iTeh Standards logo
EURUSD
Your shopping cart is empty.
SIST

SIST EN 50657:2017

(Main)

Railway applications - Rolling stock applications - Software on board of rolling stock

Railway applications - Rolling stock applications - Software on board of rolling stock

1.1   This European Standard specifies the process and technical requirements for the development of software for programmable electronic systems for use in rolling stock applications.
Outside the scope of this standard is software that:
-   is part of signalling equipment (CENELEC sub-committee SC9XA applications) installed on board trains, or
-   does not contribute to, and is segregated from Rolling Stock operational functions.
1.2   This European Standard is applicable exclusively to software and the interaction between software and the system of which it is part.
1.3   Entry intentionally left empty
1.4   This European Standard applies to safety-related as well as non-safety-related software, including for example:
-   application programming,
-   operating systems,
-   support tools,
-   firmware.
Application programming comprises high level programming, low level programming and special purpose programming (for example: programmable logic controller ladder logic).
1.5   This European Standard also addresses the use of pre-existing software and tools. Such software may be used, if the specific requirements in 7.3.4.7 and 6.5.4.16 on pre-existing software and for tools in 6.7 are fulfilled.
1.6   Software developed according to a valid version of EN 50128 is considered as compliant to this standard. Software previously developed in accordance with any version of EN 50128 is also considered as compliant and not subject to the requirements on pre-existing software. SIL1-SIL4 software developed under EN 50657 also complies with EN 50128:2011.
1.7   This European Standard considers that modern application design often makes use of software that is suitable as a basis for various applications. Such software is then configured by application data for producing the executable software for the application. This European Standard applies to such software. In addition, specific requirements for application data will be given.
1.8   Entry intentionally left empty
1.9   This European Standard is not intended to be retrospective. It therefore applies primarily to new developments and only applies in its entirety to existing systems if these are subjected to major modifications. For minor changes, only 9.2 applies. However, application of this European Standard during upgrades and maintenance of existing software is recommended.
1.10   The relevant sections of this software standard are also applicable to programmable components (e.g. FPGA and CPLD), in addition to the applicable hardware standard (e.g. EN 50129, EN 50155, EN 61508 2). However, requirements of this software standard that are already covered by the applicable hardware standard do not need to be re-addressed.
When it is possible to exhaustively test the programmable logic for all possible inputs and internal logic states, this European Standard does not apply.

Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und Datenverarbeitungssysteme - Software für Eisenbahnsteuerungs- und Überwachungssysteme

Applications ferroviaires - Systèmes de signalisation, de télécommunication et de traitement - Logiciels pour systèmes de commande et de protection ferroviaire

1.1   La présente Norme européenne spécifie les exigences de processus et techniques applicables au développement de logiciels pour des systèmes électroniques programmables utilisés dans les applications pour le matériel roulant.
Un logiciels est hors du domaine d’application de la présente norme si :
- il fait partie d’équipement de signalisation (applications du sous-comité SC9XA du CENELEC) installé à bord d’
ou
- il ne contribue pas aux, et est séparé des, fonctions opperationnelles du Matériel Roulant
1.2   La présente Norme européenne est exclusivement applicable au logiciel et à l'interaction entre le logiciel et le système auquel il appartient.
1.3   Volontairement laissé vide
1.4   La présente Norme européenne s'applique à tous les logiciels, qu'il s'agisse de logiciels relatifs à la sécurité ou non, notamment :
-   la programmation d'applications,
-   les systèmes d'exploitation,
-   les outils,
-   les microprogrammes.
La programmation d'applications inclut la programmation de haut niveau, la programmation de bas niveau et la programmation spécifique personnalisée (par exemple : la logique à contacts d'un contrôleur logique programmable).
1.5   La présente Norme européenne traite également de l'utilisation de logiciels et d'outils préexistants. Ces logiciels peuvent être utilisés si les exigences spécifiques en 7.3.4.7 et 6.5.4.16 relatives aux logiciels préexistants et celles en 6.7 relatives aux outils sont satisfaites.
1.6   Un logiciel développé conformément à une version valide de l'EN 50128 est considéré comme conforme à la présente Norme. Un logiciel développé conformément à une version quelconque de l'EN 50128 sera également considéré comme conforme et non soumis aux exigences relatives aux logiciels préexistants. Pour un logiciel SIL1-SIL4 dans le domaine d’application de la présente norme, les exigences incluses dans la présente Norme Européenne sont équivalentes aux exigences logicielles de l’EN 50128:2011.
1.7   La présente Norme européenne considère que la conception moderne d'applications utilise fréquemment des logiciels qui conviennent comme base pour diverses applications. Ces logiciels sont ensuite configurés par des données d'application, afin de produire le logiciel exécutable pour l'application. La présente Norme européenne s'applique à de tels logiciels. De plus, les exigences spécifiques concernant les données d'application seront fournies.
1.8   Volontairement laissé vide
1.9   La présente Norme européenne n'est pas destinée à être rétroactive. Elle s'applique donc principalement aux nouveaux développements et n'est applicable dans son intégralité aux systèmes existants que s'ils font l'objet de modifications importantes. Pour les modifications mineures, seul le Paragraphe 9.2 s'applique. Cependant, il est recommandé d'appliquer la présente Norme européenne pendant les mises à niveau et la maintenance des logiciels existants.
1.10   Les sections pertinentes de la présente norme de logiciel s'appliquent également aux composants programmables (par exemple les FPGA (Field-Programmable Gate Array, circuits intégrés prédiffusés programmables) et les CPLD (Complex Programmable Logic Device, réseaux logiques programmables complexes)), en plus de la norme de matériel applicable (par exemple, EN 50129, EN 50155, EN 61508-2). Cependant, les exigences de la présente norme logiciel qui sont déjà couvertes par la norme matériel applicable n’ont pas besoin d’être re-traitées.
Lorsqu'il est impossible de soumettre à test de manière exhaustive la logique programmable pour toutes les données d'entrée et tous les états logiques internes possibles, la présente Norme Européenne ne s’applique pas.

