• Twitter
  • LinkedIn
  • Xing
+49 7353 981781
Heicon Ulm
  • HOME
  • COMPANY
  • PRODUCTS
  • HEICON BLOG
  • English
    • Deutsch
    • English
  • Menu Menu
You are here: Home1 / FuSa__General2 / Tool qualification – The pain of functional safety (part 2)!

Tool qualification – The pain of functional safety (part 2)!

FuSa__General

In the first part (Link) I explained the basic idea, which is behind the tool qualification. I have already given an overview of the four most frequently used measures.
In this article, I will discuss each of these 4 measures in more detail and name the respective advantages and disadvantages.

Measure 1: Data from the historical use of the tool

This measure can be applied within the tool qualification if a tool is used that has been on the market for a long time. In addition, historical data has to be available for the intended use case. This means that there are exact details about errors in the tool and whether these have been corrected. Critical factors here are the tool observation period and the impact of any new tool versions. In aviation, this measure is seen as rather critical. This measure is certainly used in industrial automation, the railway industry and the automotive industry. This especially the case when a tool is used that is acknowledged and recognized by the industry.

Measure 2: Tool development process assessment

This measure is explicitly mentioned in ISO 26262 and it is primarily used in the automotive sector. A multi-day, intensive assessment is carried out at the tool manufacturer in order to assess whether the applied development process for this tool is appropriate for the intended purpose. These assessments are mostly commissioned by the tool makers themselves and are carried out by recognized assessors. After successful completion of this assessment, the tool manufacturer also uses this certificate as a quality proof for his tool.

Measure 3: Test of the tool functionality

This measure is probably the best known to achieve a tool qualification. Based on a description of the functionalities of the tool, test cases will be developed for those sub-functions. The execution of these test cases should take place in the same environment in which the tool is operationally used. Often, several scripts are used, which may have an influence on the functionality of the tool. This aspect is covered with an execution of the tests, in the original operational environment. The effort spent is not the one-time performance of the tests, but the preparation of the test specifications, test cases and test procedures. This activity is often taken over by the commercial toolmakers. Such a work share minimizes the workload for the project team considerably. This measure provides the best cost / benefit ratio.

Measure 4: Development of the tool according to a functional safety standard

This measure offers the highest benefit for the safety. The tool is completely developed according to a standard of functional safety (ISO 26262, IEC 61508, DO-178C, etc.). This means that there is a risk and hazardous analysis and all planning documents, specification documents and verification documents have been developed according to the criticality level for which the tool itself is to be used. It is obvious that such a claim is only met in exceptional cases by commercial tool makers.

Conclusion

A full discussion of the best practices of the individual sectors can not be done in this blog. The essential points are:
In the aerospace industry often measure 3 is taken. This measure best recognized and respected. Measure 1 is only used in very rare cases. Measure 2 has no acceptance at all. Measure 4 is used, but usually not for commercial tools. Such tools are usually non-commercial special applications.
In the automotive industry, measure 3 has not yet really been accepted. Here measure 2 is often used. If a reasonable justification is possible, measure 1 may also be accepted (For higher ASIL the acceptance of measure 1 is decreasing). Measure 4 is the absolute exception.
In industrial automation, measure 1 is often accepted (more often than in other sectors). Measure 2 is also often used. Measure 3 can be used for high SIL levels. Measure 4 is the absolute exception.
All in all, it is recommended to follow the basic idea of he tool qualification. This means that first of all it is determined which process of the functional safety standard is automated by the use of a tool, or where the 4-eye principle is violated by the tool.
Only where this is the case, a tool qualification measure must be carried out.
In practice this usually means that no measure has to be taken for 60% to 80% of all potential tools. For the remaining tools, measure 3 is the best choice in most cases. Measure 4 may be necessary for very few but very critical applications.

Further HEICON Blog Posts related to Tool Qualification

  • Importance of the Tool Qualification in the FuSa (part 1)!
  • IEC 61508 – Tool qualification – When? Why? How?
  • EN50128 and EN50657 support tools
  • ISO 26262 Confidence in the use of software tools – A feasible strategy!

Are you ready for a functional safety workshop, to analyse improvement potentials in your development process, then send a mail to: info[at]heicon-ulm.de or call +49 (0) 7353 981 781.

26. November 2016/1 Comment/by HEICON Global Engineering GmbH
Tags: Functional Safety, FuSI, proven in use argument, RTCA DO178, Software Engineering, Supporting Processes, Tool Qualification
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
https://heicon-ulm.de/wp-content/uploads/2019/12/DI1A6023_klein_Functional_Safety.jpg 433 547 HEICON Global Engineering GmbH https://heicon-ulm.de/wp-content/uploads/2020/07/heicon-logo-5.png HEICON Global Engineering GmbH2016-11-26 22:50:032021-02-03 21:49:09Tool qualification – The pain of functional safety (part 2)!
You might also like
Functional Safety Good safety development process – What is it?
Functional Safety Functional Safety – What is it?
Requirement Engineering Requirement Engineering Embedded versus IT systems
Functional Safety Freedom from Interference – The practice in Industry!
Railway EN 50129 Safety Case
Other Functional Safety Standards ISO 25119: Software Development for Tractors and Machinery for agriculture and forestry
1 reply

Trackbacks & Pingbacks

  1. Compiler for safety critical software – What needs to be done? – HEICON says:
    3. October 2017 at 23:18

    […] apply for the tools used during the development (see also tool qualification blog 1 and blog 2). The compiler plays a special role here. On the one hand, it is the central tool for any […]

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • A_Requirement Engineering
  • B_Validation and Verification
  • C_Config- / Change Management
  • D_Security
  • FuSa__General
  • FuSa_Aerospace
  • FuSa_Agriculture
  • FuSa_Automotive
  • FuSa_Industrial
  • FuSa_Railway

Contact

HEICON Global Engineering GmbH
Dipl. Ing. (FH) Martin Heininger
Kreuzweg 22
88477 Schwendi

Phone: +49 7353 – 98 17 81
Mobile: +49 176 – 24 73 99 60

Email: info[at]heicon-ulm.de

IMPRINT  |  DATA PROTECTION

Importance of Tool Qualification in the FuSa (part 1)!Functional SafetyIndustrialSpecification Architecture Requirement in IEC 61508; Is there any differenc...
Scroll to top