Introducción a la Norma de la OTAN ANEP (Publicación de Ingeniería Naval Aliada) 77 y su aplicación a los buques navales

In a dynamic world of continuously evolving design and application of innovative new technologies, it is proving increasingly challenging to apply the traditional approach of prescriptive-based standards. As a result, attention has focused on the increased use of a goal based philosophy over the detailed technical standards often incorporated in rules and regulations.  A successful application of this approach has been witnessed in providing goal based requirements to the design of safety for naval vessels.En un mundo dinámico de constante evolución en diseño y aplicación de nuevas tecnologías innovadoras, está resultando cada vez más difícil aplicar el enfoque tradicional de los estándares basados en normas prescriptivas. Como resultado, la atención se ha centrado en el uso creciente de una filosofía basada en objetivos por encima de los estándares técnicos detallados que a menudo se incorporan en reglas y regulaciones.  Una aplicación exitosa de este enfoque se ha evidenciado en la proporción de requisitos basados en objetivos al diseño de la seguridad para los buques navales

Model-based specification of safety compliance needs for critical systems : A holistic generic metamodel

Abstract Context: Many critical systems must comply with safety standards as a way of providing assurance that they do not pose undue risks to people, property, or the environment. Safety compliance is a very demanding activity, as the standards can consist of hundreds of pages and practitioners typically have to show the fulfilment of thousands of safety-related criteria. Furthermore, the text of the standards can be ambiguous, inconsistent, and hard to understand, making it difficult to determine how to effectively structure and manage safety compliance information. These issues become even more challenging when a system is intended to be reused in another application domain with different applicable standards. Objective: This paper aims to resolve these issues by providing a metamodel for the specification of safety compliance needs for critical systems. Method: The metamodel is holistic and generic, and abstracts common concepts for demonstrating safety compliance from different standards and application domains. Its application results in the specification of “reference assurance frameworks” for safety-critical systems, which correspond to a model of the safety criteria of a given standard. For validating the metamodel with safety standards, parts of several standards have been modelled by both academic and industry personnel, and other standards have been analysed. We further augment this with feedback from practitioners, including feedback during a workshop. Results: The results from the validation show that the metamodel can be used to specify safety compliance needs for aerospace, automotive, avionics, defence, healthcare, machinery, maritime, oil and gas, process industry, railway, and robotics. Practitioners consider that the metamodel can meet their needs and find benefits in its use. Conclusion: The metamodel supports the specification of safety compliance needs for most critical computer-based and software-intensive systems. The resulting models can provide an effective means of structuring and managing safety compliance information

Safety-Critical Systems and Agile Development: A Mapping Study

In the last decades, agile methods had a huge impact on how software is developed. In many cases, this has led to significant benefits, such as quality and speed of software deliveries to customers. However, safety-critical systems have widely been dismissed from benefiting from agile methods. Products that include safety critical aspects are therefore faced with a situation in which the development of safety-critical parts can significantly limit the potential speed-up through agile methods, for the full product, but also in the non-safety critical parts. For such products, the ability to develop safety-critical software in an agile way will generate a competitive advantage. In order to enable future research in this important area, we present in this paper a mapping of the current state of practice based on {a mixed method approach}. Starting from a workshop with experts from six large Swedish product development companies we develop a lens for our analysis. We then present a systematic mapping study on safety-critical systems and agile development through this lens in order to map potential benefits, challenges, and solution candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced Applications 2018, Prague, Czech Republi

Should healthcare providers do safety cases? : Lessons from a cross-industry review of safety case practices

Healthcare organisations are often encouraged to learn from other industries in order to develop proactive and rigorous safety management practices. In the UK safety–critical industries safety cases have been used to provide justification that systems are acceptably safe. There has been growing interest in healthcare in the application of safety cases for medical devices and health information technology. However, the introduction of safety cases into general safety management and regulatory practices in healthcare is largely unexplored and unsupported. Should healthcare as an industry be encouraged to adopt safety cases more widely? This paper reviews safety case practices in six UK industries and identifies drivers and developments in the adoption of safety cases. The paper argues that safety cases might best be used in healthcare to provide an exposition of risk rather than as a regulatory tool to demonstrate acceptable levels of safety. Safety cases might support healthcare organisations in establishing proactive safety management practices. However, there has been criticism that safety cases practices have, at times, contributed to poor safety management and standards by prompting a “tick-box” and compliance-driven approach. These criticisms represent challenges for the adoption of safety cases in healthcare, where the level of maturity of safety management systems is arguably still lower than in traditional safety–critical industries. Healthcare stakeholders require access to education and guidance that takes into account the specifics of healthcare as an industry. Further research is required to provide evidence about the effectiveness of safety cases and the costs involved with the approach

