IEC61508标准术语

IEC61508标准术语

基本术语

一、IEC 61508标准术语

说明：以下术语摘录自功能安全标准IEC61508和国家标准GB/T20438。4。故术语标号也未曾改动。

3.1安全术语

3.1.1

伤害harm

physical injury or damage to the health of people either

directly or indirectly as a result of damage to property or to the

environment.

由于对财产或环境的破坏而导致的直接或间接地对人体健康的损害或对人身的损伤。

3.1.2

危险hazard

potential source of harm

伤害的潜在根源

3.1.3

危险情况hazardous situation

circumstance in which a person is exposed to hazard(s)

人暴露于危险的环境。

3.1.4

危险事件hazardous event

hazardous situation which results in harm

导致伤害的危险情况。

3.1.5

风险risk

combination of the probability of occurrence of harm and the

severity of that harm

出现伤害的概率及该伤害严重性的组合。

3.1.6

允许风险tolerable risk

risk which is accepted in a given context based on the current

values of society

根据当今社会的水准,在给定的范围内能够接受的风险。

3.1.7

残余风险residual risk

risk remaining after protective measures have been taken

采取防护措施以后仍存在的风险。

3.1.8

安全safety

freedom from unacceptable risk

不存在不可接受的风险。

3.1.9

功能安全functional safety

part of the overall safety relating to the EUC and the EUC

control system which depends on the correct functioning of the

E/E/PE safety-related systems, other

technology safety-related systems and external risk

reduction facilities

与EUC和EUC控制系统有关的整体安全的组成部分，它取决于E/E/PE安全相关系统，其它技术安全相关系统和外部风险降低设施功能的正确行使。

3.1.10

安全状态safe state

State of the EUC when safety is achieved

达到安全时EUC的状态。

3.1.11

合理的可预见的误用reasonable foreseeable misuse

Use of a product, process or service under conditions or for

purposes not intended by the supplier, but which can happen,

induced by the product, process or service in combination with,

or as a result of, common human behaviour

由于产品、过程或服务加上人的行为习惯而导致的，或者作为人的行为习惯的一个结果有可能发生的，未按照供方要求的条件和用途对产品、过程和服务的使用。

3.2 设备和装置Equipment and devices

3.2.1

功能单元functional unit

Entity of hardware or software, or both, capable of

accomplishi ng a specified purpose 能够完成规定目的的软件、硬件或两者相结合的实体。

3.2.2

软件software

intellectual creation comprising the programs, procedures,

data, rules and any associated documentation pertaining to the

operation of a data processing system

包括程序、规程、数据、规则以及相关的数据处理系统操作文档在内的智能创作。

3.2.3

受控设备equipment under control(EUC)

equipment, machinery, apparatus or plant used for

manufacturing, process, transportation, medical or other

activities

用于制造、加工、运输、制药或其它活动的设备、机器、器械或成套装置。

3.2.4

EUC风险EUC risk

risk arising from the EUC or its interaction with the EUC

control system

由EUC或由EUC与EUC控制系统相互作用而产生的风险。

3.2.5

可编程电子（PE）programmable electronic（PE）

可编程电子以计算机技术为基础，可以由硬件、软件及其输入和(或)输出单元构成。based on computer technology which may be

comprised of hardware, software, and of input and/or output

units

举例：下列均是可编程电子装置：

——微处理器；

——微控制器；

——可编程控制器；

——专用集成电路（ASIC）；

——可编程逻辑控制器（PLC）；

——其它以计算机为基础的装置（智能传感器、变送器、执行器）。

3.2.6

电气/电子/可编程电子（E/E/PE）electrical/electronic/programmable electronic

Based on electrical(E) and/or electronic(E) and/or

programmable electronic (PE) technology

基于电气（E）和/或电子（E）和/或可编程电子（PE）的技术。

举例：电气/电子/可编程电子装置包括：

——电－机装置（电气）；

——使用电晶体的非可编程电子装置（电子）；

——以计算机技术为基础的电子装置（可编程电子）

3.2.7

有限可变语言limited variability language

Software programming language, either textual or graphical,

for commercial and industrial programmable electronic

controllers with a range of capabilities limited to their application

能力范围局限于应用的，用于工商业可编程电子控制器的，文本的或图形的软件编程语言。

3.3 系统：一般概念

3.3.1

系统system

Set of elements which interact according to a design, where

an element of a system can be another system, called a

subsystem, which may be a controlling system or a controlled

system and may include hardware, software and human

interaction

根据设计相互作用的一组元素，可能包括相互作用的硬件、软件和人等。系统中的某一元素也可自成一个另外的系统，称为子系统，子系统可以是控制系统也可以是被控系统。

3.3.2

可编程电子系统(PES) programmable electronic system(PES)

