SIST EN IEC 63044-4:2021

SLOVENSKI STANDARD
01-november-2021
Splošne zahteve za stanovanjske in stavbne elektronske sisteme (HBES) in
sisteme za avtomatizacijo in krmiljenje stavb (BACS) - 4. del: Varnostne zahteve za
splošno funkcionalnost proizvodov, namenjenih za integracijo v stavbne
elektronske sisteme (HBES) in sisteme za avtomatizacijo in krmiljenje stavb
(BACS)
General requirements for Home and Building Electronic Systems (HBES) and Building
Automation and Control Systems (BACS) - Part 4: General functional safety
requirements for products intended to be integrated in Building Electronic Systems
(HBES) and Building Automation and Control Systems (BACS)
Ta slovenski standard je istoveten z: EN IEC 63044-4:2021
ICS:
35.240.67 Uporabniške rešitve IT v IT applications in building
gradbeništvu and construction industry
97.120 Avtomatske krmilne naprave Automatic controls for
za dom household use
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 63044-4

NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2021
ICS 29.120.01; 29.120.99
English Version
Home and building electronic systems (HBES) and building
automation and control systems (BACS) - Part 4: General
functional safety requirements for products intended to be
integrated in HBES and BACS
(IEC 63044-4:2021)
Systèmes électroniques pour les foyers domestiques et les Allgemeine Anforderungen an die Elektrische
bâtiments (HBED) et systèmes de gestion technique du Systemtechnik für Heim und Gebäude (ESHG) und an
bâtiment (SGTB) - Partie 4: Exigences générales de Systeme der Gebäudeautomation (GA) - Teil 4:
sécurité fonctionnelle pour les produits destinés à être Anforderungen an die funktionale Sicherheit für Produkte,
intégrés dans les HBES et SGTB die für den Einbau in ESHG/GA vorgesehen sind
(IEC 63044-4:2021) (IEC 63044-4:2021)
This European Standard was approved by CENELEC on 2021-08-03. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 63044-4:2021 E

European foreword
The text of document 23/973/FDIS, future edition 1 of IEC 63044-4, prepared by IEC/TC 23 “Electrical
accessories” was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2022–05–03
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2024–08–03
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 63044-4:2021 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 60364 (series) NOTE Harmonized as HD 60364 (series)
IEC 60664-1:2020 NOTE Harmonized as EN IEC 60664-1:2020 (not modified)
IEC 61000-1-2 NOTE Harmonized as EN 61000-1-2
IEC 61000-6-1 NOTE Harmonized as EN IEC 61000-6-1
IEC 61000-6-2 NOTE Harmonized as EN IEC 61000-6-2
IEC 61000-6-3 NOTE Harmonized as EN IEC 61000-6-3
IEC 61000-6-4 NOTE Harmonized as EN IEC 61000-6-4
IEC 61508-1 NOTE Harmonized as EN 61508-1
IEC 61508-2 NOTE Harmonized as EN 61508-2
IEC 61508-3 NOTE Harmonized as EN 61508-3
ISO 9000 NOTE Harmonized as EN ISO 9000
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the
relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60364 series Low-voltage electrical installations HD 60364 series
IEC 61508 series Functional safety of EN 61508 series
electrical/electronic/programmable
electronic safety-related systems
IEC 61709 2017 Electric components - Reliability  EN 61709 2017
Reference conditions for failure rates and
stress models for conversion
IEC 63044-3 2017 Home and Building Electronic Systems EN IEC 63044-3 2018
(HBES) and Building Automation and
Control Systems (BACS) - Part 3: Electrical
safety requirements
IEC 63044-5 series Home and Building Electronic Systems EN IEC 63044-5 series
(HBES) and Building Automation and
Control Systems (BACS) - Part 5: EMC
requirements
IEC 63044-4 ®
Edition 1.0 2021-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Home and building electronic systems (HBES) and building automation and

control systems (BACS) –
Part 4: General functional safety requirements for products intended to be

integrated in HBES and BACS
Systèmes électroniques pour les foyers domestiques et les bâtiments (HBES) et

systèmes de gestion technique du bâtiment (SGTB) –

Partie 4: Exigences générales de sécurité fonctionnelle pour les produits

destinés à être intégrés dans les HBES et SGTB

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 29.120.01; 29.120.99 ISBN 978-2-8322-9898-5

