Methods for assessing the safety integrity of safety - related software of uncertain pedigree ( SOUP ) Prepared by Adelard for the Health and Safety Executive CONTRACT RESEARCH REPORT 337 / 2001

This report was produced for the HSE project on 'Assessment of Software Components for use in IEC 61508-Compliant Safety-Related Applications'. The main focus for this project is 'software of uncertain pedigree' (SOUP) used in safety-related applications. This document reviews current assessment methods for SOUP and summarises the evidence required for their use according to IEC 61508 and other relevant standards. This report and the work it describes were funded by the Health and Safety Executive (HSE). Its contents, including any opinions and/or conclusions expressed, are those of the authors alone and do not necessarily reflect HSE policy. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written permission of the copyright owner. iii FOREWORD HSE recently commissioned research into how pre-existing software components may be safely used in safety-related programmable electronic systems in a way that complies with the IEC 61508 standard. Two reports resulted from this work: a) Methods for assessing the safety integrity of safety-related software of uncertain pedigree (SOUP) CRR337 HSE Books 2001 ISBN 0 7176 2011 5 b) Justifying the use of software of uncertain pedigree (SOUP) in safety-related applications CRR336 HSE Books 2001 ISBN 0 7176 2010 7 The first report summarises the evidence that is likely to be available in practice relating to a software component to assist in assessing the safety integrity of a safety function that depends on that component. The second report considers how the available evidence can best be used within the framework of the IEC 61508 safety lifecycle to support an argument for the safety integrity achieved by a safety function. Whilst these reports are the opinions of the authors alone and do not necessarily reflect HSE policy, HSE offers this work as an illustration of a principled approach to: a) gathering evidence on the performance of pre-existing software components; b) applying that evidence within the IEC 61508 framework; and c) constructing a systematic and transparent argument for the safety integrity of a specified safety function. HSE proposes to issue guidance on good practice in the use of software components in safety-related systems. HSE invites comments on the practicality and effectiveness of the recommended approach to achieving the above three goals, and on any other significant aspect of the safety integrity of software components …