EN 50657:2017 - Railway Software on Board Rolling Stock Standard

Railways Applications - Rolling stock applications - Software on Board Rolling Stock

1.1 This European Standard specifies the process and technical requirements for the development of software for programmable electronic systems for use in rolling stock applications. Outside the scope of this standard is software that: - is part of signalling equipment (CENELEC sub-committee SC9XA applications) installed on board trains, or - does not contribute to, and is segregated from Rolling Stock operational functions. 1.2 This European Standard is applicable exclusively to software and the interaction between software and the system of which it is part. 1.3 Entry intentionally left empty 1.4 This European Standard applies to safety-related as well as non-safety-related software, including for example: - application programming, - operating systems, - support tools, - firmware. Application programming comprises high level programming, low level programming and special purpose programming (for example: programmable logic controller ladder logic). 1.5 This European Standard also addresses the use of pre-existing software and tools. Such software may be used, if the specific requirements in 7.3.4.7 and 6.5.4.16 on pre-existing software and for tools in 6.7 are fulfilled. 1.6 Software developed according to a valid version of EN 50128 is considered as compliant to this standard. Software previously developed in accordance with any version of EN 50128 is also considered as compliant and not subject to the requirements on pre-existing software. SIL1-SIL4 software developed under EN 50657 also complies with EN 50128:2011. 1.7 This European Standard considers that modern application design often makes use of software that is suitable as a basis for various applications. Such software is then configured by application data for producing the executable software for the application. This European Standard applies to such software. In addition, specific requirements for application data will be given. 1.8 Entry intentionally left empty 1.9 This European Standard is not intended to be retrospective. It therefore applies primarily to new developments and only applies in its entirety to existing systems if these are subjected to major modifications. For minor changes, only 9.2 applies. However, application of this European Standard during upgrades and maintenance of existing software is recommended. 1.10 The relevant sections of this software standard are also applicable to programmable components (e.g. FPGA and CPLD), in addition to the applicable hardware standard (e.g. EN 50129, EN 50155, EN 61508 2). However, requirements of this software standard that are already covered by the applicable hardware standard do not need to be re-addressed. When it is possible to exhaustively test the programmable logic for all possible inputs and internal logic states, this European Standard does not apply.

Bahnanwendungen - Anwendungen für Schienenfahrzeuge - Software auf Schienenfahrzeugen

Applications ferroviaires - Applications du matériel roulant - Logiciels embarqués

1.1 La présente Norme européenne spécifie les exigences de processus et techniques applicables au développement de logiciels pour des systèmes électroniques programmables utilisés dans les applications pour le matériel roulant. Un logiciels est hors du domaine d’application de la présente norme si : - il fait partie d’équipement de signalisation (applications du sous-comité SC9XA du CENELEC) installé à bord d’ ou - il ne contribue pas aux, et est séparé des, fonctions opperationnelles du Matériel Roulant 1.2 La présente Norme européenne est exclusivement applicable au logiciel et à l'interaction entre le logiciel et le système auquel il appartient. 1.3 Volontairement laissé vide 1.4 La présente Norme européenne s'applique à tous les logiciels, qu'il s'agisse de logiciels relatifs à la sécurité ou non, notamment : - la programmation d'applications, - les systèmes d'exploitation, - les outils, - les microprogrammes. La programmation d'applications inclut la programmation de haut niveau, la programmation de bas niveau et la programmation spécifique personnalisée (par exemple : la logique à contacts d'un contrôleur logique programmable). 1.5 La présente Norme européenne traite également de l'utilisation de logiciels et d'outils préexistants. Ces logiciels peuvent être utilisés si les exigences spécifiques en 7.3.4.7 et 6.5.4.16 relatives aux logiciels préexistants et celles en 6.7 relatives aux outils sont satisfaites. 1.6 Un logiciel développé conformément à une version valide de l'EN 50128 est considéré comme conforme à la présente Norme. Un logiciel développé conformément à une version quelconque de l'EN 50128 sera également considéré comme conforme et non soumis aux exigences relatives aux logiciels préexistants. Pour un logiciel SIL1-SIL4 dans le domaine d’application de la présente norme, les exigences incluses dans la présente Norme Européenne sont équivalentes aux exigences logicielles de l’EN 50128:2011. 1.7 La présente Norme européenne considère que la conception moderne d'applications utilise fréquemment des logiciels qui conviennent comme base pour diverses applications. Ces logiciels sont ensuite configurés par des données d'application, afin de produire le logiciel exécutable pour l'application. La présente Norme européenne s'applique à de tels logiciels. De plus, les exigences spécifiques concernant les données d'application seront fournies. 1.8 Volontairement laissé vide 1.9 La présente Norme européenne n'est pas destinée à être rétroactive. Elle s'applique donc principalement aux nouveaux développements et n'est applicable dans son intégralité aux systèmes existants que s'ils font l'objet de modifications importantes. Pour les modifications mineures, seul le Paragraphe 9.2 s'applique. Cependant, il est recommandé d'appliquer la présente Norme européenne pendant les mises à niveau et la maintenance des logiciels existants. 1.10 Les sections pertinentes de la présente norme de logiciel s'appliquent également aux composants programmables (par exemple les FPGA (Field-Programmable Gate Array, circuits intégrés prédiffusés programmables) et les CPLD (Complex Programmable Logic Device, réseaux logiques programmables complexes)), en plus de la norme de matériel applicable (par exemple, EN 50129, EN 50155, EN 61508-2). Cependant, les exigences de la présente norme logiciel qui sont déjà couvertes par la norme matériel applicable n’ont pas besoin d’être re-traitées. Lorsqu'il est impossible de soumettre à test de manière exhaustive la logique programmable pour toutes les données d'entrée et tous les états logiques internes possibles, la présente Norme Européenne ne s’applique pas.