– 2 – IEC 63044-4:2021 © IEC 2021
CONTENTS
FOREWORD . 3
INTRODUCTION . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 General requirements . 10
4.1 General . 10
4.2 Method of establishment of the requirements . 10
4.2.1 General . 10
4.2.2 HBES/BACS application environment . 11
4.2.3 Sources of hazards . 11
4.2.4 Hazardous events . 11
4.2.5 Derivation of requirements . 11
5 Requirements for functional safety . 12
5.1 General . 12
5.2 Power feeding . 12
5.3 Life time . 13
5.4 Reasonably foreseeable misuse . 13
5.5 Software and communication . 13
5.6 Remote operations . 15
5.6.1 General recommendations . 15
5.6.2 Within a single building or in its immediate vicinity . 15
5.6.3 From outside the building . 15
5.6.4 Management . 16
Annex A (informative) Example of a method for the determination of safety integrity
levels . 17
A.1 General . 17
A.2 As low as reasonably practicable (ALARP) and tolerable risk concepts . 17
Annex B (informative) Hazards and development of necessary functional safety
requirements . 19
Annex C (informative) Some examples of non-safety-related HBES/BACS applications . 27
C.1 General . 27
C.2 Examples of non-safety-related HBES/BACS applications . 27
C.2.1 Example 1: Oven . 27
C.2.2 Example 2: Devices presenting a high potential risk of hazard . 27
C.2.3 Example 3: Mains plugs, socket outlets and circuits . 28
C.2.4 Example 4: Water temperature adjustment . 28
Bibliography . 29

Figure A.1 – Risk reduction – General concept . 17

Table 1 – Requirements for avoiding inadvertent operations and possible ways to
achieve them . 16
Table A.1 – Example of risk classification of accidents. 18
Table A.2 – Interpretation of risk classes . 18
Table B.1 – Requirements and/or risk reduction measures . 19

IEC 63044-4:2021 © IEC 2021 – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
HOME AND BUILDING ELECTRONIC SYSTEMS (HBES) AND
BUILDING AUTOMATION AND CONTROL SYSTEMS (BACS) –

Part 4: General functional safety requirements for
products intended to be integrated in HBES and BACS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 63044-4 has been prepared by IEC technical committee 23: Electrical accessories. It is an
International Standard.
The text of this International Standard is based on the following documents:
FDIS Report on voting
23/973/FDIS 23/975/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.

– 4 – IEC 63044-4:2021 © IEC 2021
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/standardsdev/publications.
A list of all parts in the IEC 63044 series, published under the general title Home and Building
Electronic Systems (HBES) and Building Automation and Control Systems (BACS), can be
found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IEC 63044-4:2021 © IEC 2021 – 5 –
INTRODUCTION
Functional safety includes the safe operation of devices and appliances ("products") when
installed into and operating on a communications network in a home or building ("premises").
This document specifies installation, control, operating, and failure mode procedures to
enhance the functional safety of devices installed in homes and buildings. A device functions
safely if it causes no harm while operating and performing an intended task. Such devices might
not operate safely due to installation or control problems.
The growing use of home and building networks to interconnect devices introduces additional
challenges to maintaining functional safety because of possible device interactions. Therefore,
this document addresses the risks of connecting devices to a home or building network, which
enables data exchanges and remote control from within the home or building.
Furthermore, if the home or building network is connected to a public network, control from
remote locations may be possible. Such control messages might originate from a smart phone
app, be sent through a mobile telephone network, routed to a building gateway, and sent via a
home or building network to a device communications interface. Thus, there are many
opportunities for such messages to be compromised. Remote access poses additional threats
to functional safety that are addressed in this document.
This document is part of IEC 63044 series and applies to home and building electronic systems
(HBES/BACS).
This document applies to home and building electronic systems (HBES) in general and
specifically to systems conforming to the home electronic system (HES) family of ISO/IEC
standards.
HBES/BACS products in this document are for non-safety-related systems.
The intention of this document is to specify, as far as possible, all safety requirements for
HBES/BACS products in their life cycle.
This document specifies the general functional safety requirements for devices connected to a
home or building network following the principles of the basic standard for functional safety,
IEC 61508 (all parts). It covers functional safety issues related to device and device
installations. The requirements are based on a risk analysis in accordance with IEC 61508.