Regulatory Compliance in Multi-Tier Supplier Networks

Over the years, avionics systems have increased in complexity to the point where 1st tier suppliers to an aircraft OEM find it financially beneficial to outsource designs of subsystems to 2nd tier and at times to 3rd tier suppliers. Combined with challenging schedule and budgetary pressures, the environment in which safety-critical systems are being developed introduces new hurdles for regulatory agencies and industry. This new environment of both complex systems and tiered development has raised concerns in the ability of the designers to ensure safety considerations are fully addressed throughout the tier levels. This has also raised questions about the sufficiency of current regulatory guidance to ensure: proper flow down of safety awareness, avionics application understanding at the lower tiers, OEM and 1st tier oversight practices, and capabilities of lower tier suppliers. Therefore, NASA established a research project to address Regulatory Compliance in a Multi-tier Supplier Network. This research was divided into three major study efforts: 1. Describe Modern Multi-tier Avionics Development 2. Identify Current Issues in Achieving Safety and Regulatory Compliance 3. Short-term/Long-term Recommendations Toward Higher Assurance Confidence This report presents our findings of the risks, weaknesses, and our recommendations. It also includes a collection of industry-identified risks, an assessment of guideline weaknesses related to multi-tier development of complex avionics systems, and a postulation of potential modifications to guidelines to close the identified risks and weaknesses

Characteristics of medical device software development

This paper aims to describe the software development settings of medical device domain focusing on the demands of the safety critical software processes. Medical device software developers have to adhere to a number of regulations and standards. This paper addresses the most important characteristics of a software development framework that could support medical device software developers in their efforts to comply with these regulations as well as to improve their software development processes

Applicability of MIL-HDBK-516B to Certifying Autonomous Decision-Making Air Vehicle Systems

Airworthiness certification of military aircraft is accomplished by the developing military service. Air Force programs use the qualitative criteria outlined in MIL-HDBK-516B, “ASC/ EN Airworthiness Certification Criteria Expanded Version of MIL-HDBK-516B” (September 26, 2005) to aid the development of program-specific airworthiness criteria. The generalized criteria in this document are used to construct the specific criterion and associated artifacts — evidence of compliance — as the basis for making an airworthiness determination. This paper describes the process of transitioning from qualitative to specific criteria, and then examines the applicability of the existing guidance in MIL-HDBK-516B to autonomous decision-making adaptive air vehicle systems. Recommendations are made for future research and criteria expansion. An integrated approach that uses the most promising emerging and existing design, analysis, and validation and verification techniques is proposed as a means to develop the artifacts for certification coverage of autonomous adaptive unmanned air vehicle systems

What’s behind the ag-data logo? An examination of voluntary agricultural-data codes of practice

In this article, we analyse agricultural data (ag-data) codes of practice. After the introduction, Part II examines the emergence of ag-data codes of practice and provides two case studies—the American Farm Bureau’s Privacy and Security Principles for Farm Data and New Zealand’s Farm Data Code of Practice—that illustrate that the ultimate aims of ag-data codes of practice are inextricably linked to consent, disclosure, transparency and, ultimately, the building of trust. Part III highlights the commonalities and challenges of ag-data codes of practice. In Part IV several concluding observations are made. Most notably, while ag-data codes of practice may help change practices and convert complex details about ag-data contracts into something tangible, understandable and useable, it is important for agricultural industries to not hastily or uncritically accept or adopt ag-data codes of practice. There needs to be clear objectives, and a clear direction in which stakeholders want to take ag-data practices. In other words, stakeholders need to be sure about what they are trying, and able, to achieve with ag-data codes of practice. Ag-data codes of practice need credible administration, accreditation and monitoring. There also needs to be a way of reviewing and evaluating the codes in a more meaningful way than simple metrics such as the number of members: for example, we need to know something about whether the codes raise awareness and education around data practices, and, perhaps most importantly, whether they encourage changes in attitudes and behaviours around the access to and use of ag-data