SafeRTOS has been independently certified by TÜV SÜD as having been developed in accordance
with the rigour necessary for IEC 61508 projects at a safety integrity level
(SIL) of 3 - the highest level that can be achieved for a single software component. TÜV SÜD
have also certified SafeRTOS against the EN62304 medical device standard.
TÜV SÜD have separately certified that the
development processes used by WITTENSTEIN high integrity systems
are themselves suitable for use in IEC 61508 projects at the SIL 3 level.
IEC 61508 is an international standard covering the development and usage of
electrical, electronic and programmable electronic, safety related systems.
In this context, a safety related system is a system that performs one or
more safety functions. IEC 61508 covers both hardware and software
development, so, with due consideration, safety functions can be performed
The standard defines the analysis, design, implementation, production and
test requirements for safety related systems in accordance to the Safety
Integrity Level (SIL) assigned to the system. The SIL is assigned
according to the risks associated with the use of the system under
development, with a maximum SIL of 4 being assigned to systems with the
highest perceived risk. The higher the assigned SIL number the lower the
rate of failure must be for all identified unsafe failure modes.
IEC 61508 is made up of seven parts. Primary information is contained
in parts one to three. Supplementary material is contained in parts
four to seven. All seven parts together define a
system development safety lifecycle.
Summary of parts one to three:
Part one defines the necessary development management system – including
how the system safety requirements are to be calculated, elicited
Part two relates to the hardware aspects of the system development.
It contains the techniques required to reduce both systematic
and random hardware failures.
Part three relates to the software aspects of the system development.
Unlike hardware, software cannot suffer random failures, and so part three
contains the techniques required to guard against systematic failures.
Part one and three are relevant to SafeRTOS.
Systematic failures are not generally quantifiable, and cannot be mitigated
using the same techniques as used to mitigate the risk of random hardware failures.
Instead, systematic failures are mitigated through the implementation of rigorous
and process driven analysis, specification, design, realisation and test techniques.
The affect of such mitigations are also not generally quantifiable, so to credibly claim
compliance with IEC 61508 it is necessary to have your development process
and compliance evidence assessed by a third party who is accepted as
an expert in the field.