SafeTTy Systems™

At SafeTTy Systems, we help our customers to develop software for reliable space-based systems, automotive systems (including autonomous vehicles), industrial control systems, medical systems, railway systems, sports equipment …

We do this using an industry-proven engineering process that integrates ‘Time-Triggered‘ (TT) software architectures with patented run-time monitoring techniques.

The designs that we support are typically based on low-cost, off-the-shelf microcontrollers, provided by a range of different semiconductor manufacturers (our technology is not tied to any particular hardware platform).

Where required, we help our customers to achieve compliance with one or more international safety standards: ISO 26262, IEC 61508, ISO 13849, IEC 62304, IEC 60730 …

We offer:

We are a UK company with a worldwide customer base.



Our popular ‘ERES2’ book is available as a paperback for just £45

ERES2 front cover
Did you know that ‘The Engineering of Reliable Embedded Systems’ (ERES2) is available in a low-cost paperback format?

This popular book documents an industry-proven approach to the development of software for reliable, real-time embedded systems, based on the use of ‘Time Triggered’ (TT) architectures.

The case studies in ERES2 describe the development of software for the following products: [i] an industrial alarm sounder unit (IEC 61508, SIL 2); [ii] a domestic washing machine (IEC 60730, Class B); [iii] a hospital radiotherapy machine (IEC 60601-1; IEC 62304, Class C); [iv] a steering-column lock for a passenger car (ISO 26262, ASIL D); and [v] an aircraft jet engine (DO-178C, Level A).

You’ll find further information on the ERES2 page.

Our ‘ERES2’ book is accompanied by a growing suite of public ‘Time-Triggered Reference Designs’ (TTRDs).

Used in conjunction with the book, these code examples are designed to illustrate ways in which TT software architectures can be used to support the development of a wide range of embedded systems for which safety is a key design consideration.

The latest suite of public TTRDs can be downloaded from our TTRD page.



Developing safety-critical systems in compliance with ISO 13849 and IEC 61508 / ISO 26262

We receive many enquiries from organisations that need to develop embedded systems in compliance with international safety standard ISO 13849.

  • To achieve compliance with ISO 13849, we have experience developing a range of dual-processor designs: our DuplicaTTor® Design Suite and related DuplicaTTor® Evaluation Board provide a highly-effective platform for such products.
  • ISO 13849 is often used in combination with other (perhaps more familiar) standards. For example, many industrial control / machinery designs need to be developed in compliance with ISO 13849 and IEC 61508. Similarly, ISO 13849 is often used in combination with ISO 26262 when developing various autonomous and / or off-road vehicles.

As an example of the type of design solution that we use in such products, we have prepared an example of a monitoring system for a piece of machinery. In this example, our solution is based on a ‘Time Triggered‘ (TT) software architecture and two low-cost microcontrollers.

The figure below summarises the design solution.



Learn more about this example …


ISO 26262: 2018

The long-awaited second edition of international automotive safety standard ISO 26262 has now been published.

The new edition includes some major changes (for example, trucks and motorcycles are now in scope) and numerous more subtle refinements (for example, ‘limp home’ modes are now considered).

We’ve already begun work on our first group of projects using this new edition.

If you are about to start a new automotive project and require support, we’ll be happy to discuss your requirements: please contact us.



The SafeTTy Certified™ Programme

The internationally-recognised SafeTTy Certified programme is designed to help people obtain the skills needed to develop reliable, secure and safe embedded systems using ‘Time Triggered‘ (TT) software architectures – and provide evidence that they possess such skills.

The programme starts at “Level 1” (L1) and progresses to “Level 3” (L3).

In our view:

  • Level 1 represents the minimum qualification level that should be expected from an individual involved in the development of real-time embedded systems that are intended to be reliable, but where failure has no direct safety implications.
  • Level 2 represents the minimum qualification level that should be expected from an individual involved in the development of real-time embedded systems that may have some safety implications (for example, designs developed in compliance with IEC 61508 or in compliance with ISO 26262), and / or where system failure could prove very expensive (e.g. deep-sea products, satellite systems).
  • Level 3 represents an appropriate qualification level for an individual who is involved in the development of real-time embedded systems that are safety-critical in nature (for example, designs developed in compliance with IEC 61508 up to ‘SIL 3’ / ‘SIL 4’ or in compliance with ISO 26262 up to “ASIL D”, or in compliance with DO-178C up to “Level A”).


Please note that:

  • For more experienced developers, we offer the option of Direct Entry to L2 courses: this means that it is not necessary to complete L1 of this programme before attempting the intermediate-level training and examination.
  • All three levels can be taken online: this option is particularly popular where a single developer in an organisation wishes to complete the programme.

Learn more about the SafeTTy Certified programme …