An Approach to the Software Aspects of Safety Management

Slides:



Advertisements
Similar presentations
Ways to Improve the Hazard Management Process
Advertisements

Module N° 4 – ICAO SSP framework
Module N° 3 – ICAO SARPs related to safety management
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Normal Operations Data: Air Traffic Facility Evaluations and NOSS
Module N° 7 – Introduction to SMS
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Define & Compare Flowcharts of Each Method Tom Delong.
Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.
ORDER ENVIRONMENTAL PROTECTION PROGRAM WORKSHOP OVERVIEW OF DOE POLICY -- USE OF INSTITUTIONAL CONTROLS COLLEEN OSTROWSKI (202)
System Safety Concepts Dave Balderston Office of System Safety March 26, 2003.
ICAO TECHNICAL COOPERATION PROJECTS IN INDONESIA 1973 to 2004.
Security Controls – What Works
DoD Systems and Software Engineering A Strategy for Enhanced Systems Engineering Kristen Baldwin Acting Director, Systems and Software Engineering Office.
Lesson-11 Information System Development
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
What SMS means for an Operator’s relationship with the CAA
Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.
IS 2620: Developing Secure Systems Jan 13, 2009 Secure Software Development Models/Methods Week 2: Lecture 1.
Fraud Prevention and Risk Management
1 CHCOHS312A Follow safety procedures for direct care work.
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
Chapter : Software Process
6Th International Conference ICAO Global Aviation Training Office
Presented to: Aerospace Control and Guidance Systems Committee By: Stan Pszczolkowski, Manager, System Analysis Division Date: March 1, 2006 Federal Aviation.
Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005
Unit I Module 2 - NAVAIR RCM Policy and Organization
Standard WBS Version 1.0 WBS2-3.pptPage 1 Standard Work Breakdown Structure Legend = Decomposes to lower level WBS elements 4.0 Implementation 4.0 Implementation.
Information Systems Security Computer System Life Cycle Security.
Office of Aviation Safety Customs and Border Protection Predator B Accident Nogales, Arizona April 25, 2006.
Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.
N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa
Presented to: SBAS Technical Interoperability Working Group Date: 21 June 2005 Federal Aviation Administration Certification of the Wide Area Augmentation.
SQA System Overview Chapter 4. Where we have been so far, Where we are going Where do software errors come from? What is quality? How can quality be measured?
ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Page 1 ISO/IEC JTC 1/SC 7/WG 7 N Summary of the Alignment of System and Software Life Cycle Process Standards The material in this briefing.
Disclaimer: The views expressed here do not necessarily represent those of the Federal Aviation Administration. Integration of Human Factors in the NextGen.
10/16/2015Bahill1 Organizational Innovation and Deployment Causal Analysis and Resolution 5 Optimizing 4 Quantitatively Managed 3 Defined 2 Managed Continuous.
Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA
PRESENTED TO: NATA October, 2010 Overview of 145 Repair Station Satellite System.
Quality Activity Matrix Presented by Sandra Toalston President, SanSeek 1.
IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],
CS 3610: Software Engineering – Fall 2009 Dr. Hisham Haddad – CSIS Dept. Chapter 2 The Software Process Discussion of the Software Process: Process Framework,
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
Presented to: Verification and Validation Summit By: James Daum NextGen and Operations Planning Safety Manager AJP-1900 Date: November 05, 2009 Federal.
By: Date: Federal Aviation Administration Focus on the Future 8 th Annual V&V Summit 2012 John Frederick Test Standards Board Chairperson Manager, V&V.
An Introduction. Objective - Understand the difference between CMM & CMMI - Understand the Structure of CMMI.
IAEA International Atomic Energy Agency Milestones in the development of a national infrastructure for nuclear power The Nuclear Security dimension Technical.
Ensuring the Safety of Future Developments
Software Engineering (CSI 321) Software Process: A Generic View 1.
Project Management Strategies Hidden in the CMMI Rick Hefner, Northrop Grumman CMMI Technology Conference & User Group November.
A Technology Partnership for the New Millennium Anne Harlan, Director William J. Hughes Technical Center 68th NASAO Annual Convention September 20, 1999.
Presented to: By: Date: Federal Aviation Administration Friends and Partners in Aviation Weather Michele Merkle, Federal Aviation Administration Director.
Gdansk International Air & Space Law Conference November 2013 Authority and Organisation Requirements “effective management systems for authorities and.
Configuration Control (Aliases: change control, change management )
ICAO TECHNICAL COOPERATION PROJECTS IN INDONESIA
AVIATION SYSTEM BLOCK UPGRADES (ASBU)
Software Configuration Management
Chapter 10 Software Quality Assurance& Test Plan Software Testing
Identify the Risk of Not Doing BA
Enterprise Content Management Owners Representative Contract Approval
IS 2620: Developing Secure Systems
ICAO Harmonized Safety Management Requirements – The Safety Concern
Presentation transcript:

An Approach to the Software Aspects of Safety Management Ron Stroup FAA, Office of Information Services Process Engineering Division, AIO-200 Software Safety and Certification Lead PH. (202) 493-4390 Ronald.L.Stroup@faa.gov www.faa.gov/aio Good afternoon. My name is Ron Stroup, from the Office of Information Services, process Engineering Division, AIO 200. My specific responsibilities include the development and implementation of software safety and certification processes and standards both within the FAA and to harmonize those standards within the international aviation communities. The focus of my presentation today is to address the issues the FAA safety and certification communities are currently working as documented in the 1997 GAO report.

National Airspace System (NAS) The NAS is not defined by a single component or system, rather it is a complex collection of systems, procedures, facilities, aircraft, and of course, at the base of it all, making it work, people. The NAS represents the overall environment for the safe operation of aircraft. The FAA has responsibility for civil aviation safety. The FAA’s mission is to ensure the safety, security, and system efficiency of the National Airspace System. The ever increasing system complexity, interdependencies, and the ever increasing dependence on software intensive mission critical and safety critical software have placed a heightened sensitivity to ensuring end-to-end system safety. The NAS is a highly technical system and includes some 36,000 pieces of equipment operating in hundreds of locations throughout the United States. At present there are approximately 45 million flights operating throughout the United States per year. The system provides communications, navigation, surveillance, display, flight planning, and weather data to controllers, traffic managers, and pilots The FAA has recognized the need for and taken a proactive approach to ensuring software safety engineering is applied effectively and consistently throughout the National Airspace System.

FAA Experience (1/2) What were our concerns? Ineffective Risk Management. Immature software acquisition processes. GAO Report - Air Traffic Control: Immature Software Acquisition Processes Increase FAA’s System Acquisition Risks. AIMD-97-47, March 1997 What were our concerns? I talked around risk management on my previous slide, now I would like to more directly identify the concern. Previously our risk management often resulted in unsatisfied stakeholders, poor performance and/or cost and schedule overruns. Each program was treated as an island with the resolution of system interdependence issues and safety issues being discovered, resolved, or worst case, ignored until formal systems testing or operational evaluation in the field. Obviously, discovering issues at the culmination of the design and development efforts greatly contributed to or resulted in the overall dissatisfaction of the stakeholders, system performance, cost and schedule overruns, and ultimately the targeted safety of the system. As I’m sure everyone present recognizes that the most effective and successful safety programs design in safety upfront, as backfitting safety design features usually fall short of the desired results. Changing the culture to one of early detection and reduction of risk was required. We also discovered that we were using immature software acquisition processes, which honestly were ad hoc and chaotic. Software is the most costly and complex component of an Air Traffic System and we had no standardized means of evaluating and improving our processes. I shall discuss our improvement initiatives latter on in the presentation.