Železniške naprave - Vozna sredstva - Programska oprema za tirna vozila

1.1 Ta evropski standard določa procesne in tehnične zahteve za razvoj programske opreme za programirljive elektronske sisteme, ki se uporabljajo za tirna vozila.
Programska oprema, ki je del opreme za signalizacijo (krmiljenje in zaščita železniških naprav), nameščene na vlakih, ne sodi na področje uporabe tega standarda.
Programska oprema, ki ne izvaja železniških aplikacij in ki se ne povezuje s funkcijami tirnih vozil, ne sodi na področje uporabe tega standarda, če je ločena od železniške programske opreme.
1.2 Ta evropski standard se uporablja izključno za programsko opremo in interakcijo med programsko opremo ter sistemom, katerega del je ta oprema.
1.3 Namerno izbrisano
1.4 Ta evropski standard se uporablja za programsko opremo, ki je povezana z varnostjo, in programsko opremo, ki ni povezana z varnostjo, vključno z na primer:
– programiranjem aplikacij,
– operacijskimi sistemi,
– orodji za podporo,
– vdelano programsko opremo.
Programiranje aplikacij zajema programiranje na visoki ravni, programiranje na nizki ravni in programiranje za posebne namene (na primer: programirljivi logični krmilnik z lestvično logiko).
1.5 Ta evropski standard obravnava tudi uporabo že obstoječe programske opreme in orodij. Taka programska oprema se lahko uporabi, če so izpolnjene zahteve iz točk 7.3.4.7 in 6.5.4.16 za že obstoječo programsko opremo in zahteve iz točke 6.7 za orodja.
1.6 Programska oprema, razvita v skladu z veljavno različico standarda EN 50128, je skladna s tem standardom. Programska oprema, ki je bila predhodno razvita v skladu s katero koli različico standarda EN 50128, je tudi skladna in zanjo ne veljajo zahteve za že obstoječo programsko opremo.
1.7 Ta evropski standard upošteva, da se pri sodobnem načrtovanju aplikacij pogosto uporablja programska oprema, ki je primerna kot osnova za različne aplikacije. Taka programska oprema se nato konfigurira s podatki aplikacije, da nastane izvršljiva programska oprema za določeno aplikacijo. Ta evropski standard velja za vso programsko opremo in za posebne zahteve za aplikacijske podatke.
1.8 Namerno izbrisano
1.9 Ta evropski standard ni retrospektiven. Velja torej predvsem za nov razvoj in v celoti velja le za obstoječe sisteme, če pri njih pride do večjih sprememb. Pri manjših spremembah velja le točka 9.2. Uporaba tega evropskega standarda se kljub temu priporoča med nadgradnjami in vzdrževanjem obstoječe programske opreme.
1.10 Pri programirljivih komponentah (vključno s FPGA in CPLD) je treba poleg veljavnega standarda za strojno opremo (npr. EN 50129, EN 50155, IEC 61508-2) upoštevati ustrezne dele tega standarda za programsko opremo, če ni mogoče izčrpno preskusiti programirljive logike za vse možne vhode in interna logična stanja.
Vendar pa opravil, ki jih že obravnava standard za strojno opremo, ni treba ponoviti pri uporabi tega standarda za programsko opremo.

General Information

Status

Published

Publication Date

10-Aug-2017

ICS

35.080 - Software

35.240.60 - IT applications in transport

Technical Committee

CLC/TC 9X - Electrical and electronic applications for railways

Drafting Committee

CLC/SC 9XB - Electromechanical material on board rolling stock

Current Stage

9093 - Decision to confirm - Review Enquiry

Start Date

14-Sep-2022

Completion Date

23-Sep-2025

Directive

2008/57/EC - Directive 2008/57/EC of the European Parliament and of the Council of 17 June 2008 on the interoperability of the rail system within the Community (Recast)

2016/797/EU - Directive (EU) 2016/797 of the European Parliament and of the Council of 11 May 2016 on the interoperability of the rail system within the European Union (Text with EEA relevance)

Mandate

M/483 - Mandate for programming and standardisation addressed to the European standardisation bodies under directive 2008/57/EC in the field of the interoperability of the rail system within the European Union

M/591 - Standardisation request to the European Committee for Standardisation and the European Committee for Electrotechnical Standardisation as regards railway products in support of Directive (EU) 2016/797

Ref Project

SIST EN 50657:2017 - Railway applications - Rolling stock applications - Software on board of rolling stock

Relations

Replaced By

EN 50716:2023 - Railway Applications - Requirements for software development

Effective Date

14-Mar-2023

Amended By

EN 50657:2017/A1:2023 - Railways Applications - Rolling stock applications - Software on Board Rolling Stock

Effective Date

13-Sep-2022

Overview

EN 50657:2017 - "Railway applications - Rolling stock applications - Software on board of rolling stock" - defines process and technical requirements for developing software on board rolling stock. The European Standard covers both safety-related and non-safety-related software used in train on-board systems, including application programs, operating systems, firmware, support tools and programmable logic where exhaustive testing is not feasible. It applies to the software itself and the interaction between software and the system of which it is part.

