Glossary of functional safety standards

These functional safety standards deliver benefits to developers, system integrators and users. By following a standard, a development organization builds safer products. A system integrator can state its expectations to a supplier by requiring compliance with a standard. And users have fewer injuries and deaths. This section provides a list of functional safety standards.

IEC 61508 – Functional Safety of Electrical/Electronic/ and Programmable Electronic

IEC 61508 is the foundational source for good software methods, techniques and tools to support functional safety.

ISO 9001:2015 – Quality Management Systems – Requirements

ISO 9001:2015 includes requirements for leadership, planning, support, operation, performance evaluation and continual improvement.

IEC 62061 – Safety of Machinery: Functional Safety of Electrical, Electronic and Programmable Electronic Control Systems

IEC/EN 62061 defines requirements for system-level design of safety-related electrical control systems in machinery and design of non-complex subsystems and devices.

ISO 26262-6:2018 – Road Vehicles – Functional Safety – Part 6: Product Development at the Software Level

Part 6 covers software and provides lists of recommended and highly recommended techniques for each automotive safety integrity level (ASIL). Only events deemed to be ASIL A, B, C or D need to comply with ISO 26262 .

IEC 62304 – Medical Device Software – Life Cycle Processes

IEC 62304 includes requirements for the software development process, software maintenance process, software configuration management process and software problem resolution process.

EN 50128 & 50129 – Railway Applications – Communication, Signaling and Processing Systems

These two European standards (EN 5012x) define safety-related software process standards, hardware and approval processes for railway applications. EN 50128 provides process standards for software for railway control and protection systems. EN 50129 covers safety-related electronic systems for signaling.

ISO 25119 – Agricultural and Forestry Tractors and Machinery – Safety-Related Parts of Control Systems

This safety standard for agriculture and forestry equipment covers general principles for design and development, concept phase, series development for hardware and software, and processes for production, operation, modification and support.

IEC 61513 – Instrumentation and Control Systems Important to Safety in Nuclear Power Plants

IEC 61513 defines general requirements for systems important to safety in the nuclear power industry.

ISO/SAE 21434 (coming soon) – Road Vehicles – Cybersecurity Engineering

BlackBerry QNX is participating in the development of this automotive cybersecurity standard, which is expected to be released in 2020. ISO/SAE 21434 is bringing the auto industry together with the goal of developing reasonably secure vehicles and systems.

Glossary of functional safety standards Safety integrity levels: ASIL, SIL and Class

Many safety standards have different requirements based on the risk posed by a subsystem, each of which may need to be certified to a different safety integrity level (SIL). Functional safety standards differ in criteria and terminology for safety integrity levels, such as:

Safety Integrity Level (SIL) 1, 2, 3, 4
IEC 61508 bases SIL on the probability of failure per hour of operation.
Automobile Safety Integrity Level (ASIL) A, B, C, D
ISO 26262 calculates ASIL based on the severity of the injuries that could result from an event, the likelihood the event will occur in normal operation, and how many drivers could control the situation to avoid the injury.
Medical Device Class A, B, C
Under IEC 62304, medical devices are classified based on the amount of injury that could be caused to a patient, an operator or an onlooker.

Dependability, reliability and availability

Dependability: The ability of the system to respond correctly to events in a timely manner, for as long as required. Dependability is a combination of system availability and reliability.
Availability: How often the system responds to requests in a timely manner.
Reliability: How often the system responses are correct.

Faults, errors and failures

A fault can lead to an error, which can lead to a system failure.

Fault: A mistake in the code.
Error: Undesired behavior caused by a fault in the code.
Failure: The inability of the system to perform a required function due to an uncontained error.

Error recovery can prevent an error from becoming a failure:

Backward error recovery: The system returns to a previous state.
Forward error recovery: The system moves to a predefined state.

As illustrated in the following figure, an error at one level in a system may cause a fault at another. A fault in training could cause a software developer to make an error and insert a bug into the code, which ultimately results in a failure of the system.