System for control, protection or monitoring based on one

or more programmable electronic devices, including all elements

of the system such as power supplies, sensors and other input

devices, data highways and other communi cation paths, and

actuators and other output devices

基于一个或多个可编程电子装置的控制、防护或监视系统，包括系统中所有的元素，诸如电源、传感器和其它输入装置，数据高速公路和其它通信路径，以及执行器和其它输出装置3.3.3

电气/电子/可编程电子系统（E/E/PES）electrical/electronic/programmable electronic system(E/E/PES)

System for control, protection or monitoring based on one

or more electrical/electron ic programmable electronic (E/E/PE)

devices, including all elements of the system such as power

supplies, sensors and other input devices, data highways and

other

communication paths, and actuators and other output

devices.

基于一个或多个电气/电子/可编程电子(E/E/PE)装置的用于控制、防护或监视的系统，包括系统中所有的元素,诸如电源、传感器和其它输入装置，数据高速公路和其它通信途径，以及执行器和其它输出装置

3.3.4

EUC控制系统EUC control system

System which responds to input signals from the process

and/or from an operator and generates output signals causing

the EUC to operate in the desired manner

对来自过程和(或)操作者的输入信号起反应，产生能使EUC按要求的方式工作的输出信号的系统。

3.3.5

结构architecture

Specific configuration of hardware and software elements in

a system

在一个系统中硬件和软件元素的特定配置。

3.3.6

模块module

Routine, discrete component or a functional set of

encapsulated routines or discret e components belonging

together

程序、分立部件、封装程序的一个功能集、或一组归并在一起的分立部件。

3.3.7

软件模块software module

Construct that consists of procedures and/or data

declarations and that can also interact with other such constructs

由规程和（或）数据说明组成的构造，并能与其它这样的构造相互作用。

3.3.8

通道channel

Element or group of elements that independently perform(s)

a function

独立执行一个功能的一个或一组元素

3.3.9

多样性diversity

different means of performing a required function

执行一个要求功能的不同方法。

3.3.10

冗余redundancy

means, in addition to the means which would be sufficient,

for a functional unit to perform a required function or for data to

represent information

对于执行一个要求功能的功能单元或对于表示信息的数据而言，除了够用之外还有多余。

3.4 系统：安全方面

3.4.1

安全相关系统safety-related system

designated system that both:

implements the required safety functions necessar y to

achieve or maintain a safe state for the EUC; and

— is intended to achieve, on its own or with other E/E/PE

safety-related systems, other technology safety-related systems

or external risk reduction facilities, the necessary safety integrity

for the required safety functions

所指的系统：

——必需要能实现要求的安全功能以达到或保持EUC的安全状态；

并且

——自身或与其它E/E/PE安全相关系统、其它技术安全相关系统或外部风险降低设施一道,能够达到要求的安全功能所需的安全完整性。

3.4.2

其它技术安全相关系统other technology safety-related system

safety-related system based on a technology other than

electrical/electronic/programmable electronic

基于电气/电子/可编程电子技术之外的安全相关系统。

3.4.3

外部风险降低设施external risk reduction facility

measure to reduce or mitigate the risks which are separate

and distinct from, and do not use, E/E/PE safety-related systems

or other technology safety-related systems

不使用E/E/PE安全相关系统或其它技术安全相关系统，且与上述系统分开并不同的降低或减轻风险的手段。

3.4.4

简单E/E/PE安全相关系统low complexity E/E/PE safety-related system

— the failure modes of each individual component are well

defined; and

— the behaviour of the system under fault conditions can be

completely determi ned 一种E/E/PE安全相关系统其中：

——已很好确定了每个单独部件的失效模式；

——能完全确定在故障状况下系统的行为。

3.4.5

逻辑系统logic system

Portion of a system that performs the function logic but

excludes the sensors and final elements

系统的一部分，用于执行功能逻辑，但不包括传感器和最终元件。

3.5 安全功能和安全完整性

3.5.1

安全功能Safety function

function to be implemented by an E/E/PE safety-related

system, other technology safety-related system or external risk

reduction facilities, which is intended to achieve or maintain a

safe state for the EUC, in respect of a specific hazardous event 针对特定的危险事件，为达到或保持EUC的安全状态，由E/E/PE安全相关系统、其它技术安全相关系统或外部风险降低设施实现的功能

