Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 62347: System Dependability Specifications โ A Practical Engineering Guide
💡 Key Insight: IEC 62347 bridges the gap between abstract RAMS (Reliability, Availability, Maintainability, Safety) concepts and practical, verifiable system specifications. It provides engineers with a structured methodology to translate dependability requirements into quantifiable metrics that can be tracked throughout the system life cycle from concept to disposal.
📑 Table of Contents
1. Scope of IEC 62347
IEC 62347:2006 provides comprehensive guidance for developing system dependability specifications. It covers how to structure both explicit and implicit dependability requirements for new systems, system upgrades, and system reuse. The standard focuses on the key attributes of reliability, availability, maintainability, and maintenance support (often collectively referred to as RAMS).
⚠️ Important: IEC 62347 is a guidance standard, not a requirements standard. It does not prescribe specific dependability values or targets. Instead, it provides the framework and methodology for engineers to develop their own specifications appropriate to their specific system, application, and operational context.
The standard recognizes that dependability is not an inherent property that can simply be added after design — it must be specified from the outset and managed throughout the entire system life cycle. IEC 62347 addresses this by providing guidance on:
- Requirement identification: Determining which dependability attributes are relevant for the specific system
- Quantification methods: Techniques for expressing dependability requirements in measurable terms
- Trade-off analysis: Balancing competing dependability attributes (e.g., high reliability vs. quick maintainability)
- Life cycle integration: Incorporating dependability into each phase from concept through operation to disposal
✅ Design Practice: One of the most valuable contributions of IEC 62347 is its emphasis on the “dependability specification tree” — a hierarchical decomposition of system-level dependability requirements into subsystem and component-level specifications. This approach ensures that dependability requirements are properly allocated and traced throughout the design structure.
2. Structuring Dependability Specifications
2.1 The Dependability Specification Framework
IEC 62347 defines a structured framework for organizing dependability specifications into clearly defined categories. The standard distinguishes between explicit requirements (directly stated numerical targets) and implicit requirements (derived from the system’s operational context and stakeholder expectations). Table 1 illustrates this framework.
| Specification Type | Attribute | Example Metric | Verification Method |
|---|---|---|---|
| Explicit — Reliability | Mission reliability | MTBF ≥ 50,000 hours | Reliability demonstration test (IEC 61124) |
| Explicit — Availability | Operational availability | AO ≥ 0.9995 | Operational data collection and analysis |
| Explicit — Maintainability | Corrective maintenance time | MTTR ≤ 2 hours | Maintainability demonstration (IEC 60706) |
| Explicit — Maintenance Support | Logistics delay time | MLDT ≤ 8 hours | Supply chain simulation and audit |
| Implicit — Safety Integrity | Risk reduction factor | SIL 3 (RRF ≥ 1000) | Functional safety assessment (IEC 61508) |
| Implicit — Durability | Design life | B10 life ≥ 20 years | Accelerated life testing and field data |
Table 1: Typical dependability specification framework per IEC 62347 with associated metrics and verification methods.
2.2 Failure Mode and Effects Analysis Integration
IEC 62347 strongly recommends integrating FMEA/FMECA (per IEC 60812) into the dependability specification process. The FMEA identifies critical failure modes that must be addressed in the specification. Key outputs from the FMEA that feed into dependability specifications include:
- Critical failure modes requiring specific reliability targets
- Single points of failure that must be eliminated through design
- Failure detection and isolation requirements (testability specifications)
- Maintenance tasks and intervals derived from failure mode criticality
🚨 Critical Engineering Note: A common mistake in dependability specification is setting MTBF targets without considering the operational profile. A system used 24/7 in a harsh environment has a very different effective MTBF than a system used intermittently in a controlled environment. IEC 62347 emphasizes that all dependability targets must be defined in the context of a specific operational profile and environmental conditions.