Glossary of functional safety standards Safety integrity levels: ASIL, SIL and Class

Comparison with Other Hazard Level Standards[edit]

Given ASIL is a relatively recent development, discussions of ASIL often compare its levels to levels defined in other well-established safety or quality management systems. In particular, the ASIL are compared to the SIL risk reduction levels defined in IEC 61508 and the Design Assurance Levels used in the context of DO-178C and DO-254. While there are some similarities, it is important to also understand the differences.

Approximate cross-domain mapping of ASIL

Domain. Domain-Specific Safety Levels

Automotive (ISO 26262) QM ASIL-A ASIL-B/C. ASIL-D. X

General (IEC-61508) . X SIL-1. SIL-2. SIL-3. SIL-4

Aviation (ED-12/DO-178/DO-254) . DAL-E. DAL-D. DAL-C. DAL-B. DAL-A

Railway (CENELEC 50126/128/129) . X SIL-1. SIL-2. SIL-3. SIL-4

Probabilistic analysis

The probability metric used in step 3 above depends on whether the functional component will be exposed to high or low demand:

high demand is defined as more than once per year and low demand is defined as less than or equal to once per year (IEC-61508-4).
For functions that operate continuously (continuous mode) or functions that operate frequently (high demand mode), SIL specifies an allowable frequency of dangerous failure.
For functions that operate intermittently (low demand mode), SIL specifies an allowable probability that the function will fail to respond on demand.

Note the difference between function and system. The system implementing the function might be in operation frequently (like an ECU for deploying an air-bag), but the function (like air-bag deployment) might be in demand intermittently.

SIL                            Low demand mode:                                         High demand or continuous mode:
             average probability of failure on demand       probability of dangerous failure per hour
  1                       ≥ 10−2 to < 10−1                                                                                 ≥ 10−6 to < 10−5

2 ≥ 10−3 to < 10−2 ≥ 10−7 to < 10−6

3 ≥ 10−4 to < 10−3 ≥ 10−8 to < 10−7 (1 dangerous failure in 1140 years)

4 ≥ 10−5 to < 10−4 ≥ 10−9 to < 10−8

WIND RIVER VXWORKS 653 3.0 MULTI-CORE EDITION

Click Here to goto Vxworks-653-product-note-multi-core.pdf

IV&V on Orion’s ARINC 653 Flight Software Architecture

ARINC 653/DO 178

Click Here to goto 2530 - IVV on Orions ARINC 653 Flight Software Architecture100913

Safety-Critical Data Management

Safety-Critical Data Definitions

Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices to administrative and access controls, as well as the logical security of software applications. It also includes organizational policies and procedures.

Safety-Critical Data: Data Safety

Data security refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Data security includes data encryption, hashing, tokenization, and key management practices that protect data across all applications and platforms.

Safety-Critical Data: Data Security

Safety-Critical Data Integrity

Data integrity is the overall accuracy, completeness, and consistency of data. Data integrity also refers to the safety of data in regard to regulatory compliance — such as GDPR compliance — and security. It is maintained by a collection of processes, rules, and standards implemented during the design phase. When the integrity of data is secure, the information stored in a database will remain complete, accurate, and reliable no matter how long it’s stored or how often it’s accessed.

Safety-Critical Data Availability

Data availability is the process of ensuring that data is available to end-users and applications, when and where they need it. Availability has to do with the accessibility and continuity of information, thus accessibility is a key component. It defines the degree or extent to which data is readily usable along with the necessary IT and management procedures, tools, and technologies required to enable, manage and continue to make data available.

Safety-Critical Data Privacy

Data privacy is a guideline for how data should be collected or handled, based on its sensitivity and importance. Data privacy is typically applied to personal health information (PHI) and personally identifiable information (PII). This includes financial information, medical records, social security or ID numbers, names, birthdates, and contact information.

Safety-Critical Data & Cyber Security

Five types of cybersecurity techniques, which will help in reducing the cyber attack amongst enterprises and organizations.

