Safety development in accordance with the standards DIN EN ISO 13849-1 and DIN EN 62061 should help to avoid dangerous systematic errors in the application software for a machine. The problem with this is that the presentation of requirements in a standard is naturally very general. To make matters worse, there have hardly been any published examples of implementation to date. In response to this situation, the German Social Accident Insurance (DGUV) - on the initiative of the Institute for Occupational Safety and Health (IFA) and the employers' liability insurance associations - has funded various projects.

One of these is the FP0319 project "Standard-compliant development and documentation of safety-related user software in mechanical engineering". As part of this project, Prof. Norbert Becker and his colleagues at Bonn-Rhein-Sieg University of Applied Sciences developed several specific procedures for implementing the requirements contained in the new standards for the software development of safety functions for machines and evaluated and documented them using industrial examples.

Specifically, a matrix-based form of specification and documentation of safety software was developed in the course of the project - the so-called IFA matrix method. This met with much greater acceptance in industry than the alternative methods of 'description of the application software as a state machine' or 'specification via checklists'. One reason for this may be that many companies already document and specify their security software in the form of tables.

The IFA matrix method

Figure 1: Simplified development models according to the IFA matrix method.

© IFA

The main characteristics of the matrix method are

• Permissible simplification and decomposition of the V-model of DIN EN ISO 13849-1 into two small V-models: one V-model is used for the software development of safety functions, the other for the development of project-specific function blocks (modules).
• Definition of documents for processing the V-models.
• Structuring the software into a pre-processing level, a control logic to be specified and a post-processing level.
• This allows the control logic to be specified using a C&E table (Cause & Effect).
• The test coverage can be completed with additional test lines in the C&E table.
• Integration of test fields in the documents.
• The specification-compliant quality of the software is monitored by the verification, code review and software validation test steps.

From the start of the project, the intention was to prepare and publish the results of the research project later in an IFA report (IFA Report 2/2016; www.dguv.de/webcode/d1023063) on this topic. In addition to the presentation of the actual development method, the target group will receive further necessary information and interpretations of normative requirements for application software. The changes to the DIN EN ISO 13849 series of standards, Part 1 and Part 2, in relation to application software are also considered - for example, the topics 'Validation of software' and 'Use of standard components'. IFA Report 2/2016 thus supplements the well-known IFA Report 2/2017 (Functional safety of machine control systems; previously BGIA Report 2/2008), which focuses more on the reliability of control hardware and the calculation of its failure probabilities.

The IFA tool Softema

To ensure efficient and quality-assured implementation of the IFA matrix method, the IFA developed a software tool called Softema. This tool manages the tables required for the IFA matrix method as well as the information required for project management, such as project description, user administration, change logs and document management. Softema can also be used to view the examples of the IFA matrix method available for download. Last but not least, the software can be used to create and edit your own projects.

Softema can open and edit one project file at a time for the specification and documentation of an application program. However, the software can be run multiple times in order to edit different projects and application programs in parallel. The corresponding project files use the file type 'Microsoft Excel workbook' (*.xlsx) and can therefore be edited either with Softema or with Microsoft Excel directly. In the latter case, all tables are freely editable; in Softema, the contents are protected by the user administration.

The following functions are initially supported by Softema:

• Tables, columns and rows can be added and customized in the project file according to the user.
• Automatic updating of tables when input data is modified.
• Formal verification of tables for missing, contradictory or duplicate entries.
• Management of employees in the project.
• Role-based user authorizations.
• Support for verification, validation and checking.
• Support for modifications.
• Specific editors for the various cell contents.
• Management of documents and changes.
• Undo/redo functions, search/replace functions.
• Specific print functions and reports.