Preconditions: None ​ *Input conditions / steps: Run the CONTROLLER with connected peripherals or run the simulated model. Start monitoring for faults. Induce at least one vital-fault and keep it active.​ *Expected results: The GUI (simulated) should be notified about the fault.​

Preconditions: None ​ *Input conditions / steps: Run the CONTROLLER with connected peripherals or run the simulated model. Start monitoring for faults. Induce at least one vital fault and keep it active.​ *Expected results: The controller shall go to fallback state in X time units.

Preconditions: The System is running​ *Input conditions / steps: The GUI sends an expected command to the CONTROLLER.​ *Expected results: The CONTROLLER shall acknowledge the execution of the given command to the GUI.

Preconditions: None ​ *Input conditions / steps: Run the CONTROLLER with connected peripherals or run the simulated model. Start monitoring for faults. Induce at least one vital-fault and keep it active.​ *Expected results: The CONTROLLER (or its simulated model) should enter the fallback state and order the motor to the safe state .

*Preconditions: None​ *Input conditions / steps: Analyze in the standards which choice and combination of procedures and techniques can be used to achieve the safety targets of SIL4. ​ *Expected results: Identify and improve a subset of these combinations and choices