Critical Infrastructure Cybersecurity. ...
Network Security. ...
Cloud Security. ...
Internet of Things Security. ...
Application Security.

Ransom-ware Attack Prevention

In light of the recent rise in ransomware attacks, The National Institute of Standards and Technology (NIST) has developed new, preliminary draft guidelines for organizations regarding ransomware attacks.

These guidelines, titled “The Cybersecurity Framework Profile for Ransomware Risk Management,”

http://blog.dminc.com/blog/nist-cybersecurity-guidelines

HIPPA Data: Data Privacy

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

Data Encryption: Data Security

Data encryption is a process of converting data into encoded information, called ciphertext. The encoded information can only be decoded with a unique decryption key. You can generate the key either at the time of encryption or beforehand.

Encryption ensures the integrity of data by protecting it from unauthorized modification. Encryption reduces the risk of accessing data from untrustworthy sources by verifying data’s source.

Continuous Data Protection

Continuous Data Protection is a method for backing up data every time a change is made. A continuous data protection system maintains a record of all data changes and enables you to restore a system to any previous point in time.

This type of backup solves the problem of losing data created between two scheduled backups. It also provides protection against attacks like ransomware or malware, as well as accidental deletion of data.

RAID Data Storage: Data Protection

RAID; "Redundant Array of Inexpensive Disks" or "Redundant Array of Independent Disks") is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. This was in contrast to the previous concept of highly reliable mainframe disk drives referred to as "single large expensive disk" (SLED).

Data is distributed across the drives in one of severa

RAID level 0, 1, 5, 6 and 10: Data Protection

Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemes, or data distribution layouts, are named by the word "RAID" followed by a number, for example RAID 0 or RAID 1. Each scheme, or RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable failures

Safety-Critical Data & Ransom-ware: Data Hijacking

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them

Safety-Critical Data & virtual private network (VPN)

A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

The benefits of a VPN include increases in functionality, security, and management of the private network. It provides access to resources inaccessible on the public network and is typically used for telecommuting workers.

Safety-Critical System Integrity: Redundancy

Multiple modular redundancy, is a fault-tolerant form of hardware redundancy, in which multiple systems perform a process and that result is processed by a majority-voting system to produce a single output. If any one of the multiple systems fails, the other systems can correct and mask the fault.

The concept can be applied to many forms of redundancy, such as software redundancy in the form of Safety-Critical computer systems

Artificial Intelligence in Safety-Critical Systems Development

Early iterations of the AI applications we interact with most today were built on traditional machine learning models. These models rely on learning algorithms that are developed and maintained by data scientists. In other words, traditional machine learning models need human intervention to process new information and perform any new task that falls outside their initial training.

The Three Different types of artificial intelligence (AI)

Understanding the Three Different types of artificial intelligence (AI)

For example:

Apple made Siri a feature of its iOS in 2011. This early version of Siri was trained to understand a set of highly specific statements and requests. Human intervention was required to expand Siri’s knowledge base and functionality.

However, AI capabilities have been evolving steadily since the breakthrough development of artificial neural networks in 2012, which allow machines to engage in reinforcement learning and simulate how the human brain processes information.

The three kinds of AI based on capabilities

1. Artificial Narrow AI

Artificial Narrow Intelligence, also known as Weak AI (what we refer to as Narrow AI), is the only type of AI that exists today. Any other form of AI is theoretical. It can be trained to perform a single or narrow task, often far faster and better than a human mind can.

However, it can’t perform outside of its defined task. Instead, it targets a single subset of cognitive abilities and advances in that spectrum.

2. General AI

Artificial General Intelligence (AGI), also known as Strong AI, is today nothing more than a theoretical concept. AGI can use previous learnings and skills to accomplish new tasks in a different context without the need for human beings to train the underlying models. This ability allows AGI to learn and perform any intellectual task that a human being can.

