Addressing the Security Requirements in Functional Safety Standard IEC 61511-1:2016

by John Cusimano & Tim Gale

The 2016 edition of IEC 61511-1: 2016 added two new requirements regarding the security of safety instrumented systems (SIS). The first requirement states that “a security risk assessment shall be carried out to identify the security vulnerabilities of the SIS” and the second requirement states that “the design of the SIS shall be such that it provides the necessary resilience against the identified security risks”. The standard directs the reader to ISA TR84.00.09, ISO/IEC 27001:2013, and IEC 62443-2-1:2010 for further guidance on how to comply with these requirements. While these documents are informative, the 479 combined pages do not provide concise guidance on how to address the specific security requirements. The purpose of this paper is to offer step-by-step guidance on how to address the security requirements in 61511 and to identify specific clauses in the reference standards for further information.

Prepared for Presentation at

2018 Mary Kay O’Connor Process Safety Center International Symposium

College Station, Texas

October 23 – 25, 2018

Keywords: Industrial Automation, Process Safety, Functional Safety, PSM, PHA, HAZOP, LOPA, ICS, Cybersecurity, Cyber-threat, Cyber-risk, IEC 62443, ISA-99, IEC 61511

Download Whitepaper

United States


Greenville, South Carolina
Corporate Headquarters

  • LinkedIn
  • Twitter
  • YouTube
  • Facebook

Contact Us