IEC 61508 dissected


I’ve just reread Peter Ladkin’s 2008 dissection of the conceptual problems of IEC 61508 here, and having just worked through a recent project in which 61508 SILs were applied, I tend to agree that SIL is still a bad idea, done badly… I’d also add that, the HSE’s opinion notwithstanding, I don’t actually see that the a priori application of a risk derived SIL level to a specific software development acquits ones ‘so far as is reasonably practicable’ duty of care. Of course if your regulator says it does, why then smile bravely and complement him on the wonderful cut of his new clothes. On the other hand if you’re design the safety system for a nuclear plant maybe have a look at how the aviation industry do business with their Design Assurance Levels. 🙂

2 responses to IEC 61508 dissected


    I’m curious (genuinely, not as a disguised criticism) why you think DALs don’t have the same fundamental problems as SILs. Is it the “bad idea not implemented as badly” phenomenon, or do you see a fundamental difference?


      Matthew Squair 01/05/2014 at 12:02 am

      The fundamental problem that SILs have is that they introduce risk and thereby the problem of figuring out the likelihood of an event a priori, whereas DALs are derived from severity only.

      So I see DALs as having the virtue of avoiding all the significant problems associated with the meaningful estimation of likelihood. That’s not to say they’re perfect, just better in that respect.