– 6 – IEC 63044-4:2021 © IEC 2021
HOME AND BUILDING ELECTRONIC SYSTEMS (HBES) AND
BUILDING AUTOMATION AND CONTROL SYSTEMS (BACS) –

Part 4: General functional safety requirements for
products intended to be integrated in HBES and BACS

1 Scope
This part of IEC 63044 provides the functional safety requirements for HBES/BACS.
In addition, it defines functional safety requirements for the interface of equipment intended to
be connected to an HBES/BACS network. It does not apply to interfaces to other networks.
NOTE 1 An example of another network is a dedicated ICT network covered by IEC 62949.
This document does not provide functional safety requirements for safety-related systems.
NOTE 2 Examples of non-safety-related HBES/BACS applications are given in Annex C.
This document does not provide requirements on data protection and security.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 60364 (all parts), Low-voltage electrical installations
IEC 63044-3:2017, Home and Building Electronic Systems (HBES) and Building Automation
and Control Systems (BACS) – Part 3: Electrical safety requirements
IEC 63044-5 (all parts), Home and Building Electronic Systems (HBES) and Building
Automation and Control Systems (BACS)
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-
related systems
IEC 61709:2017, Electric components – Reliability – Reference conditions for failure rates and
stress models for conversion
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp

IEC 63044-4:2021 © IEC 2021 – 7 –
3.1
authentication
means for certifying that the entity sending a message is what or who it purports to be and
confirmation that the message is identical to that which was sent
3.2
authorisation
mechanism to ensure that the entity or person accessing information, functions or services has
the authority to do so
3.3
disturbed communication
communication in which for any reason a message being communicated is incomplete,
truncated, contains errors or has the correct format but delivers information which is outside
the range of expected parameters for such a message
3.4
functional safety
freedom from unacceptable risk of harm due to the operation of an HBES/BACS, including that
resulting from:
1) normal operation,
2) reasonably foreseeable misuse,
3) failure,
4) temporary disturbances,
and forming part of the overall safety relating to the EUC (equipment under control, see 3.17)
and the EUC control system that depends on the correct functioning of the E/E/PE
(electrical/electronic/programmable electronic) safety-related systems and other risk reduction
measures
Note 1 to entry: The definitions of "functional safety" given in IEC/TR 61000-2-1 and IEC 61000-1-2 are taken into
account.
[SOURCE: IEC 61508-4:2010, 3.1.12, modified – Addition of introduction and items 1 to 4 of
list, text in brackets, and note.]
3.5
Hamming distance
number of bits in which two binary codes differ
3.6
harm
physical injury or damage to the health of people either directly or indirectly as a result of
damage to property or the environment
[SOURCE: IEC 61508-4:2010, 3.1.1, modified – Addition of "either directly or indirectly as a
result of".]
3.7
hazard
potential source of harm
Note 1 to entry: The term includes danger to persons arising within a short time scale (for example, fire and
explosion) and also those that have a long-term effect on a person's health (for example, release of a toxic
substance).
[SOURCE: IEC 61508-4:2010, 3.1.2]

