EN 50128 for rail software
May 20, 2020

What Is EN 50128?

Static Analysis
Security & Compliance

EN 50128 is a functional safety standard tailored for the particular demands of the rail industry. It’s titled “Railway applications — Communication, signaling, and processing systems — Software for railway control and protection systems”.

Following the requirements of this standard is critical for railway software development. For that reason, it is essential that you understand what is EN 50128, how to follow EN 50128, and what are Software Safety Integrity Levels (SSIL).

What Is EN 50128?

EN 50128 is a functional-safety standard tailored for the particular demands of the rail industry. It provides a set of requirements for the development, deployment, and maintenance of any safety-related software intended for railway control and protection applications

Why Is EN 50128 Important?

The goal of EN 50128 is to ensure safety throughout the lifecycle of rail equipment and systems. EN 50128 does this by providing the requirements that must be followed to ensure safety.

A railway network comprises a number of very large and complex, but tightly controlled systems. Whilst the overall probability of a malfunction might be low, a single safety-related failure can clearly have a very severe impact on multiple individuals.

For that reason, it is essential that you follow EN 50128 to avoid or control systematic failures as well as to detect or control random hardware failures.

What Is EN 50128 Classification of Tools

EN 50128 introduces three classes of tools and all tools must be assigned to one of these classes depending on their potential to affect the executable code.

Tool Class

Description

Examples


T1

Tool output does not contribute to executable code.

  • Text Editor
  • VCS



T2

Tool tests and verifies design as well as the executable code. The tool cannot introduce defects into the code but may fail to detect existing defects.

  • Static Analysis Tool
  • Code Coverage Test Tool

T3

Tool output contributes to executable code.

  • Compiler
  • Linker

For Class T2 tools — such as static analysis toolHelix QAC — there must be evidence that the tool meets the requirements of EN 50128 and the required Software Safety Integrity Level (SSIL). Helix QAC has been certified for EN 50128 as fit for purpose to develop safety-related software up to SIL 4 by SGS-TÜV-SAAR.

Why Software Safety Integrity Levels (SSIL) are Important

Software Safety Integrity Levels are not unique to EN 50128, as all functional safety standards provide a number of pre-defined safety level categories.

EN 50128 has five defined SSIL values where SSIL 0 is the lowest level and SSIL 4 is the highest level of safety integrity. This means that SSIL 4 requires more checks and stringent controls whereas SSIL 0 is not safety-related.

When determining the SSIL for a component, various hazard consequences are taken into account such as loss of human life, injuries to persons, and damage to property.

The SSIL rating determines the techniques or measures that you will need to fulfill and there are different recommendations for each one.

For each technique the requirements are stated for each SSIL, using the following abbreviations:

  • “M” mandatory.
  • “HR” highly recommended.
  • “R” recommended.
  • “—” no requirement

For example Table A.12, TECHNIQUE/MEASURE 1  States that a coding standard — such as MISRA — is mandatory for SSIL 3 and SSIL 4, and highly recommended for SSIL 0, SSIL 1, and SSIL 2.

How to Follow EN 50128?

Within EN 50128,  Phase 7.5 — Software Component Implementation and Annex A — Criteria for the Selection of Techniques and Measures -  specifically address software development.

To meet the requirements of those sections,  EN 50128 specifies the use of a static code analyzer. This ensures that:

  • Defects and vulnerabilities are identified.
  • Coding standards — such as MISRA — are enforced.

Using a static code analyzer — like Helix QAC — makes it easier to verify that your code is compliant to the coding standard and therefore can meet the requirements of EN50128. In addition, a static code analyzer helps to ensure that your code is safe, reliable, and high quality.

Learn more about how Helix QAC can help you meet the requirements of EN 50128 >>

Following EN 50128 Is Easier with Helix QAC

Helix QAC is the most accurate code analyzer for C and C++ programming languages. And, it has been certified for EN 50128 as fit for purpose to develop safety-related software up to SIL 4 by SGS-TÜV-SAAR. This makes it the ideal static code analyzer for EN 50128.

What’s more, as a certified tool, Helix QAC can help you accelerate functional-safety compliance by:

  • Enforcing coding standards and detecting rule violations.
  • Prevent the use of undefined or unspecified behavior
  • Implementing Control and Data Flow analysis.
  • Calculating metrics

See how Helix QAC can help you accelerate your functional safety efforts.

Comply Faster With Helix QAC