Software development for Railway Applications
Software development for Railway Applications is obligated to meet the requirements defined and described in the European Standard approved by CENELEC. The new European Standard EN 50716:2023 was established in 2023, and this document has to be implemented at the national level until October 30, 2024. In this article, I would like to present the overall picture of the new standards and to compare general standards with the superseded ones.
What is the concept of software development according to European Standard EN 50716:2023?
This document concentrates on the methods which need to be applied in order to provide software which meets the demands for software integrity.
The main concept of this standard is to divide a software application into functions which can have a different safety impact defined as the Software Integrity Level. This document addresses five software integrity levels: Basic Integrity, SIL 1, SIL 2, SIL 3, SIL 4. If the risk resulting from software failure is high, then the software integrity level is also high.
For non-safety related functions, the standard requires a software quality assurance process, but it is not strictly defined — the Basic Integrity requirements from this standard or alternative code of practice can be applied.
Generally, the European Standard EN 50716:2023 is focused on techniques and methods for software development of safety-related functions allocated to the software with a determined Software Integrity Level.
A list of the techniques/measures required to use in software development of safety-related functions along with the division into five software integrity levels, can be found in annex A.2 and A.3 of this standard. Every technique/measure for each software integrity level can have one of five requirement levels: mandatory, highly recommended, recommended, neutral, not recommended.
What are the requirements for software development according to the European Standard EN 50716:2023?
This document provides a set of requirements for the development, deployment and maintenance of any software intended for Railway Applications. It defines requirements concerning organizational structure, the relationship between organizations and the division of responsibility involved in the development, deployment and maintenance activities. Criteria for the qualification and expertise of personnel are also provided in this document.
All the requirements for the software development process are defined in this standard, starting from the organization of personnel involved in the software development process, responsibilities assigned to each role, and personnel competence management process to suit appropriate roles, and ending with the whole life cycle model for the software development and documentation for software which shall be provided to meet the European Standard EN 50716:2023 requirements.
The life cycle model examples are in annex C.1 of this standard and the general list of required documents is in annex A.2 table A.1 of this standard.
What does the route map for software development according to European Standard EN 50716:2023 look like?
At the system level, the System documentation is an input to Software development in compliance with the European Standard EN 50716:2023. The System documentation identifies safety-related functions and software interfaces allocated to the Software within the scope of the standards EN 50126–1 and EN 50126–2.
The required software integrity level is selected and assessed at the system level, with the system safety integrity level as well as the level of risk associated with the use of the software in the system in mind. As decomposition of the specification into a design comprising safety-related systems and components takes place, further allocation of safety integrity level is made. Ultimately, this leads to the required software integrity level for the safety-related functions.
The main activities as per the route map for software development according to the European Standard EN 50716:2023 are described below:
- Define the Software Requirements Specification based on the System input documents (scope 7.2 of EN 50716:2023 standard). Consider and specify the Software Architecture — developed strategy for the software and software integrity level (scope 7.3 of EN 50716:2023 standard).
2. Design the Software Components (scope 7.4 of EN 50716:2023 standard), develop/implement and test the software components source code according to Software Quality Assurance Plan, software integrity level, and the software lifecycle (scope 7.5 of EN 50716:2023 standard).
3. Integrate the software with the target hardware and verify the functionality by testing the integrated software source code combined with all previously tested software components (scope 7.6 of EN 50716:2023 standard).
4. Accept and deploy the software source code connected with real hardware and systems on the test bench or in the real environment (scope 7.7 and 9.1 of EN 50716:2023 standard).
5. If software maintenance is required during operational life, then the re-activation of the EN 50716:2023 standard is a proper course of action (scope 9.2 of EN 50716:2023 standard).
What changes are introduced by the newly issued European Standard EN 50716:2023?
The European Standard EN 50716:2023 supersedes the two previous standards and all their amendments:
EN 50128:2011 Software development for Railway Applications in subsystem: Control Command and Signaling
EN 50657:2017 Software development for Railway Applications in subsystem: Rolling stock
The main goal of the author of the new standard is to perform a better alignment with the two superseded standards and merge their scopes into one document.
It was a very difficult task due to the differences between railway subsystems and their intended application. Generally, safety-related functions with the highest Software Integrity Level SIL 4 are more common in Control Command and the Signaling subsystem, due to high risk resulting from software failure. In the Rolling stock subsystem, the most popular are safety-related functions with the Software Integrity Level SIL 2.
In the next articles, I will shed more light on the significant technical changes in respect of the superseded standards EN 50128:2011 and EN 50657:2017.
If you are looking for support in software development with safety-related functions in accordance with European Standards: EN 50716:2023, EN 50128:2011 or EN 50657:2017, contact Jit Team.
