Safety Engineering with COTS components

Safety-critical systems are becoming more widespread, complex and reliant on software. Increasingly they are engineered through Commercial Off The Shelf (COTS) (Commercial Off The Shelf) components to alleviate the spiralling costs and development time, often in the context of complex supply chains. A parallel increased concern for safety has resulted in a variety of safety standards, with a growing consensus that a safety life cycle is needed which is fully integrated with the design and development life cycle, to ensure that safety has appropriate influence on the design decisions as system development progresses. In this article we explore the application of an integrated approach to safety engineering in which assurance drives the engineering process. The paper re- ports on the outcome of a case study on a live industrial project with a view to evaluate: its suitability for application in a real-world safety engineering setting; its benefits and limitations in counteracting some of the difficulties of safety en- gineering with COTS components across supply chains; and, its effectiveness in generating evidence which can contribute directly to the construction of safety cases

Developing an Argument for Def Stan 00-56 from Existing Qualification Evidence

International audienceCommonly-used civil guidance and standards in the safety-critical software industry (IEC 61508, EN 50128, DO-178B) constrain development activity and generate process and product evidence. However, procurements for UK defence systems must be supported with a safety case assessed against Def Stan 00-56 Issue 4. This paper studies the use of evidence from civil guidance and standards in arguments towards DS 00-56. The approach is centred on a particular application, the KCG qualified code generator, and is based on a generic software contribution argumentation approach. The results show that issues arise in substantiating failure conditions, choosing a suitable level of detail in the argumentand relating detailed explanations to the structure of the evidence. Explicit argumentation was found to be useful in addressing each of these issues

Should healthcare providers do safety cases? : Lessons from a cross-industry review of safety case practices

Healthcare organisations are often encouraged to learn from other industries in order to develop proactive and rigorous safety management practices. In the UK safety–critical industries safety cases have been used to provide justification that systems are acceptably safe. There has been growing interest in healthcare in the application of safety cases for medical devices and health information technology. However, the introduction of safety cases into general safety management and regulatory practices in healthcare is largely unexplored and unsupported. Should healthcare as an industry be encouraged to adopt safety cases more widely? This paper reviews safety case practices in six UK industries and identifies drivers and developments in the adoption of safety cases. The paper argues that safety cases might best be used in healthcare to provide an exposition of risk rather than as a regulatory tool to demonstrate acceptable levels of safety. Safety cases might support healthcare organisations in establishing proactive safety management practices. However, there has been criticism that safety cases practices have, at times, contributed to poor safety management and standards by prompting a “tick-box” and compliance-driven approach. These criticisms represent challenges for the adoption of safety cases in healthcare, where the level of maturity of safety management systems is arguably still lower than in traditional safety–critical industries. Healthcare stakeholders require access to education and guidance that takes into account the specifics of healthcare as an industry. Further research is required to provide evidence about the effectiveness of safety cases and the costs involved with the approach

Do safety cases have a role in aircraft certification?

AbstractSafety cases, as a means of demonstrating system safety, have been increasingly used as the basis for system assurance, especially in safety or mission-critical systems in fields such as offshore installation, railway operations, nuclear plants, and air traffic control. Despite the increased adoption of safety cases in the aforementioned areas, the usage of safety arguments is still limited in the certification of a civil aircraft design. This paper provides 1) a brief overview of the key regulations and guidelines in support of aero-system certification especially at the development stage; 2) a review of the history, the essence, and the practice of safety cases; 3) an analysis of the role of processes and safety arguments in aircraft certification; and 4) recommendations on the future work in terms of further application of safety cases in aircraft certification

Choosing effective methods for design diversity - How to progress from intuition to science

Design diversity is a popular defence against design faults in safety critical systems. Design diversity is at times pursued by simply isolating the development teams of the different versions, but it is presumably better to "force" diversity, by appropriate prescriptions to the teams. There are many ways of forcing diversity. Yet, managers who have to choose a cost-effective combination of these have little guidance except their own intuition. We argue the need for more scientifically based recommendations, and outline the problems with producing them. We focus on what we think is the standard basis for most recommendations: the belief that, in order to produce failure diversity among versions, project decisions should aim at causing "diversity" among the faults in the versions. We attempt to clarify what these beliefs mean, in which cases they may be justified and how they can be checked or disproved experimentally

The Australian workplace barometer: report on psychosocial safety climate and worker health in Australia

The Australian Workplace Barometer project aims to provide science driven evidence of Australian work conditions and their relationships to workplace health and productivity, through a national monitoring and surveillance system. This report was commissioned by Safe Work Australia to provide a summary of the results from data obtained from six Australian states and territories: New South Wales, South Australia, Western Australia, Tasmania, the Australian Capital Territory and the Northern Territory. The data provides evidence relating to psychosocial risk factors in the working Australian population as well as an analysis of relationships between risk factors and employee health and motivational outcomes

Towards a practical framework for managing the risks of selecting technology to support independent living

Information and communication technology applications can help increase the independence and quality of life of older people, or people with disabilities who live in their own homes. A risk management framework is proposed to assist in selecting applications that match the needs and wishes of particular individuals. Risk comprises two components: the likelihood of the occurrence of harm and the consequences of that harm. In the home, the social and psychological harms are as important as the physical ones. The importance of the harm (e.g., injury) is conditioned by its consequences (e.g., distress, costly medical treatment). We identify six generic types of harm (including dependency, loneliness, fear and debt) and four generic consequences (including distress and loss of confidence in ability to live independently). The resultant client-centred framework offers a systematic basis for selecting and evaluating technology for independent living