The certification criteria is FAR/CS 25.1309 the extract below is quite specific
(a) The aeroplane equipment and systems must be designed and installed so that:
(1) Those required for type certification or by operating rules, or whose improper functioning would reduce safety, perform as intended under the aeroplane operating and environmental conditions.
(2) Other equipment and systems are not a source of danger in themselves and do not adversely affect the proper functioning of those covered by sub-paragraph (a)(1) of this paragraph.
(b) The aeroplane systems and associated components, considered separately and in relation to other systems, must be designed so that -
(1) Any catastrophic failure condition
(i) is extremely improbable; and
(ii) does not result from a single failure; and
(2) Any hazardous failure condition is extremely remote; and
(3) Any major failure condition is remote.
(c) Information concerning unsafe system operating conditions must be provided to the crew to enable them to take appropriate corrective action. A warning indication must be provided if immediate corrective action is required. Systems and controls, including indications and annunciations must be designed to minimise crew errors, which could create additional hazards.
In practice there has been at least one instance where software in so called fault tolerant computers has enabled data from faulty sensors in an ADIRU to used. The resulted in a serious in flight event to a Malaysian B777 investigated by the ATSB
200503722