Creating a safer, greener, more secure future.

Log In
Contact
Newsletter

SAFERTOS®: Pre-Certified Safety Critical RTOS

SAFERTOS® is a pre-certified safety Real Time Operating System (RTOS) for embedded processors, owned and developed by WITTENSTEIN high integrity systems. It delivers superior performance and pre-certified dependability, whilst utilizing minimal resources.

View our supported platforms or contacts us for a quote on bespoke projects.

Get a quote today

The Road To Safety

This video answers all your frequently asked questions about WHIS, the RTOS and the steps to delivering a safety critical system.

Watch it today

Ask Us a Question

For pricing, licensing, or any other sales or product related questions, please contact us.

Contact Us
Ask us a question

The SAFERTOS® Story

Since 2007 the primary focus has been the development and supply of mission and safety critical RTOS and middleware components. WHIS engineers took the FreeRTOS functional model, exposed it to a full HAZOP, identified all areas of weakness within the functional model and API, mitigated all areas of weakness, and took the resulting requirements set through an IEC 61508 SIL 3 development life cycle, the highest possible for a software only component.

In doing so we created SAFERTOS®: the renowned safety certified RTOS that delivers superior performance and safety critical dependability whilst consuming minimal resources. The success of these endeavours can be judged by the fact SAFERTOS® was independently certified on the first iteration by TÜV SÜD back in 2007.

SAFERTOS® has continuously evolved since its initial creation and the list of supported processors and toolsets is constantly expanding. SAFERTOS® includes, among other features:

  • Task Isolation and Separation;
  • Ultra-Low Power Mode;
  • OSEK API Wrapper;
  • A range of Safety Plugins.
View all features

Start Your Development for Free

As the FreeRTOS kernel and SAFERTOS® share the same functional model upgrading is easy. Many of our customers prototype using the FreeRTOS kernel, and convert to SAFERTOS® at the start of their formal development phase.

More Information
Start Your Development for Free

Design Assurance

SAFERTOS® is tailored to your specific processor/compiler combination, and delivered with full source code and our Design Assurance Pack (DAP) . The DAP gives you complete transparency over the full Design Life Cycle, and illustrates the exceptional high quality of our RTOS product. The DAP ensures:

  • No retesting on target hardware is required
  • Easy installation and integration into your development environment
  • Reduced development costs and improved time to market
  • Smooth path to certifying SAFERTOS® within an application
More DAP information

A Safety Systems Company

As WITTENSTEIN high integrity systems are first and foremost a Safety Systems Company, we can offer that all important extra service:

  • Safety Critical design review services
  • Consultancy on the safety certification process
  • SAFERTOS® training including safety related requirements
  • Full BSP solutions
View support services

Easier Certification

Using our extensive Safety Critical design experience we have made certifying SAFERTOS® integrated within a product an easy and hassle-free process.

Contained within the DAP is the all-important Safety Manual. The Safety Manual explains exactly how to install and integrate SAFERTOS® into your development environment. Following the concise instructions will also generate the evidence required by your auditors to confirm the process has been followed correctly. This removes the need to re-test SAFERTOS® on your target hardware, and provides a solid dependable platform for your development.

View all standards

Reducing Risks

In many safety critical applications the real time operating system (RTOS) is the most critical component. The RTOS not only schedules the functionality of the software, it also schedules the operation of Safety Monitors and Safety Functions. A failure in the RTOS will most likely compromise the Safety Case of the complete system.

SAFERTOS® has been designed specifically for the safety sector, and deterministic priority based scheduling is the primary Safety Requirement. Every effort has been made to ensure deterministic behaviour is maintained. To ensure this SAFERTOS® has been independently certified many times on numerous platforms, to IEC61508-3 SIL3, the highest possible SIL level for a software only component.

Licence Information

Free Demos & Manuals

Download fully functional, time-limited SAFERTOS® demos, plus manuals, datasheets, and more.

Download Centre

Customer Satisfaction

SAFERTOS® is an important foundational element to Rivian’s advanced software stack and commitment to designing for safety. The RTOS documentation and expert support has been fantastic.

– Andrew Jones, Rivian

Frequently Asked Questions

What is SAFERTOS® and how does it differ from a standard RTOS?

SAFERTOS® is a safety‑critical real‑time operating system developed and designed by WITTENSTEIN high integrity systems. Based on the FreeRTOS functional model, SAFERTOS® was re-built specifically for use in safety‑critical embedded applications. Unlike a standard RTOS, SAFERTOS® meets rigorous functional safety requirements, offering deterministic behavior, formally verified components, and a complete certification evidence package known as the Design Assurance Pack (DAP). This ensures the reliability and traceability needed for functional safety systems where failure is not an option.

What safety certifications does SAFERTOS® support?

