Industrial software certification FAQ

This document answers some Frequently Asked Questions (FAQs) about the certification of computer software for industrial applications. The answers to the questions are not intended to provide a definitive technical answer but rather to inform the reader in a general manner.

SAFETY AGENCIES

Q. What is IEC?

Q. What is CENELEC?

Q. What is the MISRA?

SAFETY CERTIFICATION STANDARDS

Q. What is IEC 61508?

Q. What does IEC 601508 require?

Q. What is the "v-Model" development process?

Q. What are safety integrity levels?

Q. Who determines which safety integrity level is required?

Q. What is the total list of potential deliverables I will need to create for certification?

Q. How is a software verification performed?

Validated Software Corporation’s Validation Suite

Q. What are Validated’s Validation Suites?

Q. What comprises a Validation Suite?

Q. Do I also have to pay another manufacturer for a production license when I purchase a Validation Suite?

Q. Will I get source code?

Q. Is the Validation Suite a special version of the product code?

Q. Can the Validation Suite be reused on new projects?

Q. Why MicroC/OS-II?

Q. How do I order?

Answers

SAFETY AGENCIES

Q. What is IEC?

IEC is the acronym for the International Electrotechnical Commission, the international standards and conformity assessment body for electrotechnology; specifically, functional safety of electrical/electronic/programmable electronic (E/E/PE) systems.

Location: Geneva, Switzerland.

Web site: www.iec.ch

Q. What is CENELEC?

CENELEC is the European Committee for Electro-technical Standardization. Most CENELEC standards are identical or very closely based on IEC international standards. Typically, IEC standards in the 60000 to 69999 range map directly to CENELEC standards, for example, IEC 61508 to EN 61508. CENELEC’s web site is: www.cenelec.org

Q. What is the MISRA?

MISRA is the acronym for the Motor Industry Software Reliability Association. Its mission is "To provide assistance to the automotive industry in the application and creation within vehicle systems of safe and reliable software".

It is not a certification agency, but an association that publishes guidelines for writing more reliable software for automotive systems manufacturers. It has published a "Guidelines for The Use Of The C Language In Vehicle Based Software" manual that is available directly from their web site.

The MISRA web site is: www.misra.org.uk

SAFETY CERTIFICATION STANDARDS

Q. What is IEC 61508?

IEC 61508 was developed to create a standard for the functional safety of electrical/electronic/programmable electronic safety-related systems. IEC 61508 allows for the standalone certification of a software component, unlike FDA/CDRH. The documentation requirements of IEC 61508 tend to lean more heavily on design, usage, and manufacturing, due to the standalone component aspects of this certification. One of the most critical documents is the Safety Manual, which contains the rules and guidelines on how to use the software component in a system that is certified.

Q. What does IEC 601508 require?

The IEC standard is published in seven parts, as shown in the table below:

IEC 61508 Part References
Reference Full Part Title
61508-1 IEC 61508-1:1998, Functional safety of E/E/PE safety-related systems - Part 1: General requirements
61508-2 IEC 61508-2:2000, Functional safety of E/E/PE safety-related systems - Part 2: Requirements for E/E/PE safety-related systems
61508-3 IEC 61508-3:1998, Functional safety of E/E/PE safety-related systems - Part 3: Software requirements
61508-4 IEC 61508-4:1998, Functional safety of E/E/PE safety-related systems - Part 4: Definitions and abbreviations
61508-5 IEC 61508-5:1998, Functional safety of E/E/PE safety-related systems - Part 5: Examples of methods for the determination of safety integrity levels
61508-6 IEC 61508-6:2000, Functional safety of E/E/PE safety-related systems - Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3
61508-7 IEC 61508-7:2000, Functional safety of E/E/PE safety-related systems - Part 7: Overview of techniques and measures

The first four parts of IEC 61508 define the way to comply with the specification. IEC 61508 can be used in a broad variety of safety-critical systems, including emergency shutdown systems in power plants, turbine controls, railway signaling systems, and other electromechanical systems in safety-critical environments.

Q. What is the "V-model"?

In general, the documents created during the development and verification/validation process of a safety related system, shall contain all necessary information for the performance of the different phases to the V-model development process as documented in IEC 61508.

In parallel to the development process, test plans and test specifications have to be created for the performance of the verification and validation activities. These test plans can be designed such, that they also can be used to document the results, which are obtained at the execution of the verification and test steps.

The left wing shows the design documents, which are established during the development process.
The right wing contains the test records of the performance of the verification/validation steps.

Click on the Drawing to enlarge
   

Q. What are safety integrity levels?

The International Electrotechnical Commission Safety specifies Safety Integrity Levels (SILs) to quantify the chance of dangerous failures in electrical or electronic safety devices. The SIL is based on the probability of the device failing in performing its safety function.

SIL Probability of Failure
4 10-5 to 10-4
3 10-4 to 10-3
2 10-3 to 10-2
1 10-2 to 10-1


Q. Who determines which safety integrity level is required?

The level to which a particular system must be certified is selected by a process of failure analysis and input from the device manufacturers and the certifying authority (IEC authorized certifying agency, e.g., TÜV).

