EN 50126 Project Compliance Checklist

System boundary defined CONCEPT

Document the system scope, interfaces, and operational context. Identify all subsystems that will require RAMS analysis.

RAMS Plan approved CONCEPT

The RAMS Plan must define: RAMS targets (MTBF, availability, MTTR, SIL), responsibilities, methods to be used, and the verification/validation strategy.

Operational profile documented CONCEPT

Operating hours per year, environmental conditions, mission profiles, and expected service life must be defined before reliability targets can be set.

Hazard Log initiated DESIGN

All identified hazards recorded with: hazard ID, description, cause, effect, severity, frequency, risk level, and assigned mitigation. Must be maintained throughout the project lifecycle.

SIL allocation completed DESIGN

Each safety function assigned a SIL (1–4) based on risk analysis. Rationale documented and reviewed by an independent safety assessor.

Safety Requirements Specification (SRS) issued DESIGN

Formal SRS document covering all safety requirements, with traceability to hazards in the Hazard Log and allocated SIL levels.

RAMS requirements allocated to subsystems DESIGN

System-level RAMS targets broken down to subsystem level. Reliability block diagrams or fault trees used to verify allocation is consistent.

FMEA / FMECA conducted IMPLEMENTATION

For all safety-critical subsystems. Results feed into the Hazard Log and reliability predictions. FMECA adds criticality ranking to prioritise design improvements.

Reliability predictions completed IMPLEMENTATION

Predicted MTBF calculated using component failure rate data (e.g., IEC 62380, MIL-HDBK-217). Must demonstrate that MTBF target can be met before design is frozen.

Software compliance with EN 50128 verified IMPLEMENTATION

All safety-related software developed under EN 50128. Software Safety Integrity Level (SSIL) must be consistent with the system-level SIL allocation from Phase 2.

Hardware compliance with EN 50129 verified IMPLEMENTATION

Electronic hardware safety case prepared per EN 50129. FMEDA (Failure Modes, Effects and Diagnostic Analysis) completed for all safety-related hardware.

Traceability matrix complete VALIDATION

Every requirement in the SRS has a corresponding test or analysis in the V&V plan. No orphaned requirements or untested safety functions permitted.

Reliability demonstration test passed VALIDATION

Statistical test (or equivalent analysis) demonstrating that the MTBF target is met with the required confidence level — typically 90% per EN 50126-1 guidance.

Independent Safety Assessment (ISA) completed VALIDATION

An independent assessor (not involved in design) reviews and approves the Safety Case. Required by most NSAs for SIL 2 and above.

Safety Case submitted to NSA VALIDATION

The complete safety case — including RAMS Plan, Hazard Log, SRS, FMEA, reliability data, V&V reports, and ISA statement — submitted for formal safety authorisation.

Failure data collection system (FRACAS) established OPERATIONS

A systematic Failure Reporting, Analysis and Corrective Action System must be in place to feed operational data back into the RAMS model and validate design-stage predictions.

Maintenance plan validated against MTTR targets OPERATIONS

Planned maintenance intervals and corrective maintenance procedures verified against MTTR targets from the RAMS Plan. Deviations trigger a plan review.

Periodic RAMS review conducted OPERATIONS

Annual review comparing achieved MTBF and availability against targets. Consistently missed targets trigger a formal design or maintenance strategy update.