SOFTWARE VALIDATION, QUO VADIS?
3 QUESTIONS FOR THOMAS KRAMER-WOLF, HEAD OF TRAINING & SERVICES AT WIELAND ELECTRIC
Mr. Kramer-Wolf, the topic of functional safety is gaining in importance in mechanical and plant engineering. What role does the validation of user security software play?
We have found that many users are unaware of the need for validation. Most assume that security hardware alone is enough. Also, the role allocation is not always completely clear: When it comes to validation, this is always someone else’s job. Unfortunately, standards also provide little practical support here. They do demand that everything is documented and checked, but the “How?” remains unanswered. Often it is simply the case that the right tools for validation are lacking. Methods such as simulations or I/O matrices can help to massively reduce software problems. Basically, the main risk is that mistakes can occur in all project phases – from the specifications to the final test. Software can be insidious because errors and their effects can go unnoticed for a long time. A well-known example is a software bug from the year 2000, which was integrated in the 60s and 70s and which cost around 600 billion US dollars to fix worldwide. These sums show how important the topic is.
You have just raised the issue of standards – what will be the situation here in the future?
It is clear that international standards such as EN ISO 13849 and EN 62061 force developers to deal responsibly with functional safety. For example, EN ISO 13849-1 includes safety requirements for the design and integration of safety-related parts of control systems, including the development of software. However, we believe that this standard is more likely to lead to a standstill or even a backward step in software validation. It demands a lot, but offers little help. EN 62061, on the other hand, will certainly bring new approaches to a workable validation, but we are not expecting that for at least two years. But one thing which will definitely be demanded more clearly and more strictly is the independence of the tester, both for new constructions and for machinery and equipment conversions.
How can software developers and safety managers involved in mechanical engineering be supported during the validation?
The answer here is very clear: with the right tools. For example, if programs have simulation features, much more can be simulated on the PC instead of being tested on-site. This saves time and costs because it means fewer tests and simplified documentation of the tests. In addition, test planning can be optimized with an I/O matrix as only existing dependencies need to be tested. Here, the symbols and descriptions for I/Os instead of addresses are especially helpful and, above all, user-friendly. And during the programming stage the user can be assisted by suitable software modules for all major machine functions. Here, predefined function blocks for specific applications, such as presses or combustion applications, facilitate handling enormously. The same applies to a clear, graphic design, which massively increases usability. In all these areas we are setting a good example with our programming software samos® PLAN 6. This license-free tool assists PLC programmers, electrical design engineers, and developers not only with the design, but also with the simple validation, verification, and documentation of the safety application concerned.