Key technical topics and requirements

Software lifecycle & documentation: Requirements for lifecycle planning, deliverables and documentation from requirements through deployment and maintenance.
Software assurance: Comprehensive testing, verification, validation, assessment and quality assurance activities to demonstrate compliance and fitness for purpose.
Architecture, design and component development: Guidance on system architecture, component design, implementation, integration and final validation.
Support tools and pre-existing software: Rules for using tools and existing software components; specific clauses (e.g., 7.3.4.7, 6.5.4.16 and clause 6.7) address pre-existing software and tools.
Application data and configurable systems: Requirements for software that is configured by application data and for development of that data.
Change control & maintenance: Processes for controlled modifications, software deployment and maintenance; provisions for major vs. minor changes.
Roles, competence & organization: Defined roles, responsibilities and personnel competence requirements for software projects.
Programmable components: Applicability to FPGA/CPLD programming in addition to hardware standards, except where exhaustive testing of logic is possible (in which case EN 50657 does not apply).

Practical applications

EN 50657:2017 is intended for:

Development of on-board train control, monitoring and auxiliary software
Projects where software contributes to rolling stock operational functions or safety
Systems configured by application data (e.g., configurable control platforms)
Lifecycle governance for new developments and major modifications of existing systems

Practical uses include establishing development processes that support safety assurance, producing required documentation for certification and ensuring consistent software quality across supplier ecosystems.

Who should use this standard

Rolling stock manufacturers and integrators
Software developers and embedded engineers for railway systems
Safety and systems engineers responsible for software assurance
Test engineers, QA managers and maintenance teams
Certification bodies and assessors evaluating on-board software compliance

Related standards

EN 50128 (software for railway control systems): software developed to EN 50657 is considered compliant with EN 50128; existing EN 50128 work is also recognized.
Hardware and safety standards often applied alongside EN 50657: EN 50129, EN 50155, EN 61508.
Signalling software installed on-board is excluded and falls under CENELEC SC9XA topics (EN 50128/50129 family).

Keywords: EN 50657:2017, EN 50657, railway software standard, software on board of rolling stock, rolling stock applications, software lifecycle, software assurance, safety-related software.

Standard

EN 50657:2017

English language

140 pages

sale 10% off

Preview

sale 10% off

Preview

e-Library read for

AI-Chat

1 day

Create e-Library subscription and get permanent access to the document. Subscriptions are available for: 35 35.080 35.240 35.240.60

Standards Content (Sample)

