Safety Critical System Development: Regulations and Compliance
The one thing that all safety critical systems have in common, no matter the intended industry, is that they are always heavily regulated and require certification against industry standards by the relevant governing body. Compliance requirements for a wide range of complex standards provides a similar set of challenges for business, that if incorrectly gauged and handled could cause compliance failure and the creation of a flawed product and consequently, escalating costs for business and the potential loss of life for the user.
Despite the various Functional Safety Standards and their derivatives, systems still fail, an all too common occurrence in the Automotive Industry resulting in high profile product recalls, these often cause untold damage to business brands. Such certified product failures are a failure of the very certification system that certified the product. The message here is that industry standards should be considered as the bare minimum and that functional safety should be part of the work culture. The one question that should always be asked is what else can be done to ensure safety?
Common Compliance Requirements for Functional Safety Systems
Since the topic of this article is about Safety Critical System development here we need to look at what is typically entailed in achieving functional safety (bare minimum).
- Identification of product hazards and rank them according to criticality. Using hazard analysis and risk assessments for every potential hazard of which there could be many. We are talking about Qualitative Risk assessment through the use of hazard identification (HAZID) and hazard operability (HAZOP) for example. HAZID and HAZOP are both formal tools, HAZID is for assessing occupational safety – identify / analyse /assess the hazards / risks / impact; whereas HAZOP is more related to process hazards.
- Risk reduction assessments requires a quantification assessment such as a Safety Integrity Level (SIL) which is applied to the entire system in question.
- Safety Function design – does it meet the initial intent. Design and lifecycle must be managed by qualified engineers carrying out processes to a functional safety standard ie IEC EN 61508 or industry specific derivative such as ISO 26262 for the Automotive industry.
- Verification Process necessary to enure the system meets the requirements and the assigned SIL. (determination of the Mean Time between Failures + safe failure fraction). This requires a lot of testing after the integration of software and hardware prototype.
- Functional safety audits. These are necessary to verify that the safety lifecycle management methods were applied throughout the product development.
Why business requires codeBeamer ALM
Functional Safety Audits are carried out to gather evidence as to whether the lifecycle management methods are implemented correctly throughout the product development. One of the many ways codeBeamer ALM provides evidence of this is by managing all activities and artifacts associated with software development and thereby providing lifecycle metadata. This also addresses risk management through trackers and the free definition of artifacts types as well as collections of artifacts. Moreover it does so securely with configurable access + security management for every process artifact including source code.
Requirements management enables the import / export and capture of requirements, Requirements can be linked to test cases to prove that requirements are met. This is especially important for safety-related requirements which are of high importance to ISO 26262.
Although industry standards may not specify the programming language or the development model more often than not they do specify objectives such as source code accuracy and consistency. Terms like iterative and incremental are used, which are both the mainstay of any Agile development model and hybrid Agile models.
For industry specific detail on standards and about what codeBeamer ALM features provides note our industry specific pages.