Železniške naprave - Vozna sredstva - Programska oprema za tirna vozila

1.1 Ta evropski standard določa procesne in tehnične zahteve za razvoj programske opreme za programirljive elektronske sisteme, ki se uporabljajo za tirna vozila.    
Programska oprema, ki je del opreme za signalizacijo (krmiljenje in zaščita železniških naprav), nameščene na vlakih, ne sodi na področje uporabe tega standarda.    
Programska oprema, ki ne izvaja železniških aplikacij in ki se ne povezuje s funkcijami tirnih vozil, ne sodi na področje uporabe tega standarda, če je ločena od železniške programske opreme.
1.2 Ta evropski standard se uporablja izključno za programsko opremo in interakcijo med programsko opremo ter sistemom, katerega del je ta oprema.
1.3 Namerno izbrisano
1.4 Ta evropski standard se uporablja za programsko opremo, ki je povezana z varnostjo, in programsko opremo, ki ni povezana z varnostjo, vključno z na primer:
– programiranjem aplikacij,
– operacijskimi sistemi,
– orodji za podporo,
– vdelano programsko opremo.
Programiranje aplikacij zajema programiranje na visoki ravni, programiranje na nizki ravni in programiranje za posebne namene (na primer: programirljivi logični krmilnik z lestvično logiko).
1.5 Ta evropski standard obravnava tudi uporabo že obstoječe programske opreme in orodij. Taka programska oprema se lahko uporabi, če so izpolnjene zahteve iz točk 7.3.4.7 in 6.5.4.16 za že obstoječo programsko opremo in zahteve iz točke 6.7 za orodja.
1.6 Programska oprema, razvita v skladu z veljavno različico standarda EN 50128, je skladna s tem standardom. Programska oprema, ki je bila predhodno razvita v skladu s katero koli različico standarda EN 50128, je tudi skladna in zanjo ne veljajo zahteve za že obstoječo programsko opremo.
1.7 Ta evropski standard upošteva, da se pri sodobnem načrtovanju aplikacij pogosto uporablja programska oprema, ki je primerna kot osnova za različne aplikacije. Taka programska oprema se nato konfigurira s podatki aplikacije, da nastane izvršljiva programska oprema za določeno aplikacijo. Ta evropski standard velja za vso programsko opremo in za posebne zahteve za aplikacijske podatke.
1.8 Namerno izbrisano
1.9 Ta evropski standard ni retrospektiven. Velja torej predvsem za nov razvoj in v celoti velja le za obstoječe sisteme, če pri njih pride do večjih sprememb. Pri manjših spremembah velja le točka 9.2. Uporaba tega evropskega standarda se kljub temu priporoča med nadgradnjami in vzdrževanjem obstoječe programske opreme.
1.10 Pri programirljivih komponentah (vključno s FPGA in CPLD) je treba poleg veljavnega standarda za strojno opremo (npr. EN 50129, EN 50155, IEC 61508-2) upoštevati ustrezne dele tega standarda za programsko opremo, če ni mogoče izčrpno preskusiti programirljive logike za vse možne vhode in interna logična stanja.
Vendar pa opravil, ki jih že obravnava standard za strojno opremo, ni treba ponoviti pri uporabi tega standarda za programsko opremo.

General Information

Status
Published
Publication Date
30-Aug-2017
ICS
35.080 - Software
45.060.01 - Railway rolling stock in general
Technical Committee
ŽEN - Electrical applications for railways
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
24-Aug-2017
Due Date
29-Oct-2017
Completion Date
31-Aug-2017
Directive
2008/57/EC - Directive 2008/57/EC of the European Parliament and of the Council of 17 June 2008 on the interoperability of the rail system within the Community (Recast)
2016/797/EU - Directive (EU) 2016/797 of the European Parliament and of the Council of 11 May 2016 on the interoperability of the rail system within the European Union (Text with EEA relevance)
Mandate
M/483 - Mandate for programming and standardisation addressed to the European standardisation bodies under directive 2008/57/EC in the field of the interoperability of the rail system within the European Union
Ref Project
EN 50657:2017 - Railways Applications - Rolling stock applications - Software on Board Rolling Stock

