Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC Guide 116 — Safety Related Risk Assessment
Systematic Risk Assessment Framework for Electrical Equipment Safety
1. Purpose and Scope of IEC Guide 116
IEC Guide 116 establishes a systematic framework for safety-related risk assessment of electrical equipment. It provides product committees with a consistent methodology to identify hazards, estimate risk levels, evaluate risk acceptability, and specify risk reduction measures throughout the product life cycle — from design and manufacturing through installation, operation, and decommissioning.
The guide is designed to complement IEC 61508 (functional safety) and ISO 12100 (general machinery safety). Where those standards focus on specific safety domains, Guide 116 provides the overarching risk assessment methodology applicable to all electrical products.
The scope covers all credible hazards: electrical shock, fire, mechanical hazards, thermal hazards, radiation, chemical exposure, and ergonomic factors. The risk assessment process is iterative — as design changes are made, the risk assessment must be updated to verify that new hazards have not been introduced and that residual risks remain acceptable.
2. Risk Assessment Methodology
Guide 116 defines a three-stage risk assessment process: hazard identification, risk estimation, and risk evaluation. Hazard identification involves systematically reviewing the equipment under all foreseeable conditions — normal operation, single fault conditions, reasonably foreseeable misuse, and external influences.
| Risk Parameter | Description | Assessment Criteria | Mitigation Example |
|---|---|---|---|
| Severity of Harm | Extent of injury or damage | Minor / Moderate / Severe / Catastrophic | Insulation class, guarding |
| Probability of Occurrence | Likelihood of hazardous event | Remote / Unlikely / Likely / Very Likely | Reliability data, field returns |
| Frequency of Exposure | How often persons access hazard zone | Rarely / Occasionally / Frequently / Continuously | Access restrictions, automation |
| Possibility of Avoidance | Can harm be avoided once hazard occurs | Possible / Conditional / Not Possible | Emergency stop, warning signs |
| Risk Level (Combined) | Risk matrix output | Acceptable / ALARP / Intolerable | Reduce to ALARP or redesign |
Risk assessment is not a one-time paperwork exercise. Guide 116 emphasizes that risk assessment must be a living process throughout the product lifecycle. Design changes, field failure data, and new regulatory requirements all trigger reassessment.
3. Risk Reduction and Engineering Controls
The guide establishes a clear hierarchy of risk reduction measures: inherently safe design (first priority), safeguarding and protective devices (second priority), and information for use including warnings and training (third priority). Inherently safe design — such as eliminating pinch points, reducing stored energy, or using intrinsically safe circuits — is always preferred because it removes hazards rather than merely guarding against them.
Engineering design insights from Guide 116 include the importance of fault-tolerant architectures, the use of redundancy for safety-critical functions, and the necessity of diagnostic coverage. For example, in a safety-related control system, the diagnostic coverage factor (DC) quantifies the proportion of dangerous failures detected automatically — a DC > 90% may be required for SIL 2 applications.
The most cost-effective risk reduction is achieved during conceptual design. A safety review at the requirements phase can identify hazards that would cost 100x more to fix after prototype testing. Integrate risk assessment gate reviews into your product development process.
Residual risk — the risk remaining after all protective measures have been applied — must be documented and communicated. Guide 116 requires that residual risks be evaluated for acceptability according to predefined criteria established by the product committee, often using the ALARP (As Low As Reasonably Practicable) principle.
4. Frequently Asked Questions
Q: Is Guide 116 applicable to low-voltage consumer products?
A: Yes. The methodology applies to all electrical equipment regardless of voltage level. Even low-voltage products can present fire, mechanical, or thermal hazards requiring systematic risk assessment.
A: Yes. The methodology applies to all electrical equipment regardless of voltage level. Even low-voltage products can present fire, mechanical, or thermal hazards requiring systematic risk assessment.
Q: How does Guide 116 relate to IEC 61508?
A: IEC 61508 provides specific requirements for electrical/electronic/programmable electronic safety-related systems, while Guide 116 provides the generic risk assessment framework applicable to all equipment types.
A: IEC 61508 provides specific requirements for electrical/electronic/programmable electronic safety-related systems, while Guide 116 provides the generic risk assessment framework applicable to all equipment types.
Q: What is ALARP and how is it demonstrated?
A: ALARP means risk is reduced to a level that is as low as reasonably practicable. Demonstration involves showing that any further risk reduction would be grossly disproportionate in cost to the benefit gained.
A: ALARP means risk is reduced to a level that is as low as reasonably practicable. Demonstration involves showing that any further risk reduction would be grossly disproportionate in cost to the benefit gained.
Q: Who should conduct the risk assessment?
A: A cross-functional team including design engineers, safety specialists, and ideally field service representatives who understand actual use conditions and common misuse patterns.
A: A cross-functional team including design engineers, safety specialists, and ideally field service representatives who understand actual use conditions and common misuse patterns.