3.5.2

安全完整性safety integrity

probability of a safety-related system satisfactorily

performing the required safety functions under all the stated

conditions within a stated period of time

在规定的条件下、规定的时间内，安全相关系统成功实现所要求的安全功能的概率。

3.5.3

软件安全完整性software safety integrity

measure that signifies the likelihood of software in a

programmable electronic system achieving its safety functions

under all stated conditions within a stated period of time

在所有规定条件下和规定时间内表示软件在可编程电子系统中执行其安全功能的可能性的量值。

3.5.4

系统安全完整性systematic safety integrity

part of the safety integrity of safety-related systems relating

to systematic failures in a dangerous mode of failure

在危险失效模式中与系统失效有关的安全相关系统安全完整性的一部分

3.5.5

硬件安全完整性（hardware safety integrity）

part of the safety integrity of the safety related systems

relating to random hardware failures in a dangerous mode of

failure

在危险失效模式中与随机硬件失效有关的安全相关系统安全完整性的一部分。

3.5.6

安全完整性等级（SIL）safety integrity level（SIL）

discrete level (one out of a possible f our) for specifying the

safety integrity requirements of the safety functions to be

allocated to the E/E/PE safety-related systems, where safety

integrity level 4 has the highest level of safety integrity and safety

integrity level 1 has the lowest

一种离散的等级（四种可能等级之一），用于规定分配给E/E/PE安全相关系统的安全功能的安全完整性要求，在这里，安全完整性等级4是最高的，安全完整性等级1是最低的。

3.5.7

软件安全完整性等级software safety integrity level

discrete level (one out of a possible four) for specifying the

safety integrity of software in a safety-related system

一种离散的等级（四种可能等级之一）用于规定在安全相关系统中软件的安全完整性。

3.5.8

安全要求规范safety requirement specification

specification containing all the requirements of the safety

functions that have to be performed by the safety-related

systems

一种技术规定，包括安全相关系统必须要执行安全功能的所有要求。

3.5.9

安全功能要求规范safety function requirement specification

specification containing the requirements for the safety

functions that have to be performed by the safety-related

systems

一种技术规定，包括安全相关系统必须要执行的安全功能要求。

3.5.10

安全完整性要求规范safety integrity requirement specification

specification containing the safety integrity requirements of

the safety functions that

have to be performed by the safety-related systems

一种技术规定，包括安全相关系统必须要执行的安全功能的安全完整性要求。

3.5.11

安全相关软件safety-related software

software that is used to implement safety functions in a sa

fety-related system

在安全相关系统中用于实现安全功能的软件。

3.5.12

操作模式mode of operation

Way in which a safety-related system is intended to be used,

with respect to the frequency of demands made upon it, which

may be either

-low demand mode: where the frequency of demands for

operation made on a

safety-related system is no greater than one per year and no

greater than twice the proof-test frequency

-high demand or continuous mode: where the frequency of

demands for operation made on a safety-related system is

greater than one per year or greater than twice the proof-check

frequency

——低要求模式：在这种模式下，对一个安全相关系统提出操作

要求的频率不大于每年一次和不大于二倍的检验测试频率。

——高要求或连续模式：在这种模式下，对一个安全相关系统提出操作要求的频率大于每年一次或大于二倍的检验测试频率。

3.5.13

目标失效量target failure measure

Intended probability of dangerous mode failures to be

achieved in respect of the safety integrity requirements, specified

in terms of either

-the average probability of failure to perform the design

function on demand (for a low demand mode of operation)

-the probability of a dangerous failure per hour (for a high

demand or continuous mode of operation)

