INTERNATIONAL ISO

STANDARD 25119-4

First edition
2010-06-01

Tractors and machinery for agriculture

and forestry — Safety-related parts
of control systems —
Part 4:
Production, operation, modification
and supporting processes
iTeh STANDARD PREVIEW
Tracteurs et matériels agricoles et forestiers — Parties des systèmes
(standards.iteh.ai)
de commande relatives à la sécurité —
Partie 4: Procédés de production, de fonctionnement, de modification
ISO 25119-4:2010
et d'entretien
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
9dd694252a8d/iso-25119-4-2010

Reference number
ISO 25119-4:2010(E)

© ISO 2010
ISO 25119-4:2010(E)

PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

iTeh STANDARD PREVIEW

(standards.iteh.ai)
ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
9dd694252a8d/iso-25119-4-2010

COPYRIGHT PROTECTED DOCUMENT

© ISO 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2010 – All rights reserved

 ISO 25119-4:2010(E)

Contents Page

Foreword .............................................................................................................................................................v
Introduction........................................................................................................................................................vi
1 Scope ......................................................................................................................................................1
2 Normative references............................................................................................................................1
3 Terms and definitions ...........................................................................................................................1
4 Abbreviated terms .................................................................................................................................2
5 Configuration management..................................................................................................................3
5.1 Objectives ..............................................................................................................................................3
5.2 General ...................................................................................................................................................3
5.3 Prerequisites ..........................................................................................................................................3
5.4 Requirements.........................................................................................................................................3
5.5 Work products .......................................................................................................................................3
6 Verification and validation....................................................................................................................3
6.1 Objectives ..............................................................................................................................................3
6.2 General ...................................................................................................................................................3
6.3
iTeh STANDARD PREVIEW
Prerequisites ..........................................................................................................................................3
6.4 Requirements.........................................................................................................................................4
6.5
(standards.iteh.ai)
Work products .......................................................................................................................................5
7 Product release......................................................................................................................................5
ISO 25119-4:2010
7.1 Objectives ..............................................................................................................................................5
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
7.2 General ...................................................................................................................................................5
9dd694252a8d/iso-25119-4-2010
7.3 Prerequisites ..........................................................................................................................................6
7.4 Requirements.........................................................................................................................................6
7.5 Work products .......................................................................................................................................7
8 Production, production testing ............................................................................................................7
8.1 Objectives ..............................................................................................................................................7
8.2 General ...................................................................................................................................................7
8.3 Prerequisites ..........................................................................................................................................7
8.4 Requirements.........................................................................................................................................8
8.5 Work products .......................................................................................................................................8
9 Operation planning and maintenance (instructions for operating, servicing, repair, and
decommissioning).................................................................................................................................9
9.1 Objectives ..............................................................................................................................................9
9.2 General ...................................................................................................................................................9
9.3 Prerequisites ..........................................................................................................................................9
9.4 Requirements.........................................................................................................................................9
9.5 Work products .....................................................................................................................................10
10 Modifications (change management) ................................................................................................11
10.1 General .................................................................................................................................................11
10.2 Objectives ............................................................................................................................................11
10.3 General .................................................................................................................................................11
10.4 Prerequisites ........................................................................................................................................11
10.5 Requirements.......................................................................................................................................11
10.6 Work products .....................................................................................................................................14
11 Procedure for suppliers of SRS, subsystems and components ....................................................15
11.1 Objectives ............................................................................................................................................15

© ISO 2010 – All rights reserved iii

ISO 25119-4:2010(E)

