The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments and errata) applies.

OPC 10000-1, OPC Unified Architecture - Part 1: Overview and Concepts

OPC 10000-2, OPC Unified Architecture - Part 2: Security Model

OPC 10000-3, OPC Unified Architecture - Part 3: Address Space Model

OPC 10000-4, OPC Unified Architecture - Part 4: Services

OPC 10000-5, OPC Unified Architecture - Part 5: Information Model

OPC 10000-6, OPC Unified Architecture - Part 6: Mappings

IEC 617843:2017, Industrial communication networks – Profiles – Part 3: Functional safety fieldbuses – General rules and profile definitions

IEC 61000-6-7, Electromagnetic compatibility (EMC) – Part 6-7: Generic standards – Immunity requirements for equipment intended to perform functions in a safety related system (functional safety) in industrial locations

IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-related systems

IEC 61511 (all parts), Functional safety – Safety instrumented systems for the process industry sector

IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems

ISO 13849-1:2015, Safety of machinery – Safety-related parts of control systems – Part 1: General principles for design

ISO 13849 2:2012, Safety of machinery – Safety-related parts of control systems – Part 2: Validation

This part explains the relevant principles of functional safety for communication with reference to the IEC 61508 series as well as IEC 61784-3 and others (see Figure 1), and specifies a safety communication layer based on the OPC Unified Architecture.

Figure 1 shows the relationship between this part and the relevant safety and OPC UA standards in an industrial environment. An arrow from Document A to Document B means “Document A is referenced in Document B”.


Figure 1 – Relationships of OPC UA Safety with other standards

OPC UA Safety does this in such a way that OPC UA can be used for applications requiring functional safety up to the Safety Integrity Level (SIL) 4.

The resulting SIL claim of a system depends on the way OPC UA Safety is implemented within this system. That means that if a certain SIL is desired, this part must be implemented on a device which fulfils the requirements for this SIL as described in IEC 61508. In particular, measures against random hardware failures and systematic errors (e.g. software defects) must be taken.

Table 1 – Implementation of OPC UA Safety

OPC UA Safety is intended for implementation in safety devices exclusively.

Simply implementing this specification in a standard device (i.e. a device not fulfilling the requirements of IEC 61508) is insufficient to qualify it as a safety device.

[RQ2.1] A safety device with OPC UA Safety shall fulfil the requirements of IEC 61508 (according the SIL-level as described) when used in live operation.

This part does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.

This part defines mechanisms for the transmission of safety-relevant messages among participants within a network using OPC UA technology in accordance with the requirements of IEC 61508 series and IEC 61784-3 for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing, automation, and machinery.

This part provides guidelines for both developers and assessors of compliant devices and systems.