相对于安全完整性要求要达到预计的危险模式失效概率，规定为下列两种之一：

——按要求执行设计功能的平均失效概率（对于低要求操作模式）；

——每小时危险失效的概率（对于高要求或连续操作模式）；

3.5.14

必要的风险降低necessary risk reduction

risk reduction to be achieved by the E/E/PE safety-related

systems, other technology safety-related systems and external

risk reduct ion facilities in order to ensure that the tolerable risk

is not exceeded

为保证不超过允许风险，由E/E/PE安全相关系统、其它技术安全相关系统和外部风险降低设施达到的风险降低。

3.6 故障、失效和错误

3.6.1

故障fault

使功能单元执行要求之功能的能力降低或失去其能力的异常状况。

abnormal condition that may cause a reduction in, or loss of,

the capab ility of a

functional unit to perform a required function

3.6.2

故障避免fault avoidance

using techniques and procedures which aim to avoid the

introduction of faults during any phase of the safety lifecycle of

the safety-related system

在安全相关系统安全生命周期的任何阶段中为避免发生故障而使用的技术和规程。

3.6.3

故障裕度fault tolerance

the ability of a functional unit to continue to perform a

required function in the presence of faults or errors

在出现故障或错误的情况下，功能单元继续执行一个要求功能的能力。

3.6.4

失效failure

the termination of the ability of a functional unit to perform

a required function

功能单元执行一个要求功能之能力的终止。

3.6.5

随机硬件失效random hardware failure

failure, occurring at a random time, which results from one

or more of the possible degradation mechanisms in the hardware

在硬件中，由一种或几种机能退化可能产生的，按随机时间出现的失效。

3.6.6

系统失效Systematic failure

failure related in a deterministic way to a certain cause, which

can only be eliminated by a modification of the design or of the

manufacturing process, operational procedures, documentation

or other relevant factors

原因确定的失效，只有对设计或制造过程、操作规程、文档或其它相关因素进行修改后，才有可能排除这种失效。

3.6.7

危险失效dangerous failure

failure which has the potential to put the safety-related

system in a hazardous or fail-to-function state

使安全相关系统处于潜在的危险或丧失功能状态的失效。

3.6.8

安全失效safe failure

failure which does not have the potential t o put the safety-related system in a hazardous or fail-to-function state

不可能使安全相关系统处于潜在的危险或丧失功能状态的失效。

3.6.9

相关失效dependent failure

failure whose probability cannot be expressed as the simple

product of the unconditional probabilities of the individual even

ts which caused it

其概率不能表示为引起它的独立事件的无条件概率的简单乘积的失效。

3.6.10

共同原因失效common cause failure

failure, which is the result of one or more events, causing

coincident failures of two or more separate channels in a multiple

channel system, leading to system failure

一种失效，它是一个或多个事件导致的结果，在多通道系统中引起两个或多个分离通道同时失效，从而导致系统失效。

3.6.11

错误error

discrepancy between a computed, observed or measured

value or condition and the true, specified or theoretically correct

value or condition

计算、观测和测量到的值或条件与真值、规定的或理论上的正确值或条件的差异。

3.6.12

人为错误human error

失误mistake

human action or inaction that produces an unintended result

引发非期望结果的人的动作或不动作

3.7 生命周期活动

3.7.1

安全生命周期safety lifecycle

necessary activities involved in the implementation of safety-related systems, occurring during a period of time th at starts at

the concept phase of a project and finishes when all of the E/E/PE

safety-related systems, other technology

safety-related systems and external risk reduction facilities

are no longer available for use

安全相关系统实现过程中所必需的生命活动，这些活动发生在从一项工程的概念阶段开始，直至所有的E/E/PE安全相关系统，其它技术安全相关系统，以及外部风险降低设施停止使用为止的一段时间内。

