[SystemSafety] EN 50128 in an IEC 61508 envelope

jean-louis Boulanger jean.louis.boulanger at gmail.com
Fri Mar 9 23:45:01 CET 2018 

2018-03-08 6:37 GMT+01:00 Daniel Grivicic <grivsta at gmail.com>:

> Hello Everyone,
>
> I am looking at a path forward for the assurance of computer-based
> interlocking functions in rail. I am using a generic PLC and its associated
> software tools. The hardware and software meet the requirements of IEC
> 61508. The language used in the software development meets the "Limited
> Variability" requirements of IEC 61508 this claim is through an independent
> assessment from TUV.
>
> The product (software and hardware) has also been certified by a different
> independent assessor to meet the requirements of EN50128.
>
> From my reading, EN50128 does not differentiate between "Application
> Algorithms" and "Generic Software".
>

   applicable also are "complexe data" not parameter
   applicable also are some kind of object that contain and algorithm


>
> I would like to understand if the 61508 assessment and the use of limited
> variability tools have any bearing on the assurance assessment to EN50128?
>
> A safety case has been developed and a claim is made to EN50128. Is it
> fair, for example within the safety case requirements, to claim that
> "requirements in 50128 are met as they are met in 61508"? Certainly not a
> blanket claim but one in a context in a limited way.
>

50128 is just software you need to have a certificate for 50129 + 50126
 CENELEC is not directly compatible with 61508 because THR allocation is
purely different (no computation for THR, given by authority, no low and
high solicitation and SIL3 is the same than SIL4)


>
> I can see that cognitive bias may surface "it is safe in X, therefore, it
> must be safe in Y". Could there be some aspects where such trust is
> reasonable and complete reassessment is not, in principle, required? From
> the above I believe EN50128 may require assessment, however, it has been
> done in 61508 and therefore a high-level check is reasonable rather than a
> first principle one?
>

in railway we have a specific procedure to recognizer a certificate is call
CROSS acceptance see 50129-guide part 1


>
> Thank you,
>
> Daniel.
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>


-- 
Mr Jean-louis Boulanger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180309/96563c2c/attachment.html>

More information about the systemsafety mailing list