EN 50657:2017

SLOVENSKI STANDARD
01-oktober-2017
Železniške naprave - Vozna sredstva - Programska oprema za tirna vozila
Railway applications - Rolling stock applications - Software on board of rolling stock
Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und
Datenverarbeitungssysteme - Software für Eisenbahnsteuerungs- und
Überwachungssysteme
Applications ferroviaires - Systèmes de signalisation, de télécommunication et de
traitement - Logiciels pour systèmes de commande et de protection ferroviaire
Ta slovenski standard je istoveten z: EN 50657:2017
ICS:
35.080 Programska oprema Software
45.060.01 Železniška vozila na splošno Railway rolling stock in
general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 50657
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2017
ICS 35.080; 35.240.60
English Version
Railways Applications - Rolling stock applications - Software on
Board Rolling Stock
Applications ferroviaires - Applications du matériel roulant - Bahnanwendungen - Anwendungen für Schienenfahrzeuge
Logiciels embarqués - Software auf Schienenfahrzeugen
This European Standard was approved by CENELEC on 2017-05-08. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 50657:2017 E
Contents Page
European foreword . 8
Introduction . 9
1 Scope . 12
2 Normative references . 13
3 Terms, definitions and abbreviations . 13
3.1 Terms and definitions . 13
3.2 Abbreviations . 19
4 Objectives, conformance and software integrity levels . 20
5 Software management and organization . 21
5.1 Organization, roles and responsibilities . 21
5.1.1 Objective . 21
5.1.2 Requirements . 21
5.2 Personnel competence . 25
5.2.1 Objectives . 25
5.2.2 Requirements . 25
5.3 Lifecycle issues and documentation . 25
5.3.1 Objectives . 25
5.3.2 Requirements . 25
6 Software assurance . 28
6.1 Software testing . 28
6.1.1 Objective . 28
6.1.2 Input documents . 28
6.1.3 Output documents . 28
6.1.4 Requirements . 29
6.2 Software verification . 29
6.2.1 Objective . 29
6.2.2 Input documents . 30
6.2.3 Output documents . 30
6.2.4 Requirements . 30
6.3 Software validation . 31
6.3.1 Objective . 31
6.3.2 Input documents . 31
6.3.3 Output documents . 31
6.3.4 Requirements . 32
6.4 Software assessment . 33
6.4.1 Objective . 33
6.4.2 Input documents . 33
6.4.3 Output documents . 33
6.4.4 Requirements . 33
6.5 Software quality assurance . 35
6.5.1 Objectives . 35
6.5.2 Input documents . 35
6.5.3 Output documents . 35
6.5.4 Requirements . 35
6.6 Modification and change control . 38
6.6.1 Objectives . 38
6.6.2 Input documents . 38
6.6.3 Output documents . 38
6.6.4 Requirements . 38
6.7 Support tools and languages . 39
6.7.1 Objectives . 39
6.7.2 Input documents . 39
6.7.3 Output documents . 39
6.7.4 Requirements . 39
7 Software development . 42
7.1 Lifecycle and documentation for software . 42
7.1.1 Objectives . 42
7.1.2 Requirements . 42
7.2 Software requirements . 42
7.2.1 Objectives . 42
7.2.2 Input documents . 42
7.2.3 Output documents . 43
7.2.4 Requirements . 43
7.3 Architecture and Design. 45
7.3.1 Objectives . 45
7.3.2 Input documents . 45
7.3.3 Output documents . 45
7.3.4 Requirements . 46
7.4 Component design . 52
7.4.1 Objectives . 52
7.4.2 Input documents . 52
7.4.3 Output documents . 52
7.4.4 Requirements . 52
7.5 Component implementation and testing . 54
7.5.1 Objectives . 54
7.5.2 Input documents . 54
7.5.3 Output documents . 54
7.5.4 Requirements . 54
7.6 Integration . 55
7.6.1 Objectives . 55
7.6.2 Input documents . 55
7.6.3 Output documents . 55
7.6.4 Requirements . 56
7.7 Overall Software Testing / Final Validation . 57
7.7.1 Objectives . 57
7.7.2 Input documents . 57
7.7.3 Output documents . 57
7.7.4 Requirements . 58
7.8 Development of Software configured by application data . 59
7.8.1 Objective . 59
7.8.2 Requirements . 59
8 Systems configured by application data: development of application data . 60
8.1 Objectives . 60
8.2 Input documents . 60
8.3 Output documents . 61
8.4 Requirements . 61
8.4.1 Application Development Process . 61
8.4.2 Application Requirements Specification . 62
8.4.3 Architecture and Design . 62
8.4.4 Application Data Production . 63
8.4.5 Application Integration and Testing . 63
8.4.6 Application Validation and Assessment . 64
8.4.7 Application preparation procedures and tools . 64
9 Software deployment and maintenance . 64
9.1 Software deployment . 64
9.1.1 Objective . 64
9.1.2 Input documents . 64
9.1.3 Output documents . 64
9.1.4 Requirements . 65
9.2 Software maintenance . 66
9.2.1 Objective . 66
9.2.2 Input documents . 66
9.2.3 Output documents . 66
9.2.4 Requirements . 67
Annex A (normative) Criteria for the Selection of Techniques and Measures . 69
A.1 General . 69
A.2 Clauses tables . 70
A.3 Detailed tables . 77
Annex B (normative) Key software roles and responsibilities . 82
Annex C (informative) Documents Control Summary . 95
Annex D (informative) Bibliography of techniques . 97
D.1 Artificial Intelligence Fault Correction . 97
D.2 Analysable Programs . 97
D.3 Avalanche/Stress Testing . 98
D.4 Boundary Value Analysis . 98
D.5 Backward Recovery . 99
D.6 Cause Consequence Diagrams . 99
D.7 Checklists . 99
D.8 Control Flow Analysis. 100
D.9 Common Cause Failure Analysis . 100
D.10 Data Flow Analysis. 100
D.11 Data Flow Diagrams . 101
D.12 Data Recording and Analysis . 101
D.13 Decision Tables and Truth Tables . 102
D.14 Defensive Programming . 102
D.15 Coding Standards and Style Guide . 103
D.16 Diverse Programming . 104
D.17 Dynamic Reconfiguration . 105
D.18 Equivalence Classes and Input Partition Testing. 105
D.19 Error Detecting and Correcting Codes . 106
D.20 Error Guessing . 106
D.21 Error Seeding . 106
D.22 Event Tree Analysis . 107
D.23 Fagan Inspections. 107
D.24 Failure Assertion Programming . 107
D.25 SEEA – Software Error Effect Analysis . 108
D.26 Fault Detection and Diagnosis . 108
D.27 Finite State Machines/State Transition Diagrams . 109
D.28 Formal Methods . 110
D.28.1 General . 110
D.28.2 CSP – Communicating Sequential Processes . 110
D.28.3 CCS – Calculus of Communicating Systems . 111
D.28.4 HOL – Higher Order Logic . 111
D.28.5 LOTOS . 111
D.28.6 OBJ . 111
D.28.7 Temporal logic . 112
D.28.8 VDM – Vienna Development Method . 112
D.28.9 Z method . 113
D.28.10 B method . 113
D.28.11 Model Checking . 114
D.29 Formal Proof . 114
D.30 Forward Recovery . 114
D.31 Graceful Degradation . 115
D.32 Impact Analysis . 115
D.33 Information Hiding / Encapsulation . 115
D.34 Interface Testing . 116
D.35 Language Subset . 116
D.36 Memorizing Executed Cases . 116
D.37 Metrics . 117
D.38 Modular Approach . 117
D.39 Performance Modelling . 118
D.40 Performance Requirements . 118
D.41 Probabilistic Testing . 119
D.42 Process Simulation . 119
D.43 Prototyping / Animation . 120
D.44 Recovery Block . 120
D.45 Response Timing and Memory Constraints . 120
D.46 Re-Try Fault Recovery Mechanisms. 120
D.47 Safety Bag . 121
D.48 Software Configuration Management . 121
D.49 Strongly Typed Programming Languages . 121
D.50 Structure Based Testing . 122
D.51 Structure Diagrams . 122
D.52 Structured Methodology . 123
D.53 Structured Programming . 123
D.54 Suitable Programming languages . 124
D.55 Time Petri Nets . 125
D.56 Walkthroughs / Design Reviews . 125
D.57 Object Oriented Programming . 125
D.58 Traceability . 126
D.59 Metaprogramming . 126
D.60 Procedural programming . 127
D.61 Clause intentionally left empty . 127
D.62 Clause intentionally left empty . 127
D.63 Clause intentionally left empty . 127
D.64 Clause intentionally left empty . 127
D.65 Data modelling . 127
D.66 Control Flow Diagram/Control Flow Graph . 128
D.67 Sequence diagram . 129
D.68 Tabular Specification Methods . 129
D.69 Application specific language . 130
D.70 UML (Unified Modelling Language) . 130
D.71 Domain specific languages . 131
D.72 Segregation . 131
Annex E (informative) Changes in this European Standard compared to EN 50128:2011 . 133
Annex ZZ (informative) Relationship between this European Standard and the Essential
Requirements of EU Directive 2008/57/EC . 139
Bibliography . 140

