FMEDA for IEC 61508 Element / Product

Written By David Kilshaw

If you're developing an electronic product destined for use in safety-related applications, a key part of proving compliance with IEC 61508 is the FMEDA—Failure Modes, Effects, and Diagnostic Analysis. But what exactly is an FMEDA, and how do you go about performing one?

What is an FMEDA?

An FMEDA is a detailed extension of an FMEA (Failure Modes and Effects Analysis) that adds two key things:

  1. Failure Rate Data for each failure mode.

  2. Diagnostic Coverage information for safety-related systems.

This analysis allows you to determine:

  • The Safe Failure Fraction (SFF).

  • The Diagnostic Coverage (DC).

  • The probability of dangerous failure per hour (λD).

  • The hardware safety integrity level (SIL) capability of the component or system.

When is an FMEDA Required?

IEC 61508-2 requires FMEDA or equivalent methods for hardware fault tolerance (HFT) and safe failure fraction (SFF) assessments. It's especially important for:

  • Safety-related subsystems (e.g., sensors, logic solvers, actuators).

  • Complex electronics where a full failure mode breakdown is needed to determine SIL capability.

Prerequisites

Before starting the FMEDA, you’ll need:

  • System Architecture/Design: Complete schematics and bill of materials.

  • Component-Level Data: Failure rate data from trusted sources like SN 29500, IEC TR 62380, FIDES, or manufacturer reliability reports.

  • Operating Environment: Temperature, voltage, vibration, etc., to adjust failure rates if needed.

  • Diagnostic Information: Details of diagnostics implemented (hardware or software).

Step-by-Step Guide to Performing an FMEDA

1. Break Down the Product

Divide your product into subsystems or components—ideally at the component level (ICs, resistors, capacitors, etc.) or functional block level.

Tip: A detailed block diagram is a great place to start.

2. Identify Failure Modes

For each component or block, list possible failure modes. Common examples:

  • Resistor: open circuit, short circuit, drift.

  • Op-Amp: output stuck high/low, input offset, power loss.

  • Microcontroller: crash, logic error, memory corruption.

Be specific. Each failure mode must have a clearly defined effect.

3. Assess Effects

Determine the effect of each failure on the system. Is it:

  • Safe (doesn’t impact safety function)?

  • Dangerous detected (detected by diagnostics)?

  • Dangerous undetected (not detected but compromises the safety function)?

Assign each failure mode into one of these categories.

4. Quantify Failure Rates

Assign a base failure rate (λ) to each component and split it across its failure modes.

Example:

Where λ total = 300 FITs (1 FIT = 1 failure in 10⁹ hours).

Use component databases or environmental models to adjust λ based on conditions.

5. Apply Diagnostic Coverage

For each dangerous failure mode, determine if it's detected by the system’s diagnostics:

  • Manual diagnostics (self-tests, watchdogs).

  • Built-in diagnostics (e.g., CRCs, loop tests).

Assign diagnostic coverage (DC) percentages.

Example:

  • Output stuck high: 90% detected by ADC monitoring.

  • Output stuck low: 90% detected.

  • No output: 100% detected.

6. Calculate Key Metrics

Calculate:

  • λS (safe failure rate).

  • λDD (dangerous detected).

  • λDU (dangerous undetected).

Then:

  • SFF = (λS + λDD) / (λS + λDD + λDU)

  • DC = λDD / (λDD + λDU)

Use these to:

  • Compare against the SFF thresholds in IEC 61508-2 Table 3.

  • Determine if you meet the hardware architectural constraints for your target SIL.

7. Document Everything

Your FMEDA report should include:

  • System overview and scope.

  • Assumptions and data sources.

  • Environmental conditions.

  • Full component list with failure modes, effects, diagnostic methods, and rates.

  • Calculations and justifications.

  • Conclusions on SFF, DC, and SIL capability.

You may also need to provide supporting documents like design schematics, diagnostic test descriptions, and reliability data references.

Common Pitfalls to Avoid

  • Guessing failure rates—use trusted data or justify assumptions.

  • Overestimating diagnostics—only count those proven to work.

  • Lumping components together—break down critical paths thoroughly.

  • Neglecting undetected failures—these drive the SIL limits!

Conclusion

An FMEDA is one of the most powerful tools for demonstrating the reliability and safety capability of your electronic system under IEC 61508. It’s technical, data-heavy, and often a regulatory necessity—but also an opportunity to really understand the strengths and weaknesses of your design.

Done right, it helps you improve diagnostics, strengthen safety arguments, and pass assessments with confidence.

If you're preparing your first FMEDA—or your tenth—having a robust template and clear understanding of IEC 61508 expectations is essential. Consider building or investing in reusable formats to streamline future projects.

Need Help Getting Started?

We’re developing FMEDA templates, example analyses, and training content at Engidox designed specifically for IEC 61508 hardware compliance. Drop us a message if you want to get early access or chat about functional safety documentation.


For more details, visit IEC 61508 FMEDA Worksheet

David Kilshaw