Question about IEC 61508 certification support of SPC5744P & SPC5746R

Baiguo_Chen · ‎09-01-2021

Hi team,

Recently, we get feedback and expectation from two GC BMS customer, as they are plan to pass the certification of IEC61508(energy storage system-BMS), however using ISO26262 NXP MCU.

Sunwoda, SPC5744P, ESS BMS, plan to pass IEC61508, the third party company is TÜV Rheinland.
Gotion, SPC5746R, ESS BMS, plan to pass IEC61508, the third party company is TUV Nord.

Is there any arguments that our SPC5744P/SPC5746R support IEC61508 already?(never seen the statement in our safety assessment report). Or how we can help customers to pass IEC61508 using current safety outputs.

Thanks!

aarul · ‎09-08-2021

1. Clause 7.4.6.1 is from Part-2 of IEC61508 2010.

2. It is difficult for us to comment on whether or not the available documentation is sufficient for customers to pass IEC61508 certification or not. It is better for the customers to evaluate.

3. I don't think it is as simple as just updating a document. To update the assessment report will require additional effort on NXP side.

在原帖中查看解决方案

Baiguo_Chen · ‎09-07-2021

Hello Aarul,

Thanks a lot for your reply.

I can't find clause 7.4.6.1, where is it quoted from? Which part and version of the IEC 61508?

Based on my understanding, it is not enough for customers to use the available documentation provided by NXP to pass the IEC 61508 certification. Is my understanding correct?

The customer consulted some consulting company and said there is a way to comply with IEC 61508 by modifying the Functional Safety Assessment Report and declare this report is a result of the ISO26262/IEC61508 Functional Safety Assessment. Is this proposal feasible?

aarul · ‎09-08-2021

1. Clause 7.4.6.1 is from Part-2 of IEC61508 2010.

2. It is difficult for us to comment on whether or not the available documentation is sufficient for customers to pass IEC61508 certification or not. It is better for the customers to evaluate.

3. I don't think it is as simple as just updating a document. To update the assessment report will require additional effort on NXP side.

aarul · ‎09-07-2021

Hello Baiguo

The Safety Manual and FMEDA for these devices do refer to IEC61508 in some instances.

However, we do not claim any SIL based on IEC61508. We have not performed any audits/assessments based on IEC61508. The customer can potentially treat that as QM devices and use the safety documentation provided to show compliance to ISO26262 along with following clause from IEC61508 to qualify there system: Please note that we do not have any Annex F for this device as required in the clause below and the customer will have to work with the available documentation.

Regards

-Aarul

7.4.6.1 An appropriate group of techniques and measures shall be used that are designed to
prevent the introduction of faults during the design and development of the hardware and
software of the E/E/PE safety-related system (see Table B.2 and IEC 61508-3).
NOTE This standard does not contain specific requirements relating to the avoidance of systematic faults during the design of mass-produced electronic integrated circuits such as standard icroprocessors. This is because the likelihood of faults in such devices is minimised by stringent development procedures, rigorous testing and extensive experience of use with significant feedback from users. For electronic integrated circuits that cannot be justified on such a basis (for example, new devices or ASICs), the requirements for ASICs (see 7.4.6.7 and informative Annex F) will apply if they are to be used in an E/E/PE safety-related system. In case of doubt (about extensive experience of use with significant feedback from users) the requirements for “field experience” from Table B.6 should be taken into account with an effectiveness of “low” for SIL 1 and SIL 2, an effectiveness of “medium” for SIL 3 and an effectiveness of “high” for SIL 4.