3.7.2

软件生命周期software lifecycle

activities occurring during a period of time that starts when

software is conceived and ends when the software is permanently

disused

从软件开始构思到软件永久停用期间的活动。

3.7.3

配置管理configuration management

discipline of identifying the components of an evolving

system for the purposes of controlling changes to those

components and maintaining continuity and traceability

throughout the lifecycle

为了控制系统部件的改变和在生命周期全过程中保持连续性和可追溯性，标记一个进化中的系统部件的规则。

3.7.4

影响分析impact analysis

activity of determining the effect that a change to a function

or component in a system will have to other functions or

components in that system as well as to other systems

确定一个系统中的一个功能或部件的改变将对该系统中其它功能或部件以及其它系统产生影响的活动。

3.8 安全量的证实

3.8.1

验证verification

confirmation by examination and provision of objective

evidence that the requirements have been fulfilled

通过检查和提供客观证据证实规定要求已经满足。

3.8.2

确认validation

confirmation by examination and provision of objective

evidence that the partic ular requirements for a specific intended

use are fulfilled

通过检查和提供客观证据来证明某一特定预期用途的特殊要求已经满足。

3.8.3

功能安全评估functional safety assessment

investigation, based on evidence, to judge the functional

safety achieved by one or more E/E/PE safety-related systems,

other technology safety-related systems or external risk

reduction facilities

通过调查，依据证据来判断一个或多个E/E/PE安全相关系统、其它技术安全相关系统或外部风险降低设施达到的功能安全。

3.8.4

功能安全审核functional safety audit

systematic and independent examination to determine

whether the procedures specific to the functional safety

requirements comply with the planned arrangements, are

implemented effectively and are suitable to achieve the specified

objectives

对于按计划安排的功能安全要求专用的规范是否有效地执行并满意地达到规定目的进行系统地、独立的检查。

3.8.5

检验测试proof test

periodic test performed to detect failures in a safety-related

system so that, if necessary, the system can be restored to an “as

new” condition or as close as practical to this condition

用以检测安全相关系统失效的周期性测试，在必要时可把系统复原到正常状态或实际上接近正常的状态。

3.8.6

诊断覆盖率diagnostic coverage

fractional decrease in the probability of dangerous hardware

failure resulting from the operation of the automatic diagnostic

tests

进行自动诊断测试而导致的硬件危险失效概率的降低部分。

3.8.7

诊断测试间隔diagnostic test interval

interval between on-line tests to detect faults in a safety-related system that have a

specified diagnostic coverage

在一个已经规定了诊断覆盖的安全相关系统中，为检测故障而进行的在线测试的间隔。

3.8.8

检测到的detected

Detected

revealed overt

in relation to hardware, detected by the diagnostic tests,

proof tests, operator intervention (for example physical

inspection and manual tests), or through normal operation

揭露出的

明显的

与硬件相关，用诊断测试、检验测试、操作员干预（如设备检测和人工测试）或通过正常操作所发现的。

3.8.9

未检测到的undetected

未揭露的unrevealed

不明显的covert

in relation to hardware, undetected by the diagnostic tests,

proof tests, operator intervention (for example physical

inspection and manual tests), or through normal operation

与硬件有关，用诊断测试、检验测试、操作员干预（如设备检测和人工测试）或通过正常操作未发现的。

3.8.10

无关人员independent person

Person who is separate and distinct from the activities which

take place during the specific phase of the overall, E/E/PES or

software safety lifecycle that is subject to the functional safety

assessment or validation, and does not have responsibility for

those activities

与整体的、E/E/PES的或软件的安全生命周期特定阶段中的活动无关，并且不对其直接负责，但又从事功能安全评估或确认的人。

3.8.11

无关部门independent department

Department which is separate and distinct from the

department responsible for the activities which take place during

the specific phase of the overall, E/E/PES or software safety

lifecycle that is subject to the functional safety assessment or

validation

与整体的、E/E/PES的或软件的安全生命周期特定阶段中的活动无关，并且不对其直接负责，但又从事功能安全评估或确认的部门。

3.8.12

无关组织independent organization

Organization which is separate and distinct, by management

and other resources, from the organizations responsible for the

activities which take place during the specific phase of the overall,

E/E/PES or software safety lifecycle that is subject to the

functional safety assessment or vaildation

与整体的、E/E/PES的或软件的安全生命周期特定阶段中的活动无关，并且不对其直接负责，但又从事功能安全评估或确认的组织。

3.8.13

动画animation

Simulated operation of the software system (or of some

significant portion of the system) to display significant aspects of

the behaviour of the system, for instance applied to a

requirements specification in an appropriate format or an

appropriate high-level representation of the system de sign

软件系统（或系统的某一重要部分）的动画，以显示系统行为的主要面貌，例如适用于适当格式的要求规范或系统设计的高级表述。

3.8.14

动态测试dynamic testing

Executing software and/or operating hardware in a

controlled and systematic way, so as to demonstrate the

presence of the required behaviour and the absence of unwanted

behaviour

用系统的和受控的方式执行软件和（或）操作硬件以证明所要求的行为的存在以及非要求行为的不存在。

3.8.15

测试装置test harness

Facility that is capable of simulating (to some useful degree)

the operating environment of software or hardware under

development, by applying test cases to the software and

recording the response

在开发阶段能够仿真软件或硬件操作环境的装置。通过把测试实例应用于软件，能够模拟(达到某个可用的程度)开发中的软件或硬件的操作环境并记录响应的设施。

二、IEC61511标准术语

说明：以下术语摘录自IEC61511标准和相关的标准翻译稿，其中有一些术语在前面出现过，但表述略有不同，差别反映了过程控制领域的习惯与特殊性。

3.2.1

结构architecture

Arrangement of hardware and/or software elements in a

system, for example

(1) arrangement of safety instrumented system (SIS)

