Child nodes:
The Runtime Monitors are implemented using conventional software techniques and verified accordingly.
The Runtime Monitors are implemented on separate and diverse hardware from that of the symbolic AI, (Intelligent) Collision Sensor, Image Classifier, Conventional Control Algorithms.
The WDT is hardware based and is patted from the 'main' polling loop forming the scheduler.
A claim is made here for both.
Possible approaches include:
1. The COTS software is constrained by a wrapper. The wrapper has been developed according to recognised good practice (RGP) which is commensurate with the classification of this SSC (Production Excellence (PE)). A third party has examined the process and its products to confirm that they are commensurate with the classification of this SSC (Independent Confidence Building Measures (ICBM)).
2. Independent and diverse software methods, tools, hardware, staff etc. have been used to verify the output of the SSC which is commensurate with the classification of this SIF(PE). A third party has examined the process and its products to confirm that they are commensurate with the classification of this SSC (Independent Confidence Building Measures (ICBM)).
3. Independent and diverse (and possibly less complex) hardware/software (sensors, decision making etc.) have been used to provide a preventative/mitigative SSC which is commensurate with the classification of this SIF (PE). A third party has examined the process and its products to confirm that they are commensurate with the classification of this SSC (Independent Confidence Building Measures (ICBM)). This could be implemented as an input to a voting system or as outer limits which place the system in to a safe state (failsafe).
4. Independent and diverse software methods, tools, hardware, staff etc. have been used to verify in RT the output of the SSC which is commensurate with the classification of this SIF (PE).