Relations

Amended By
SIST EN 50657:2017/A1:2023 - Railways Applications - Rolling stock applications - Software on Board Rolling Stock
Effective Date
01-Dec-2023
Revised
SIST EN 50716:2024 - Railway Applications - Requirements for software development
Effective Date
01-Mar-2024

Overview

SIST EN 50657:2017 - "Railway applications - Rolling stock applications - Software on board of rolling stock" - defines process and technical requirements for developing software on board rolling stock. The European Standard covers both safety-related and non-safety-related software used in train on-board systems, including application programs, operating systems, firmware, support tools and programmable logic where exhaustive testing is not feasible. It applies to the software itself and the interaction between software and the system of which it is part.

Key technical topics and requirements

  • Software lifecycle & documentation: Requirements for lifecycle planning, deliverables and documentation from requirements through deployment and maintenance.
  • Software assurance: Comprehensive testing, verification, validation, assessment and quality assurance activities to demonstrate compliance and fitness for purpose.
  • Architecture, design and component development: Guidance on system architecture, component design, implementation, integration and final validation.
  • Support tools and pre-existing software: Rules for using tools and existing software components; specific clauses (e.g., 7.3.4.7, 6.5.4.16 and clause 6.7) address pre-existing software and tools.
  • Application data and configurable systems: Requirements for software that is configured by application data and for development of that data.
  • Change control & maintenance: Processes for controlled modifications, software deployment and maintenance; provisions for major vs. minor changes.
  • Roles, competence & organization: Defined roles, responsibilities and personnel competence requirements for software projects.
  • Programmable components: Applicability to FPGA/CPLD programming in addition to hardware standards, except where exhaustive testing of logic is possible (in which case EN 50657 does not apply).

Practical applications

SIST EN 50657:2017 is intended for:

  • Development of on-board train control, monitoring and auxiliary software
  • Projects where software contributes to rolling stock operational functions or safety
  • Systems configured by application data (e.g., configurable control platforms)
  • Lifecycle governance for new developments and major modifications of existing systems

Practical uses include establishing development processes that support safety assurance, producing required documentation for certification and ensuring consistent software quality across supplier ecosystems.

Who should use this standard

  • Rolling stock manufacturers and integrators
  • Software developers and embedded engineers for railway systems
  • Safety and systems engineers responsible for software assurance
  • Test engineers, QA managers and maintenance teams
  • Certification bodies and assessors evaluating on-board software compliance

Related standards

  • EN 50128 (software for railway control systems): software developed to EN 50657 is considered compliant with EN 50128; existing EN 50128 work is also recognized.
  • Hardware and safety standards often applied alongside EN 50657: EN 50129, EN 50155, EN 61508.
  • Signalling software installed on-board is excluded and falls under CENELEC SC9XA topics (EN 50128/50129 family).

Keywords: SIST EN 50657:2017, EN 50657, railway software standard, software on board of rolling stock, rolling stock applications, software lifecycle, software assurance, safety-related software.

