IEC 60880


Ensure IEC 60880
software compliance

IEC 60880


Ensure IEC 60880
software compliance

IEC 60880

IEC 60880:2006 (Nuclear Power Plants – Instrumentation and Control Systems Important to Safety – Software Aspects for Computer-Based Systems) is a functional safety standard which, together with IEC 62138, covers the software aspects of computer based systems used in nuclear power plants to perform functions important to safety. IEC 60880 provides requirements for the safety category A as defined by IEC 61226.

Fitness for purpose litigation against companies and individuals is now an increasing risk. IEC 60880:2006 is a technical standard used by lawyers to interpret laws. The relevant law in question for Europe is the General Product Safety Directive 2001/95/EC (GPSD). This states that the product creator has the responsibility to develop a safety critical product in a way which is compliant with ‘State-of-the-Art’ development principles. ‘State-of-the-Art’ simply refers to commonly accepted best practices, which in the case of nuclear electronic safety related systems are now embodied in IEC 60880:2006. Where companies fail to employ accepted industry practices, they cannot use the “State-of-the-Art” legal defence against such litigation.

Recommended tools for compliance with IEC 60880

QA Systems enables organisations to accelerate IEC 60880 compliance with automated static analysis and software testing tools:

Tool Certification & Qualification

QA Systems’ tools have been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata has been certified as usable in development of safety related software according to IEC 60880:2006.

The tool certification kit for IEC 60880 is available to ease our customers’ path to certification. This contains everything needed to prove that Cantata fulfills IEC 60880 recommendations as well as guidance to help you to achieve compliance.

For our static analysis tool QA-MISRA, our tool Qualification Support Kit (QSK) automatically executes a full tool qualification verification test suite on the installed tool configuration and generates the necessary reports for IEC 60880 tool qualification.

These tool kits for IEC 60880 are available to ease our customers’ path to certification. They contain everything needed to prove that Cantata and QA-MISRA provide the required confidence in the use of software tools under IEC 60880 recommendations as well as comprehensive and detailed guidance on how to use them to comply with the required software verification activities of IEC 60880.

Please contact us for more information about these tool kits.

Cantata Certificate

Software testing for IEC 60880 compliance

Cantata helps accelerate compliance with the standard’s software testing requirements by automating:

  • Test framework generation
  • Identifies code defects and security vulnerabilities
  • Test execution
  • Results diagnostics and report generation

Our IEC 60880 Standard Briefing traces the requirements of IEC 60880, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata.

Please contact us for more information on Cantata for IEC 60880.

IEC 60880: Section 8 – Software verification

Clauses/Subclauses Cantata
8.1 Software verification process Yes
8.2.1 Verification plan Yes Verification of implementation with general-purpose languages Yes

IEC 60880 Table E4 – Verification and testing methods

Clauses/Subclauses Cantata
E.4.1 Selected verification methods  
E.4.1.1 Supervision of testing procedure Yes
E.4.1.1 Supervision of testing procedure Yes
E.4.1.3 Program proving Yes
E.4.1.4 Program analysis Yes
E.4.2 Testing methods  
E.4.2.1 General Yes
E.4.2.1: 1 Cases representative for program behaviour in general, its arithmetics, timing Yes
E.4.2.1: 2 All individually and explicitly specified requirements Yes
E.4.2.1: 3 All input variables in extreme positions (crash test) Yes
E.4.2.1: 4 Operation of all external devices Yes
E.4.2.1: 5 Static cases and dynamic paths which are representative for the behaviour of the technical process Yes
E.4.2.1: 6 Correct operation shown by turning off and on each redundant subsystem/external device (some combinations should be also tested where relevant) Yes
E.4.2.2 Path testing  
E.4.2.2: 7 Every statement executed at least once Yes
E.4.2.2: 8 Every outcome of every branch executed at least once Yes
E.4.2.2: 9 Every predicate term exercised to each branch Yes
E.4.2.2: 10 Each loop executed with minimum, maximum and at least one intermediate number of repetitions Yes
E.4.2.2: 11 Every path executed at least once Yes
E.4.2.3 Data movement testing  
E.4.2.3: 12 Every assignment to each memory place executed at least once Yes
E.4.2.3: 13 Every reference to each memory place executed at least once Yes
E.4.2.3: 14 All mappings from input to output executed at least once each Yes
E.4.2.4 Timing testing  
E.4.2.4: 15 Checking of all time constraints Yes
E.4.2.4: 16 Maximum possible combinations of interrupt sequences Yes
E.4.2.4: 17 All significant combinations of interrupt sequences Yes
E.4.2.5 Miscellaneous  
E.4.2.5: 18 Check for correct position of boundaries of data inputs Yes
E.4.2.5: 19 Check for sufficient accuracy of arithmetical calculations at all critical points Yes
E.4.2.5: 20 Only for programs; test of module interfaces and module interaction Yes
E.4.2.5: 21 Every module invoked at least once Yes
E.4.2.5: 22 Every invocation to a module exercised at least once Yes
E.4.2.5: 23 Operation at high load Yes

IEC 60880 B4.g Unit and integration tests

Clauses/Subclauses Cantata
B4.g Unit and integration tests shall be performed during the program development Yes The approach to testing should follow the approach to design Yes Each module should be tested thoroughly before it is integrated into the system and the test results documented Yes
B4.gc A formal description of the test inputs and results (test protocol) should be produced Yes Faults which are detected during program testing should be recorded and analysed Yes Incomplete testing should be recorded Yes In order to facilitate the use of unit and integration test results during final validation, the former degree of testing achieved should be recorded Yes

Start a free trial & get a complete copy of Cantata to evaluate using your code.