The Role of TÜVs in Functional Safety and Cybersecurity Certification – Do We Really Need Them?

We all have experienced the pressure of being under examination at some point. Whether it was during a school test or a driving license exam, the feeling is the same: you’ve prepared for days, weeks, and now you’re under the scrutiny of someone who will decide whether you pass or fail. It is not an experience we seek out every day, but once you pass the exam, the feeling of joy and accomplishment is undeniable.

Working on functional safety and cybersecurity projects with TÜV assessors can feel similar. Just like you need a driving license to get on the road, you need certification from accredited organizations like TÜVs to bring your product to market. This is essential and for good reason—the certification ensures that products are safe and secure. In Germany, we often say, “Vertrauen ist gut, Kontrolle ist besser”, in other words “Trust is good, control is better.”

There’s a common misconception among customers: many companies view TÜV certification as just a hurdle to clear or a box to check off. They adopt a “pass-the-test” mentality, asking questions like“Will this be accepted by the certifier?” or “Let’s just do this because the TÜV wants to see it.”

We believe there is a better way.

Certification is more than just passing an exam. It’s about ensuring that the product is genuinely safe and secure, and there should be a clear commitment to doing it. It is not just about clearing a regulatory hurdle.

Shifting the Perspective: TÜV Certification as a Chance

The responsibility for bringing a safe and secure product to the market lies with you, the manufacturer. TÜVs are there to assess and verify, but they aren’t the ones designing your systems or making sure your product meets safety standards throughout the development process.

From Strict Compliance to Creative Shortcuts (adapted from https://xkcd.com/2408/ under Creative Common License)

We have observed this many times: companies often treat TÜV involvement as just a final hurdle to clear at the end of a project. This approach can lead to significant last-minute challenges, and in some cases, major surprises, when gaps or issues are uncovered by the TÜV, resulting in project delays and unexpected costs.

In contrast, we believe the following three key principles are essential for achieving an efficient certification process, without compromising safety or security:

  1. Understanding the language
    Functional safety standards like IEC 61508 and ISO 26262, as well as cybersecurity frameworks such as IEC 62443 or ISO 21434 can be complicated to understand and apply. Due to the complexity and variety of the products in scope of those standards, there cannot be clear rules on how to apply them. Expert judgment is the keyword. And sometime experts talk in different languages. It is therefore crucial to understand the different languages, to be able to translate them and debate about the related issues. Simply “listening, without understanding” is not a good strategy.
  2. Be the advocate for your product, but don’t defend the indefensible
    When presenting your product to TÜV assessors, be thorough in your documentation and testing results. If there are gaps, acknowledge them. Avoid defending what cannot be justified—honesty will help you resolve issues more effectively and prevent long-term complications.
  3. Learn from Mistakes
    No project is perfect, and mistakes happen. When a TÜV identifies an issue, view it as an opportunity to improve not only this project but also future ones. Fixing mistakes early helps build a stronger foundation and prevents rework in future certifications.

Why Certification Should not Be an Afterthought

Imagine taking a driving exam knowing you do not fully understand the rules of the road. Would you feel confident behind the wheel, hoping the examiner does not notice your lack of preparation? This is what it is like to approach TÜV certification without proper guidance. The stakes are too high to leave things to chance, especially when it comes to functional safety and cybersecurity.

Our Proven Approach to Working with TÜVs

Over the past 20 years, we have refined our approach to certification with TÜVs. Here are the basic principles that we follow with our clients:

  • Start with a clear understanding of your product and its safety/security requirements.
    Before any certification body is involved, we make sure you understand exactly what needs to be done to meet functional safety and cybersecurity standards. Whether it’s SIL requirements or specific cybersecurity defenses, we map out the steps that need to be taken and agree about responsibility of “who is doing what”.
  • Treat certification as an ongoing process, not a final hurdle.
    Incorporate certification requirements from the start, ensuring safety and security are embedded by design into every stage of the product’s lifecycle. This proactive approach helps avoid surprises and issues at the project’s end.
  • Act as a buffer between the customer and the TÜV, ensuring clarity and avoiding confusion.
    We know what TÜV assessors are looking for, how you should discuss with them, and we want to make sure that documentation, tests, and processes align with their expectations too. When TÜV discussions take place, we help guide the process, making sure the assessment runs smoothly and efficiently.
  • Resolve issues efficiently
    If the TÜV identifies issues during the certification process, we work with you to resolve them quickly and thoroughly. We don’t just fix the immediate problem; we help you implement long-term improvements that will benefit future projects, to avoid the same mistakes.

Conclusion: Do we need them?

So, do we really need TÜVs? Absolutely. Would you feel confident crossing the street, knowing nobody took a drive exam? But the real question is: are you ready to approach certification in the right way? Following the basic principles described above, the certification will not only be the final success of your project, but a real added value for future ones as well. At innotec we believe in guiding our customers, not only to pass the driving exam, but also to become the best possible drivers for the future! The final goal shall be not only to get the driving license, but to be able to drive safely for many years to come. Have a look at https://innotecsafety.com/consulting/approval-and-certification

Please note that, in this article, the term “TÜVs” refers to all independent certification bodies, including DEKRA, SGS, Exida, UL, DNV, and others.

Similar Posts

The Role of AI and Human Expertise in Machinery Functional Safety Risk Assessment
| | |

The Role of AI and Human Expertise in Machinery Functional Safety Risk Assessment

Introduction In safety engineering, conducting risk analysis is crucial but requires substantial resources, expertise, and adherence to standards like ISO 12100 and ISO 13849. This ensures machinery operates safely and meets regulatory requirements. With advancements in artificial intelligence, particularly Large…

innotec and modelwise Partner to innovate Functional Safety
| |

innotec and modelwise Partner to innovate Functional Safety

Continue innovating Functional Safety with AI and formal methods-based tools [Munich, Filderstadt] – Modelwise, a spin-off of the Technical University of Munich that develops software for automated functional safety analyses, and innotec GmbH, a consulting company specialized in Functional Safety…