019980-000000-0000001 Scope
1.1 These requirements apply to non-networked embedded software residing in programmable components performing safety-related functions whose failure is capable of resulting in a risk of fire, electric shock, or injury to persons.
1.2 This is a reference standard in which the requirements are to be applied when specifically referenced by other standards or product safety requirements.
1.3 These requirements address the risks unique to product hardware controlled by software in programmable components.
1.4 These requirements are intended to supplement applicable product or component standards and requirements, and are not intended to serve as the sole basis for investigating the risk of fire, electric shock, or injury to persons.
1.5 These requirements are intended to address risks that occur systematically or randomly in the software or in the process used to develop and maintain the software, such as the following:
a) Requirements conversion faults that cause differences between the specification for the programmable component and the software design;
b) Design faults such as incorrect software algorithms or interfaces;
c) Coding faults, including syntax, incorrect signs, endless loops, and other coding faults;
d) Timing faults that cause program execution to occur prematurely or late;
e) Microelectronic memory faults, such as memory failure, not enough memory, or memory overlap;
f) Induced faults caused by microelectronic hardware failure;
g) Latent, user, input/output, range, and other faults that are only detectable when a given state occurs; and
h) Failure of the programmable component to perform any function at all;. and
i) Failures in data communication such as transmission errors, repetitions, deletion, insertion, resequencing, corruption, delay and masquerade.
1.6 Product standard requirements may amend or supersede the requirements in this standard, as appropriate.
1.7 These requirements are not intended to address risk of remote software update and cybersecurity. Risks associated with unauthorized access or attack through a network shall be addressed in the product standard or other referenced standards such as the Standard for Remote Software Updates, UL 5500 and the series of Standards for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements, UL 2900-1.