[SystemSafety] EN 50128 in an IEC 61508 envelope

[Daniel Grivicic]

Hello Everyone,

I am looking at a path forward for the assurance of computer-based
interlocking functions in rail. I am using a generic PLC and its associated
software tools. The hardware and software meet the requirements of IEC
61508. The language used in the software development meets the "Limited
Variability" requirements of IEC 61508 this claim is through an independent
assessment from TUV.

The product (software and hardware) has also been certified by a different
independent assessor to meet the requirements of EN50128.

>From my reading, EN50128 does not differentiate between "Application
Algorithms" and "Generic Software".

I would like to understand if the 61508 assessment and the use of limited
variability tools have any bearing on the assurance assessment to EN50128?

A safety case has been developed and a claim is made to EN50128. Is it
fair, for example within the safety case requirements, to claim that
"requirements in 50128 are met as they are met in 61508"? Certainly not a
blanket claim but one in a context in a limited way.

I can see that cognitive bias may surface "it is safe in X, therefore, it
must be safe in Y". Could there be some aspects where such trust is
reasonable and complete reassessment is not, in principle, required? From
the above I believe EN50128 may require assessment, however, it has been
done in 61508 and therefore a high-level check is reasonable rather than a
first principle one?

Thank you,

Daniel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180308/83790cf7/attachment.html>