CENELEC 50128 and IEC 62279 Standards

Jean-Louis Boulanger is currently an Independent Safety Assessor (ISA) in the railway domain focusing on software elements. He is a specialist in the software engineering domain (requirement engineering, semi-formal and formal method, proof and model-checking). He also works as an expert for the French notified body CERTIFER in the field of certification of safety critical railway applications based on software (ERTMS, SCADA, automatic subway, etc.). His research interests include requirements, software verification and validation, traceability and RAMS with a special focus on SAFETY.

• INTRODUCTION xiiiCHAPTER 1. FROM THE SYSTEM TO THE SOFTWARE 11.1. Introduction 11.2. Command/control system 21.3. System 61.4. Software application 81.4.1. What is software? 81.4.2. Different types of software 91.4.3. The software application in its proper context 101.5. Conclusion 11CHAPTER 2. RAILWAY STANDARDS 132.1. Introduction 132.2. Generic standards 142.2.1. Introduction 142.2.2. Safety levels 152.3. History between CENELEC and the IEC 162.4. CENELEC referential framework 172.4.1. Introduction 172.4.2. Description 182.4.3. Implementation 212.4.4. Software safety 222.4.5. Safety versus availability 222.5. EN 50155 standard 232.6. CENELEC 50128 262.6.1. Introduction 262.6.2. SSIL management 262.6.3. Comparison of 2001 and 2011 versions 282.7. Conclusion 30CHAPTER 3. RISK AND SAFETY INTEGRITY LEVEL 313.1. Introduction 313.2. Basic definitions 313.3. Safety enforcement 373.3.1. What is safety? 373.3.2. Safety management 403.3.3. Safety integrity 473.3.4. Determination of the SIL 503.3.5. SIL table 553.3.6. Allocation of SILs 563.3.7. SIL management 573.3.8. Software SIL 583.3.9. Iterative process 593.3.10. Identification of safety requirements 603.4. In IEC 61508 and IEC 61511 613.4.1. Risk graph 623.4.2. LOPA 643.4.3. Overview 663.5. Conclusion 66CHAPTER 4. SOFTWARE ASSURANCE 674.1. Introduction 674.2. Prerequisites 674.3. Quality assurance 684.3.1. Introduction 684.3.2. Quality assurance management 694.3.3. Realization of a software application 734.3.4. Software quality assurance plan (SQAP) 754.4. Organization 784.4.1. Typical organization 784.4.2. Skill management 804.5. Configuration management 824.6. Safety assurance management 844.7. Verification and validation 864.7.1. Introduction 864.7.2. Verification 874.7.3. Validation 1034.8. Independent assessment 1044.9. Tool qualification 1044.10. Conclusion 1054.11. Appendix A: list of quality documents to be produced 1064.12. Appendix B: structure of a software quality assurance plan 106CHAPTER 5. REQUIREMENTS MANAGEMENT 1095.1. Introduction 1095.2. Requirements acquisition phase 1105.2.1. Introduction 1105.2.2. Requirements elicitation 1115.2.3. Process of analysis and documentation 1195.2.4. Verification and validation of the requirements 1265.3. Requirements specification 1295.3.1. Requirements characterization 1295.3.2. Characterization of requirements specification 1355.3.3. Expression of requirements 1355.3.4. Requirements validation 1405.4. Requirements realization 1405.4.1. Process 1405.4.2. Verification 1415.4.3. Traceability 1435.4.4. Change management 1465.5. Requirements management 1505.5.1. Activities 1505.5.2. Two approaches 1515.5.3. Implementation of tools 1525.6. Conclusion 154CHAPTER 6. DATA PREPARATION 1556.1. Introduction 1556.2. Recap 1566.3. Issue 1566.4. Data-parameter-based system 1586.4.1. Introduction 1586.4.2. Characterization of data 1616.4.3. Service inhibition 1626.4.4. Overview 1646.5. From the system to the