11.2 General..................................................................................................................................................15
11.3 Prerequisites ........................................................................................................................................15
11.4 Requirements .......................................................................................................................................15
11.5 Work products......................................................................................................................................17
12 Technical documentation ...................................................................................................................17
12.1 Objectives.............................................................................................................................................17
12.2 Requirements .......................................................................................................................................17
Annex A (informative) Technical documentation checklist ..........................................................................19
Bibliography ......................................................................................................................................................22

iTeh STANDARD PREVIEW

(standards.iteh.ai)
ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
9dd694252a8d/iso-25119-4-2010

iv © ISO 2010 – All rights reserved

 ISO 25119-4:2010(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO 25119-4 was prepared by Technical Committee ISO/TC 23, Tractors and machinery for agriculture and
forestry, Subcommittee SC 19, Agricultural electronics.
iTeh STANDARD PREVIEW
ISO 25119 consists of the following parts, under the general title Tractors and machinery for agriculture and
forestry — Safety-related parts of control systems:
(standards.iteh.ai)
⎯ Part 1: General principles for design and development
ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
⎯ Part 2: Concept phase
9dd694252a8d/iso-25119-4-2010
⎯ Part 3: Series development, hardware and software

⎯ Part 4: Production, operation, modification and supporting processes

© ISO 2010 – All rights reserved v

ISO 25119-4:2010(E)

Introduction
ISO 25119 sets out an approach to the design and assessment, for all safety life cycle activities, of
safety-relevant systems comprising electrical and/or electronic and/or programmable electronic components
(E/E/PES) on tractors used in agriculture and forestry, and on self-propelled ride-on machines and mounted,
semi-mounted and trailed machines used in agriculture. It is also applicable to municipal equipment. It covers
the possible hazards caused by the functional behaviour of E/E/PES safety-related systems, as distinct from
hazards arising from the E/E/PES equipment itself (electric shock, fire, nominal performance level of E/E/PES
dedicated to active and passive safety, etc.).

The control system parts of the machines concerned are frequently assigned to provide the critical functions of
the safety-related parts of control systems (SRP/CS). These can consist of hardware or software, can be
separate or integrated parts of a control system, and can either perform solely critical functions or form part of
an operational function.

In general, the designer (and to some extent, the user) will combine the design and validation of these
SRP/CS as part of the risk assessment. The objective is to reduce the risk associated with a given hazard (or
hazardous situation) under all conditions of use of the machine. This can be achieved by applying various
protective measures (both SRP/CS and non-SRP/CS) with the end result of achieving a safe condition.

ISO 25119 allocates the ability of safety-related parts to perform a critical function under foreseeable
iTeh STANDARD PREVIEW
conditions into five performance levels. The performance level of a controlled channel depends on several
factors, including system structure (category), the extent of fault detection mechanisms (diagnostic coverage),
(standards.iteh.ai)
the reliability of components (mean time to dangerous failure, common-cause failure), design processes,
operating stress, environmental conditions and operation procedures. Three types of failures are considered:
systematic, common-cause and random. ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
In order to guide the designer during design, 9dd694252a8d/iso-25119-4-2010
and to facilitate the assessment of the achieved performance
level, ISO 25119 defines an approach based on a classification of structures with different design features and
specific behaviour in case of a fault.

The performance levels and categories can be applied to the control systems of all kinds of mobile machines:
from simple systems (e.g. auxiliary valves) to complex systems (e.g. steer by wire), as well as to the control
systems of protective equipment (e.g. interlocking devices, pressure sensitive devices).

ISO 25119 adopts a customer risk-based approach for the determination of the risks, while providing a means
of specifying the target performance level for the safety-related functions to be implemented by E/E/PES
safety-related channels. It gives requirements for the whole safety life cycle of E/E/PES (design, validation,
production, operation, maintenance, decommissioning), necessary for achieving the required functional safety
for E/E/PES that are linked to the performance levels.

vi © ISO 2010 – All rights reserved

INTERNATIONAL STANDARD ISO 25119-4:2010(E)

Tractors and machinery for agriculture and forestry —

Safety-related parts of control systems —

Part 4:
Production, operation, modification and supporting processes

1 Scope
This part of ISO 25119 provides general principles for the production, operation, modification and supporting
processes of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry, and
on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It
can also be applied to municipal equipment (e.g. street-sweeping machines). It specifies the characteristics
and categories required of SRP/CS for carrying out their safety functions.

