From our base in the UK Midlands, we provide support for organisations across the world that need to create software for real-time embedded systems that are reliable, secure and safe.
Our highly-experienced team employs an industry-proven engineering process that integrates ‘Time-Triggered‘ (TT) software architectures with patented run-time monitoring techniques.
We deliver our solutions in packages that are based on ReliabiliTTy® Technology Licences, combined (where required) with training, consultancy and staff-certification services.
In many cases, our customers start by using ReliabiliTTy technology to build a ‘TT Wrapper’: this is a monitoring unit that is used to improve confidence in the safe operation of a (pre-existing) complex component or system, such as:
- A controller for an autonomous road vehicle (ISO 26262, ‘ASIL D’)
- A controller for a medical infusion pump that contains ‘SOUP’ (IEC 62304, ‘Class C’)
- A unit for confirming that a machinery-operator is ‘in place’ (ISO 13849, ‘PL e’)
- A controller for a civilian aircraft system (DO-178C / DO-254)
In other cases, our customers apply ReliabiliTTy technology to build a complete ‘TT System’, such as:
- An automotive ECU designed using ‘ASIL decomposition’ (ISO 26262, ‘ASIL B’)
- A ‘Steering-Column Lock Controller’ for a high-volume passenger car (ISO 26262, ‘ASIL D’)
- An industrial monitoring system (IEC 61508, ‘SIL 2’)
- A controller for an industrial robot (IEC 61508, ‘SIL 3’)
- A controller for a domestic washing machine (IEC 60730 / IEC 60335, ‘Class B’)
- A space-based control system (ECSS-E-ST-40C, ECSS-Q-ST-80C)
- These are simply examples of the type of project that we can support.
- If your organisation needs to create reliable / secure / safe embedded systems – in any sector – then we may be able to help.
- We offer a cost-effective and time-efficient evaluation process for our technology and services.
- We take on up to 10 new projects every year and deliver our services on a worldwide basis.
New evaluation packages now include 2 days of support for your team
Many of our new customers purchase a ReliabiliTTy Technology Evaluation Licence (RTEL) package as a means of exploring our technology and developing their first TT design.
Our RTEL packages now include 2 days of one-to-one design support, helping to ensure that your team can develop their first TT product successfully, at minimal cost.
Learn more about RTEL packages …
The rise of the ‘TT Wrapper’ – An interview with Dr Michael J. Pont
Dr Michael J. Pont, Executive Director at SafeTTy Systems, was interviewed recently by AutoSens.
During this interview, Michael discussed the changes in demand for TT systems; complexity management challenges, and insights from his book “The Engineering of Reliable Embedded Systems”.
You have been working in the field of time-triggered (TT) embedded systems for more than 25 years. How much of this work has been directly related to automotive?
I’ve supported the development of safety-related embedded systems in a range of sectors over the years, including industrial control, civilian aircraft, space and medical. I began my first major TT project in the automotive sector around 15 years ago. Since this time, I have seen two step-changes in demand for TT systems in this sector.
The first step-change came in the lead up to the publication of the first edition of the international standard ISO 26262 in 2011. At this time, many organisations realised that they needed to be able to provide evidence that the vehicles or automotive components that they were producing had been ‘designed for safety’. TT architectures provide a highly-effective way of achieving this.
The second step-change came in the last few years as people became interested in ADAS / AV designs. At this point, the complexity of automotive designs increased very significantly, and I saw further demand for cost-effective TT designs as a means of improving confidence in the safety of such systems.
The end result is that – at the present time – around 60% of my work is in the automotive sector.
What have you learnt in working in other areas of Embedded Systems that can be applied to automotive?
My main goal is to help organisations to produce systems where we can be confident about safety. The key thing that I have learned from different sectors – particularly the aerospace sector – is the importance of having what is sometimes called a ‘safety culture’ in any organisation that wishes to achieve this goal. For me, a safety culture relies on having good people throughout an organisation who are not afraid to question design decisions that – in their view – may have a negative impact on safety.