– 8 – IEC 63044-4:2021 © IEC 2021
3.8
hazardous event
situation which results in harm on normal operation or abnormal condition
Note 1 to entry: Whether or not a hazardous event results in harm depends on whether people, property or the
environment are exposed to the consequence of the hazardous event and, in the case of harm to people, whether
any such exposed people can escape the consequences of the event after it has occurred.
Note 2 to entry: Adapted from IEC 61508-4:2010, 3.1.4.
3.9
product
device in the form of hardware or firmware, and its associated software and configuration tools
3.10
product documentation
manufacturer's installation and operations literature, such as manufacturer's catalogue, leaflet
and other printed or electronic product information
3.11
safety-related system
designated system that both
– implements the required safety functions necessary to achieve or maintain a safe state for
the EUC, and
– is intended to achieve, on its own or with other E/E/PE safety-related systems and other
technology risk reduction measures, the necessary safety integrity for the required safety
functions
Note 1 to entry: The term refers to those systems, designated as safety-related systems, that are intended to
achieve, together with the other risk reduction measures, the necessary risk reduction in order to meet the required
tolerable risk. See also Annex A of IEC 61508-5.
Note 2 to entry: Safety-related systems are designed to prevent the EUC from going into a dangerous state by
taking appropriate action on detection of a condition which may lead to a hazardous event. The failure of a safety-
related system would be included in the events leading to the determined hazard or hazards. Although there may be
other systems having safety functions, it is the safety-related systems that have been designated to achieve, in their
own right, the required tolerable risk. Safety-related systems can broadly be divided into safety-related control
systems and safety-related protection systems.
Note 3 to entry: Safety-related systems may be an integral part of the EUC control system or may interface with the
EUC by sensors and/or actuators. That is, the required safety integrity level may be achieved by implementing the
safety functions in the EUC control system (and possibly by additional separate and independent systems as well)
or the safety functions may be implemented by separate and independent systems dedicated to safety.
Note 4 to entry: A safety-related system may
a) be designed to prevent the hazardous event (i.e. if the safety-related systems perform their safety functions then
no harmful event arises);
b) be designed to mitigate the effects of the harmful event, thereby reducing the risk by reducing the consequences;
c) be designed to achieve a combination of a) and b).
Note 5 to entry: A person can be part of a safety-related system. For example, a person could receive information
from a programmable electronic device and perform a safety action based on this information, or perform a safety
action through a programmable electronic device.
Note 6 to entry: A safety-related system includes all the hardware, software and supporting services (for example,
power supplies) necessary to carry out the specified safety function (sensors, other input devices, final elements
(actuators) and other output devices are therefore included in the safety-related system).
Note 7 to entry: A safety-related system may be based on a wide range of technologies including electrical,
electronic, programmable electronic, hydraulic and pneumatic.
[SOURCE: IEC 61508-4:2010, 3.4.1, modified – The word "technology" has been added to the
definition.]
IEC 63044-4:2021 © IEC 2021 – 9 –
3.12
safety integrity
probability of a safety-related system satisfactorily maintaining the required safety functions
under all the stated conditions within a stated period of time
Note 1 to entry: The higher the level of safety integrity, the lower the probability that the safety-related system will
fail to carry out the specified safety functions or will fail to adopt a specified state when required.
Note 2 to entry: There are four levels of safety integrity (see 3.5.8 of IEC 61508-4:2010).
Note 3 to entry: In determining safety integrity, all causes of failures (both random hardware failures and systematic
failures) that lead to an unsafe state should be included, for example hardware failures, software induced failures
and failures due to electrical interference. Some of these types of failure, in particular random hardware failures,
may be quantified using such measures as the average frequency of failure in the dangerous mode of failure or the
probability of a safety-related protection system failing to operate on demand. However, safety integrity also depends
on many factors that cannot be accurately quantified but can only be considered qualitatively.
Note 4 to entry: Safety integrity comprises hardware safety integrity and systematic safety integrity.
Note 5 to entry: This definition focuses on the reliability of the safety-related systems to perform the safety functions
(see IEV 192-01-24 for a definition of reliability).
[SOURCE: IEC 61508-4:2010, 3.5.4, modified – Deletion of "E/E/PE" from the definition, the
word "performing" has been replaced with "maintaining", "specified" has been replaced with
"required", and "of IEC 61508-4:2010" has been added to Note 2.]
3.13
safety integrity level
SIL
discrete level (one out of a possible four), corresponding to a range of safety integrity values,
where safety integrity level 4 has the highest level of safety integrity and safety integrity level 1
has the lowest
Note 1 to entry: The target failure measures (see 3.5.17) for the four safety integrity levels are specified in Tables 2
and 3 of IEC 61508-1:2010.
Note 2 to entry: Safety integrity levels are used for specifying the safety integrity requirements of the safety
functions to be allocated to the E/E/PE safety-related systems.
Note 3 to entry: A safety integrity level (SIL) is not a property of a system, subsystem, element or component. The
correct interpretation of the phrase "SIL n safety-related system" (where n is 1, 2, 3 or 4) is that the system is
potentially capable of supporting safety functions with a safety integrity level up to n.
[SOURCE: IEC 61508-4:2010, 3.5.8, modified – The date has been added to IEC 61508-1.]
3.14
risk
combination of the probability of occurrence of harm and the severity of that harm
Note 1 to entry: For more discussion on this concept see Annex A of IEC 61508-5:2010.
[SOURCE: IEC 61508-4:2010, 3.1.6, modified – The date has been added to IEC 61508-1.]
3.15
reasonably foreseeable misuse
use of a product, process or service in a way not intended by the supplier, but which may result
from readily predictable human behaviour
[SOURCE: IEC 61508-4:2010, 3.1.14]