subsystems

(2) internal structure of an SIS subsystem

(3) arrangement of software programs

系统中硬件和/或软件元素的安排，如：

（1）安全仪表系统（SIS）子系统的安排；

（2）SIS子系统的内部结构；

（3）软件程序的安排。

3.2.2

资产保护asset protection

Function allocated to system design for the purpose of

preventing loss to assets

为防止资产损失分配给系统设计的功能。

3.2.3

基本过程控制系统（BPCS）basic process control system（BPCS）

System which responds to input signals form the process, its

associated equipment, other programmable systems and/or an

operator and generates output signals causing the process and

its associated equipment to operate in the desired manner but

which does not perform any safety instrumented functions with

a claimed SIL≥1

对来自过程的、系统相关设备的、其他可编程系统的和/或某个操作员的输入信号进行响应，并产生使过程和系统相关设备按要求方式运行的系统，但它并不执行任何具有被声明的

SIL≥1的仪表安全功能。

3.2.4

通道channel

element or group of elements that independently perform(s)

a function

独立执行一个功能的一个或一组元素。

3.2.5

编码coding

3.2.6.1

共同原因失效common cause failure

failure, which is the result of one or more events, causing

failures of two or more separate channels in a multiple channel

system, leading to system failure

由一个或多个事件引起一个多通道系统中的两个或多个分离通道失效，从而导致系统失效的一种失效。

3.2.6.2

共同模式失效common mode failure

failure of two or more channels in the same way, causing the

same erroneous result

两个或多个通道以同样的方式引起相同的误差结果的失效。

3.2.7

部件component

one of the parts of a system, subsystem, or device

performing a specific function

执行某一特定功能的系统、子系统或装置的一个组成部分。

3.2.8

配置configuration

3.2.9

配置管理configuration management

discipline of identifying the components of an evolving

(hardware and software) system for the purpose of controlling

changes to those components and maintaining continuity and

traceability throughout the life cycle

为了在生命周期全过程中控制组件的变化（硬件和软件）和保持连续性和可追溯性，对进化系统（硬件和软件）中组件的识别规则。

3.2.10

控制系统control system

system which responds to input signals from the process

and/or from an operator and generates output signals causing

the process to operate in the desired manner

对来自过程和/或操作员的输入信号进行响应，并产生使过程按要

求方式运行的输出信号的系统。

3.2.11

危险失效dangerous failure

failure which has the potential to put the safety instrumented

system in a hazardous or fail-to-function state

可能使安全仪表系统潜在地处于某种危险或功能丧失状态的失效。

3.2.12

相关失效dependent failure

failure whose probability cannot be expressed as the simple

produ ct of the unconditional probabilities of the individual

events which caused it

其概率不能表示为引起失效的独立事件的无条件概率的简单乘积的失效。

3.2.13

检测到的detected

揭露的revealed

明显的overt

in relation to hardware failures and software faults, detected

by the diagnostic tests or through normal operation

在与硬件失效和软件故障有关时，通过诊断测试或正常操作发现的。

3.2.14

装置device

functional unit of hardware or software, or both, capable of

accomplishing a specified purpose

能实现某个规定目的的硬件或软件或者二者结合的功能单元

3.2.15

诊断覆盖率（DC）diagnostic coverage (DC)

ratio of the detected failure rate to the total failure rate of

the component or subsystem as detected by diagnostic tests.

Diagnostic coverage does not include any faults detected by

proof tests.

