IEC Certification Kit (for ISO 26262 and IEC 61508)
Qualify code generation and verification tools for ISO 26262 and IEC 61508 certification
IEC Certification Kit provides tool qualification artifacts, certificates, and test suites, and generates traceability matrices. The kit helps you qualify MathWorks code generation and verification tools and streamline certification of your embedded systems to ISO® 26262, IEC 61508, EN 50128, ISO 25119 and related functional safety standards such as IEC 62304 and EN 50657. Certificates and assessment reports from the certification authority TÜV SÜD are included in the kit for the supported products and standards.
IEC Certification Kit provides ISO 26262 tool qualification and classification work products, together with test suites. It includes templates that let you adapt the work products to meet specific project needs. You can generate project-specific artifacts, including traceability matrices covering requirements, models, and generated code. Project- and product-specific artifacts can be combined to produce a complete ISO 26262-compliant tool qualification package for embedded system certification at all ASIL levels (ASIL A through ASIL D).
Note: ISO26262:2018 states that Simulink and Stateflow are suitable for Software Architecture and Software Unit Design Notations and as a basis for automatic code generation, as shown here.
IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems) is an international, industry-independent functional safety standard. The seven-part standard spans IEC 61508-1 to IEC 61508-7. IEC 61508-3 is concerned with software development, verification, and validation. IEC 61508-3 highly recommends certified tools and translators for safety integrity levels (SILs) SIL 2 and higher; clause 7.4.4 provides requirements for support tools.
ISO 26262:2018 (Road vehicles — Functional safety) is an international functional safety standard. It is an adaptation of IEC 61508 specific to the application sector of electrical and electronic systems in the road vehicle industry. It consists of 12 parts: ISO 26262-1:2018 to ISO 26262-12:2018. ISO 26262-6:2018 pertains to software development, verification, and validation. It includes guidance for projects using Model-Based Design and code generation. ISO 26262-8 addresses multiple cross-functional topics, including the classification and qualification of software tools. The degree of rigor required for tool qualification is based on the tool classification level (TCL) and the automotive safety integrity level (ASIL) A to D.
ISO/PAS 21448:2019 (Road vehicles — Safety of the intended functionality or SOTIF) is a complementary standard that provides guidance on engineering (design, verification and validation) measures to address system hazards resulting from functional insufficiencies and foreseeable misuse by persons in the absence of system faults addressed in ISO 26262.
EN 50128 (Railway applications — Software for railway control and protection systems) is a European standard that specifies procedures and technical requirements for the development of programmable electronic systems for use in railway control and protection applications. EN 50128, developed by the European Committee for Electrotechnical Standardization (CENELEC), is part of a series of standards that represent the railway application-specific interpretation of the IEC 61508 standard series.
IEC 62304 (Medical device software – Software life cycle processes) is an international standard that describes the software development and maintenance processes required for medical device software. The required processes, tasks, and activities are impacted by the hazard (risk to patient, caregiver, or environment) level of the device software. IEC 62304 does not directly address software tool qualification. However, it states that IEC 61508 can be looked to as a source of methods, tools and techniques that can be used to implement the requirements in IEC 62304. Additional guidance on tool validation for regional authorities such as the FDA is available on the FDA software validation page.
ISO 25119: 2018 (Tractors and machinery for agriculture and forestry — Safety-related parts of control systems) is an international standard that specifies principles for assessment, design development and verification of safety-related parts of control systems (SRP/CS) on tractors and other machinery used in agriculture and forestry. According to this standard, demonstrating the correctness of software tools or computer-aided (CAD) tools can be achieved by testing, a proven-in-use argument or by independent verification of their outputs.
EN 50657: 2017 (Railways Applications - Rolling stock applications - Software on Board Rolling Stock) is a European standard that specifies requirements on development, deployment and maintenance of software intended for railway rolling stock applications. The requirements for software tools are derived from the requirements on software tools according to IEC 61508-3.
IEC Certification Kit follows an in-context approach to tool certification or qualification based on a typical workflow or use cases when the applicant applies supported tools to develop or verify software for functional safety standard-compliant or standard-certified applications. The workflow addresses risk levels ASIL A–ASIL D according to ISO 26262, all SRL levels according to ISO 25119 and all SIL levels according to IEC 61508, EN 50128 and EN 50657. The applicant must use the tools within the referenced workflows and within the constraints and use cases specified in the certification plans of the applicant’s projects.
IEC Certification Kit is designed to help you provide a complete certification package to certification authorities using MATLAB®, Simulink, and Polyspace products. To use IEC Certification Kit, follow these steps:
- Document compliance with the relevant functional safety standard’s requirements and your intended use cases.
- Propose an initial certification plan to certification authorities.
- Collect tool-provided artifacts such as TÜV SÜD certificates and perform application-independent tool qualification activities, including the execution of product test suites.
- Perform application-specific tool qualification activities such as generating model-to-code traceability using the traceability matrix-generation capability IEC Certification Kit provides.
- Provide the completed certification package to certification authorities.
IEC Certification Kit provides guidance and information for the above steps and includes the document templates, test cases, and test procedures that you need to qualify the supported products in compliance to the applicable standard(s).
For supported products, IEC Certification Kit includes these artifacts:
- TÜV SÜD certificate and certificate report
- Reference workflow
- Tool qualification plan
- Tool conformance demonstration template
- Test cases, procedures, and results
You need to execute the test cases and procedures from IEC Qualification Kit in your MATLAB or Polyspace installation environment. You should then compare your generated test results with the expected results from the kit and work to eliminate any differences.
IEC Certification Kit provides detailed workflow guidance needed for developing and verifying systems using Model-Based Design. The workflow guidance describes processes, methods, and tools used for each software development and verification sub-phase in the software safety lifecycle, from high-level requirements validation to executable object code verification.
With IEC Certification Kit, you can generate a traceability matrix spreadsheet showing requirements-to-model-to-code bidirectional traceability paths and file information. You can also use IEC Certification Kit to generate a list of reported bugs that you can store and archive for key Simulink and Polyspace tools used for Model-Based Design.
Note: Using certified tools does not ensure the safety of the software or the system under consideration.