– 10 – IEC 63044-4:2021 © IEC 2021
3.16
safety function
function to be implemented by an E/E/PE safety-related system or other risk reduction
measures, that is intended to achieve or maintain a safe state for the EUC, in respect of a
specific hazardous event
EXAMPLE Examples of safety functions include:
– functions that are required to be carried out as positive actions to avoid hazardous situations (for example
switching off a motor); and
– functions that prevent actions being taken (for example preventing a motor starting).
[SOURCE: IEC 61508-4:2010, 3.5.1]
3.17
EUC
equipment under control
equipment, machinery, apparatus or plant used for manufacturing, process, transportation,
medical or other activities
Note 1 to entry: The EUC control system is separate and distinct from the EUC.
[SOURCE: IEC 61508-4:2010, 3.2.1]
4 General requirements
4.1 General
Functional safety of a system relies upon both the performance of the network, and upon the
performance of the connected HBES/BACS products:
1) failure of either the network or any other part of the HBES/BACS shall not cause the system,
the products, or the controlled equipment to become unsafe;
2) while in operation, individual HBES/BACS products shall not rely solely upon the system for
their safe operation;
3) while in operation, the system's interaction of any product(s) with any other product(s) shall
not result in unsafe operation of the system.
4.2 Method of establishment of the requirements
4.2.1 General
For specification of the functional safety requirements, the life cycle used in IEC 61508 (all
parts) shall be followed for:
1) concept phase of products;
2) application environment;
3) identification of hazards and hazardous events;
4) hazard and risk analysis, risk reduction measures;
5) realisation of risk reduction measures;
6) validation;
7) maintenance;
8) installation and commissioning;
9) decommissioning.
The product technical committees and/or developers shall take the requirements of this
document into account in the product safety requirements, but it is not necessary to go into the
IEC 61508 series process itself.

IEC 63044-4:2021 © IEC 2021 – 11 –
4.2.2 HBES/BACS application environment
The HBES/BACS application environment is taken into account.
4.2.3 Sources of hazards
The following sources of hazards have been considered:
1) material and construction;
2) reliability;
3) normal operation;
4) unintentional interaction with other products;
5) interaction with other HBES/BACS products;
6) abnormal conditions;
7) foreseeable misuse, including the download of unauthorised and malicious code;
NOTE This includes unintentional software modifications.
8) life time;
9) environment;
10) installation and maintenance.
4.2.4 Hazardous events
The following is a non-exhaustive list of hazardous events which have been taken into account
for the analysis (the bus and mains (230 V/400 V) have been considered):
1) power failure;
2) overvoltage on the bus line;
3) wrong connection;
4) overtemperature;
5) fire;
6) mechanical shock, vibration;
7) corrosion;
8) electromagnetic disturbance;
9) pollution;
10) end of life of a component/product;
11) reasonably foreseeable misuse;
12) software failure;
13) overload;
14) switching of damaged equipment and subsystems;
15) remote control;
16) command from two sources to one product (e.g. actuator).
Other hazardous events may be considered. For example: short circuit on the bus line;
corrosion; breakdown of material.
4.2.5 Derivation of requirements
The risk analysis has been carried out for each of the hazardous events (see 4.2.4). Annex B
includes an example of risk analysis and the corresponding functional safety measures.

– 12 – IEC 63044-4:2021 © IEC 2021
In all cases where the evaluated risk classes indicate an unacceptable risk, risk reduction
measures are required as well as the level of risk reduction effect and its validation. Some risk
reduction measures are proposed and what is usually covered by the relevant product standard
is also indicated. If manufacturers intend to develop HBES/BACS products/systems which
exhibit hazardous events not covered by 4.2.4 the risk analysis shall be carried out according
to IEC 61508 (all parts).
5 Requirements for functional safety
5.1 General
Analysis according to IEC 61508 (all parts) indicates that functional safety depends upon both
the design and manufacture of products and upon the appropriate use of the products in
installations.
Subclauses 5.2 to 5.6 contain requirements for HBES/BACS products and for the provision of
information necessary for the proper installation, operation and maintenance of these products.
Compliance requirements are given for the products as necessary and verification of the
provision of the necessary information.
All referenced product tests are type tests.
The basis and reasons for the following requirements are shown in Annex B.
NOTE The hazardous events listed in 4.2.4 are referred to according to their list number in brackets, for example,
(1), (2), etc.
5.2 Power feeding
5.2.1 In the event of power failure, the products shall restart safely when power is restored.
(1)
NOTE Safe restart can be performed by:
– storing the status information and using this information for rebuilding the functionality after power on,
– switching to a defined state of the product depending on the application,
– calculation of the safe state based on the information available from the system (from a controller, if any and/or
from each product),
– maintaining a sufficient power reserve (by providing an appropriate buffer time either in the product and/or in the
power supply unit) to enable connected products to enter a safe state.
5.2.2 Marking and instructions of the products shall be designed to prevent the risk of wrong
connections. (2) (3)
The products shall be marked in a legible and durable manner.
It is recommended that labelling be language agnostic.
Compliance shall be checked by inspection of the product documentation and if appropriate
according to the test of legible and durable markings in the relevant product standard.
5.2.3 The construction and design of a product shall have provisions to prevent wrong
connections. This may be supported by appropriate grouping of connections. (3)
Compliance shall be checked by inspection of the product.

