ABSTRACT
Safety is demonstrated not by compliance with prescribed processes, but by assessing hazards, mitigating those hazards, and showing that the residual risk is acceptable. From the point of view of a company buying a component or subsystem for use in a safety-critical application, the standard forms shorthand that simplifies contractual relationships. Goal-based standards, in contrast, state the goal that must be achieved and leave the selection of appropriate processes, procedures, techniques, and tools to the development organization. Standards from the International Electrotechnical Commission (IEC) and International Organization for Standards (ISO) are produced in basically the same way: Industry experts work to create a standard, and the acceptance of the standard depends on the results of a vote, where each country participating in the IEC or ISO gets a single vote. Any company could act as an external certification body, but companies can become “accredited” to issue certificates for a particular standard.
