Skip to main content

Functional Safety and SOTIF

exida provides its experience to contribute to the success of its Customers Functional Safety (FuSa) initiatives even considering, if required, the Safety of the Intended Functionality (SOTIF) aspects.

What is FuSa

FuSa is the area of a system or equipment (including hardware and software) that guarantees that the entire system/equipment is free from defects, or implements automatic protections in response to predictable system failures to avoid that the system leads, by failing, to unacceptable and predictable risks of physical injuries or damages to people´s health.

The objective of FuSa is to make a system free from unacceptable and predictable risks, preventing  the system from causing, in case of failures, physical injuries or damages to  people´s health, by:
  • Implementing automatic protection functions (Safety Functions / Safety Mechanisms) that will properly handle any critical situation derived from human errors, hardware failures and operational or environmental conditions, moving the system to a safe state.
  • Introducing preventive process measures (such as reviews, safety analyses, etc…) to reduce or eliminate the probability of defects in the product.

What is SOTIF

SOTIF stands for Safety of the Intended Functionality. The subject is the same of FuSa, the protection of humans from harm and injuries, but while the objective of FuSa is to avoid unreasonable risks derived from hazards caused by a malfunctioning of a system, SOTIF´s objective is to avoid unreasonable risks due to potentially hazardous behaviors related to functional insufficiencies or deficiencies.

The needs to cover this specific aspect of safety arose in the Automotive field in relation to the development of self-driving cars. But, considering that the self-driving cars – able in the near future, to drive without any human involvement - are a product located within the intersection of Automotive and Robotics areas, it is not to be excluded that SOTIF will apply, maybe with some adjustments, to the Robotics as well.

FuSa Standards

IEC 61508 (Process Industry)
This is a basic functional safety standard applicable to all kinds of industry, consisting of methods on how to apply, design, deploy and maintain automatic protection systems. The key concept of this standard is that a safety-related system should work correctly or fail in a predictable way - and the handling of the predictable failures makes the system safe.

IEC 62061 (Process Industry)
Named “Safety of machinery: Functional safety of electrical, electronic and programmable electronic control systems”, it is a specific implementation of the standard IEC 61508 for the safety-related machinery. It provides requirements applicable at the system level design of all types of machinery safety-related electrical control systems. It is a risk-based standard, focused on the functional safety requirements and the safety integrity level (SIL), as defined in the IEC 61508.

ISO 10218 (Robotics)
This standard has been specifically developed in recognition of the specific hazards that are presented by industrial robots and industrial robot systems and provides requirements to eliminate or reduce to an acceptable level, the risks associated with these hazards. While the hazard associated with robots is usually well known, the sources of the hazard are frequently unique to a specific robot or robot system. The risks might be different from robot to robot and from installation to installation, consequently, the safety requirements and the protective measures can vary from what is specified in this standard: for this reason, a risk assessment assigned to an experienced person should be conducted to determine what the protective measures should be. Due to this consideration, the standard was divided in 2 parts: the first provides a general guidance for the safety assurance in the design and construction of the robot, and the second one provides guidelines for the safeguarding of personnel during robot integration, installation, functional testing, programming, operation, maintenance and repair and it is constantly updated, based on the ever-growing experiences made. Originally, the ISO 10218 had been conceived only for industrial robots, although the established principles can be applicable even to the development of other robots (undersea, military and space robots, tele-operated manipulators, prosthetics, and other aids for the physically impaired, micro/nano-robots, surgery or healthcare, and service or consumer products).

ISO 26262 (Automotive)
This is a risk-based safety standard which defines functional safety for automotive equipment, applicable throughout the life cycle of all electronic and electrical safety-related systems, ranging from the specification, to design, implementation, integration, verification, validation, and production release.

ISO 21448 / SOTIF (Automotive)
This standard is specific for Safety Of The Intended Functionality (SOTIF). SOTIF is defined as “the absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality, or by reasonably foreseeable misuse by persons”. The standard ISO 21448 provides guidance on the applicable design and verification and validation measures needed to achieve the SOTIF. It does not apply to cases covered by the ISO 26262 or to hazards directly caused by the system technology.

EN 15194 (EPAC Bicycles)
This European Standard applies to the EPAC (Electrically Power Assisted Cycle) bicycles, manufactured from October 2017 onward, for private and commercial uses. It covers all common significant hazards, hazardous situations and events, and specifies the safety related requirements for the design, assembly and testing ofthe EPAC bicycles having a maximum saddle height of 635 mm and intended for use on public roads. It also lays down guidelines for instructions on the use and care of such bicycles.

ISO 25119 (Agriculture Machinery)
This standard specifies how to design and develop safety-related parts of control systems on tractors used in agriculture and forestry, on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture and on mobile municipal equipment (e.g. sweepers, snowploughs and fire trucks machines).

EN 16590 (Agriculture Machinery)
This standard is intended for safety-related parts of control systems applied in the design and development of tractors and machinery for agriculture and forestry. In 2018, it has been superseded by the ISO 25119.

UNI EN 50126, UNI EN 50127, EN 50128, EN 50129 (Railway)
These CENELEC rules are all related to the guided transport systems (GTS). EN 50126 defines the reliability, availability, maintainability and safety (RAMS) aspects, their interactions and the process for handling them, specifying requirements and then demonstrating that these requirements are achieved; EN 50127 covers the specifications from a normative point of view; EN 50128 and EN 50129 make reference to the safety-related electronic systems for use in railway control and protection applications, respectively from a software and a hardware point of view.

IEC 62304 (Medical Devices)
IEC 62304 covers the life cycle process for the development of medical software and software within medical devices. It complies with both, the European Union and the United States regulations and requirements.

ISO 14971 (Medical Devices)
ISO 14971 is a standard for the application of risk management to medical devices. It establishes the requirements, during the product life cycle, to determine the safety of a medical device by the manufacturer handling the risk management.

IEC 60601 (Medical Devices)
IEC 60601 consists in a series of technical standards focused on the safety of medical- electrical equipment. In many countries over the world, the compliancy with this standard has become necessary for the electrical- medical equipment commercialization, commonly associated to the request of conformity with the specific directives of the local Health Agency (e.g. EMA in the EU, NMPA in China, FDA in the US, etc…).

IEC 60880 — Nuclear Power Plants
IEC 60880 - Instrumentation and control systems important to safety - is a standard covering the software aspects of the safety functions performing A-level functions.

IEC 63168 — Active Assisted Living
IEC 63168 (all parts) specifies AAL specific functional safety requirements of electrical/electronic (E/E) safety-related systems for cooperative multiple systems that are operated together in a connected home environment.

exida footer logo

We provide consulting, assessment, cybersecurity, alarm management, product testing and certification under a number of Functional Safety, Security and SW Quality standards, such as IEC 61508, IEC 61511, ISO 26262, ISO 13849, IEC 62061, ISA Security Compliance Institute (ISCI), ASPICE


All Rights Reserved © 2020 GmbH VAT-ID (DE)218559059 | exida Development SrL VAT-ID (IT)10166460013