Figures
Figure 1 — Illustrative Software Route Map . 11
Figure 2 — Illustration of the preferred organizational structure . 22
Figure 3 — Illustrative Development Lifecycle 1 . 27
Figure 4 — Illustrative Development Lifecycle 2 . 28

Tables
Table 1 — Relation between tool class and applicable numbered entries . 42
Table A.1 — Lifecycle Issues and Documentation (5.3) . 70
Table A.2 — Software Requirements Specification (7.2) . 72
Table A.3 — Software Architecture (7.3). 73
Table A.4 — Software Design and Implementation (7.3 and 7.4) . 74
Table A.5 — Verification and Testing (6.2, 7.3 and 7.4). 75
Table A.6 — Integration (7.6) . 75
Table A.7 — Overall Software Testing (6.2 and 7.7) . 75
Table A.8 — Software Analysis Techniques (6.3) . 76
Table A.9 — Software Quality Assurance (6.5) . 76
Table A.10 — Software Maintenance (9.2) . 76
Table A.11 — Data Preparation Techniques (8.4) . 77
Table A.12 — Coding Standards . 77
Table A.13 — Dynamic Analysis and Testing . 78
Table A.14 — Functional/Black Box Test . 78
Table A.15 — Intentionally left empty . 78
Table A.16 — Intentionally left empty . 78
Table A.17 — Modelling . 79
Table A.18 — Performance Testing . 79
Table A.19 — Static Analysis . 79
Table A.20 — Components . 80
Table A.21 — Test Coverage for Code . 80
Table A.22 — Object Oriented Software Architecture . 81
Table A.23 — Object Oriented Detailed Design . 81
Table B.1 — Requirements Manager Role Specification . 83
Table B.2 — Designer Role Specification. 84
Table B.3 — Implementer Role Specification . 85
Table B.4 — Tester Role Specification . 86
Table B.5 — Verifier Role Specification . 87
Table B.6 — Integrator Role Specification . 88
Table B.7 — Validator Role Specification. 89
Table B.8 — Assessor Role Specification . 91
Table B.9 — Project Manager Role Specification . 93
Table B.10 — Configuration Manager Role Specification . 94
Table C.1 — Documents Control Summary . 95
Table E.1 — Correspondence between this European Standard and EN 50128:2011 . 133
Table ZZ.1 — Correspondence between this European Standard, the TSI “Locomotives and
Passenger Rolling Stock” (REGULATION (EU) No 1302/2014 of 18 November 2014) and
Directive 2008/57/EC . 139