SIST EN 50657:2017SIST EN 50657:2017
PreviousNext
Standard
SIST EN 50657:2017
English language
140 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2017
Železniške naprave - Vozna sredstva - Programska oprema za tirna vozila
Railway applications - Rolling stock applications - Software on board of rolling stock
Bahnanwendungen - Telekommunikationstechnik, Signaltechnik und
Datenverarbeitungssysteme - Software für Eisenbahnsteuerungs- und
Überwachungssysteme
Applications ferroviaires - Systèmes de signalisation, de télécommunication et de
traitement - Logiciels pour systèmes de commande et de protection ferroviaire
Ta slovenski standard je istoveten z: EN 50657:2017
ICS:
35.080 Programska oprema Software
45.060.01 Železniška vozila na splošno Railway rolling stock in
general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 50657
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2017
ICS 35.080; 35.240.60
English Version
Railways Applications - Rolling stock applications - Software on
Board Rolling Stock
Applications ferroviaires - Applications du matériel roulant - Bahnanwendungen - Anwendungen für Schienenfahrzeuge
Logiciels embarqués - Software auf Schienenfahrzeugen
This European Standard was approved by CENELEC on 2017-05-08. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 50657:2017 E
Contents Page
European foreword . 8
Introduction . 9
1 Scope . 12
2 Normative references . 13
3 Terms, definitions and abbreviations . 13
3.1 Terms and definitions . 13
3.2 Abbreviations . 19
4 Objectives, conformance and software integrity levels . 20
5 Software management and organization . 21
5.1 Organization, roles and responsibilities . 21
5.1.1 Objective . 21
5.1.2 Requirements . 21
5.2 Personnel competence . 25
5.2.1 Objectives . 25
5.2.2 Requirements . 25
5.3 Lifecycle issues and documentation . 25
5.3.1 Objectives . 25
5.3.2 Requirements . 25
6 Software assurance . 28
6.1 Software testing . 28
6.1.1 Objective . 28
6.1.2 Input documents . 28
6.1.3 Output documents . 28
6.1.4 Requirements . 29
6.2 Software verification . 29
6.2.1 Objective . 29
6.2.2 Input documents . 30
6.2.3 Output documents . 30
6.2.4 Requirements . 30
6.3 Software validation . 31
6.3.1 Objective . 31
6.3.2 Input documents . 31
6.3.3 Output documents . 31
6.3.4 Requirements . 32
6.4 Software assessment . 33
6.4.1 Objective . 33
6.4.2 Input documents . 33
6.4.3 Output documents . 33
6.4.4 Requirements . 33
6.5 Software quality assurance . 35
6.5.1 Objectives . 35
6.5.2 Input documents . 35
6.5.3 Output documents . 35
6.5.4 Requirements . 35
6.6 Modification and change control . 38
6.6.1 Objectives . 38
6.6.2 Input documents . 38
6.6.3 Output documents . 38
6.6.4 Requirements . 38
6.7 Support tools and languages . 39
6.7.1 Objectives . 39
6.7.2 Input documents . 39
6.7.3 Output documents . 39
6.7.4 Requirements . 39
7 Software development . 42
7.1 Lifecycle and documentation for software . 42
7.1.1 Objectives . 42
7.1.2 Requirements . 42
7.2 Software requirements . 42
7.2.1 Objectives . 42
7.2.2 Input documents . 42
7.2.3 Output documents . 43
7.2.4 Requirements . 43
7.3 Architecture and Design. 45
7.3.1 Objectives . 45
7.3.2 Input documents . 45
7.3.3 Output documents . 45
7.3.4 Requirements . 46
7.4 Component design . 52
7.4.1 Objectives . 52
7.4.2 Input documents . 52
7.4.3 Output documents . 52
7.4.4 Requirements . 52
7.5 Component implementation and testing . 54
7.5.1 Objectives . 54
7.5.2 Input documents . 54
7.5.3 Output documents . 54
7.5.4 Requirements . 54
7.6 Integration . 55
7.6.1 Objectives . 55
7.6.2 Input documents . 55
7.6.3 Output documents . 55
7.6.4 Requirements . 56
7.7 Overall Software Testing / Final Validation . 57
7.7.1 Objectives . 57
7.7.2 Input documents . 57
7.7.3 Output documents . 57
7.7.4 Requirements . 58
7.8 Development of Software configured by application data . 59
7.8.1 Objective . 59
7.8.2 Requirements . 59
8 Systems configured by application data: development of application data . 60
8.1 Objectives . 60
8.2 Input documents . 60
8.3 Output documents . 61
8.4 Requirements . 61
8.4.1 Application Development Process . 61
8.4.2 Application Requirements Specification . 62
8.4.3 Architecture and Design . 62
8.4.4 Application Data Production . 63
8.4.5 Application Integration and Testing . 63
8.4.6 Application Validation and Assessment . 64
8.4.7 Application preparation procedures and tools . 64
9 Software deployment and maintenance . 64
9.1 Software deployment . 64
9.1.1 Objective . 64
9.1.2 Input documents . 64
9.1.3 Output documents . 64
9.1.4 Requirements . 65
9.2 Software maintenance . 66
9.2.1 Objective . 66
9.2.2 Input documents . 66
9.2.3 Output documents . 66
9.2.4 Requirements . 67
Annex A (normative) Criteria for the Selection of Techniques and Measures . 69
A.1 General . 69
A.2 Clauses tables . 70
A.3 Detailed tables . 77
Annex B (normative) Key software roles and responsibilities . 82
Annex C (informative) Documents Control Summary . 95
Annex D (informative) Bibliography of techniques . 97
D.1 Artificial Intelligence Fault Correction . 97
D.2 Analysable Programs . 97
D.3 Avalanche/Stress Testing . 98
D.4 Boundary Value Analysis . 98
D.5 Backward Recovery . 99
D.6 Cause Consequence Diagrams . 99
D.7 Checklists . 99
D.8 Control Flow Analysis. 100
D.9 Common Cause Failure Analysis . 100
D.10 Data Flow Analysis. 100
D.11 Data Flow Diagrams . 101
D.12 Data Recording and Analysis . 101
D.13 Decision Tables and Truth Tables . 102
D.14 Defensive Programming . 102
D.15 Coding Standards and Style Guide . 103
D.16 Diverse Programming . 104
D.17 Dynamic Reconfiguration . 105
D.18 Equivalence Classes and Input Partition Testing. 105
D.19 Error Detecting and Correcting Codes . 106
D.20 Error Guessing . 106
D.21 Error Seeding . 106
D.22 Event Tree Analysis . 107
D.23 Fagan Inspections. 107
D.24 Failure Assertion Programming . 107
D.25 SEEA – Software Error Effect Analysis . 108
D.26 Fault Detection and Diagnosis . 108
D.27 Finite State Machines/State Transition Diagrams . 109
D.28 Formal Methods . 110
D.28.1 General . 110
D.28.2 CSP – Communicating Sequential Processes . 110
D.28.3 CCS – Calculus of Communicating Systems . 111
D.28.4 HOL – Higher Order Logic . 111
D.28.5 LOTOS . 111
D.28.6 OBJ . 111
D.28.7 Temporal logic . 112
D.28.8 VDM – Vienna Development Method . 112
D.28.9 Z method . 113
D.28.10 B method . 113
D.28.11 Model Checking . 114
D.29 Formal Proof . 114
D.30 Forward Recovery . 114
D.31 Graceful Degradation . 115
D.32 Impact Analysis . 115
D.33 Information Hiding / Encapsulation . 115
D.34 Interface Testing . 116
D.35 Language Subset . 116
D.36 Memorizing Executed Cases . 116
D.37 Metrics . 117
D.38 Modular Approach . 117
D.39 Performance Modelling . 118
D.40 Performance Requirements . 118
D.41 Probabilistic Testing . 119
D.42 Process Simulation . 119
D.43 Prototyping / Animation . 120
D.44 Recovery Block . 120
D.45 Response Timing and Memory Constraints . 120
D.46 Re-Try Fault Recovery Mechanisms. 120
D.47 Safety Bag . 121
D.48 Software Configuration Management . 121
D.49 Strongly Typed Programming Languages . 121
D.50 Structure Based Testing . 122
D.51 Structure Diagrams . 122
D.52 Structured Methodology . 123
D.53 Structured Programming . 123
D.54 Suitable Programming languages . 124
D.55 Time Petri Nets . 125
D.56 Walkthroughs / Design Reviews . 125
D.57 Object Oriented Programming . 125
D.58 Traceability . 126
D.59 Metaprogramming . 126
D.60 Procedural programming . 127
D.61 Clause intentionally left empty . 127
D.62 Clause intentionally left empty . 127
D.63 Clause intentionally left empty . 127
D.64 Clause intentionally left empty . 127
D.65 Data modelling . 127
D.66 Control Flow Diagram/Control Flow Graph . 128
D.67 Sequence diagram . 129
D.68 Tabular Specification Methods . 129
D.69 Application specific language . 130
D.70 UML (Unified Modelling Language) . 130
D.71 Domain specific languages . 131
D.72 Segregation . 131
Annex E (informative) Changes in this European Standard compared to EN 50128:2011 . 133
Annex ZZ (informative) Relationship between this European Standard and the Essential
Requirements of EU Directive 2008/57/EC . 139
Bibliography . 140

