MODUK DEF STAN 00-54: PART 2 PDF

This Part of the Interim Standard provides information and guidance on the procedures to be used for the production of electronic hardware of all levels of safety integrity. However, it places particular emphasis on indicating methods which are useful in justiQing that safety requirements have been met for Safety Critical Electronic Hardware (SCEH).

It is emphasized that safety is a system property and achieving and maintaining safety requires attention to all aspects of the system, covering its human, electronic, software and mechanical components and their interfaces and integration. This Interim Standard addresses the design of electronic hardware, which is only a part of the whole system development process. A systems approach to hazard analysis and safety risk assessment is explained in Def Stan 00-56, which deals with the achievement of safety targets by overall design, and in particular whether safety features are to be controlled by software, hardware or manual procedures. Def Stan 00-55 directly addresses safety related software.

Firmware is a concept with both software and hardware aspects. If a firmware item can be exhaustively tested, it may be treated as a simple hardware item. Otherwise its software aspects should conform to Def Stan 00-55 and its hardware aspects to this Interim Standard. This Interim Standard stresses two complementary means of achieving safety. One is to strive for design correctness, on the assumption that design correctness implies safety. By this means a demonstration of correctness with respect to the Hardware Requirement by all techniques which are reasonably possible becomes a demonstration of safety. The second means is to show by hazard analysis or some related technique that the design contains no dangerous features, This includes a review of the Hardware Requirement to ensure that it is self-consistent, unambiguous and complete in all relevant aspects.

Whilst some parts of this Interim Standard are applicable to mechanical, microwave and even optical systems, the text specifically addresses conventional electronic hardware. In this context ‘conventional' is taken to mean hardware characterised in the time domain. Operation is thus taken to be quasi-static with a requirement to verify that timing hazards are avoided.

The main emphasis is on digital electronics, particularly where there is a degree of custom design (i.e.: circuit boards, ASICs, etc.). Application to analogue circuit design is more problematic because design methodologies for analogue circuits are relatively undeveloped, Here the concepts of formal methods, high level simulation, synthesis and built-in self test are less applicable. However the principle of a safety case supported by safety arguments remains valid.