European foreword
This document (EN 50657:2017) has been prepared by CLC/SC 9XB, “Electrical, electronic and
electromechanical material on board rolling stock, including associated software”.
The following dates are fixed:
• latest date by which this document has (dop) 2018-05-08
to be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-05-08
standards conflicting with this document
have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CENELEC by the European Commission and
the European Free Trade Association, and supports essential requirements of EU Directive(s).
For the relationship with EU Directive(s) see informative Annex ZZ, which is an integral part of this document.
This document adapts EN 50128:2011 (prepared by CLC/SC 9XA “Communication, signalling and
processing systems”) for the application in the Rolling Stock domain. It uses the same structure and section
numbering as EN 50128:2011. Where requirements of EN 50128:2011 do not apply to rolling stock, the
respective text is replaced by the term “intentionally left empty”.
The main changes with respect to EN 50128:2011 are listed in Annex E.
Introduction
This European Standard is related to, and should be read in conjunction with the EN 50126 series, Railway
applications — The specification and demonstration of Reliability, Availability, Maintainability and Safety
(RAMS).
This European Standard concentrates on the methods which need to be used in order to provide software
which meets the demands for software integrity which are placed upon it by these wider considerations.
This European Standard provides a set of requirements for the development, deployment and maintenance
of any software intended for railway rolling stock applications. It defines requirements concerning
organizational structure, the relationship between organizations and division of responsibility involved in the
development, deployment and maintenance activities. Criteria for the qualification and expertise of personnel
are also provided in this European Standard.
The key concept of this European Standard is that of levels of software integrity. This European Standard
addresses five software integrity levels where basic integrity is the lowest and 4 the highest one. The higher
the risk resulting from software failure, the higher the software integrity level will be.
NOTE 1 The concept of basic integrity used in this European Standard was first introduced in the EN 50126 series.
This European Standard has identified techniques and measures for the five levels of software integrity. The
required techniques and measures for basic integrity and for the safety integrity levels 1-4 are shown in the
normative tables of Annex A. In this version, the required techniques for level 1 are the same as for level 2,
and the required techniques for level 3 are the same as for level 4. This European Standard does not give
guidance on which level of software safety integrity is appropriate for a given risk. This decision will depend
upon many factors including the nature of the application, the extent to which other systems carry out safety-
related functions and social and economic factors.
It is within the scope of the EN 50126 series to define the process of specifying the safety-related functions
allocated to software.
This European Standard specifies those measures necessary to achieve these requirements.
The EN 50126 series requires that a systematic approach is taken to:
a) identify hazards, assessing risks and arriving at decisions based on risk criteria,
b) identify the necessary risk reduction to meet the risk acceptance criteria,
c) define the overall system safety requirements for the safeguards necessary to achieve the required risk
reduction,
d) select a suitable system architecture,
e) plan, monitor and control the technical and managerial activities necessary to translate the System
Safety Requirements Specification into a safety-related system of a validated safety integrity level.
As decomposition of the specification into a design comprising safety-related systems and components takes
place, further allocation of safety integrity levels is performed. Ultimately this leads to the required software
integrity levels.
The current state-of-the-art is such that neither the application of quality assurance methods (so-called fault
avoiding measures and fault detecting measures) nor the application of software fault tolerant approaches
can guarantee the absolute safety of the software. There is no known way to prove the absence of faults in
reasonably complex safety-related software, especially the absence of specification and design faults.
The principles applied in developing high integrity software include, but are not restricted to:
— top-down design methods,
— modularity,
— verification of each phase of the development lifecycle,
— verified components and component libraries,
— clear documentation and traceability,
— auditable documents,
— validation,
— assessment,
— configuration management and change control, and
— appropriate consideration of organization and personnel competency issues.
At the system level, the allocation of system requirements to software functions takes place. This includes the
definition of the required software integrity level for the functions. The successive functional steps in the
application of this European Standard are shown in Figure 1 and are as follows:
f) define the Software Requirements Specification and in parallel consider the software architecture. The
software architecture is where the safety strategy is developed for the software and the software integrity
level (7.2 and 7.3);
g) design, develop and test the software according to the Software Quality Assurance Plan, software
integrity level and the software lifecycle (7.4 and 7.5);
h) integrate the software on the target hardware and verify functionality (7.6);
i) accept and deploy the software (7.7 and 9.1);
j) if software maintenance is required during operational life then re-activate this European Standard as
appropriate (9.2).
A number of activities run across the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

What is EN 50657:2017?

EN 50657:2017 is a standard published by CLC. Its full title is "Railways Applications - Rolling stock applications - Software on Board Rolling Stock". This standard covers: 1.1 This European Standard specifies the process and technical requirements for the development of software for programmable electronic systems for use in rolling stock applications. Outside the scope of this standard is software that: - is part of signalling equipment (CENELEC sub-committee SC9XA applications) installed on board trains, or - does not contribute to, and is segregated from Rolling Stock operational functions. 1.2 This European Standard is applicable exclusively to software and the interaction between software and the system of which it is part. 1.3 Entry intentionally left empty 1.4 This European Standard applies to safety-related as well as non-safety-related software, including for example: - application programming, - operating systems, - support tools, - firmware. Application programming comprises high level programming, low level programming and special purpose programming (for example: programmable logic controller ladder logic). 1.5 This European Standard also addresses the use of pre-existing software and tools. Such software may be used, if the specific requirements in 7.3.4.7 and 6.5.4.16 on pre-existing software and for tools in 6.7 are fulfilled. 1.6 Software developed according to a valid version of EN 50128 is considered as compliant to this standard. Software previously developed in accordance with any version of EN 50128 is also considered as compliant and not subject to the requirements on pre-existing software. SIL1-SIL4 software developed under EN 50657 also complies with EN 50128:2011. 1.7 This European Standard considers that modern application design often makes use of software that is suitable as a basis for various applications. Such software is then configured by application data for producing the executable software for the application. This European Standard applies to such software. In addition, specific requirements for application data will be given. 1.8 Entry intentionally left empty 1.9 This European Standard is not intended to be retrospective. It therefore applies primarily to new developments and only applies in its entirety to existing systems if these are subjected to major modifications. For minor changes, only 9.2 applies. However, application of this European Standard during upgrades and maintenance of existing software is recommended. 1.10 The relevant sections of this software standard are also applicable to programmable components (e.g. FPGA and CPLD), in addition to the applicable hardware standard (e.g. EN 50129, EN 50155, EN 61508 2). However, requirements of this software standard that are already covered by the applicable hardware standard do not need to be re-addressed. When it is possible to exhaustively test the programmable logic for all possible inputs and internal logic states, this European Standard does not apply.

What is the scope of EN 50657:2017?

What ICS categories does EN 50657:2017 belong to?

EN 50657:2017 is classified under the following ICS (International Classification for Standards) categories: 35.080 - Software; 35.240.60 - IT applications in transport. The ICS classification helps identify the subject area and facilitates finding related standards.

What standards are related to EN 50657:2017?

EN 50657:2017 has the following relationships with other standards: It is inter standard links to EN 50716:2023, EN 50657:2017/A1:2023. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

Is EN 50657:2017 a harmonized European standard?

EN 50657:2017 is associated with the following European legislation: EU Directives/Regulations: 2008/57/EC, 2016/797/EU; Standardization Mandates: M/483, M/591. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.