Figures
Figure 1 — Illustrative Software Route Map . 11
Figure 2 — Illustration of the preferred organizational structure . 22
Figure 3 — Illustrative Development Lifecycle 1 . 27
Figure 4 — Illustrative Development Lifecycle 2 . 28

Tables
Table 1 — Relation between tool class and applicable numbered entries . 42
Table A.1 — Lifecycle Issues and Documentation (5.3) . 70
Table A.2 — Software Requirements Specification (7.2) . 72
Table A.3 — Software Architecture (7.3). 73
Table A.4 — Software Design and Implementation (7.3 and 7.4) . 74
Table A.5 — Verification and Testing (6.2, 7.3 and 7.4). 75
Table A.6 — Integration (7.6) . 75
Table A.7 — Overall Software Testing (6.2 and 7.7) . 75
Table A.8 — Software Analysis Techniques (6.3) . 76
Table A.9 — Software Quality Assurance (6.5) . 76
Table A.10 — Software Maintenance (9.2) . 76
Table A.11 — Data Preparation Techniques (8.4) . 77
Table A.12 — Coding Standards . 77
Table A.13 — Dynamic Analysis and Testing . 78
Table A.14 — Functional/Black Box Test . 78
Table A.15 — Intentionally left empty . 78
Table A.16 — Intentionally left empty . 78
Table A.17 — Modelling . 79
Table A.18 — Performance Testing . 79
Table A.19 — Static Analysis . 79
Table A.20 — Components . 80
Table A.21 — Test Coverage for Code . 80
Table A.22 — Object Oriented Software Architecture . 81
Table A.23 — Object Oriented Detailed Design . 81
Table B.1 — Requirements Manager Role Specification . 83
Table B.2 — Designer Role Specification. 84
Table B.3 — Implementer Role Specification . 85
Table B.4 — Tester Role Specification . 86
Table B.5 — Verifier Role Specification . 87
Table B.6 — Integrator Role Specification . 88
Table B.7 — Validator Role Specification. 89
Table B.8 — Assessor Role Specification . 91
Table B.9 — Project Manager Role Specification . 93
Table B.10 — Configuration Manager Role Specification . 94
Table C.1 — Documents Control Summary . 95
Table E.1 — Correspondence between this European Standard and EN 50128:2011 . 133
Table ZZ.1 — Correspondence between this European Standard, the TSI “Locomotives and
Passenger Rolling Stock” (REGULATION (EU) No 1302/2014 of 18 November 2014) and
Directive 2008/57/EC . 139

