Experts in embedded RTOS, with a specialisation in safety certified software

Functional Safety Standards

SAFERTOS was initially certified in 2007 by TÜV SÜD to IEC 61508-3 SIL 3, the highest level possible for a software only component.

Today SAFERTOS has grown to be a leading safety critical RTOS solution supporting a wide range of international safety design standards, including:

IEC 61508 and ISO 26262 functional safety standards allow the certification of software only components, such as an RTOS. Here the RTOS is certified as a Safety Element out of Context (SEooC), as the final application in which the RTOS will be used is unknown.

Other standards take into account the specific product risks, and hence certification can only occur at a product level. Individual software components designed for use in systems where certification is only possible at a system level are normally referred to as “certifiable to”.

Both IEC 61508 (industrial) and ISO 26262 (automotive) support the certification of software only components; whereas IEC 62304 (medical) and DO178 (aerospace) only support the certification of the final product.

Pre-certified Software

SAFERTOS is pre-certified, meaning previous versions of SAFERTOS and its Design Assurance Pack (DAP) have been independently certified. Each certification is specific to a processor/compiler combination, down to a specific version of the compiler and a specific compiler configuration. As part of the WHIS continuous certification program WHIS releases a number of SAFERTOS variants to TÜV SÜD for independent certification at least once per year, typically upon a major version number upgrade, or for a new processor architecture or in response to a customer request.

SAFERTOS consists of two layers, a core SAFERTOS layer which forms around 80% of the code base, and is common across SAFERTOS variants of the same major version number, and a portable layer which encapsulates the processor/compiler specific code.

When preparing a new SAFERTOS variant, the portable layer DAP for the specific processor/compiler combination is created along with the portable layer code base. The portable layer is integrated with the core SAFERTOS layer and supporting DAP, all verification and validation tests are executed and the DAP for the full SAFERTOS variant created and issued. All work is performed using a mature, safety critical design life cycle, with independence between designer and tester, and oversight from an independent reviewer.

Additional independent TÜV SÜD certification for SAFERTOS upon a specific processor/compiler combination can be separately purchased. Here, once the SAFERTOS development and verification processes has been completed, WHIS will submit SAFERTOS and the DAP to TÜV SÜD for independent certification.

We are proud to be members of The 61508 Association.

Working in so many different safety domains has allowed our engineers to gain an unprecedented knowledge of software safety engineering, and the certification process. This knowledge is used to continually develop SAFERTOS, and its DAP, and has resulted in an efficient and trouble free experience for our customers.

Free Demos & Manuals

Download fully functional, time-limited SAFERTOS demos, plus manuals, datasheets, and more.