How can I purchase EN 50657:2017?

You can purchase EN 50657:2017 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of CLC standards.

La norme EN 50657:2017, intitulée "Applications ferroviaires - Applications de matériel roulant - Logiciel à bord du matériel roulant", présente une portée définie et des exigences techniques précises pour le développement de logiciels destinés aux systèmes électroniques programmables utilisés dans les applications de matériel roulant. Cette norme est essentielle pour encadrer la conception et l'implémentation des logiciels, tout en garantissant la sécurité et la fiabilité des systèmes ferroviaires. L'un des principaux atouts de cette norme est sa capacité à couvrir à la fois le logiciel lié à la sécurité et celui qui ne l'est pas. Cela inclut divers types de programmation, comme la programmation d'application, les systèmes d'exploitation, et les outils de support. Cette approche holistique assure une conformité étendue aux exigences techniques tout en favorisant l'innovation et l'adaptabilité des systèmes électroniques dans le milieu ferroviaire. En outre, la norme prend en compte l'utilisation de logiciels préexistants et d'outils, permettant ainsi aux développeurs de s'appuyer sur des ressources déjà éprouvées, tant que les exigences spécifiques sont respectées. Cela renforce la flexibilité du processus de développement tout en maintenant un niveau élevé de conformité et de qualité. Une autre force notable est la compatibilité entre la norme EN 50657:2017 et d'autres normes européennes, telles que la EN 50128, permettant aux logiciels développés sous l'une ou l'autre norme de se considérer comme conformes, ce qui est essentiel pour assurer l'interopérabilité dans le secteur ferroviaire. La norme est particulièrement pertinente dans le contexte actuel de modernisation des applications ferroviaires, où l'utilisation de logiciels configurables et de données d'application est croissante. En intégrant des exigences spécifiques pour ces données d'application, la norme facilite la création de logiciels exécutables adaptés aux besoins diversifiés du secteur. Finalement, bien que la norme soit principalement axée sur les développements nouveaux, elle recommande son application lors de la mise à niveau et de la maintenance des logiciels existants, ce qui témoigne de sa pertinence continue dans une industrie en constante évolution. Par conséquent, la norme EN 50657:2017 est un cadre fondamental pour le développement de logiciels à bord des matériels roulants, assurant à la fois la conformité technique et la sécurité opérationnelle dans le domaine ferroviaire.

EN 50657:2017 표준 문서는 철도 애플리케이션 및 롤링 스톡 소프트웨어 개발에 대한 포괄적인 지침을 제공합니다. 이 표준은 프로그래머블 전자 시스템을 위한 소프트웨어 개발 과정 및 기술 요구사항을 명확히 규정함으로써, 안전성과 신뢰성을 강조합니다. 주요 초점은 롤링 스톡 운영에 기여하는 소프트웨어로 한정되어 있으며, 신호 시스템이나 그와 분리된 프로그램은 포함되지 않습니다. 이 표준의 강점 중 하나는 안전 관련 및 비안전 관련 소프트웨어 모두를 다룬다는 점입니다. 애플리케이션 프로그래밍, 운영 체제, 지원 도구, 펌웨어 등 다양한 소프트웨어 종류를 포함하여, 고급 및 저급 프로그래밍 언어에 대한 요구사항을 제시합니다. 추가로, 기존 소프트웨어 및 도구의 사용을 허용하며, 이를 통해 개발 과정에서의 유연성을 증가시킵니다. EN 50657:2017은 새로운 애플리케이션 설계 방식을 반영하고 있으며, 다양한 애플리케이션의 기초로 적합한 소프트웨어를 활용할 수 있도록 지원합니다. 이는 앱 데이터에 의해 구성되고 실행 가능한 소프트웨어로 발전됩니다. 또한, 표준은 과거에 개발된 소프트웨어가 EN 50128의 유효한 버전과 일치하는 경우 이를 준수한 것으로 간주하도록 하여 기존 시스템의 업그레이드 및 유지보수 시에도 적절하게 활용될 수 있도록 합니다. 트렌드에 맞추어 나아가는 현대 철도 시스템은 항상 새로운 소프트웨어 개발과 유지보수가 필요합니다. EN 50657:2017은 이러한 비즈니스 요구를 충족시키기 위한 표준으로, 소프트웨어의 안전성과 기능성, 그리고 시스템 상호작용에 대한 심도 있는 요구사항을 제공하여 철도 산업의 발전에 기여합니다.

