Contact Us
Home / Glossary Terms /

Routes (1H, 2H, 1S, 2S, 3S)

Definition:
Routes define the methods for demonstrating hardware and systematic capability compliance for functional safety equipment. They are applicable to the manufacturer and defined in IEC 61508 series. Different routes trigger different tables and rules within the program. Routes are applied at the element level. The SIF / SIS is an aggregation of those elements. This is a notoriously confusing part of Functional Safety and IEC 61508/61511.

A common misconception is that a component picks one route. In practice, a component normally carries two route designations simultaneously — one H route for hardware integrity (also called architectural constraints), and one S route for systematic capability. These are parallel demonstrations of two different capabilities, not alternatives. A SIL Certificate typically states both. For example: “Random Capability: Type A, Route 2H Device. Systematic Capability: SC 3.”

Broadly speaking,

  • the “H”‘s are for hardware approach. “S”‘s are systematic capability.
  • the Route 1 uses prescriptive architectural constraints (SFF and HFT tables) while Route 2 uses reliability data and operational evidence to justify performance.
  • Each sub-system in a SIF will have an applicable route for hardware approach and systematic capability.

Routes are more relevant to the equipment manufacturer and certification bodies and less to the FuSa engineer at the facility (see prior use for a similar discussion). Note that the route may trigger the facility FuSa Engineer to perform a SFF calculation per SIF or not.

The “H” paths ensure that the equipment meets fault tolerance, ensuring a foundation for hardware integrity. 1H has requirements for HFT and SFF. 2H focuses on the hardware structural resilience and can use prior use data along with other sources like FMEDA, OREDA, etc.

  • 1H is by far the most common for new modern components. This uses IEC 61508-2 table 2 and 3 (HFT vs SFF tables), device type, along with FMEDA data. Note it is the FMEDA that is the engine to build the SFF.
  • 2H is typically for things with that are mechanical items with no or minimal diagnostics. Imagine a rack and pinion actuator. Even if it does have some diagnostics, it won’t be sufficient to capture all failure modes. So this would be a 2H path.
  • 2H is often used on legacy equipment without a SIL Certificate. For example, something that predates IEC 61508.

The “S” paths focus on minimizing systematic failures by managing the equipment and the functional safety process.

  • 1S must follow the full 61508 lifecycle such as planning, V&V, validation, etc. It focuses on the design process / systematic capability. Often a well established technology. Compared to 1H, it is less data-heavy, more design justification heavy.
  • 2S is proven in use and needs data. This can be gathered by the manufacturer and be provided to a Certification Body (CB). The CB would evaluate the data and issue the SIL Certificate.
  • 3S is proven in use for sofware

Deep dive: For a much more in-depth treatment, see SIL Verification: The Three Gates Every SIF Must Clear.

Key Points:

  • Routes are applied at the component level.
  • 1H/2H: “H” stands for hardware
  • 1S/2S/3S: “S” stands for “systematic capability”
  • For a component that is certified to IEC 61508, 1S paired with 1H is the default approach. If the SIL Certificate doesn’t state that, it is implied.

Example:
A manufacturer of a legacy spring-return pneumatic actuator — purely mechanical, no diagnostics — wants a SIL 2 certification. Because the device has no meaningful diagnostic coverage, Route 1H is not viable; the SFF would fail the architectural constraint tables. They pursue Route 2H instead. Working with a CB, the manufacturer submits field operational history, failure rate data, and evidence of fail-safe behavior on loss of air supply. The CB evaluates the hardware integrity argument and issues a SIL Certificate under Route 2H — no SFF or FMEDA required.
To satisfy the S route the manufacturer will certainly use 2S, proven in use, leveraging the same field history. They’re already submitting for 2H. 2S is the natural fit.

See Also: SIL certificate, type, HFT, SFF, systematic capability, PIU, Type

Cited Source:

Part Of: system or component category