European foreword
This document (EN 50657:2017) has been prepared by CLC/SC 9XB, “Electrical, electronic and
electromechanical material on board rolling stock, including associated software”.
The following dates are fixed:
• latest date by which this document has (dop) 2018-05-08
to be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-05-08
standards conflicting with this document
have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CENELEC by the European Commission and
the European Free Trade Association, and supports essential requirements of EU Directive(s).
For the relationship with EU Directive(s) see informative Annex ZZ, which is an integral part of this document.
This document adapts EN 50128:2011 (prepared by CLC/SC 9XA “Communication, signalling and
processing systems”) for the application in the Rolling Stock domain. It uses the same structure and section
numbering as EN 50128:2011. Where requirements of EN 50128:2011 do not apply to rolling stock, the
respective text is replaced by the term “intentionally left empty”.
The main changes with respect to EN 50128:2011 are listed in Annex E.
Introduction
This European Standard is related to, and should be read in conjunction with the EN 50126 series, Railway
applications — The specification and demonstration of Reliability, Availability, Maintainability and Safety
(RAMS).
This European Standard concentrates on the methods which need to be used in order to provide software
which meets the demands for software integrity which are placed upon it by these wider considerations.
This European Standard provides a set of requirements for the development, deployment and maintenance
of any software intended for railway rolling stock applications. It defines requirements concerning
organizational structure, the relationship between organizations and division of responsibility involved in the
development, deployment and maintenance activities. Criteria for the qualification and expertise of personnel
are also provided in this European Standard.
The key concept of this European Standard is that of levels of software integrity. This European Standard
addresses five software integrity levels where basic integrity is the lowest and 4 the highest one. The higher
the risk resulting from software failure, the higher the software integrity level will be.
NOTE 1 The concept of basic integrity used in this European Standard was first introduced in the EN 50126 series.
This European Standard has identified techniques and measures for the five levels of software integrity. The
required techniques and measures for basic integrity and for the safety integrity levels 1-4 are shown in the
normative tables of Annex A. In this version, the required techniques for level 1 are the same as for level 2,
and the required techniques for level 3 are the same as for level 4. This European Standard does not give
guidance on which level of software safety integrity is appropriate for a given risk. This decision will depend
upon many factors including the nature of the application, the extent to which other systems carry out safety-
related functions and social and economic factors.
It is within the scope of the EN 50126 series to define the process of specifying the safety-related functions
allocated to software.
This European Standard specifies those measures necessary to achieve these requirements.
The EN 50126 series requires that a systematic approach is taken to:
a) identify hazards, assessing risks and arriving at decisions based on risk criteria,
b) identify the necessary risk reduction to meet the risk acceptance criteria,
c) define the overall system safety requirements for the safeguards necessary to achieve the required risk
reduction,
d) select a suitable system architecture,
e) plan, monitor and control the technical and managerial activities necessary to translate the System
Safety Requirements Specification into a safety-related system of a validated safety integrity level.
As decomposition of the specification into a design comprising safety-related systems and components takes
place, further allocation of safety integrity levels is performed. Ultimately this leads to the required software
integrity levels.
The current state-of-the-art is such that neither the application of quality assurance methods (so-called fault
avoiding measures and fault detecting measures) nor the application of software fault tolerant approaches
can guarantee the absolute safety of the software. There is no known way to prove the absence of faults in
reasonably complex safety-related software, especially the absence of specification and design faults.
The principles applied in developing high integrity software include, but are not restricted to:
— top-down design methods,
— modularity,
— verification of each phase of the development lifecycle,
— verified components and component libraries,
— clear documentation and traceability,
— auditable documents,
— validation,
— assessment,
— configuration management and change control, and
— appropriate consideration of organization and personnel competency issues.
At the system level, the allocation of system requirements to software functions takes place. This includes the
definition of the required software integrity level for the functions. The successive functional steps in the
application of this European Standard are shown in Figure 1 and are as follows:
f) define the Software Requirements Specification and in parallel consider the software architecture. The
software architecture is where the safety strategy is developed for the software and the software integrity
level (7.2 and 7.3);
g) design, develop and test the software according to the Software Quality Assurance Plan, software
integrity level and the software lifecycle (7.4 and 7.5);
h) integrate the software on the target hardware and verify functionality (7.6);
i) accept and deploy the software (7.7 and 9.1);
j) if software maintenance is required during operational life then re-activate this European Standard as
appropriate (9.2).
A number of activities run across the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