Die Norm EN 50657:2017 hat einen klar definierten Anwendungsbereich, der sich auf die Entwicklung von Software für programmierbare elektronische Systeme in der Bahntechnik konzentriert. Diese europäische Norm spezifiziert die Prozess- und technischen Anforderungen für die Softwareentwicklung, die in Anwendungen für Schienenfahrzeuge eingesetzt wird. Besonders hervorzuheben ist, dass die Norm sowohl sicherheitsrelevante als auch nicht sicherheitsrelevante Software abdeckt, einschließlich Anwendungsprogrammierung, Betriebssysteme, Hilfsmittel und Firmware. Ein zentrales Merkmal dieser Norm ist die Berücksichtigung von bereits bestehender Software, was den Einsatz von vorgefertigten Lösungen erleichtert, solange spezifische Anforderungen erfüllt sind. Dies ermöglicht eine flexible Herangehensweise an die Softwareentwicklung und berücksichtigt die Notwendigkeit, bestehende Systeme effizient zu aktualisieren. Außerdem stellt die Norm klar, dass Software, die gemäß der EN 50128 entwickelt wurde, als konform angesehen wird, was die Integration bestehender Standards in die aktuellen Prozesse erleichtert. Ein weiterer positiver Aspekt der EN 50657:2017 ist die Berücksichtigung moderner Anwendungsdesigns, die oft auf anpassbarer Software basieren. Dies fördert die Innovationsfähigkeit innerhalb der Branche, da Software konfiguriert werden kann, um verschiedene Anwendungen zu unterstützen. Der Fokus auf anwendungsbezogene Daten zur Erstellung ausführbarer Software ist besonders relevant in einer Zeit, in der Anpassungsfähigkeit und Effizienz entscheidend sind. Die Norm ist nicht rückblickend und konzentriert sich hauptsächlich auf neue Entwicklungen, was für Unternehmen von Vorteil ist, die sich auf zukünftige Projekte vorbereiten wollen. Dennoch wird die Anwendung der Norm während der Aktualisierung und Wartung bestehender Software empfohlen, was zeigt, dass die Norm auch in sich ständig verändernden technologischen Umgebungen von Bedeutung bleibt. Zusammenfassend lässt sich sagen, dass die Norm EN 50657:2017 wesentliche Anforderungen und Leitlinien für die Softwareentwicklung im Bereich Schienenfahrzeuge bereitstellt. Ihre Stärken liegen in der klaren Definition von Prozessanforderungen, der Berücksichtigung bestehender Software, der Flexibilität in der Anwendung und der Berücksichtigung moderner Anwendungsdesigns, was sie zu einem relevanten Dokument für die Branche macht.

The EN 50657:2017 standard establishes a comprehensive framework for the development of software for programmable electronic systems in railway rolling stock applications. Its scope clearly delineates the relevance of the standard, focusing exclusively on software and the interplay between software and the systems it operates within, effectively setting it apart from signalling equipment and unrelated operational functions. One of the standout strengths of this standard is its thorough approach to both safety-related and non-safety-related software, encompassing various programming paradigms like high-level programming, low-level programming, and specialized programming, such as programmable logic controller ladder logic. This inclusivity ensures that a wide array of software applications can be uniformly developed under consistent guidelines, enhancing the reliability of rolling stock systems across Europe. Furthermore, the inclusion of provisions for using pre-existing software and tools adds a layer of flexibility to compliance. By outlining specific requirements, the standard enables organizations to leverage existing resources while ensuring that they meet updated safety and operational benchmarks. This is particularly beneficial for companies transitioning to modern software architectures, as it allows them to integrate legacy systems with new developments. The standard also acknowledges the trend of configuration-based software design, which is increasingly common in modern applications. By addressing the use of application data for the generation of executable software, EN 50657:2017 aligns with contemporary practices, ensuring its relevance in a rapidly evolving industry. Importantly, the standard does not impose retrospective requirements, focusing primarily on new developments while still encouraging its adoption during upgrades and maintenance. This practical approach minimizes disruption for existing systems while promoting continuous improvement in software practices. The applicability of the standard to programmable components, alongside the relevant hardware standards, underscores its comprehensive nature. This interconnectedness ensures that organizations can approach software development with a holistic understanding of the regulatory landscape. In conclusion, EN 50657:2017 is a vital standard that provides critical guidance for the development of software in rolling stock applications. Its meticulous scope, strengths in safety and flexibility, and forward-thinking relevance make it a key resource for industry stakeholders committed to enhancing the safety and functionality of railway systems.

EN 50657:2017は、鉄道用車両アプリケーションにおけるソフトウェアの開発に関するプロセスと技術的要件を明確に定義しており、特にプログラム可能な電子システム向けのソフトウェアに特化しています。この標準は、信号機器の一部や、鉄道の運行機能に寄与しないソフトウェアを対象外とし、特定の適用範囲を持つため、ユーザーが混乱することなく導入できるという利点があります。この標準の強みは、安全関連ソフトウェアと非安全関連ソフトウェアの両方に適用できる点です。これにより、アプリケーションプログラミング、オペレーティングシステム、サポートツール、ファームウェアなど多岐にわたるソフトウェアに対して包括的なガイドラインを提供します。特に、EN 50128に準拠して開発されたソフトウェアは、コストや時間を節約しながらEN 50657にも準拠することができるため、開発者にとって大変有用な基準となっています。さらに、この標準は、既存のソフトウェアやツールの使用についても取り扱っており、特定の要件を満たす限り、既存のソフトウェアを新たなアプリケーションに再利用できる柔軟性を持たせています。この点は、ソフトウェア開発の効率を向上させ、時間を短縮する要因となります。また、EN 50657:2017は、プログラム可能なコンポーネント（FPGAやCPLDなど）にも適用されており、ハードウェア標準と組み合わせて使用する際の整合性も確保されています。この相互関係により、開発プロセスの中で重複する要件が省かれ、効率的なワークフローが実現されます。この標準は、特に新しいソフトウェア開発の基盤として重要であり、既存システムへの適用も推奨されます。これにより、ユーザーは常に最新の技術基準を維持しつつ、ソフトウェアの品質と安全性を確保することができます。総じて、EN 50657:2017は、鉄道用車両向けソフトウェア開発のための明確で包括的なガイドラインを提供し、業界全体の標準化を促進する重要な文書となっています。