significant lifecycle process structure — risk analysis, requirements traceability, verification, and change management all have direct parallels. SafeCode supports programs navigating both sets of requirements in parallel rather than treating them as sequential efforts.

What is the pending IEC 61508 revision and does it affect programs currently in development? The first major revision to IEC 61508 since 2010 is currently in draft. Key changes include formal integration of cybersecurity requirements aligned with IEC 62443, new guidance for AI and machine learning in safety-related systems, refined "proven-in-use" guidance for legacy software components, and enhanced requirements for integrated circuits including SoCs and FPGAs. Programs currently in development under the 2010 edition are not required to switch, but understanding the direction of the revision is relevant for programs with long lifecycles or planned updates.

What is a functional safety assessment and what does SafeCode's role look like? A functional safety assessment is an independent review of whether the safety lifecycle has been correctly applied and the safety requirements have been met. SafeCode supports the preparation side — ensuring the software lifecycle evidence package is complete, coherent, and responsive to what an independent assessor will examine — rather than serving as the assessor itself.

How does IEC 61508 relate to sector-specific standards like IEC 61511 and IEC 62061? IEC 61508 is the foundational standard from which most sector-specific functional safety standards are derived. IEC 61511 applies IEC 61508 principles to the process industry; IEC 62061 applies them to machinery. Programs subject to a sector-specific standard are generally working within a framework whose underlying requirements trace back to IEC 61508. SafeCode consultants' IEC 61508 experience directly supports programs under these derived standards.

Can SafeCode support an IEC 61508 program that is already in progress? Yes. SafeCode can join in-progress functional safety programs to assess current compliance, identify gaps before functional safety assessment, and provide targeted engineering support to close them. The safety-critical software gap scan is a practical starting point for programs that want a fast, structured assessment before committing to a full remediation effort.

Contact SafeCode Consulting to discuss your IEC 61508 program.