I think it’s important to add that this is no longer simply a question about the lessons that automotive organisations can learn from other sectors. The ADAS / AV designs that automotive organisations are currently involved with present safety challenges that are – in my view – greater than those faced in many aerospace designs. Over the next few years, I would expect to see experienced automotive designers providing advice in many other sectors.
You can read the full interview on the AutoSens website.
Guidelines for assessing control systems for L4/L5 autonomous vehicles
In 2017, Dr Michael J. Pont (Executive Director, SafeTTy Systems Ltd) was asked by the ADAS & AV specialist group at AESIN to work with BSI on a new set of safety guidelines for the assessment of control systems used in autonomous vehicles (SAE Level 4 / Level 5).
We ran our second workshop on this project in June 2018.
A first public draft of the resulting guidelines is expected to become available later this year: we’ll make a further announcement (and provide a link) when the draft becomes available.
The SafeTTy Certified™ Programme
The internationally-recognised SafeTTy Certified programme is designed to help people obtain the skills needed to develop reliable, secure and safe embedded systems using ‘Time Triggered‘ (TT) software architectures – and provide evidence that they possess such skills.
The programme starts at “Level 1” and progresses to “Level 3”.
In our view:
- Level 1 represents the minimum qualification level that should be expected from an individual involved in the development of real-time embedded systems that are intended to be reliable, but where failure has no direct safety implications.
- Level 2 represents the minimum qualification level that should be expected from an individual involved in the development of real-time embedded systems that may have some safety implications (for example, designs developed in compliance with IEC 61508 or in compliance with ISO 26262), and / or where system failure could prove very expensive (e.g. deep-sea products, satellite systems).
- Level 3 represents an appropriate qualification level for an individual who is involved in the development of real-time embedded systems that are safety-critical in nature (for example, designs developed in compliance with IEC 61508 up to ‘SIL 3’ / ‘SIL 4’ or in compliance with ISO 26262 up to “ASIL D”, or in compliance with DO-178C up to “Level A”).
For experienced developers, we offer the option of Direct Entry to Level 2: this means that it is not necessary to complete Level 1 of this programme before attempting the intermediate-level training and examination.
Learn more about the SafeTTy Certified programme …
The Engineering of Reliable Embedded Systems (Second Edition) by Michael J. Pont
‘The Engineering of Reliable Embedded Systems’ (ERES2) documents an industry-proven approach to the development of software for reliable, real-time embedded systems, based on the use of second-generation ‘Time Triggered’ (TT) architectures.
What distinguishes TT approaches is that it is possible to model the expected system behaviour precisely. This means that: [i] during the development process, we can demonstrate that all of the requirements have been met; and [ii] at run time, we can detect problems very quickly.
The end result is that we can have a high level of confidence that a TT system will either: [i] operate precisely as required; or [ii] move into an appropriate state if a problem occurs.
The above characteristics mean that appropriately-implemented TT systems provide a particularly effective means of meeting the requirements of various international safety standards.
In order to illustrate how the TT techniques presented in ERES2 can be employed in practical designs, five detailed case studies are included. These studies describe the development of embedded control and monitoring systems for the following products:
- an industrial alarm sounder unit (IEC 61508, SIL 2);
- a domestic washing machine (IEC 60730, Class B);
- a hospital radiotherapy machine (IEC 62304, Class C);
- a steering-column lock for a passenger car (ISO 26262, ASIL D);
- an aircraft jet engine (DO-178C, Level A).
DuplicaTTor® Evaluation Board
Our DuplicaTTor® Evaluation Board (DEB-0405) is aimed primarily at organisations that wish to develop industrial / generic designs in compliance with IEC 61508 (up to ‘SIL 3’); machinery designs in compliance with ISO 13849 (up to Pl e Cat 4); household goods in compliance with IEC 60730 / IEC 60335 (up to Class C); medical equipment in compliance with IEC 62304 (up to Class C); and automotive designs in compliance with ISO 26262 (up to ASIL D).
DEB-0405 can also be used to prototype civil aircraft designs in compliance with DO-178C (up to ‘DAL A’)..
Learn more about our evaluation hardware.
– Investigate our specialised Evaluation Hardware for safety-related systems –