SIST EN 50657:2017 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Railway applications - Rolling stock applications - Software on board of rolling stock". This standard covers: 1.1 This European Standard specifies the process and technical requirements for the development of software for programmable electronic systems for use in rolling stock applications. Outside the scope of this standard is software that: - is part of signalling equipment (CENELEC sub-committee SC9XA applications) installed on board trains, or - does not contribute to, and is segregated from Rolling Stock operational functions. 1.2 This European Standard is applicable exclusively to software and the interaction between software and the system of which it is part. 1.3 Entry intentionally left empty 1.4 This European Standard applies to safety-related as well as non-safety-related software, including for example: - application programming, - operating systems, - support tools, - firmware. Application programming comprises high level programming, low level programming and special purpose programming (for example: programmable logic controller ladder logic). 1.5 This European Standard also addresses the use of pre-existing software and tools. Such software may be used, if the specific requirements in 7.3.4.7 and 6.5.4.16 on pre-existing software and for tools in 6.7 are fulfilled. 1.6 Software developed according to a valid version of EN 50128 is considered as compliant to this standard. Software previously developed in accordance with any version of EN 50128 is also considered as compliant and not subject to the requirements on pre-existing software. SIL1-SIL4 software developed under EN 50657 also complies with EN 50128:2011. 1.7 This European Standard considers that modern application design often makes use of software that is suitable as a basis for various applications. Such software is then configured by application data for producing the executable software for the application. This European Standard applies to such software. In addition, specific requirements for application data will be given. 1.8 Entry intentionally left empty 1.9 This European Standard is not intended to be retrospective. It therefore applies primarily to new developments and only applies in its entirety to existing systems if these are subjected to major modifications. For minor changes, only 9.2 applies. However, application of this European Standard during upgrades and maintenance of existing software is recommended. 1.10 The relevant sections of this software standard are also applicable to programmable components (e.g. FPGA and CPLD), in addition to the applicable hardware standard (e.g. EN 50129, EN 50155, EN 61508 2). However, requirements of this software standard that are already covered by the applicable hardware standard do not need to be re-addressed. When it is possible to exhaustively test the programmable logic for all possible inputs and internal logic states, this European Standard does not apply.

1.1 This European Standard specifies the process and technical requirements for the development of software for programmable electronic systems for use in rolling stock applications. Outside the scope of this standard is software that: - is part of signalling equipment (CENELEC sub-committee SC9XA applications) installed on board trains, or - does not contribute to, and is segregated from Rolling Stock operational functions. 1.2 This European Standard is applicable exclusively to software and the interaction between software and the system of which it is part. 1.3 Entry intentionally left empty 1.4 This European Standard applies to safety-related as well as non-safety-related software, including for example: - application programming, - operating systems, - support tools, - firmware. Application programming comprises high level programming, low level programming and special purpose programming (for example: programmable logic controller ladder logic). 1.5 This European Standard also addresses the use of pre-existing software and tools. Such software may be used, if the specific requirements in 7.3.4.7 and 6.5.4.16 on pre-existing software and for tools in 6.7 are fulfilled. 1.6 Software developed according to a valid version of EN 50128 is considered as compliant to this standard. Software previously developed in accordance with any version of EN 50128 is also considered as compliant and not subject to the requirements on pre-existing software. SIL1-SIL4 software developed under EN 50657 also complies with EN 50128:2011. 1.7 This European Standard considers that modern application design often makes use of software that is suitable as a basis for various applications. Such software is then configured by application data for producing the executable software for the application. This European Standard applies to such software. In addition, specific requirements for application data will be given. 1.8 Entry intentionally left empty 1.9 This European Standard is not intended to be retrospective. It therefore applies primarily to new developments and only applies in its entirety to existing systems if these are subjected to major modifications. For minor changes, only 9.2 applies. However, application of this European Standard during upgrades and maintenance of existing software is recommended. 1.10 The relevant sections of this software standard are also applicable to programmable components (e.g. FPGA and CPLD), in addition to the applicable hardware standard (e.g. EN 50129, EN 50155, EN 61508 2). However, requirements of this software standard that are already covered by the applicable hardware standard do not need to be re-addressed. When it is possible to exhaustively test the programmable logic for all possible inputs and internal logic states, this European Standard does not apply.

SIST EN 50657:2017 is classified under the following ICS (International Classification for Standards) categories: 35.080 - Software; 45.060.01 - Railway rolling stock in general. The ICS classification helps identify the subject area and facilitates finding related standards.

SIST EN 50657:2017 has the following relationships with other standards: It is inter standard links to SIST EN 50657:2017/A1:2023, SIST EN 50716:2024. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

SIST EN 50657:2017 is associated with the following European legislation: EU Directives/Regulations: 2008/57/EC, 2016/797/EU; Standardization Mandates: M/483. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.

You can purchase SIST EN 50657:2017 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.

This May Also Interest You

SIST
SIST EN 50657:2017/A1:2023(Amendment)
Railways Applications - Rolling stock applications - Software on Board Rolling Stock
EN 50657:2017/A1:2023

Add the following note after the paragraph in 1.6:
'NOTE   This document was derived from the signalling standard EN 50128 which in many cases was also applied in Rolling Stock applications. Subclause 1.6 ensures continuity in the application of the standards, i.e., software that was developed in accordance with EN 50128 can still be re-used for new projects.'

  • Amendment
    5 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 3745-510:2026(Main)
Aerospace series - Fibres and cables, optical, aircraft use - Test methods - Part 510: Bending test
EN 3745-510:2025

This document specifies a method of determining the attenuation variation of an optical cable during mechanical bending under load at the maximum and minimum operating temperatures.

