In safety-relevant or safety-critical areas stringent requirements in terms of operational safety are imposed on automation elements such as electrical or electronic units, circuits or other functional units. In this context the term “operational safety” refers, in particular, to the consideration and analysis of dangers that can arise as a result of defective functions of the automation elements during operation of such an automation element, and to minimizing these dangers, with the use of suitable measures, to an acceptable level.
In the context of this description the terms “safety-relevant areas” or “safety-critical areas” refer, in particular, to technical installations or equipment, which during their operation could pose a danger to the surroundings, i.e. to the environment and or to persons; or to technical installations whose divergent function, i.e. whose defective function, from an intended function would compromise safety. This can, for example, relate to means of transport, in particular aircraft, to industrial automation equipment or other technical installations, in particular technical installations that are operated in spatial proximity to persons.
The function of such technical installations needs to be verified, and the technical installation per se needs to be certificated for operation. In other words, it must be verified or proven that functional requirements are met by technical installations and that the latter can thus be approved for operation. In the context of verification, investigations are carried out to determine whether in the technical installation there are any divergences of the actual behavior, in other words of the actual function, from the expected or required behavior, in other words from the target function in particular predetermined scenarios, so-called test scenarios. The number and design of the test scenarios can vary from one field of application to another of the technical installation.
If no such deviation is discovered, the technical installation is certificated for operation.
This procedure can lead to considerable expenditure for verification and thus also for certification of such technical installations that can involve a host of different configurations or operating modes, in particular when these configurations can be changed during the operating time of the technical installation. For each configuration and for each operating mode respective individual test scenarios are to be drawn up and corresponding tests are to be carried out (verification).
Modifications of the technical installation or one of its components may result in the need for renewed verification and certification if the modifications influence the required behavior and/or change the range of functions of the technical installation in such a manner that the technical installation contains functions that have not yet been verified and certificated. Influencing the required behavior can come about by functional expansion, by modification or by the removal of already existing functions.
Normally, a technical installation is verified and certificated as a whole, based on the verification of its individual components and functional units.
The certification procedure inter alia involves the two steps of verifying the technical function of a component, and furnishing proof that the function or mode of operation of the remaining components remains unaffected. This certification (verification of the function of a component, and the proof that the remaining components remain unaffected) equates to release for use. Release or approval for use is usually carried out by an independent supervisory body and means that a technical installation (including the individual function of the technical installation) is certificated.
Such components and functional units can, in particular, be electrical or electronic assemblies or components of such assemblies, for example a circuit or components of a circuit, wherein such a circuit can, for example, be used as part of a control unit.