Get Certified, Partner: Safety and Security Standards for Embedded Systems

By Ken Briodagh

Editor in Chief

Embedded Computing Design

December 20, 2023

Story

Get Certified, Partner: Safety and Security Standards for Embedded Systems

So, you’ve been working hard on your embedded computer, solution, application, or device and it’s almost time to start scaling it up and announcing it to the public.

Hold your horses there, cowpoke.

There’s one important step you’re going to want to make sure you get buttoned up: certification.

The systems and devices which will use embedded systems can be used anywhere, including the point of catastrophic failure for any number of use cases, including power plants, water management, smart home, automotive, AI and ML, factory automation and other industrial uses, and many others.

There are many things to consider when choosing the right certification for any given embedded product. You have to think about geography (many regions and countries have specific requirements), target industry (each one will want something different), and of course, the product’s functions and capabilities. Finally, you need to evaluate the certification body and make sure is recognized and respected by the regions and buyers in your target areas. It’s often wise to consult with experts when making these choices, since they can decrease the time to certification and increase the likelihood of passing inspections. Of course, do your due diligence here, too.  

We’re going to take a brief look at many of the key certifications, standards and entities that you can rely on and engage with before you get anywhere near release.

Underwriters Laboratories: Underwriters Laboratories (UL) is huge enough to be on any list such as this, in any industry. This independent safety organization evaluates products of all kinds for compliance with industry safety standards and certifies (or doesn’t) those products. You’ve seen the stickers. Most known for its consumer products divisions, UL works in embedded, too. Recently, Premio, a maker of rugged edge and embedded computing tech, announced that its core line of industrial rugged edge computers achieved UL Listed compliance, meeting the standards defined by UL 62368-1 Ed. 3, which is mainly for information technology, audio/video, and telecommunications equipment, and tests against safety standards for electrical shock, fire, mechanical hazards and other potential risks in mission-critical deployments.

TÜV: TÜV SÜD is a global certification body that will certify a wide range of embedded systems and devices. TÜV evaluates according to safety standards like ISO 26262, IEC 61508, and IEC 62304, and is widely used in the industry as a one-stop shop for a variety of certifications.

IECEx: The International Electrotechnical Commission System for Certification to Standards Relating to Equipment for Use in Explosive Atmospheres (IECEx), an international certification standard specifically for equipment used in volatile environments. That means explosives, or potentially explosive situations. It is based on the IEC 60079, and obtaining IECEx certification ensures that a product meets the necessary safety requirements for use in potentially explosive environments.

ATEX: In the same area, ATEX is the EU-specific certification standard for devices and systems in the same kind of explosive environments. The so-called ATEX Directive provides a certification framework for products used in hazardous environments within the European Union.

MIPI Alliance: The MIPI Alliance is an international organization that develops standards and specifications for mobile and mobile-influenced industries. MIPI works with almost all the major Embedded companies and players, including Acute Technology, Cadence Design Systems, Intel, Microchip, STMicroelectronics, and Tektronix, to name a few. One of the recent specifications from MIPI is the MIPI I3C, a scalable, two-wire utility and control bus interface for connecting peripherals to an application processor, and comes in several versions for MIPI members and non-members.

IEC 61508: This standard is one of the more generic safety certifications, covering many industries. It is made to test the functional safety of electrics, and programmable electronic safety systems in process control, machinery, and signaling systems. It’s made to cover the entire electronic and programmable ecosystem and it certifies that safety and control systems will function properly.

IEC 60571: This is one of many certifications specific to international rail, and it specifically covers the electronic components and equipment used for control, operation, design, construction, and testing, along with all the software attached to those devices. Another important rail standard is EN 50128, a European software development standard issued by CENELEC (the European Committee for Electrotechnical Standardization) that covers technical requirements and procedures for safety-specific coding in control and protection applications used in communication, signaling, and processing systems. So, if you’re looking to deploy embedded solutions in rail at all, get to know these.

ISO 26262: Staying in transportation, this one is an international standard for electronic and electrical systems in automotive applications, and it covers the lifecycle of safety-critical hardware, software, and system-level design specs. Compliance with ISO 26262 helps ensure that potential hazards are identified, assessed, and managed throughout the development process, thus reducing the risk of accidents and failures.

IEC 62304: For medical devices, the security and privacy standards are quite stringent, and this one is one of the more top-line standards. If you’re working in medical software at all, you need to get this done. According to the ISO, which issues this standard (and LOTS more, including many of the others on this list), this defines the “life cycle requirements for medical device software.” That lifecycle includes the processes, activities, and tasks coded into the software, and ensures that certified devices will meet baseline for performance and security.

MIL-STD-810G: The US military is one of the biggest buyers of embedded systems (and everything else), so many companies in and out of the US should be aware of MIL-STD 810G, which tests hardware durability and ruggedization across a large number of parameters so that military divisions can be sure that devices and equipment can withstand harsh conditions. Also of note to embedded companies is the MIL-STD-883, a US military test standard for microelectronic devices that can be used in military and aerospace electronic systems and can withstand the effects of natural elements and conditions. 

This is barely a sampling of all the standards and certifications that cover the broad base of global embedded systems. I encourage you to keep reading, consider engaging an expert (firm or vetted consultant), look into the organizations I called out here, and let me know if you want this to become a regular feature here at Embedded Computing Design.

Yee-Haw!

Ken Briodagh is a writer and editor with two decades of experience under his belt. He is in love with technology and if he had his druthers, he would beta test everything from shoe phones to flying cars. In previous lives, he’s been a short order cook, telemarketer, medical supply technician, mover of the bodies at a funeral home, pirate, poet, partial alliterist, parent, partner and pretender to various thrones. Most of his exploits are either exaggerated or blatantly false.

More from Ken