FAA Experience (2/2) How are we improving? Ineffective Risk Management Develop safety risk management policy. (FAA Order 8040.4 Safety Risk Management) (Software Safety and Certification Initiative) Improve knowledge of systems engineering. (Systems Engineering Council) Immature software acquisition processes. Improve knowledge of software engineering. (Software Engineering Body of Knowledge) Develop software policy, practices, and technologies. (FAA integrated Capability Maturity Model) How are we improving? This slide identifies a number of initiatives that have been undertaken by the FAA to address the concerns. Order 8040.4 establishes the safety risk management policy within the FAA. To comply with Order 8040.4, the FAA launched a Software Safety and Certification program to improve certification/approval practices for the software aspects of CNS/ATM ground-based systems and airborne systems. The Systems Engineering Council was also launched to develop common systems engineering activities across the National Airspace System. Software Engineering body of knowledge provides a systematic, concise, and complete description of the software engineering discipline (methodologies, sources, anticipated use, etc.). This is supplemented by the Software Engineering Curriculum Framework for determining, assessing, and improving software engineering competencies. The FAA-iCMM is a model that describes the essential elements of an organizations process that must exist to ensure good acquisition of software intensive systems. The model combines the features of the software acquisition, software, and systems engineering CMM models.

Order 8040.4 Safety Risk Management Purpose Established safety risk management policy Formalized process for all high-consequence decisions. Prescribes procedures for implementing safety risk management and decision-making tool Plan, Identify, Analysis, Assess, Decision Establishes Safety Risk Management Committee Provides advice, counsel the organizations Safety Risk Management Committee Provides supplemental support to assist in the overall risk analysis capability and efficiency of key FAA organizations Maintains a risk management resource directory Risk methodologies employed Resource assistance Identifying suitable risk analysis tools and training FORMALIZE A COMMON SENSE APPROACH Order 8040.4 Safety Risk Management was signed by the administrator in June 1998. This Order formalizes the Safety Risk policy for all high consequence decisions. A high consequence decision is defined as one that either creates or could be reasonably estimated to result in a statistical increase or decrease in personal injuries and/or loss of life and health, a change in property value, loss of or damage to property, cost or savings, or other economic impacts valued at 100 million or more per annum. A Safety Risk Management Committee was formed to provide a service to the various FAA organizations to provide assistance in the development of a comprehensive and effective plan for the management of safety risk. The SRMC meets periodically to exchange risk management ideas and information and provide advice and counsel to the office of system safety and other management officials upon request.

System Engineering Council Purpose Orchestrates common systems engineering activities across the NAS Responsibility, authority, and accountability for the development, documentation, deployment, control, and monitoring of the systems engineering process. Products System Engineering Management Plan System Engineering Manual A systems engineering council was implemented to assist in the consistent and efficient application of system engineering throughout the various NAS System Components. The System Engineering Council has four primary functions: 1. Systems engineering leadership. 2. Development of processes and tools using govt. and industry standards. 3. Facilitate problem definition and resolution 4. Advocacy for resources to accomplish system engineering Products currently being developed by this council are the System Engineering Management Plan and the System Engineering Manual. The SEMP provides an organizational focus to discuss roles and responsibilities for systems engineering as a process and discipline applied across the FAA. The SEM identifies the technical and programmatic activities and products as the program moves from the initial idea through disposal and elimination of the system.

System Safety Working Group Purpose Working arm of the System Engineering Council Assists in supporting and evaluating Comparative and Operational Safety Assessments Products System Safety Management Plan System Safety Handbook The System Safety Working Group is an advisory body of FAA System Safety professionals. The near-term purpose is to establish guidance for conducting safety risk management processes in accordance with Order 8040.4. Our long-term purpose is to control and implement these processes. Products currently being developed by the SSWG is the System Safety Management Plan and the System Safety Handbook. The SSMP establishes and defines the FAA plan for ensuring that system safety is effectively integrated into the NAS modernization in accordance with FAA orders and AMS policy. The SSH provides instructions on how to perform system safety engineering and management (best practices).