This part of ISO 25119 is applicable to the safety-related parts of electrical/electronic/programmable electronic
iTeh STANDARD PREVIEW
systems (E/E/PES). As these relate to mechatronic systems, it does not specify which safety functions or
categories are to be used in a particular case.
(standards.iteh.ai)
It is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic).
ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
2 Normative references 9dd694252a8d/iso-25119-4-2010

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

ISO 3600, Tractors, machinery for agriculture and forestry, powered lawn and garden equipment —
Operator's manuals — Content and presentation

ISO 25119-1:2010, Tractors and machinery for agriculture and forestry — Safety-related parts of control
systems — Part 1: General principles for design and development

ISO 25119-2:2010, Tractors and machinery for agriculture and forestry — Safety-related parts of control
systems — Part 2: Concept phase

ISO 25119-3:2010, Tractors and machinery for agriculture and forestry — Safety-related parts of control
systems — Part 3: Series development, hardware and software

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 25119-1 apply.

© ISO 2010 – All rights reserved 1

ISO 25119-4:2010(E)

4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.

AGPL agricultural performance level

AGPLr required agricultural performance level

CAD computer-aided design

Cat hardware category

CCF common-cause failure

DC diagnostic coverage

DCavg average diagnostic coverage

ECU electronic control unit

ETA event tree analysis

E/E/PES electrical/electronic/programmable electronic systems

EMC electromagnetic compatibility

EUC equipment under control

iTeh STANDARD PREVIEW
FMEA failure mode and effects analysis

FMECA
(standards.iteh.ai)
failure mode effects and criticality analysis

EPROM erasable programmable read-only memory

ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
FSM functional safety management 9dd694252a8d/iso-25119-4-2010

FTA fault tree analysis

HAZOP hazard and operability study

HIL hardware in the loop

MTTF mean time to failure

MTTFd mean time to dangerous failure

PES programmable electronic system

QM quality measures

RAM random-access memory

SOP start of production

SRL software requirement level

SRP safety-related parts

SRP/CS safety-related parts of control systems

SRS safety-related system

2 © ISO 2010 – All rights reserved

 ISO 25119-4:2010(E)

5 Configuration management

5.1 Objectives

The first objective is to ensure that the SRP/CS and associated documents for a given function can be
uniquely identified and reproduced at any time.

The second objective is to ensure that the relations and differences between earlier and current versions of
the SRP/CS and associated documents can be traced.

5.2 General

All ISO 25119 work products shall be handled by a configuration management system.

5.3 Prerequisites

See the prerequisites for each phase of the safety life cycle.

5.4 Requirements

Software tools and software development environments shall be subject to configuration management.

Configuration management data shall be maintained in accordance with a company document retention policy.

5.5 Work products

iTeh STANDARD PREVIEW
(standards.iteh.ai)
The applicable work product is the listing of SRP/CS with reference to associated documents for a given
configuration. ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
9dd694252a8d/iso-25119-4-2010
6 Verification and validation

6.1 Objectives

One objective is to provide proof that the safety-related requirements are appropriate for the E/E/PES system
and have duly been met.

A further objective is to provide proof that the safety goals at the machine level are satisfied.

6.2 General

The purpose of the preceding verification stages (e.g. reviews, safety analyses, component integration tests)
was to demonstrate that the results of each particular phase complied with the relevant design and
specification requirements described in ISO 25119-3.

6.3 Prerequisites

The following are the prerequisites for this phase:

⎯ project plan according to ISO 25119-1:2010, 5.4.7 — deadlines, resources, equipment, degree of maturity,
etc.;

⎯ machine test plan — part of the existing quality assurance process;

⎯ risk analysis according to ISO 25119-2:2010, Clause 6 — identification of potential hazards;

© ISO 2010 – All rights reserved 3

ISO 25119-4:2010(E)

⎯ safety goals, as well as safe states;

⎯ technical safety concept according to ISO 25119-3:2010, Clause 5 — technical safety requirements.