3. Super AI

Super AI is commonly referred to as artificial superintelligence and, like AGI, is strictly theoretical. If ever realized, Super AI would think, reason, learn, make judgements and possess cognitive abilities that surpass those of human beings.

The applications possessing Super AI capabilities will have evolved beyond the point of understanding human sentiments and experiences to feel emotions, have needs and possess beliefs and desires of their own.

The four types of AI based on functionalities

Underneath Narrow AI, one of the three types based on capabilities, there are two functional AI categories:

1. Reactive Machine AI

Reactive machines are AI systems with no memory and are designed to perform a very specific task. Since they can’t recollect previous outcomes or decisions, they only work with presently available data. Reactive AI stems from statistical math and can analyze vast amounts of data to produce a seemingly intelligent output.

Examples of Reactive Machine AI

IBM Deep Blue: IBM’s chess-playing supercomputer AI beat chess grandmaster Garry Kasparov in the late 1990s by analyzing the pieces on the board and predicting the probable outcomes of each move.

The Netflix Recommendation Engine: Netflix’s viewing recommendations are powered by models that process data sets collected from viewing history to provide customers with content they’re most likely to enjoy.

2. Limited Memory AI

Unlike Reactive Machine AI, this form of AI can recall past events and outcomes and monitor specific objects or situations over time. Limited Memory AI can use past- and present-moment data to decide on a course of action most likely to help achieve a desired outcome.

However, while Limited Memory AI can use past data for a specific amount of time, it can’t retain that data in a library of past experiences to use over a long-term period. As it’s trained on more data over time, Limited Memory AI

Examples of Limited Memory AI

Generative AI: Generative AI tools such as ChatGPT, Bard and DeepAI rely on limited memory AI capabilities to predict the next word, phrase or visual element within the content it’s generating.
Virtual assistants and chatbots: Siri, Alexa, Google Assistant, Cortana and IBM Watson Assistant combine natural language processing (NLP) and Limited Memory AI to understand questions and requests, take appropriate actions and compose responses.
Self-driving cars: Autonomous vehicles use Limited Memory AI

3. Theory of Mind AI

Theory of Mind AI is a functional class of AI that falls underneath the General AI. Though an unrealized form of AI today, AI with Theory of Mind functionality would understand the thoughts and emotions of other entities. This understanding can affect how the AI interacts with those around them. In theory, this would allow the AI to simulate human-like relationships.

Because Theory of Mind AI could infer human motives and reasoning, it would personalize its interactions with individuals based on

4. Self-Aware AI

Self-Aware AI is a kind of functional AI class for applications that would possess super AI capabilities. Like theory of mind AI, Self-Aware AI is strictly theoretical. If ever achieved, it would have the ability to understand its own internal conditions and traits along with human emotions and thoughts. It would also have its own set of emotions, needs and beliefs.

Emotion AI is a Theory of Mind AI currently in development. Researchers hope it will have the ability to analyze voices, images and

Additional capabilities and practical applications of AI technologies

Computer vision

Narrow AI applications with computer vision can be trained to interpret and analyze the visual world. This allows intelligent machines to identify and classify objects within images and video footage.

Applications of computer vision include:

Image recognition and classification
Object detection
Object tracking
Facial recognition
Content-based image retrieval

Computer vision is critical for use cases that involve AI machines interacting and traversing the physical world around them. Exam

Robotics

Robots in industrial settings can use Narrow AI to perform routine, repetitive tasks that involve materials handling, assembly and quality inspections. In healthcare, robots equipped with Narrow AI can assist surgeons in monitoring vitals and detecting potential issues during procedures.

Agricultural machines can engage in autonomous pruning, moving, thinning, seeding and spraying. And smart home devices such as the iRobot Roomba can navigate a home’s interior using computer vision and use data s

Expert systems

Expert systems equipped with Narrow AI capabilities can be trained on a corpus to emulate the human decision-making process and apply expertise to solve complex problems. These systems can evaluate vast amounts of data to uncover trends and patterns to make decisions. They can also help businesses predict future events and understand why past events occurred.