诊断测试检测到的部件或子系统的失效率与总失效率之比。诊断覆盖率不包含由检验测试检测到的任何故障。

3.2.16

多样性diversity

existence of different means performing a required function

执行一个要求功能存在不同方法。

3.2.17

电气/电子/可编程电子（E/E/PE）

electrical/electronic/programmable electronic

based on electrical (E) and/or electronic (E) and/or

programmable electronic (PE) technology

基于电气（E）和/或电子（E）和/或可编程电子（PE）技术。

3.2.18

误差error

discrepancy between a computed, observed or measured

value or condition and the true, specified or theoretically correct

value or condition

计算出的、观测到的和测量到的值或条件，和真实的、规定的或理论上正确的值或条件之间的差异。

3.2.19

外部风险降低设施external risk reduction facilities

measures to reduce or mitigate the risks, which are separate

and distinct from the SIS

与SIS分离且性质不同的降低或减少风险的措施。

3.2.20

失效failure

termination of the ability of a functional unit to perform a

required function

功能单元执行一个要求功能的能力的终止。

3.2.21

故障fault

abnormal condition that may cause a reduction in, or loss of,

the capability of a functional unit to perform a required function

可能引起功能单元执行要求功能的能力降低或丧失的异常状况。

3.2.22

故障避免fault avoidance

use of techniques and procedures which aim to avoid the

introduction of faults during any phase of the safety life cycle of

the safety instrumented system

在安全仪表系统安全生命周期的任何阶段中为避免引入故障而使用的技术和程序。

3.2.23

故障裕度fault tolerance

ability of a functional unit to continue to perform a required

function in the presence of faults or errors

在出现故障或误差的情况下，功能单元继续执行要求功能的能力。

3.2.24

最终元件final element

part of a safety instrumented system which implements the

physical action necessary to achieve a safe state

执行实现某种安全状态所必需的实际动作的安全仪表系统的组成部分。

3.2.25

功能安全functional safety

part of the overall safety relating to the pr ocess and the

BPCS which depends on the correct functioning of the SIS and

other protection layers

与过程和BPCS有关的整体安全的组成部分，它取决于SIS和其他

保护层的正确功能执行。

3.2.26

功能安全评估functional safety assessment

investigation, based on evidence, to judge the functional

safety achiev ed by one or more protection layers

基于证据的调查，以判定由一个或多个保护层所实现的功能安全。

3.2.27

功能安全审核functional safety audit

systematic and independent examination to determine

whether the procedures

specific to the functional safety requirements comply with

the planned arrang ements, are implemented effectively and are

suitable to achieve the specified objectives

对于按计划安排的功能安全要求专用的规范是否有效地执行并满意地达到规定目的进行系统地、独立的检查。

3.2.28

功能单元functional unit

entity of hardware or software, or both, capable of

accomplishing a specified purpose 能够完成规定目的的软件、硬件或两者相结合的实体。

3.2.29

硬件安全完整性hardware safety integrity

part of the safety integrity of the safety instrumented

function relating to random hardware failures in a dangerous

mode of failure

在危险失效模式中，与硬件随机失效有关的仪表安全功能的安全完整性的一部分。

3.2.30

伤害harm

physical injury or damage to the health of people, either

directly or indirectly, as a result of damage to property or to the

environment

由财产或环境的破坏而直接或间接导致的人身伤害或人体健康的损害。

3.2.31

危险hazard

potential source of harm

伤害的潜在根源。

3.2.32

人为误差human error

失误mistake

human action or inaction that produces an unintended result

引发非期望结果的人的动作或不动作。

3.2.33

影响分析impact analysis

activity of determining the effect that a change to a function

or component will have to other functions or components in that

system as well as to other syste ms

确定一个系统中的一个功能或部件的改变，对该系统和其他系统中其他功能或部件影响的活动。

3.2.34

独立部门independent department

department which is separate and distinct form the

departments responsible for the activities which take place

during the specific phase of the safety life cycle that is subject to

the functional safety assessment or validation

在进行安全评估或确认的安全生命周期的特定阶段中，同负责所发生活动的部门分开且不同的部门。

3.2.35

独立组织independent organization

organization which is separate and distinct, by management

and other resources, from the organizations responsible for t he

activities which take place during the

specific phase of the safety life cycle that is subject to the

functional safety assessment or validation

在进行安全评估或确认的安全生命周期的特定阶段中，通过管理和其他资源同负责所发生活动的组织分开且不同的组织。

3.2.36

独立人员independent person

person who is separate and distinct from the activities which

take place during the specific phase of the safety life cycle that is

subject to the functional safety assessment or validation and

does not have direct responsibility for those activities 在进行安全评估或确认的安全生命周期的特定阶段中，同所发生活动分开且不同的人员，这些人员并不直接负责那些活动。

3.2.37

输入功能input function

function which monitors the process and its associated

equipment in order to provide input information for the logic

solver

为了给逻辑解算器提供输入信息，监视过程及其相关设备的功能。

3.2.38

仪表instrument

apparatus used in performing an action (typically found in

instrumented systems)

在执行某个动作中使用的仪器（典型的可见仪表系统）。

3.2.39

逻辑功能logic function

function which performs the transformations between input

information (provided by one or more input functions) and

output information (used by one o r more output functions) ;

logic functions provide the transformation from one or more

input functions to one or more output functions

在输入信息（由一个或几个输入功能提供）和输出信息（由一个或几个输出功能使用）之间执行变换的功能；逻辑功能提供从一个或几个输入功能到一个或几个输出功能的转换。

3.2.40

逻辑解算器logic solver

that portion of either a BPCS or SIS that performs one or

more logic function(s)

