Qualifying a Software Testing Tool With the TÜV Certificate
By Miroslaw Zielinski
March 24, 2020
4 min read
What is tool qualification and why is it important in software testing? Check out this post to learn about tool qualification and how Parasoft C/C++test Compliance edition functions as a certified tool for testing, unlike other competitors.
Jump to Section
Safety-critical software development standards, such as ISO 26262 (automotive), DO-178B/C (aerospace), IEC 62304 (medical devices), EN 50128 (railway), and IEC 61508 (functional safety of EE system), require that manufacturers prove that the tools they are using to develop their software provide correct and predictable results.
Tool Qualification: What Is It and Why Do I Need It?
The process of providing such evidence is known as Tool Qualification or Tool Validation. It can be a time-consuming process, and for sure, it adds time and effort for teams that need to be focused on developing and testing software for the project. While users are ultimately responsible for the tool qualification process, they use tool vendors like Parasoft, to support these efforts. Tool vendors can ease the burden on the end-users by certifying their products and providing qualification kits.
Do I Need to Qualify All My Tools?
There is no single approach for tool qualification or certification across standards and not all tools require qualification. Therefore, standards define a “classification” process, attaching different levels of importance to tool qualification, and defining different methods to gain confidence in the tools used, which helps in determining whether a qualification is necessary for the specific tool.
This being said, as a general rule, if a tool is used to automate the verification process or produces the output that is used as a part of a critical system, like source code generated from the model, then qualification of the tool is required.
Can I Use the TÜV Certificate to Qualify Tools?
The short answer is, it depends on the standard.
- DO178B/C is quite strict in this aspect and does not allow using certificates to approve the tool for use. The qualification must be performed in the context of a specific project (see DO178C Chapter 12.2). Typically, the process involves validating that tool against its requirements with a special set of test cases. Tool vendors support this process by offering qualification kits. A qualification kit is also provided for Parasoft C/C++test.
- IEC 62304 does not list any specific requirements for the tool validation or qualification, but it redirects to 61508 for that matter.
- IEC 61508 and especially ISO 26262 are more precise than IEC 62304 in their approach to software tools qualification. For example, ISO26262 lists four methods to qualify the tool (Part 8, 11.4.6). It gives an option to approve the tool for safety-critical development by means of independent evaluation and certification of the tool development process
In short, the practice in the industry is that for ISO26262, IEC 61508 and IEC 62304 teams can use tools that are certified by an independent organization (such as TÜV SÜD) without other qualification activities. For DO178B/C, certificates are not accepted and teams must go through the qualification process.
What Is the Tool Certification Process?
Tool vendors hire an independent organization (such as TÜV SÜD) specializing in functional safety to evaluate the software tool development process. The evaluation includes an assessment of intended use cases and review with a special focus on software quality assurance, known defect lifecycle and release management.
If the processes meets the standards and guarantees the quality of the tool, the organization is granted certification for the tool. Certification is given for the specific release of the tool; it is not possible to certify “future” releases.
The certificate is then offered together with the tool to simplify the process of approving it for safety-critical development. For all safety standards that allow for it, this is the preferred way of tool qualification, as it reduces the effort for the tool user.
Does Parasoft Offer Certified Tools?
Parasoft C/C++test Compliance editions have been certified by TÜV SÜD for use in safety-critical software development according to:
- IEC 61508-3:2010
- IEC 62304:2015
- ISO 262626-8:2018
TÜV SÜD is an organization oriented on providing safety and security audits and certifications. It is a widely recognized and respected organization. Unlike some competitors, Parasoft certifies every release of its product so you are able to take advantage of the most recent innovations and are not limited to a special Long Term Support version.
For more about TÜV SÜD, please follow https://www.tuvsud.com/
Is the TÜV Certification Valid for All ASIL or SIL Levels?
TÜV certification can be used to approve and qualify Parasoft C/C++test for developing software for all ASIL or SIL levels. Teams developing software for ASIL D or SIL 4 can still consider approving the tool with the qualification kit. However, in general, the practice in the industry is that the certification is sufficient.
What Is the TÜV Certificate & What Do I Do With It?
The TÜV Certification is a pdf document that is part of the “C/C++test Functional Safety Distribution Package” and is available to customers who are using a Compliance version of Parasoft C/C++test. The package contains the following documents:
Z10 075084 0005 Rev.02.pdf – The main certificate. Includes the information about the tool version that was certified and the list of functional safety standards for which the certification is valid. The certification should be included in the project documentation that is submitted for the functional safety audit.
C++test <version> – Functional Safety Considerations.pdf – Tool safety manual. It contains important information on how to use the tool safely. This document should be distributed to all users of the tool. It defines which features have been certified and how to configure the tool to detect potential errors.
C++test <version> – Known Defects.pdf – List of all known defects in the tool that may affect the output of the tool. Tool end-users shall review this document and apply workarounds for all the problems that affect relevant use cases of the tool in a specific project.
PK83996C V6.4.pdf – Report to the Certificate. It states the scope of testing and tool classification and qualification requirements. It is a supplement to the main certificate.
PK83317T V7.4.pdf– Technical Report of Functional Safety. It is a supplement to the main certificate.
In addition, all users of Parasoft C/C++test who are developing safety-critical software should register for updates of the “known defects” list. Parasoft maintains an up-to-date list of known defects and distributes it to all registered users.
How Do I Get the TÜV Certification?
The TÜV Certification can be downloaded from the Parasoft Customer Portal, which is available from the main Parasoft web page (parasoft.com). Customers can log in using their credentials and go to “Products & Licenses”, “Downloads” and select the “Functional Safety Distribution Package.”
“Functional Safety Distribution Package” is available for all customers who have purchased the “Compliance” edition of Parasoft C/C++test.