|
|
|
| R2011b Documentation → IEC Certification Kit | |
Learn more about IEC Certification Kit |
|
| Contents | Index |
| On this page… |
|---|
What Is the IEC Certification Kit Product? |
IEC Certification Kit provides tool-qualification artifacts, certificates, and test suites, and generates traceability matrices. The kit helps you qualify MathWorks® code generation and verification products and streamline certification of your embedded systems to ISO 26262, IEC 61508, and related functional-safety standards. Certificates and assessment reports from the certification authority TÜV SÜD support Embedded Coder™, Polyspace® products, Simulink® Design Verifier™, Simulink® PLC Coder™, and Simulink® Verification and Validation™. Supported safety standards include ISO 26262, IEC 61508, EN 50128, and IEC 61511.
IEC Certification Kit provides ISO 26262 tool classification and qualification work products, together with test suites. It includes templates that let you adapt the work products to meet specific project needs. You can also generate project-specific artifacts, including traceability matrices covering requirements, models, and generated code. You can combine the project- and product-specific artifacts to produce a complete ISO 26262 tool qualification package for embedded system certification.
Note Neither compliance with nor certification to the applicable safety standard ensure the safety of the software or the system under consideration. However, the applicable safety standard may be considered a state-of-the-art or generally accepted rules of technology (GART) for the development of safety-related systems in your industry. A certification might be used as evidence that state-of-the-art procedures were applied during system development. |
To view the certification artifacts that are part of the IEC Certification Kit product, use the Certification Artifacts Explorer. For more information, see Accessing Certification Artifacts Using the Certification Artifacts Explorer.
For more information on how to leverage the IEC Certification Kit product, see Certification Process.
ISO 26262 is an emerging international functional safety standard titled Road vehicles — Functional safety. ISO 26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of E/E systems[1] within road vehicles.
ISO® developed the ISO/FDIS 26262 final draft international standard in 2011. It consists of ten parts, referred to as ISO/FDIS 26262-1 to ISO/FDIS 26262-10.
Part 2 (ISO/FDIS 26262-2 Management of functional safety specifies the requirements on functional safety management for automotive applications. Part 6 (ISO/FDIS 26262-6) Product development: software level pertains to software development, verification, and validation. It includes guidance for projects using Model-Based Design[2] and code generation. Part 8 (ISO/FDIS 26262-8) Supporting processes addresses multiple cross-functional topics, including the classification and qualification of software tools.
The required degree of rigor for software development, verification, and validation varies, depending on how critical the software is. It is expressed in terms of Automotive Safety Integrity Levels (ASILs) A to D. For example, a measure or technique listed in ISO 26262 might be recommended for ASIL A and ASIL B, and highly recommended for ASIL C and ASIL D.
ISO/FDIS 26262-2 lays out confirmation measures to be carried out in order to claim compliance with the standard.
ISO/FDIS 26262-8 provides a framework for software tool classification and qualification to provide evidence that a software tool is suitable for use when developing safety-related software. In this way, confidence can be achieved in the correct execution of the activities and tasks supported by this tool (see ISO/FDIS 26262-8, clause 11).
To determine the required level of confidence in a software tool (tool confidence level, TCL), the applicant shall analyze the use cases for the software tool. The analysis determines:
If a malfunctioning software tool and the erroneous output of the tool can lead to the violation of a safety requirement.
The probability of preventing or detecting such errors in the output.
The evaluation considers tool-internal measures (for example, monitoring), as well as tool-external measures (for example, guidelines, tests, reviews) that the applicant implements in the development process for the safety-related software.
The required TCL, together with the ASIL of the software developed using the tool, determines whether tool qualification is needed and allows the selection of the appropriate qualification methods.
Regardless of the tool qualification, the tool user is and remains fully responsible for the safety of the system and its embedded software.
IEC 61508 is an international, industry-independent functional safety standard, titled Functional safety of electrical/electronic/programmable electronic safety-related systems. The seven parts of the standard (referred to as IEC 61508-1 to IEC 61508-7) were published in 2010.
IEC 61508-3 Software Requirements concerns software development, verification, and validation. By constraining the processes used for software development and quality assurance, the intention of the IEC 61508-3 standard is to:
Reduce the number of errors introduced during software development.
Increase the number of errors revealed by verification and validation activities.
