Safety Certification for unsafe COTS Platforms
The Safety standards for Railway (CENELEC – EN 50128, EN 50129, EN 50126) have brought about unified requirements for Safety-related electronic systems in the form of software and hardware. Previously, countries had their own standards, but the CENELEC standards now offer a cohesive understanding of Safety and quality, albeit at the cost of a more expensive development and certification process.
The EN 50128 and EN 50129 standards define generic software and hardware products that can achieve independent Safety approval. By reusing these pre-certified components, complex Safety systems can be built more efficiently. Pre-certified generic software follows EN 50128 rules, addressing systematic failures. The standard provides techniques and measures for specification, development, verification, validation, operation, maintenance, decommissioning, and disposal to reduce systematic error rates.
Hardware, on the other hand, can fail due to systematic and random failures. EN 50129 addresses systematic hardware failures with strict development rules, while random failures are tackled using statistical measures and historical data. As hardware complexity increases, predicting failures becomes more challenging.
EN 50129 suggests an alternative approach for complex hardware like multi-core processors - externally detecting failure modes and imposing a safe state in a given time. Our whitepaper further adopts the nomenclature of IEC 61508 to describe the control of failures during operation, specifically for complex Commercial Off-The-Shelf (COTS) hardware in Railway Safety systems.