Software testing in the energy sector to comply with IEC 60880, IEC 61508, and CERT C



Software testing in the energy sector to comply with IEC 60880, IEC 61508, and CERT C

Embedded Systems in the energy sectors vary significantly from exploration through generation to distribution, and so do the quality levels applicable for such differing safety related systems. The costs of software failure however, are potentially catastrophic involving expensive machinery, leaks, lost revenue and even loss of life. Together with increasing adoption of international standards these factors are driving industry leaders to improve safety-critical software quality.

Energy standards

Standards in the energy sector cover a wide range of applications in power generation (carbon fuels, renewables and nuclear power) to power distribution and metering. The standard IEC 61508:2010 may be applicable to all cases where programmable devices are used to control the functioning of systems where safety is or may be a consideration. The most stringent software safety standards in the energy sector are applied to nuclear power plants. IEC 61226 “Nuclear power plants – Instrumentation and control important to safety – Classification of instrumentation and control functions”, is the standard which classifies functions into A, B or C. IEC 62138 covers category B or C functions only, while IEC 60880:2006 covers the most stringent category A functions. Both IEC 61508 and IEC 60880 also require use of coding standards such as MISRA and CERT .

For information on standards relevant for development of systems for the energy sector please see the red links below.

IEC 60880

Nuclear power plants – Software aspects for computer-based systems performing category A functions

IEC 61508

Functional Safety of Electrical/ Electronic/ Programmable Electronic Safety-related Systems


Guidelines for the use of the C/C++ languages in critical systems


Secure Coding Standard

“Without this [Cantata wrapping], difficult external conditions not directly influenced by our code, such as memory allocation errors, may have been difficult to simulate.”

Simon Prior, Primary Reactor Protection System project, OSyS.