Qt is used in an extremely wide variety of use cases across over 70 industries, and sometimes there is a need to use Qt in a safety critical system. When a system, be it a medical device, railway control system, nuclear power plant or an automobile, can potentially cause harm to humans, the concept of functional safety helps in assessing the risk and taking the necessary measures to steer the risk to an acceptable level. In this blog, I will explain the key concepts for functional safety and list a few industry standards of functional safety.
What is Functional Safety?
The objective of functional safety is freedom from unacceptable risk of physical injury or of damage to the health of people. In many systems, there is always risk and the aim is to bring it down to a tolerable level and to reduce the impact of failure. At its simplest a functional safety system detects a potentially dangerous condition and causes corrective or preventative action to be taken.
Functional safety relies on active systems, for example the detection of smoke by sensors and the initiation of fire extinguisher systems or a mechanism in a revolving door to detect a person that stands still to prevent hitting the person.
Functional safety does not only affect software. On the contrary most systems can be implemented with very limited or no software functionality at all. But when it comes to systems using Qt, we of course are mainly interested in how functional safety affects the system’s software architecture and implementation.
Industry Standards for Functional Safety
Different industries have defined their own standards for addressing functional safety, for example, EN 50128 for Railway applications, IEC 60601 for Medical devices and ISO 26262 for the Automotive sector. The ‘mother’ of all functional safety standards is IEC 61508, which defines the basic concepts of functional safety as well as the means to achieve the desired level of safety, so called Safety Integrity Level (SIL).
Figure 1. Examples of industry specific functional safety standards derived from IEC 61508.
In IEC 61508, there are four different SIL levels of functional safety, that have different requirements for achieving them. The required SIL level is determined based on likelihood for injury or death, for example. If a potential hazard is likely to happen or can cause a lot of damage, the required SIL level is higher. The highest levels are often more relevant for non-UI software, but this is of course a matter of system design.
Achieving Functional Safety
Functional safety can’t be determined without considering the system as a whole and the environment in which it interacts. It is always the final product that needs to be analyzed for impact to functional safety aspects. It is possible to certify any component of a system, which will help in certification of the final system. Still, making a system out of certified parts does not exempt it from a system certification.
Finally, it should be stated that even though only some systems are subject to functional safety certification, it is often beneficial to consider the advice given in the functional safety standards also for systems that are not intended to be certified. The standards can give good instructions and best practices for design, implementation and quality assurance of any systems that can potentially cause harm.
Achieving full functional safety certification is often challenging and costly as some of the requirements, especially for the higher levels, cause significant restrictions to software functionality. Therefore, it is essential to determine what is the safety critical functionality of the system that needs to be certified. If it is possible to separate the safety critical parts of the software from parts that are not safety critical, it is permitted to limit the certification activity only to the required subset of the system functionality.
Functional safety is a large topic, so I wanted to have just the introduction in this post. In the second part of the blog post I will continue on this topic and focus into using Qt in systems that need to be certified for functional safety. If you are interested in discussing more on creation of functional safety certified systems with Qt, please contact us, or stay tuned for the second part.