Confidence in the Use of Software Tools per ISO 26262


The preeminence of the ISO 26262 standard, the adaptation of IEC 61508 to functional safety needs specific to road vehicles, is indisputable. Fundamental to ISO 26262 compliance in the development of electrical and/or electronic (E/E) systems encompassing software practitioners, but often misunderstood and underappreciated, is the concept of software tool qualification which pertains to determining a level of confidence in the use of a software tool (or more likely tools, as there are undoubtedly several of differing types involved in a software development process).

Determining a level of confidence in the use of a software tool such as an ALM system is particularly interesting. The criticality of ALM to development of safety-related elements is undeniably different from the criticality of certain other forms of software tools/components that have more of a direct safety impact, i.e., more directly embedded within the in-vehicle E/E systems. Nevertheless, ALM is instrumental in supporting and tailoring the safety-lifecycle, and so there still must be a determination as to the level of confidence in a tool such as ALM to assure that a development process is in accordance with ISO 26262. ALM is also a “system of record” with respect to the traceability and auditability of your ISO 26262 compliance efforts.

Determining confidence in the use of an ALM system is challenging due to several complex and intertwined considerations. First is software tool diversity itself –more often than not ALM is combined and integrated with a set of other software tools into a tool-chain. Such tool-chains can consist of commercial products from different vendors, open-source tools, freeware, shareware, or in-house developed tools, in virtually any and all combinations thereof. Another factor is a full understanding of planned ALM usage –the specific intended use, inputs/outputs, processing flow, functions, properties, behaviors, etc. (made more complicated by the first consideration of software diversity, in conjunction with the varying degrees to which every entity structures their own unique processes and workflows). Yet another factor is the extent of reliance placed upon the validity of a predetermined tool confidence level or qualification. Where a software tool being utilized may have been independently qualified (certified), ISO 26262 nevertheless mandates that the validity of such predetermined tool confidence levels be confirmed with regard to the planned intended use in a particular development process, prior to the software tool being used–in other words, procedures must be performed to determine that the evaluations utilized to prequalify (certify) a tool indeed match with the understanding of ALM usage in your particular situation.

The good news is that there is sufficient guidance within ISO 26262 to be helpful in sorting all of this out, but the effort is not trivial and must be performed with sufficient rigor to be in accordance with the standard, and must capture the appropriate evidence to facilitate auditability. And naturally because few things stay the same for very long in software development, the introduction of new or replacement tools, or significant updates to any of the tools being utilized; or changes to underlying intended uses or introduction of newly planned usage, or other alterations to process workflow; or change to any prequalified tool certifications… will all drive an iterative repeating of the effort.

For these many reasons we developed the Polarion ALM Tool Qualification Kit (TQK). The TQK is a supported template that enables the qualification of ALM itself, and/or the qualification of ALM combined with other software tools, or the qualification of most any software tool or tool-chains, in accordance with chapter 11 of ISO 26262-8, “Confidence in the use of software tools.” The TQK jumpstarts a project approach to a tool qualification effort by providing work items, work item linkage, workflow, and the resulting reporting reflecting the structure and qualification methods articulated in ISO 26262-8:11. Additionally, included with the TQK are a standard set of ALM use cases which represent the usual and customary functions of ALM as delivered out-of-the-box. The TQK combined with the standard set of ALM use cases are serviceable to qualify ALM within your own technology environment, and the TQK and use cases are fully flexible, modifiable, and extensible such that they can be used to qualify ALM as adapted to your uses, and/or as the basis to qualify other tools in a variety of scenarios that incorporate your specific planned intended use cases. The TQK is also flexible such that it can manage scenarios of required confirmation procedures in order to gain supportable comfort that a prequalified tool confidence level has validity within the context of your intended use, and/or remains valid in the context of your unique tool-chain. Additionally, the flexibility of the ALM TQK allows for incorporation and/or integration of ‘qual kits’ as may be available with other tools. 

Capitalizing on the inherent traceability and historical data of ALM itself, the TQK produces richly relevant, yet also customizable audit reporting and documentation, combined with easily identified and linked supporting evidentiary artifacts. The TQK, along with the other ISO 26262 templates in the ALM Automotive Solution, provide a rich set of capabilities that are paramount to development of safety-critical elements, including facilitating the presentation of comprehensive and persuasive safety cases to regulators and assessors. The ISO 26262-8:11 TQK is downloadable from the Polarion Extension Portal.

Want to stay up to date on news from Siemens Digital Industries Software? Click here to choose content that's right for you

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at