IEC 61508 is a prescriptive standard, providing detailed lists of techniques and measures with recommendations. The required degree of rigor for software development, verification, and validation varies, depending on how critical the software is. The standard expresses the degree of rigor in terms of Safety Integrity Levels (SILs). For example, IEC-61508-3 might recommend a measure or technique for SIL 1 and 2, and highly recommend it for SIL 3 and 4.
To help with the selection of techniques and measures appropriate for a required SIL, annexes A and B of IEC 61508-3 provide software safety integrity tables. The tables list the techniques and measures recommended for each SIL. The standard organizes the tables based on the different software lifecycle phases. IEC 61508-7 Overview of techniques and measures provides detailed descriptions of selected measures and techniques.
IEC 61508 certification confirms that a product or system complies with objectives set by the standard.
You can get IEC 61508 compliance certified by an independent, external certification authority, such as Technischer Überwachungsverein (TÜV) in Germany. Upon granting certification, the certification authority issues a certificate and, if applicable, a certificate report. A certificate report is a technical report that accompanies the certificate. The certificate report documents details of the certification process and constraints for the certificate.
An applicant might self-certify a system. Self-certification requires the applicant to demonstrate IEC 61508 compliance to an internal assessor, without requiring external certification. In this case, aspects of the standard might be relaxed or tightened.
Regardless of how an applicant achieves certification, the applicant shall document compliance with the relevant set of IEC 61508 requirements. For software, the applicant typically creates customized instances of software safety integrity tables. The tables describe how you interpreted and applied each recommended technique and measure for the software under development. If a highly recommended technique or measure is not used, the rationale shall be documented and agreed upon with the certification authority or internal assessor.
The customized software safety integrity tables serve as partial evidence to demonstrate that the objectives of the standard are met. To facilitate certification, the applicant should submit an initial version of the tables early in the software development lifecycle to the certification authority or internal assessor for discussion and approval.
The intention of the IEC 61508 standard is to regulate the development of safety-related systems, not the development of software tools used to design, verify, and validate these systems. However, IEC 61508 includes some requirements on the usage of software tools. In particular, IEC 61508-3, clause 7.4.4 provides requirements for tools used to develop safety-related software, including a tool classification scheme and requirements for tool validation.
IEC 61508-3, table A.3 highly recommends certified tools and translators for safety integrity levels SIL 2 and higher.
Different tool certification approaches have been proposed and pursued in practice. A recent approach is in-context certification of tools. In-context certification is based on a specific workflow or set of workflows to be used when applying the tool to develop or verify software for IEC 61508 compliant or certified applications. For an in-context certification, the certification package includes a reference workflow document in addition to a certificate and certificate report. The applicant shall ensure that the tool is used within the workflows referenced and the constraints specified in their respective certificates.
Regardless of the tool certification, the tool user is and remains fully responsible for the safety of the system and its embedded software.
EN 50128 is a European safety standard titled Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems. The standard specifies procedures and technical requirements for the development of programmable electronic systems for use in railway control and protection applications. EN 50128, developed by the European Committee for Electrotechnical Standardization (CENELEC), is part of a series of standards that represent the railway application-specific interpretation of the IEC 61508 standard series.
IEC 61511 is an international functional safety standard titled Functional safety - Safety Instrumented Systems for the process industry sector. IEC 61511 has been developed as a process sector implementation of IEC 61508. The standard consists of three parts, referred to as IEC 61511-1 to IEC 61511-3. Part 1 (IEC 61511-1) covers framework, definitions, and system, hardware, and software requirements.
Certification Artifacts for the Simulink Design Verifier Product
Certification Artifacts for the Simulink Verification and Validation Product
Certification Artifacts for the Polyspace Client for C/C++ and Polyspace Server for C/C++ Products
The IEC Certification Kit product includes the following certification artifacts and tools:
Certification and qualification evidence
Documents and templates
Tools for certification-related development activities
Tools for managing certification artifacts
Test cases and test procedures to support tool validation
The certification artifacts and tools support you when using the following MathWorks products in the context of the ISO 26262, IEC 61508, EN 50128, or IEC 61511 standards:
Embedded Coder
Simulink PLC Coder
Simulink Design Verifier
Simulink Verification and Validation
Polyspace® Client™ for C/C++; Polyspace® Server™ for C/C++
Specific versions of the preceding MathWorks products have been certified or prequalified by TÜV SÜD, a German-based certification authority, according to one or more of the above mentioned standards.