IEC 63044-4:2021 © IEC 2021 – 13 –
5.3 Life time
The products shall be designed for a defined useful lifetime according to IEC 61709:2017 or by
testing the product according to the relevant product standard endurance test under normal
condition.
The datasheet shall give instructions for maintenance if required to reach the specified lifetime.
(10)
Compliance shall be checked by inspection of the documentation.
5.4 Reasonably foreseeable misuse
5.4.1 The risk of accidental download of the wrong application software or parameters into
the products shall be minimised. (11)
NOTE The following measures could be used:
– design of the configuration tool;
– identification of products and comparison of their profiles by the network management;
– password;
– authentication;
– product documentation;
– training of installers/operators.
Compliance shall be checked by inspection of the product documentation.
5.4.2 Proper configuration and related parameters shall be ensured. (11)
NOTE The following measures can apply:
– specification of parameter ranges;
– limited configuration possibilities for the end-user;
– access to configuration for skilled persons only;
– consistency check by tools or by the installer;
– check of conformity with configuration.
Compliance shall be verified by check of conformity of the existing configuration with the
planned (intended) configuration.
5.4.3 Measures shall be provided for the detection and/or indication of missing or
incompletely configured products during the configuration process. (11)
NOTE The following measures can apply:
– design of the configuration tool;
– formal installation procedures.
Compliance shall be checked by product test or inspection of the product documentation.
5.5 Software and communication
NOTE The software and communication requirements of this Subclause 5.5 are not intended to cover data
protection and cybersecurity.
5.5.1 The software development process shall include an appropriate procedure to support
the proper operation of this software. (12)
Compliance shall be checked by inspection of the process documentation or of the
corresponding certificates.
– 14 – IEC 63044-4:2021 © IEC 2021
5.5.2 Measures shall be provided to check the proper operation of the product software and
the integrity of the configuration. If abnormal operation is detected, the product shall restore
the correct values or shall go to a defined state. (12)
Compliance shall be checked by inspection of the product software design documentation.
5.5.3 If required by the application, measures shall be provided inside the products to limit
the traffic load imposed on the communication medium. (13)
The following measures can apply:
– limitation of cyclic transmission;
– limitation of the number of messages per time unit per product;
– limitation of polling cycles.
Compliance shall be checked by inspection of the product documentation and if possible by
product testing.
5.5.4 The reception of messages from several sources shall not disturb the proper function
of the product and shall not cause hazards. (16)
NOTE The following measures can apply:
– if there is a hierarchy of the sources, check source address;
– apply the rule: first in, first out;
– apply the rule: last message wins;
– secure the process by finalising before new messages can change the behaviour;
– secure the process by stopping and restarting the process;
– secure the process by disabling and enabling the process.
Compliance shall be checked by inspection of the product documentation and if possible by
product testing.
5.5.5 The products shall respond to a system reset (if any) by going to a defined state.
Compliance shall be checked by inspection of the product documentation and if possible by
product testing.
5.5.6 It shall be possible to restrict access to the manual configuration of system parameters.
NOTE The following measures or exceptions can apply except where manual configuration is explicitly detailed in
its instruction manual (also the case for automatic configuration):
– use of a tool (hardware or software);
– use of password and/or authentication;
– ensure that unauthorised access is not possible;
– combination or sequence of actions;
– concealed means for configuration.
Compliance shall be checked by inspection of the product documentation and if possible by
product testing.
5.5.7 The safe operation of a product shall be independent of the operation of other products
in the system or application.
NOTE The following measures can apply:
– cyclic transmission;
– range checking of received variables.

IEC 63044-4:2021 © IEC 2021 – 15 –
Compliance shall be checked by inspection of the results of the EMC product tests.
5.5.8 Measures for the identification of disturbed messages shall be provided. If a disturbed
message is detected, measures shall be taken to ensure safe operation. (8)
Data integrity shall be maintained with appropriate methods for error detection and correction.
NOTE The following measures can apply:
– the message may be rejected or corrected by the receiving product;
– the message may be repeated by the sender.
Compliance shall be checked by inspection of the results of the product test or by inspection of
the product documentation.
5.5.9 Measures shall be provided to enable message losses to be indicated or t
...