SAFERTOS® is engineered to comply with leading international functional safety standards across automotive, aerospace, medical, industrial and rail. It is available pre-certified for IEC 61508 (up to SIL 3), ISO 26262 (up to ASIL D), IEC 62304 for medical devices by TUV SUD. For DO‑178C for avionics (up to DAL A), SAFERTOS® and its processes are designed from the ground up to meet each key milestone in aerospace development. Delivered with a comprehensive certification kit known as the Design Assurance Pack (DAP) that provides all documentation needed for certification.

How is SAFERTOS® used in safety‑critical embedded systems?

SAFERTOS® is a deterministic, pre‑emptive real‑time kernel that ensures predictable task scheduling and execution. Its small footprint and formally verified design make it ideal for embedded systems requiring high reliability, such as motor control, medical monitoring, industrial automation, and automotive safety functions. SAFERTOS® acts as the trusted foundation for functional safety applications that must operate correctly under all conditions.

What industries commonly use SAFERTOS®?

SAFERTOS® is widely adopted across industries where functional safety is mandatory. Typical sectors include automotive (ADAS, powertrain, battery management), medical devices, industrial control, robotics, aerospace, and energy systems. Its certification pedigree and proven reliability make it ideal for any domain requiring a safety‑certified RTOS.

What hardware platforms and microcontrollers does SAFERTOS® support?

SAFERTOS® is available for a broad range of microcontrollers and processor architectures, including ARM Cortex‑M, Cortex‑R, Cortex-A and various automotive‑grade and industrial MCUs. Each SAFERTOS® port is developed and verified for a specific processor/compiler combination to ensure deterministic behaviour and compliance with stringent safety standards. Most SAFERTOS® licenses cover a bespoke combination, although there are off the shelf options available if there is flexibility on which processor/compiler combination is needed.

What is the difference between SAFERTOS® and FreeRTOS?

SAFERTOS® and FreeRTOS share a common functional model, but they serve different purposes. FreeRTOS is an open‑source RTOS for general embedded applications, while SAFERTOS® is a completely separate, safety‑certified product with a redesigned and independently verified codebase. SAFERTOS® includes certification artefacts, long‑term support from WITTENSTEIN high integrity systems, and documented development processes required for functional safety compliance.

What support and documentation are available for SAFERTOS®?

SAFERTOS® is delivered with all the documentation needed to achieve certification. The Design Assurance Pack includes a Safety Manual, Integration Guide, API reference, and certification evidence. Customers also receive direct technical support from the WHIS engineering team, included in license cost, for the first 12 months to ensure smooth integration and further support packages are available for long‑term maintainability throughout the product lifecycle.

How is SAFERTOS® licensed and what are the commercial terms?

SAFERTOS® is offered under a royalty free, perpetual commercial license tailored to safety‑critical development. Licensing typically includes the kernel, processor/compiler combination, certification artefacts, and support for the first year. Pricing depends on factors such as target hardware, project scale, and required safety standards. SAFERTOS® licensing is offered in three tiers, Product license, Multi Product license and Corporation license.

How do I integrate SAFERTOS® into an existing embedded project?

Integrating SAFERTOS® involves linking the certified kernel into your application, configuring the scheduler, and following the guidelines in the Safety Manual to ensure compliance. WHIS provides platform‑specific ports and integration support to help you migrate from an existing RTOS, such as FreeRTOS, or start the project with SAFERTOS®.

What makes SAFERTOS® suitable for functional safety certification?

SAFERTOS® is developed using a rigorous, documented lifecycle that includes formal verification, static analysis, traceability, and extensive testing. With history in aerospace, WITTENSTEIN high integrity systems are well versed in safety software development. The SAFERTOS® kernel is small, deterministic, and designed to minimize failure modes. The accompanying certification pack provides the evidence required by assessors to streamline your system’s approval process.

Does SAFERTOS® include a safety manual and certification artefacts?

Yes. SAFERTOS® is supplied with a Design Assurance Pack (DAP) which includes a complete set of certification artefacts, including a Safety Manual, hazard analysis, verification reports, traceability matrices, and development process documentation. These materials significantly reduce the effort required to certify your final application.

How does SAFERTOS® handle memory protection and task isolation?

SAFERTOS® supports memory protection mechanisms provided by the underlying hardware, enabling separation between tasks and preventing unintended interactions. This isolation helps contain faults, improves system robustness, and supports compliance with safety standards that require partitioning of safety‑related functions.

Can SAFERTOS® be used in systems requiring SIL 3 or ASIL D compliance?

Yes. SAFERTOS® is designed to meet the highest levels of functional safety, including SIL 3 under IEC 61508 which is the highest SIL a software only component can achieve, and ASIL D under ISO 26262. Its verified kernel and certification evidence make it suitable for applications requiring the most stringent safety integrity levels. SAFERTOS® is also suitable for applications that require safety levels as high as DO-178C, DAL A for aerospace applications.

 

Ask Us a Question

For pricing, licensing, or any other sales or product related questions, please contact us.

Contact Us
Ask us a question