The IEC Certification Kit product contains certification artifacts to document compliance with the respective standards. The applicant can submit certification artifacts, or derivatives thereof, as evidence of compliance with ISO/FDIS 26262-6, ISO/FDIS 26262-8, IEC 61508-3, EN 50128, or IEC 61511-1.
The IEC Certification Kit product provides the following capability to support certification-related development activities:
| Generating traceability matrices for tracing among model objects, generated code, and model requirements (see Generating a Traceability Matrix). |
The IEC Certification Kit product provides a Certification Artifacts Explorer, a tool for accessing and managing certification artifacts (see Accessing and Managing Certification Artifacts).
The IEC Certification Kit product provides test procedures that can be used to automate tool validation tests for Embedded Coder and Simulink Verification and Validation (see Validating Software Tools).
Note The rights.txt file, located at matlabroot/toolbox/qualkits/iec, describes allowed uses of the IEC Certification Kit product. |
TÜV SÜD has certified specific versions of the Embedded Coder product for use in development processes that are required to comply with ISO/FDIS 26262, IEC 61508, EN 50128, or derived standards. These product versions are also prequalified according to ISO/FDIS 26262-8 for Automotive Safety Integrity Levels ASIL A through ASIL D.
The IEC Certification Kit product contains certification artifacts for the following versions of the Embedded Coder product:
| Version 6.1 (R2011b) |
Previous releases of the Embedded Coder product are certified or prequalified. For supporting certification artifacts, see previous releases of the IEC Certification Kit product.
Certification artifacts for the Embedded Coder product are in the following folder:
| matlabroot/toolbox/qualkits/iec/ecoder/r2011b/ |
Details on the certification artifacts are in the certificate reports.
| Component | File |
|---|---|
| Certificate | certkitiec_ecoder_certificate.pdf |
| Certificate Report | certkitiec_ecoder_certreport.pdf |
| Reference Workflow Documentation | certkitiec_ecoder_workflow.pdf |
| Conformance Demonstration Template | certkitiec_ecoder_cdt.rtf/.pdf |
| ISO 26262 Tool Qualification Package | certkitiec_ecoder_tqp.rtf/.pdf |
| Test Procedure / Test Cases | certkitiec_ecoder_tests.m certkitiec_ecoder_modelList.m /tests/* /outputs/* /baseline/* |
TÜV SÜD certified specific versions of the Simulink PLC Coder product for use in development processes that are required to comply with IEC 61508 or IEC 61511.
The IEC Certification Kit product contains certification artifacts for the following versions of the Simulink PLC Coder product:
| Version 1.2.1 (R2011b) |
Previous releases of the Simulink PLC Coder product are certified. For supporting certification artifacts, see previous releases of the IEC Certification Kit product.
Certification artifacts for the Simulink PLC Coder product are in the following folder:
| matlabroot/toolbox/qualkits/iec/plccoder/r2011b/ |
Details on the certification artifacts are in the certificate reports.
| Component | File |
|---|---|
| Certificate | certkitiec_plccoder_certificate.pdf |
| Certificate Report | certkitiec_plccoder_certreport.pdf |
| Reference Workflow Documentation | certkitiec_plccoder_workflow.pdf |
| Conformance Demonstration Template | certkitiec_plccoder_cdt.rtf/.pdf |
TÜV SÜD has certified specific versions of the Simulink Design Verifier product for use in development processes that are required to comply with ISO/FDIS 26262, IEC 61508, EN 50128, or derived standards. These product versions are also prequalified according to ISO/FDIS 26262-8 for Automotive Safety Integrity Levels ASIL A through ASIL D.