  • Standard
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 4700-004:2026(Main)
Aerospace series - Steel and heat-resisting alloys - Wrought products - Technical specification - Part 004: Wires
EN 4700-004:2025

This document specifies the requirements for the ordering, manufacture, testing, inspection and delivery of steel and heat-resisting alloy wires. It is presupposed to be applied when referred to and in conjunction with the EN material standard unless otherwise specified on the drawing, order or inspection schedule.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 12082-2:2026(Main)
Railway applications - Axleboxes - Part 2: Deployment Procedure
EN 12082-2:2025

This document is a part of a package of standards: EN 12080, EN 12081, EN 12082-1 and EN 12082-2.
This document specifies the principles and methods for deployment of the system of axlebox rolling bearing(s), housing, seal(s) and grease, required for reliable operation of trains on European networks.
It covers the conformity assessment with respect to design requirements on the rolling bearing(s) according EN 12080 and grease according EN 12081 as well as the performance of (rig) tests according to EN 12082-1. This document is historically developed for outboard applications with rotating inner rings, but can be used for vehicles with inboard bearing arrangements with rotation inner rings.
The present document describes the complete deployment procedure for new axleboxes and it specifies the necessary type and extent of testing. For certain cases and based on a documented risk assessment, a reduced deployment procedure is described.
This document only applies to axleboxes equipped with rolling bearings and greases according to EN 12080 and EN 12081.
It is not within the scope of EN 12082-2 to specify the technical details of the testing procedures, these are covered by EN 12082-1.
It is not within the scope of EN 12082-2 to define the validation procedure of box housings, sleeves or coves from a structural point of view. The relevance of these parts in the scope of this document is limited to the interaction with the axle box rolling bearing with respect to the required service.

  • Standard
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62841-2-22:2026/A11:2026(Amendment)
Electric motor-operated hand-held tools, transportable tools and lawn and garden machinery - Safety - Part 2-22: Particular requirements for hand-held cut-off machines
EN IEC 62841-2-22:2025/A11:2025
  • Amendment
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 12080:2026(Main)
Railway applications - Axleboxes - Rolling bearings
EN 12080:2025

This document is a part of a package of standards: EN 12080, EN 12081, EN 12082-1 and EN 12082-2. This document specifies the quality parameters of axlebox rolling bearings supporting the load of the vehicle, required for reliable operation of trains on European networks. It covers metallurgical and material properties as well as geometric and dimensional characteristics. It also specifies methods for quality assurance and non-destructive testing of the products.

  • Standard
    51 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 15365:2026(Main)
Advanced technical ceramics - Mechanical properties of ceramic fibres at high temperature in a non-reactive environment - Determination of creep behaviour by the cold grip method
EN 15365:2025

This document specifies the conditions for the determination of the tensile creep deformation and failure behaviour of single filaments of ceramic fibres at high temperature and under test conditions that prevent changes to the material as a result of chemical reaction with the test environment.
This document applies to continuous ceramic filaments taken from tows, yarns, braids and knittings, which have strains to fracture less than or equal to 5 %.

  • Standard
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 10342:2026(Main)
Magnetic materials - Classification of surface insulations of electrical steel sheet, strip and laminations
EN 10342:2025

This document establishes a classification of surface insulations for electrical steel sheet, strip and laminations according to their general composition, relative insulating ability and function.
These surface insulations are either oxide layers or applied coatings.
The purpose of this classification is to create a nomenclature for the various types of surface insulations and to assist users of surface insulations by providing general information about the chemical nature and use of the surface insulations.
It is not the intent of this classification to specify insulation requirements in terms of specific values of surface insulation resistance. Such requirements are to be agreed between the purchaser and the steel producer, where applicable.
The classification is to be used in conjunction with the various specifications for cold rolled electrical steels (see Clause 2).

  • Standard
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 12082-1:2026(Main)
Railway applications - Axleboxes - Part 1: Test procedures
EN 12082-1:2025

This document is a part of a package of standards: EN 12080, EN 12081, EN 12082-1 and EN 12082-2.
This document specifies the principles and methods for a rig performance test of the system of axlebox rolling bearing(s), housing, seal(s) and grease, required for reliable operation of trains on European networks. The necessary type and extent of testing are specified by the deployment procedure specified in EN 12082-2, with respect to design requirements on the axlebox and its components.
This document covers a rig performance test, principles for a field test and a possible example for a water tightness test. Test parameters and minimum performance requirements for vehicles in operation on main lines are specified. Different test parameters and performance requirements may be selected for vehicles in operation on other networks (e.g. urban rail).
This document is historically developed for outboard applications with rotating inner rings, but can be used for vehicles with inboard bearing arrangements with rotating inner rings.
It gives some possible examples where a sequenced rig performance test addresses the broad range of different service conditions within a specific application or vehicle platform.

  • Standard
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 4700-003:2026(Main)
Aerospace series - Steel and heat-resisting alloys - Wrought products - Technical specification - Part 003: Tubes
EN 4700-003:2025

This document specifies the requirements for the ordering, manufacture, testing, inspection and delivery of steel and heat-resisting alloy tubes. It is presupposed to be applied when referred to and in conjunction with the EN material standard unless otherwise specified on the drawing, order or inspection schedule.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day