What is "legally relevant software" for Measurement Canada? What is the scope of software that is evaluated by Measurement Canada for type approval?
These new requirements refer only to software which has a direct impact on the measurement result or is needed in order to perform other legally relevant functions of the device. This includes legally relevant software responsible for metrological functions, sealing and protection from tampering, or any software modules or components that could influence legally relevant measurement data output from the device.
Only the aspects of software functionality that fall within the scope of the authorities provided in the Weights and Measures Act and Electricity and Gas Inspection Act are evaluated by Measurement Canada.
How much technical documentation are applicants to type approval required to provide to meet the requirements for software evaluation compliance?
Software-controlled features are evaluated through a combination of attestation, and functional testing where applicable. Measurement Canada will provide supplementary documents to type approval applicants, such as a checklist and software questionnaire to help streamline the process.
Where are the requirements for software evaluation in software-controlled measuring devices derived from? How will ongoing alignment with international guidance documents (OIML D31 and WELMEC 7.2) be managed?
The requirements are primarily derived from international guidance documents, specifically OIML D31 (General Requirements for Software-Controlled Measuring Instruments) and WELMEC 7.2 Software Guide, as well as existing Measurement Canada policies. These harmonised software requirements aim to align with these international frameworks to help accelerate the approval process.
Who is responsible for compliance with these requirements – manufacturers or device owners?
Responsibility rests with applicants (manufacturers or those applying on their behalf) during the type approval process. Applicants to the type approval process must ensure that all features, including provisions for updates or software identification, are present and documented.
Note: Owners/operators of devices in service are responsible for ongoing compliance with applicable inspection and verification requirements.
Does Measurement Canada require a specific method or level of detail for displaying and identifying software version information on measuring devices?
Devices must clearly identify legally relevant software. A combination of software version numbers, hashes or other unique identifiers is commonly used to meet these requirements. Supplementary information about the structure of these identifiers may be listed on the Notice of Approval.
Note: Inspectors or authorized persons will need access to information on legally relevant software so they can verify the installed software against what is listed on the Notice of Approval.
What type of seals are considered acceptable, and how should events and intervention be documented?
Both physical and software sealing is acceptable, depending on design and device-specific requirements.
Devices with an approved event logger feature must also comply with the requirements in S-EG-06 (E&G) or Terms and conditions for the approval of metrological audit trails (W&M).
What is the difference between traceability for measurement data and traceability for software updates and how should each be implemented?
Traceability for measurement data ensures every measured data point is linked to its source device and standard units of measure, allowing for reliable use in trade.
Traceability for software updates focuses on logging and documenting all interventions to the legally relevant software. This allows inspectors to verify continued compliance of an installed device that is being used in trade against what is listed in its Notice of Approval.
What are the reporting and approval requirements for modifications to previously approved or installed devices if these requirements are implemented?
Devices previously approved by Measurement Canada will maintain their approval status. However, any changes to the design of the meter or the software for an approved device will be subject to these new requirements.
For devices that are already installed and used in trade, no further action is required unless a revision request is made for an update or modification that affects the legally relevant software or device configuration.
Will detailed manuals, checklists, and training be available to assist with implementation?
Measurement Canada is preparing a software evaluation manual, questionnaire, and checklist. These documents will offer guidance to aid applicants in interpreting and implementing the requirements.
How will Measurement Canada address software vulnerabilities identified after type approval? Will there be a defined process to facilitate the rapid deployment of critical security or cyber-security related updates ensuring both regulatory compliance and ongoing protection of devices in the field?
Measurement Canada recognizes the importance of addressing software vulnerabilities identified after type approval. Software updates submitted by applicants may address issues that impact safe or legal operation of the device, or critical changes in response to cybersecurity requirements. These updates may also involve fixes that fall outside the scope of type approval evaluation.
Measurement Canada is exploring ways to streamline revisions to Notices of Approval for critical software updates.
Note: For devices already in service, critical software updates may be deployed using approved traced update features, where available.