Acquisition Management System The FAA’s Acquisition Management System (AMS)/Life-cycle Management System (LMS) consists of: Mission Needs Investment Analysis Solution Implementation In-Service Management Service-life Extension The AMS phases are: - Mission Analysis enables the Joint Resource Council to determine and prioritize its most critical capability shortfalls and best technology opportunities for improving the FAA’s overall safety, security, capacity, efficiency, and effectiveness in providing services to its customers. - Investment analysis defines the functional and performance strategy to satisfy the agency’s mission needs and baseline the best overall solution for satisfying critical capability shortfalls. Solution Implementation begins after the JRC selects a solution and ensures that products are shown to meet user requirements, be operationally suitable, and be compatible with other operational systems prior to an in-service decision. In-Service Management establishes a framework for evolutionary product development and to identify operational problems early enough to upgrade or replace products prior to their obsolescence. System Safety Management shall be conducted and documented throughout the acquisition management system.

Solution Implementation In-Service Management System Safety Process Mission Needs Investment Analysis Solution Implementation In-Service Management Service-life Extension JRC1 JRC2 ISD Option1 Concept of Operation Operations and Maintenance Upgrade or Retire Option Selection Option2 Option3 OSA NAS SSMP PHA CRA SSPP SHA/SSHA SSAR HTRR CRA This slide shows the various safety analyses and activities to be accomplished through a combined effort by the System Safety Working Group and the Integrated Product Team throughout the systems acquisition life cycle. Prior to Order 8040.4 being implemented, the safety analyses and activities were not being accomplished until the Solution Implementation Phase. There was also inconsistency among the Integrated Product Teams as to the analyses and activities to be performed. This resulted in programs busting their cost and schedule baselines. Today each line of business involved in the acquisition management must institute a system safety management process that includes at minimum: hazard identification, hazards classification, measures to mitigate the hazards to an acceptable level, verification that mitigation measures are incorporated into product design, and assessment of residual risk. We are also establishing a NAS Wide Hazard Tracking and Risk Resolution database to ensure a closed loop process of managing safety hazards and risks. System Safety Program NAS System Safety Management (Hazard Tracking)

FAA CNS/ATM Software FAA-iCMM Software development Software assurance Implement and integrate software engineering processes into systems engineering. As I stated earlier, software safety engineering cannot perform effectively outside the boundaries to the total system engineering effort. As I discuss the specific components it must be clear that there is interaction to the systems engineering effort even though it may not be clearly identified. The structure of our software quality model is one based on Strategic (FAA-iCMM) Enablers and tools (IEEE12207, DO-178B) Tailored practices (FAA-STD-026, Software Assurance Guidelines)

Software Quality Triangle Establishes a process and documentation guidance for software development Establishes a level of confidence for software that is consistent with its environment Software Assurance Guidance FAA-STD-026 (IEEE12207) QUALITY SW FOR NAS SYSTEMS This slide provides a graphical view of the software quality triangle FAA-iCMM elements include the following processes Engineering (Requirements, SW Development, System Test), Project (Proj. Mgt., Risk Mgt., Contracts Mgt.), Supporting (QA, CM, Measurement), and Organization (Implementation, training). FAA-STD-026 establishes the requirements for software development associated with NAS acquisitions. Formally this standard required Mil-Std-498, now IEEE 12207 and we are developing an implementation document to standardize with the FAA-iCMM, AMS, and software assurance guidelines. Software Development Assurance provides a level of confidence for the software in safety-critical systems that is consistent with other components of the NAS and will meet the safety requirements of the system. I will concentrate the remainder of my presentation on the use of software assurance as a vehicle to achieving desired targeted level of safety and security integrity within the NAS. FAA-iCMM Establishes essential elements of an organizations software acquisition, engineering, and management process