software 1656.5.1. Need 1656.5.2. What the CENELEC framework does not say 1676.6. Data preparation process 1696.6.1. Context 1696.6.2. Presentation of section 8 of the CENELEC 50128:2011 standard 1706.7. Data preparation process 1746.7.1. Management of the data preparation process 1746.7.2. Verification 1826.7.3. Specification phase 1826.7.4. Architecture phase 1866.7.5. Data production 1906.7.6. Integration of the application and acceptance of the tests 1966.7.7. Validation and evaluation of the application 1976.7.8. Procedure and tools for preparation of the application 1976.7.9. Development of generic software 1986.8. Conclusion 1996.9. Appendix: documentation to be produced 199CHAPTER 7. GENERIC APPLICATION 2017.1. Introduction 2017.2. Software application realization process 2017.3. Realization of a generic application 2037.3.1. Specification phase 2037.3.2. Architecture and component design phase 2137.3.3. Component design phase 2367.3.4. Coding phase 2427.3.5. Execution of component tests 2437.3.6. Software integration phase 2467.3.7. Overall software testing phase 2477.4. Some feedback on past experience 2497.5. Conclusion 2507.6. Appendix A: the programming language “Ada” 2517.7. Appendix B: the programming language “C” 2537.7.1. Introduction 2537.7.2. The difficulty with C 2537.7.3. MISRA-C 2547.7.4. Example of a rule 2557.8. Appendix C: introduction to object-oriented languages 2557.9. Appendix D: documentation needing to be produced 258CHAPTER 8. MODELING AND FORMALIZATION 2618.1. Introduction 2618.2. Modeling 2618.2.1. Objectives 2618.2.2. Different types of modeling 2638.2.3. Model 2648.3. Use of formal techniques and formal methods 2658.3.1. Definitions 2658.3.2. UML 2688.4. Brief introduction to formal methods 2698.4.1. Recap 2698.4.2. Usage in the railway domain 2708.4.3. Summary 2768.5. Implementation of formal methods 2798.5.1. Conventional processes 2798.5.2. Process including formal methods 2808.5.3. Issues 2828.6. Maintenance of the software application 2848.7. Conclusion 285CHAPTER 9. TOOL QUALIFICATION 2879.1. Introduction 2879.2. Concept of qualification 2889.2.1. Issue 2889.2.2. CENELEC 50128:2001 2889.2.3. DO-178 2919.2.4. IEC 61508 2929.2.5. ISO 26262 2939.3. CENELEC 50128:2011 2939.3.1. Introduction 2939.3.2. Qualification file 2949.3.3. Qualification process 2959.3.4. Implementation of the qualification process 2979.4. Fitness for purpose 3059.4.1. Design method 3059.4.2. In case of incompatibility 3059.4.3. Code generation 3069.5. Version management 3069.5.1. Identification of versions 3069.5.2. Bug/defect analysis 3079.5.3. Changing versions 3079.6. Qualification process 3079.6.1. Qualification file 3079.6.2. Ultimately 3089.6.3. Qualification of non-commercial tools 3089.7. Conclusion 308CHAPTER 10. MAINTENANCE AND DEPLOYMENT 30910.1. Introduction 30910.2. Requirements 30910.2.1. Fault management 30910.2.2. Managing changes 31010.3. Deployment 31210.3.1. Issue 31210.3.2. Implementation 31310.3.3. In reality 31410.4. Software maintenance 31510.4.1. Issue 31510.4.2. Implementation 31510.5. Product line 31610.6. Conclusion 31810.7. Appendix: documentation needing to be produced 319CHAPTER 11. ASSESSMENT AND CERTIFICATION 32111.1. Introduction 32111.2. Evaluation 32111.2.1. Principles 32111.2.2. CENELEC 50128:201132411.3. Cross-acceptance 32511.4. Certification 32611.4.1. Product certification 32611.4.2. Software certification 32711.4.3. Evolution management 32711.5. Conclusion 32811.6. Appendix: documentation needing to be produced 328CONCLUSION 329BIBLIOGRAPHY 331GLOSSARY 343INDEX 351