既可以是一个BPCS的一部分，也可以是SIS的一部分，它执行一个或几个逻辑功能。

安全配置的逻辑解算器safety configured logic solver

general purpose industrial grade PE logic solver which is

specifically configured for use in safety applications in

accordance with 11.5

根据11.5为在安全应用中使用专门配置的工业级通用型PE逻辑解算器。

3.2.41

维护/工程接口maintenance/engineering interface

maintenance/engineering interface is that hardware and

software provided to allow proper SIS maintenance or

modification. It can include instru ctions and diagnostics which

may be found in software, programming terminals with

appropriate communication protocols, diagnostic tools,

indicators, bypass devices, test devices, and calibration devices

为能正确维护或修改SIS所提供的硬件和软件。包括：在软件中可能含有的指令和诊断程

序、具有适当通信协议的编程终端、诊断工具、指示器、旁路装置、试验装置和校正装置。

3.2.42

减轻mitigation

action that reduces the consequence(s) of a hazardous event

减小危险事件后果的动作。

3.2.43

操作模式mode of operation

way in which a safety instrumented function operates

仪表安全功能运行方式。

要求模式下的仪表安全功能demand mode safety instrumented

function

where a specified action (for example, closing of a valve) is

taken in response to process conditions or other demands. In the

event of a dangerous failure of the safety instrumented function

a potential hazard only occurs in the event of a failure in the

process or the BPCS

响应过程条件或其他要求而采取一个规定动作（如关闭一个阀门）的场合。在仪表安全功能的危险失效事件中，仅当发生过程或BPCS的失效事件时，才发生潜在危险。

连续模式下的仪表安全功能continuous mode safety

instrumented function

where in the event of a dangerous failure of the safety

instrumented function a potential hazard will occur without

further failure unless action is taken to prevent it 在仪表安全功能的危险失效事件中，如果不采取预防动作，即使没有进一步的失效，潜在危险也会发生。

3.2.44

模块module

self-contained assembly of hardware components that

performs a specific hardware function (i.e., digital input module,

analogue output module), or reusable application program (can

be internal to a program or a set of programs) that support a

specific function, for example, portion of a computer program

that carries out a specific function

执行某个特定硬件功能的硬件部件的自含式组件（即数字输入模块、模拟输出模块），或支持某一特定功能的可重用应用程序（可能是一个或一组内固程序）。如执行特定功能的计算机程序的一部分。

3.2.45

从N中取M MooN

safety instrumented system, or part thereof, made up of “N”

independent channels, which are so connected, that “M”

channels are sufficient to perform the safety instrumented

function

“N”个独立通道构成的安全仪表系统或其部分，它被连接成其中“M”个通道足以执行仪表安全功能。

3.2.46

必要的风险降低necessary risk reduction

risk reduction required to ensure that the risk is reduced to a

tolerable level

为保证把风险降低到允许水平所需的风险降低。

3.2.47

非可编程（NP）系统non-programmable(NP) system

system based on non-computer technologies (i.e., a system

not based on programmable electronics [PE] or software)

基于非计算机技术的系统（即不基于可编程电子[PE]或软件的系统）。

3.2.48

操作员接口operator interface

means by which information is communicated between a

human operator(s) and the SIS (for example, CRTs, indicating

lights, push-buttons, horns, alarms); the operator interface is

sometimes referred to as the human-machine interface (HMI)

在操作人员和SIS之间进行信息交换的手段（如阴极射线管CRT、指示灯、按钮、操纵杆、报警器）；操作员接口有时又叫人机接口（HMI）。

3.2.49

其他技术安全相关系统other technology safety related system

safety related systems that are based on a technology other

than electrical, electronic, or programmable electronic

不基于电气、电子或可编程电子技术的安全相关系统。

3.2.50

输出功能output function

function which controls the process and its associated

equipment acco rding to final actuator information from the logic

function

根据来自逻辑功能的终端执行机构的信息，控制过程及其相关设备的功能。

3.2.51

阶段phase

period within the safety life cycle where activities described

in this standard take place

发生IEC61511中描述活动的安全生命周期中的某个时段。

3.2.52

预防prevention

action that reduces the frequency of occurrence of a

hazardous event

降低危险事件发生频率的动作。

3.2.53

以往使用prior use

3.2.54

过程风险process risk

risk arising from the process conditions caused by abnormal

events (include BPCS malfunction)

因异常事件（包括BPCS功能失常）引起过程条件产生的风险。

3.2.55

可编程电子（PE）programmable electronics

electronic component or device forming part of a PES and

based on computer technology. The term encompasses both

hardware and software and input and out units

基于计算机技术构成PES一部分的电子部件或装置。本术语包括硬件和软件及输入和输出单元。