Annex A
(normative)
Guide to the selection of techniques and measures

Some of the subclauses of this standard have an associated table, for example 7.2 (software safety requirements specification) is associated with Table A.1. More detailed tables in Annex B expand upon some of the entries in the tables of Annex A. For example, Table B.2 expands on the topic of dynamic analysis and testing in Table A.5. See IEC 61508-7 for an overview of the specific techniques and measures referenced in Annexes A and B.

With each technique or measure in the tables there is a recommendation for safety integrity levels 1 to 4. These recommendations are as follows.

Appropriate techniques/measures shall be selected according to the safety integrity level.

Alternate or equivalent techniques/measures are indicated by a letter following the number.
Only one of the alternate or equivalent techniques/measures has to be satisfied.

Other measures and techniques may be applied providing that the requirements and objectives have been met. See Annex C for guidance on selecting techniques.

The ranking of the techniques and measures is linked to the concept of effectiveness used in IEC 61508-2. For all other factors being equal, techniques which are ranked HR will be more effective in either preventing the introduction of systematic faults during software development, or (for the case of the software architecture) more effective in controlling residual faults in the software revealed during execution than techniques ranked as R.

Given the large number of factors that affect software systematic capability it is not possible to give an algorithm for combining the techniques and measures that will be correct for any given application. Guidance on a rationale for selecting specific techniques to achieve software systematic capability is given in Annex C.

For a particular application, the appropriate combination of techniques or measures are to be
stated during safety planning, with appropriate techniques or measures being selected unless
the note attached to the table makes other requirements.
Initial guidance in the form of two worked examples on the interpretation of the tables is given
in IEC 61508-6.