In some cases it is necessary to modify or adapt a certified sensor, controller or system. Either due to an discovered insecurity, new legislation or an extended product requirement.
You might think that if you change something on a certified product, the certification is lost and the product no longer complies with the standard. But, if you follow the prescribed procedure of the standard when making the change, then nothing should have changed in the safety of the product after the modification. IEC 61508 provides assistance here with the so-called modification management.
What is modification management?
Modification management is the structured and coordinated approach to the modification of certified products with the corresponding documentation.
What is to be done?
First, the requirement of the modification is defined and the reasons are sufficiently described.
The following reasons are permissible:
Safety performance below limit: Due to an update of the risk analysis, it may be necessary that the safety electronics no longer meet the requirements and must be adapted.
Systematic error: Due to the development according to the V-model, systematic errors are almost excluded. Nevertheless, it can happen that errors are detected in the course of the product life cycle that can be traced back to a systematic error in the software and that this must be remedied.
Accident experience: Despite the use of comprehensive safety technology, an accident or failure can occur and a revision of the risk assessment requires a change in the software or hardware.
New product requirements: New product requirements may require an adaptation of the product. However, this should be limited to what is necessary.
New legislation: Due to a new standard or a new law, the product may have to be re-qualified and, if necessary, adapted.
New safety requirements: If the safety requirements change, the affected safety product must be adapted accordingly.
If the reason for the modification is plausible, the necessary changes must be specified comprehensively and the effects or possible influences on the existing safety function must be checked.
For this purpose, it is absolutely necessary to go through the risk analysis again and to check or re-evaluate all possible errors and their influences and, if necessary, to take measures to avoid errors.
Once all changed and new functions have been implemented, they are comprehensively tested against the specification, both in unit and integration tests as well as in system tests. The test results are documented.
All necessary steps for verification and validation are defined in the MOBA V&V plan.
It may also be necessary to re-qualify the product in accordance with the applicable EMC standards and environmental requirements.
All changes in software or hardware are listed in the product or software life cycle with the new version number to ensure complete traceability.
MOBA has successfully integrated modification management into the MOBA development process and is thus optimally positioned for the development and modification of safety products.
If all requirements for a modification are implemented in accordance with the standard, a modification of a certified sensor, controller or system can also be made.