Q. What is the total list of potential deliverables I will need to create for certification?

The following table lists the documents and records you may need to provide for a 510(k) submission:

Software Life Cycle Data List
Document Title Type Section
PSAC Plan for Software Aspects of Certification Document 11.1
SDP Software Development Plan Document 11.2
SVP Software Verification Plan Document 11.3
SCMP Software Configuration Management Plan Document 11.4
SQAP Software Quality Assurance Plan Document 11.5
SRS Software Requirements Standards Document 11.6
SDS Software Design Standards Document 11.7
SCS Software Code Standards Document 11.8
SRD Software Requirements Data Document 11.9
SDD Software Design Description Document 11.10
Source Code Software 11.11
Executable Object Code Software 11.12
SVCP Software Verification Cases and Procedures Document 11.13
SVR Software Verification Results Records 11.14
SECI Software Life Cycle Environment Configuration Index Document 11.15
SCI Software Configuration Index Document 11.16
PRs Problem Reports Records 11.17
Software Configuration Management Records Records 11.18
Software Quality Assurance Records Records 11.19
SAS Software Accomplishment Summary Document 11.20

Q. How is a software verification performed?

IEC 61508-3 defines specific verification objectives that must be satisfied; these include:

  1. Verification of software development processes

  2. Review of software development life cycle artifacts

  3. Functional Verification of software

    1. Requirements-based testing and analysis

    2. Robustness testing

  4. Structural Coverage Analysis

Structural Coverage Analysis is generally perceived to be the most difficult task to undertake by people unfamiliar with rigorous code development and testing. Furthermore, an operating system is tightly integrated with the hardware, cache, interrupts, memory management, and process/task management, thereby making structural testing even more difficult. These low-level aspects create a significant challenge to the verification process.

A variety of commercial tools are available to assist in this challenging task.

See our Code Coverage Tools page for a list of known vendors in this space.

Validated Software Corporation’s Validation Suite™

Q. What are Validated’s Validation Suites?

Validated’s Validation Suites are packages of standards, plans, requirements, designs, and tests to address manufacturers requiring safety certification documentation for projects. Validation Suites are typically developed for software products widely used in safety-critical products. The use of our Validation Suites allows developers to concentrate on their core product and lower their costs by purchasing an essentially off-the-shelf Validation Suite as a component.

Q. What comprises a Validation Suite?

Due to different requirements for different certification levels, the amount of documentation will differ, but, in general, the following documentation will be provided in Level A through Level C Validation Suites.

Validation Suite Component Item
Plan for Software Aspects of Certification (PSAC) 11.1
Software Development Plan (SDP) 11.2
Software Verification Plan (SVP) 11.3
Software Configuration Management Plan (SCMP) 11.4
Software Quality Assurance Plan 11.5
Software Requirements Standard 11.6
Software Design Standard 11.7
C Language Coding Standard 11.8

Software Requirements Document (SRD)

11.9

Microprocessor Port Requirements and Design Documents

11.9

Software Design Document

11.10

Software Source Code, Test Code and Build Code

11.11

Software Port Image 11.12
Software Unit Test Plans and Procedures 11.13
Software Integration Test Plans and Procedures 11.13
Software Unit Test Reports 11.14
Software Integration Test Report 11.14
Software Test Coverage Report 11.14
Software Life Cycle Environment Configuration Index 11.15
Software Configuration Index 11.16
Software Problem Report History 11.17
Software Change History 11.18
Software Quality Assurance Data 11.19
Software Accomplishment Summary (SAS) 11.20

In addition, Validated also offers port-specific documentation to provide all the board support package (BSP) documentation, for example:

Port Software Design Description, Special I/O
Port Software Design Description, Special 80x86 Protected Mode Port

Q. Do I also have to pay another manufacturer for a production license when I purchase a Validation Suite?

Yes. The Validated Suite does not include a production license for the software.

Q. Will I get source code?

Yes. The Validation Suite contains all source code to the product and all source code to test files, all test scripts, and all build/make files. Please note however that all of the products we validate are licensed by another manufacturer. As such we can not ship source code to a product until we receive confirmation from the manufacturer that you have a valid license in place with them.

Q.Is the Validation Suite a special version of the product code?

No. The source code we provide is functionally identical to the manufacturers original code. In some cases the code may belong to a "safety-critical" version of the manufacturers product, but this is the exception not the rule.

Q. Can the Validation Suite be reused on new projects?

Yes. Depending upon the system changes between projects, the Validation Suite can be used for multiple projects. (Note that additional license fees for both MicroC/OS-II and the Validation Suite may apply, regardless of re-use.)

Q. Why MicroC/OS-II?

MicroC/OS-II was chosen for many reasons:

  1. MicroC/OS-II is a very stable operating system that has been used in tens of thousands of systems and hundreds of commercial applications. It has been in use for over 10 years, with minor modifications made periodically.

  2. MicroC/OS-II has been “open source” since its creation. Therefore, it has been reviewed by thousands of individuals. But, unlike some open source projects, revisions are tightly controlled and reviewed by Micrium, and then openly reviewed by the MicroC/OS-II community.

  3. MicroC/OS-II was written against a very strict coding standard, which improves readability, understandability, and maintainability – all key aspects of creating software used in critical systems.

  4. Every line of MicroC/OS-II is well documented. This is extremely rare in the software industry and is ideal for safety certification where the mapping of requirements to source code to test for every line of code is required.

Q. How do I order?

All Validated Software products can be ordered from the Validated Software Sales office.

 

Industrial Links

Industrial Certification Solutions Overview

Industrial Validation Suites
Industrial Suites for Micrium
Industrial Suites for ExpressLogic

Industrial Validation Kits
Industrial Kits for Micrium

For any Industrial Software
Industrial Validation Templates

Time and Space Partitioned RTOS
Valid-653 / Rapid-653

Industrial FAQ

Industrial Resources

  

Need more information?

Use our: Information Request Form

E-mail: info@ValidatedSoftware.com

Phone: 1-760-448-5391