How-to Write a Safety Tool Selection Report
Safety tool selection strategy
Why do we need a TSR (Tool selection report)?
For safety-certified products, the qualification process must ensure that the 3rd-party software components fulfill the safety requirements. Based on the level of software criticality (T1 … T3) decided, a TSR for T2 and T3 must be approved in collaboration with the safety engineer to use the tool for Safety development.
Note: Software T1-T3 definitions are from the IEC 61508 standard, while Hardware T1-T2 definitions are ABB PCP definitions.
How to classify a tool?
Software off-line support tool
A software tool that supports a phase of the software development lifecycle and cannot directly influence the safety-related system during its run time. Software off-line tools may be divided into the following classes:
T1
Generates no outputs that can directly or indirectly contribute to the executable code/product design (including data) of the safety-related system;
Note: T1 examples include a text editor or a requirements or design support tool with no automatic code generation capabilities.
T2
Generates outputs that can directly or indirectly contribute to the product design (including data) of the safety-related system; supports the test or verification of the design or executable code, where errors in the tool can fail to reveal defects but cannot directly create errors in the executable software;
Note: T2 examples include a test harness generator, a test coverage measurement tool, a static analysis tool, and a tool for automatic tests.
T3
Generates outputs that can directly or indirectly contribute to the safety-related system's executable code.
Note: T3 examples include an optimizing compiler where the relationship between the source code program and the generated object code is not obvious and a compiler that incorporates an executable run-time package into the executable code.
Hardware off-line support tool
T1
Generates no outputs that can directly or indirectly contribute to the safety-related system's product design (including data) or be proven in use before the release of IEC 61508 2nd edition (2010).
T2
Generates outputs that can directly or indirectly contribute to the safety-related system's product design (including data).
Note: T2 examples include PCB/circuit diagram generator, PCB test tool or PLM tool such as Windchill.
TSR (Tool selection report) strategy
A TSR is required for all T2 and T3 tools, including SW and HW. See the TSR template: 7PAA004621F_en Safety Tool Selection Report.
TSR for T1 will be replaced by an assessment, which should be carried out together with the tool user, safety engineer, and CM and then documented in DFN.
The assessment should answer the following questions:
a. How is this tool integrated/connected to the development process, and what does it do?
b. Describe the rationale why this tool is classified as T1.
c. Responsibility: Is it possible for ABB to generate all the documents needed for the arguments within this report? Or is input from other companies (e.g., the Tool vendor) needed? If input from other companies is needed, the Functional Safety Management (Plan) shall plan the activity to get the required input.
d. Any deviation in usage or major update of the tool should trigger the revisit of the assessment or even classification.
How to write a TSR (Tool selection report) in practice?
For writing a TSR (Tool selection report) get the template from Templafy and fill in the chapters by following the guidance as described in the hidden text of the template.