3. Verification and Validation of Dependability
3.1 Verification Methods
The standard describes a hierarchy of verification methods for dependability requirements:
- Analysis: Reliability prediction using parts count or parts stress analysis (IEC 61709), FMECA, fault tree analysis (IEC 61025), and reliability block diagrams (IEC 61078)
- Demonstration: Formal reliability and maintainability demonstration testing with specified confidence levels (IEC 61124, IEC 61649)
- Field data collection: Statistical analysis of in-service performance data (IEC 61710 for power law model)
- Simulation: Monte Carlo simulation for availability modeling and complex system reliability assessment
3.2 Life Cycle Dependability Management
IEC 62347 introduces the concept of dependability management throughout the system life cycle. The standard identifies key dependability activities at each life cycle stage:
- Concept stage: Feasibility assessment, identification of critical dependability attributes, benchmarking against similar systems
- Development stage: Detailed specification, design for reliability/maintainability, reliability allocation
- Production stage: Burn-in and screening, process control for reliability, quality assurance
- Operation stage: Data collection, reliability growth monitoring (IEC 61014), maintenance optimization
- Disposal stage: End-of-life reliability assessment, data archival for future designs
💡 Engineering Insight: Experienced dependability engineers know that the most cost-effective time to influence system dependability is during the concept and early development stages. The “rule of ten” suggests that the cost of fixing a dependability issue increases by a factor of ten at each successive life cycle stage — a $100 design fix can become a $10,000 field modification.
4. Frequently Asked Questions
Q1: How does IEC 62347 relate to IEC 61508 (functional safety)?
A: IEC 62347 addresses broader dependability (RAMS), while IEC 61508 focuses specifically on functional safety (E/E/PE systems). The two standards are complementary — IEC 62347 provides the framework for specifying dependability targets, and IEC 61508 provides detailed requirements for achieving functional safety. A system specification developed per IEC 62347 should include safety integrity requirements derived from IEC 61508.
A: IEC 62347 addresses broader dependability (RAMS), while IEC 61508 focuses specifically on functional safety (E/E/PE systems). The two standards are complementary — IEC 62347 provides the framework for specifying dependability targets, and IEC 61508 provides detailed requirements for achieving functional safety. A system specification developed per IEC 62347 should include safety integrity requirements derived from IEC 61508.
Q2: What is the difference between “explicit” and “implicit” dependability requirements?
A: Explicit requirements are directly stated numerical targets (e.g., MTBF ≥ 10,000 hours). Implicit requirements are derived from the system context — they may not be explicitly quantified but follow from standards, regulations, or stakeholder expectations (e.g., a medical device must not injure the patient, leading to implicit safety requirements).
A: Explicit requirements are directly stated numerical targets (e.g., MTBF ≥ 10,000 hours). Implicit requirements are derived from the system context — they may not be explicitly quantified but follow from standards, regulations, or stakeholder expectations (e.g., a medical device must not injure the patient, leading to implicit safety requirements).
Q3: Can IEC 62347 be applied to software-intensive systems?
A: Yes, but with caveats. The standard’s framework applies to software dependability attributes such as availability and maintainability. However, software reliability differs from hardware reliability because software does not “wear out” — failures are systematic rather than random. Complementary standards like IEC 62304 (medical software) or ISO/IEC 25010 (software quality) provide additional software-specific dependability guidance.
A: Yes, but with caveats. The standard’s framework applies to software dependability attributes such as availability and maintainability. However, software reliability differs from hardware reliability because software does not “wear out” — failures are systematic rather than random. Complementary standards like IEC 62304 (medical software) or ISO/IEC 25010 (software quality) provide additional software-specific dependability guidance.
Q4: What are the most common pitfalls in writing dependability specifications?
A: The most common pitfalls include: (1) setting targets without considering the operational profile, (2) specifying MTBF without corresponding maintainability targets, (3) ignoring the maintenance support infrastructure, (4) failing to allocate requirements to subsystems, and (5) not defining acceptance criteria for verification.
A: The most common pitfalls include: (1) setting targets without considering the operational profile, (2) specifying MTBF without corresponding maintainability targets, (3) ignoring the maintenance support infrastructure, (4) failing to allocate requirements to subsystems, and (5) not defining acceptance criteria for verification.