Software Assurance What do we want to achieve? Identify the objectives necessary, throughout the life cycle process, to provide confidence that a product and process satisfies given safety and security integrity level requirements. ICAO has established a targeted Global Risk Factor of extremely remote or 10-7 As systems become more complex and software-intensive, the ability to establish and maintain acceptable safety and security integrity level requirements has become increasingly more difficult. Software safety and security integrity level requirements are satisfied by applying rigorous design analysis to the system. This analysis includes, but is not limited to: requirements validation and verification, requirements-based testing, system testing, and structural coverage analysis. Other communities may discuss safety and security separately, however, the FAA, based on the NAS infrastructure, must consider that an overt security breach could result in a mishap.

Safety and Security Similarities ANALYSIS REQUIREMENTS VERIFICATION SECURITY Vulnerability/Threat Assessment Risk Determination Security Requirements Penetration testing SAFETY Operational Safety Assessment Risk Determination Safety Requirements Requirements-based testing As you can see on this slide, the qualification processes for safety and security are similar. You analyze the vulnerabilities, develop mitigating requirements, and verify their effectiveness.

Preliminary Safety/Security Model System Development Process System Security Process System Safety Process Requirements Specification Assurance Milestones Protection Profiles Operational Safety Assessment Mission Needs/ Investment Analysis Threat Analysis Preliminary Hazard Analysis Preliminary Vulnerability Assessment Requirements Analysis Safety Requirements Security Requirements Security Target Solution Implementation System Specification Refined Vulnerability Assessment SW Spec. HW Spec. Procedures System/SubSystem Hazard Analysis SW Design Continued Analysis This model shows the various activities and their relationship to the system development process, system safety processes, and the system security processes within the Acquisition Management System. Our goal is to have complete, well-defined requirements by the completion of the investment analysis phase to establish the proper baseline and reduce the risk, cost, and schedule of programs. We are attempting to look more at a systems approach to safety and security. In the past, we were uncovering deficiencies late in the design and risk assessments were too focused. We have found that acceptable risks in independent systems could contribute to a mishap when fully integrated within the NAS. We have now refocused our safety/security programs to evaluate the NAS as a whole, to ensure total end-to-end system safety and security. Our goal over the next year will be to evaluate and refine this model and to identify those activities, products and assurance points that are necessary to assure the design of a safe and effective system. SW Code SW Integration Operating & Support Hazard Analysis System Integration & Test Certification In-Service Decision In-Service Management Hazard Tracking & Monitor Residual Risk Service Life Extension Monitor Vulnerability Sustainment & Retirement

Summary The FAA continues to refine its systems and software engineering processes We are focusing on the technical and programmatic efficiencies that can be achieved by integrating safety and security into the system life cycle processes. The FAA is present to gain knowledge and understanding from other industries on their approach to mitigating safety issues. The FAA continues to refine its systems and software engineering processes. We are focusing on the technical and programmatic efficiencies that can be achieved by integrating safety and security into the system life cycle processes. I would like to thank Dr. Leveson for the opportunity to discuss our issues before this prestigious body.

Backup slides

Acronyms (1/2) AIO Office of Information Services AMS Acquisition Management System ATM Air Traffic Management CNS Communications, Navigation and Surveillance CRA Comparative Risk Analysis FAA Federal Aviation Administration FMEA Failure Modes Effects Analysis HTRR Hazard Tracking and Risk Resolution ICAO International Civil Aviation Organization ICMM Integrated Capability Maturity Model ISD In-Service Decision JRC Joint Resource Council

Acronyms (2/2) LMS Life-cycle Management System NAS National Airspace System OSA Operational Safety Assessment PHA Preliminary Hazard Assessment SEMP System Engineering Management Plan SEM System Engineering Manual SHA System Hazard Analysis SSH System Safety Handbook SSHA SubSystem Hazard Analysis SSMP System Safety Management Plan SSAR System Safety Assessment Report

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.