13. IEC 61508 requirementsΒΆ

Clause

Document chapter(s)

Clause description

7.4.4.1

N/A

A software on-line support tool shall be considered to be a software element of the safety related system.

7.4.4.2

N/A

Software off-line support tools shall be selected as a coherent part of the software development activities.

7.4.4.3

This qualification is the justification

The selection of the off-line support tools shall be justified

7.4.4.4

All off-line support tools in classes T2 and T3 shall have a specification or product documentation which clearly defines the behaviour of the tool and any instructions or constraints on its use.

7.4.4.5

Evaluation Report - Tool analysis

An assessment shall be carried out for offline support tools in classes T2 and T3 to determine the level of reliance placed on the tools, and the potential failure mechanisms of the tools that may affect the executable software. Where such failure mechanisms are identified, appropriate mitigation measures shall be taken.

7.4.4.6

For each tool in class T3, evidence shall be available that the tool conforms to its specification or documentation. Evidence may be based on a suitable combination of history of successful use in similar environments and for similar applications (within the organization or other organizations), and of tool validation as specified in 7.4.4.7.

7.4.4.7

See items below

The results of tool validation shall be documented covering the following results:

7.4.4.7.a

Qualification Plan - Validation process

a chronological record of the validation activities;

7.4.4.7.b

Document List

the version of the tool product manual being used;

7.4.4.7.c

Evaluation Report - Use cases

the tool functions being validated;

7.4.4.7.d

Evaluation Report - Qualification method

tools and equipment used;

7.4.4.7.e

Qualification Report - Test results

the results of the validation activity; the documented results of validation shall state either that the software has passed the validation or the reasons for its failure;

7.4.4.7.f

Qualification Report - Test results

test cases and their results for subsequent analysis;

7.4.4.7.g

Qualification Report - Test results

discrepancies between expected and actual results.

7.4.4.8

N/A

Where the conformance evidence of 7.4.4.6 is unavailable, there shall be effective measures to control failures of the executable safety related system that result from faults that are attributable to the tool.

7.4.4.9

N/A

The compatibility of the tools of an integrated toolset shall be verified.

7.4.4.10

See items below

To the extent required by the safety integrity level, the software or design representation (including a programming language) selected shall:

7.4.4.10.a

Evaluation Report - Tool analysis

have a translator which has been assessed for fitness for purpose including, where appropriate, assessment against the international or national standards;

7.4.4.10.b

Safety Manual - Tool Options

use only defined language features;

7.4.4.10.c

Evaluation Report - Qualification method

match the characteristics of the application;

7.4.4.10.d

Safety Manual - Tool options

contain features that facilitate the detection of design or programming mistakes;

7.4.4.10.e

Safety Manual - Tool options

support features that match the design method.

7.4.4.11

N/A

Where 7.4.4.10 cannot be fully satisfied, the fitness for purpose of the language, and any additional measures which address any identified shortcomings of the language shall be justified.

7.4.4.12

Qualification Plan - Development process

Programming languages for the development of all safety-related software shall be used according to a suitable programming language coding standard.

7.4.4.13

See items below

A programming language coding standard shall specify good programming practice, proscribe unsafe language features (for example, undefined language features, unstructured designs, etc.), promote code understandability, facilitate verification and testing, and specify procedures for source code documentation. Where practicable, the following information shall be contained in the source code:

7.4.4.13.a

N/A

legal entity (for example company, author(s), etc.);

7.4.4.13.b

N/A

description;

7.4.4.13.c

N/A

inputs and outputs;

7.4.4.13.d

N/A

configuration management history.

7.4.4.14

This qualification

Where automatic code generation or similar automatic translation takes place, the suitability of the automatic translator for safety-related system development shall be assessed at the point in the development lifecycle where development support tools are selected.

7.4.4.15

See items below

Where off-line support tools of classes T2 and T3 generate items in the configuration baseline, configuration management shall ensure that information on the tools is recorded in the configuration baseline. This includes in particular:

7.4.4.15.a

N/A

the identification of the tool and its version;

7.4.4.15.b

N/A

the identification of the configuration baseline items for which the tool version has been used;

7.4.4.15.c

N/A

the way the tool was used (including the tool parameters, options and scripts selected) for each configuration baseline item.

7.4.4.16

N/A

Configuration management shall ensure that for tools in classes T2 and T3, only qualified versions are used.

7.4.4.17

N/A

Configuration management shall ensure that only tools compatible with each other and with the safety-related system are used.

7.4.4.18

See items below

Each new version of off-line support tool shall be qualified. This qualification may rely on evidence provided for an earlier version if sufficient evidence is provided that:

7.4.4.18.a

N/A

the functional differences (if any) will not affect tool compatibility with the rest of the toolset; and

7.4.4.18.b

N/A

the new version is unlikely to contain significant new, unknown faults.

7.4.4.19

N/A

Depending on the nature of the software development, responsibility for conformance with 7.4.4 can rest with multiple parties. The division of responsibility shall be documented during safety planning (see Clause 6 of IEC 61508-1).