The IEC Certification Kit product contains certification artifacts for the following versions of the Simulink Design Verifier product:
| Version 2.1 (R2011b) |
Certification artifacts for the Simulink Design Verifier product are in the following folder:
| matlabroot/toolbox/qualkits/iec/sldv/r2011b/ |
Details on the certification artifacts are in the certificate reports.
| Component | File |
|---|---|
| Certificate | certkitiec_sldv_certificate.pdf |
| Certificate Report | certkitiec_sldv_certreport.pdf |
| Reference Workflow Documentation | certkitiec_sldv_workflow.pdf |
| Conformance Demonstration Template | certkitiec_sldv_cdt.rtf/.pdf |
| ISO 26262 Tool Qualification Package | certkitiec_sldv_tqp.rtf/.pdf |
TÜV SÜD has certified specific versions of the Simulink Verification and Validation product for use in development processes that are required to comply with ISO/FDIS 26262, IEC 61508, EN 50128, or derived standards. These product versions are also prequalified according to ISO/FDIS 26262-8 for Automotive Safety Integrity Levels ASIL A through ASIL D.
The IEC Certification Kit product contains certification artifacts for the following versions of the Simulink Verification and Validation product:
| Version 3.2 (R2011b) |
Note The Simulink Verification and Validation product was not developed using an IEC 61508 certified process. |
Certification artifacts for the Simulink Verification and Validation product are in the following folder:
| matlabroot/toolbox/qualkits/iec/slvnv/r2011b/ |
Details on the certification artifacts are in the certificate reports.
| Component | File |
|---|---|
| Certificate | certkitiec_slvnv_certificate.pdf |
| Certificate Report | certkitiec_slvnv_certreport.pdf |
| Reference Workflow Documentation | certkitiec_slvnv_workflow.pdf |
| Conformance Demonstration Template | certkitiec_slvnv_cdt.rtf/.pdf |
| ISO 26262 Tool Qualification Package | certkitiec_slvnv_tqp.rtf/.pdf |
| Test Procedure / Test Cases | certkitiec_slvnv_tests*.rpt/.xls /tests/* /outputs/* |
TÜV SÜD certified specific versions of the Polyspace Client for C/C++ and the Polyspace Server for C/C++ products for use in development processes that are required to comply with ISO/FDIS 26262, IEC 61508, EN 50128, or derived standards. These product versions are also prequalified according to ISO/FDIS 26262-8 for Automotive Safety Integrity Levels ASIL A through ASIL D.
The IEC Certification Kit product contains certification artifacts for the following versions of the Polyspace Client for C/C++ and the Polyspace Server for C/C++ products:
| Version 8.2 (R2011b) |
Previous releases of the Polyspace products are certified or prequalified. For supporting certification artifacts, see previous releases of the IEC Certification Kit product.
Note The Polyspace Client for C/C++ and the Polyspace Server for C/C++ products were not developed using an IEC 61508 certified process. |
Certification artifacts for the Polyspace Client for C/C++ and Polyspace Server for C/C++ products are in the following folder:
| matlabroot/toolbox/qualkits/iec/polyspace/r2011b/ |
| Component | File |
|---|---|
| Certificate | certkitiec_polyspace_certificate.pdf |
| Certificate Report | certkitiec_polyspace_certreport.pdf |
| Reference Workflow Documentation | certkitiec_polyspace_workflow.pdf |
| Conformance Demonstration Template | certkitiec_polyspace_cdt.rtf/.pdf |
| ISO 26262 Tool Qualification Package | certkitiec_polyspace_tqp.rtf/.pdf |
Before using the IEC Certification Kit product, make sure that you have:
Knowledge about developing safety-related software.
Knowledge of the applicable safety standard:
ISO 26262 Road vehicles - Functional safety
IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems
EN 50128 Railway Applications - Communications, Signalling and Processing Systems - Software for Railway Control and Protection Systems
IEC 61511 Functional safety - Safety Instrumented Systems for the process industry sector
Experience with MathWorks products that you use to develop, verify, or validate software for systems that are required to comply with the applicable standard.
If you have an Embedded Coder license, also review the following information:
Developing Models and Code That Comply with the ISO 26262 Standard in the Embedded Coder documentation
Developing Models and Code That Comply with the IEC 61508 Standard in the Embedded Coder documentation
[1] Systems that consists of electrical and electronic elements, including: programmable electronic elements, power supplies, input devices, communication paths, and output devices.
[2] Referred to as model-based development.
 | Getting Started | Certification Process |  |
Learn more about Simulink through this collection of videos, articles, technical literature and the Getting Started with Simulink Guide.
| © 1984-2012- The MathWorks, Inc. - Site Help - Patents - Trademarks - Privacy Policy - Preventing Piracy - RSS |