6.4 Requirements

6.4.1 SRP design validation/verification

The design of the SRP of the control system shall be validated/verified (see ISO 25119-1:2010, Figure 1).

The validation/verification shall demonstrate that each SRP meets

⎯ all the requirements of the specified category (see ISO 25119-2:2010, Annex A), and

⎯ the specified safety characteristics for that part as set out in the design requirements.

6.4.2 Scope of safety validation/verification

Within the safety life cycle, validation/verification of safety attributes shall be carried out for the following:

⎯ complete system at machine level (e.g. bench testing, hardware in the loop testing, test machine);

⎯ hardware;

⎯ software. iTeh STANDARD PREVIEW

6.4.3 Activities
(standards.iteh.ai)
ISO 25119-4:2010
The following sequence shall be followed for a structured safety validation/verification:
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
⎯ validation/verification planning; 9dd694252a8d/iso-25119-4-2010

⎯ validation/verification specification;

⎯ validation/verification execution;

⎯ report on validation/verification result.

All variants or versions of the E/E/PES system that were subject to the validation/verification activities shall be
clearly labelled.

6.4.4 Validation/verification plan

A validation/verification plan shall be developed for the safety goals and technical safety requirements, and
shall include the following items:

⎯ validation/verification and possible variants;

⎯ degree of maturity of the system;

⎯ validation/verification goals;

⎯ validation/verification techniques;

⎯ statement of independence between the person in charge of validation/verification and the developer;

4 © ISO 2010 – All rights reserved

 ISO 25119-4:2010(E)

⎯ equipment and environmental conditions required, including calibration specifications for tools;

⎯ specified reference to the overall project plan;

⎯ pass/fail criteria for all tests.

6.4.5 Validation/verification, test specification of hardware and software

The item function shall be validated/verified at E/E/PES system level, considering fulfilment of the
hardware/software safety requirements.

6.4.6 Validation/verification test specification of the complete system

The characteristics of the SRP/CS shall be validated/verified at machine level, considering fulfilment of the
functional safety concept.

6.4.7 Validation/verification test specification

The following methods and measures shall be used and specified:

⎯ tests (black-box, HIL, machine testing, field testing, etc.);

⎯ analysis (e.g. simulation);

⎯ iTeh STANDARD PREVIEW

reviews of relevant documents (input from hardware/software, e.g. FMEA, circuit diagram).

6.5 Work products

(standards.iteh.ai)
The following work products are applicable ISO 25119-4:2010
to this phase:
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
a) detailed validation/verification plan; 9dd694252a8d/iso-25119-4-2010

b) test specification;

c) validation/verification report that shall include proof that validation/verification goals have been met for

1) the complete system at machine level,

2) hardware, and

3) software.

7 Product release

7.1 Objectives

The objective of this phase is to specify the conditions for product release as the completion of the E/E/PES
systems development. Product release confirms that the requirements for functional safety in the machine
have been met.

7.2 General

Figure 1 shows the approvals needed for an E/E/PES system development and the order of their completion
that will satisfy the conditions for product release.

© ISO 2010 – All rights reserved 5

ISO 25119-4:2010(E)

iTeh STANDARD PREVIEW

(standards.iteh.ai)
ISO 25119-4:2010
https://standards.iteh.ai/catalog/standards/sist/da6c0ad3-1473-48bf-baae-
9dd694252a8d/iso-25119-4-2010

Figure 1 — Approval hierarchy

7.3 Prerequisites

The following are the prerequisites for this phase:

⎯ confirmation report: hardware;

⎯ confirmation report: software;

⎯ confirmation report: machine level;

⎯ assessment report on functional safety.

7.4 Requirements

7.4.1 Conditions for product release

Product release may only be approved if the following results are available from previous stages in the life
cycle (see Annex A):

⎯ an accepted assessment;

⎯ hardware confirmation;

6 © ISO 2010 – All rights reserved