VDE V 801 - Withdrawal in August 2004

VDE V 801, the German technical standard for certifying safety related computer systems will be withdrawn in August 2004. After this date certificates which are relying only on this standard will become invalid. This does not mean that the product itself will become unsafe, but formal reasons lead to the invalidation of the certificates.

We recommend the following procedures to solve the problem:

The following possibilities can be chosen:

• Upgrade to IEC 61508
• Upgrade to other product specific standards e.g. EN 954-1, EN 298, VDE 0116
• Perhaps, marketing and sale of the products without valid certificate

In the following the different possibilities will be discussed under consideration of the product design. It is useful to distinguish between products containing soft- and firmware and products which are designed exclusively from hardware components.

Basically upgrading to IEC 61508 is possible for all kind of products. In both cases the manufacturer has to classify the products according to the SIL -levels. The following convertion table can provide a first guess.

LINK

After this a PFD calculation according IEC 61508-2 must be performed and should give evidence that the required SIL -level is maintained. The next step of the certification procedure is to audit and document the also required methods to avoid faults. The problem for already developed products is that life cycle orientated information from the product development phase might not be available for lack of documentation and information. In this case manufacturer and certifier are forced (obliged) to agree about measures which can provide equivalent compensation for the lack of life cycle documentation.

In case of products basing on hardware (no soft- or firmware) which are already certified according to VDE 0801 or other standards covering Functional Safety of products this strategy could lead to positive results in combination with data received from product monitoring. At least the products safety concept was covered by the existing certification. Therefore the safety concept should be documented and test documentation should be available which gives evidence that the safety concept is valid.

This situation is completely different from products containing soft- or firmware. Required information covering the design phase of soft- and firmware development is often not available or is insufficient or has poor quality. In most cases test documentation derived from software design phases is not available. In this case, manufacturer and certifier could analyse the software to identify the gaps. Basing on these results a strategy could be developed to fill in the gaps. Mostly that means reengineering of software and producing of missing documentation. Manufacturers decision is now weather it makes sense or not to use engineering capability and money for an old product line or to develop a new product.

Summary

Certificates issued according DIN V VDE 0801 will become invalid after 2004-08.

It is possible to upgrade hardware products to IEC 61508 by
- auditing the Safety Management
- performing PFD -calculation
- reviewing existing product development documentation
- taking product monitoring data into consideration

It is also possible to upgrade software /firmware -products to IEC 61508, but the effort and the success are depending on the existing documentation of the development phase.

Contact

Thomas Huber