NCAF_May03.ppt Slide - 1 CSE International Ltd Data Integrity: The use of data by safety-related systems Alastair Faulkner CEng CSE International Ltd Tel:

Slides:



Advertisements
Similar presentations
Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
Advertisements

Safety Assessment The European Organisation for the Safety of Air Navigation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management.
Chapter 4 Quality Assurance in Context
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
The Relationship between Nuclear Safety, Security and Safeguards
Developing safety critical systems
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Software Engineering General Project Management Software Requirements
The Australian/New Zealand Standard on Risk Management
SWE Introduction to Software Engineering
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.
Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
Presentation on Integrating Management Systems
Airbus flight control system  The organisation of the Airbus A330/340 flight control system 1Airbus FCS Overview.
Airbus flight control system
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.
Rocky Mountain RAPS Process Validation Presentation 6/7/06 By Clay Anselmo.
CLEANROOM SOFTWARE ENGINEERING.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 2Slide 1 Chapter 2 Computer-Based System Engineering As modified by Randy Smith.
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
Topic (1)Software Engineering (601321)1 Introduction Complex and large SW. SW crises Expensive HW. Custom SW. Batch execution.
Protecting the Public, Astronauts and Pilots, the NASA Workforce, and High-Value Equipment and Property Mission Success Starts With Safety Believe it or.
Service Transition & Planning Service Validation & Testing
This chapter is extracted from Sommerville’s slides. Text book chapter
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.
Essentials of Machine Safety Standards in Perspective.
Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA
Situational Awareness Numerous aircraft and operational displays, when combined with effective and efficient communications and facilities, provide Air.
MAPLDDesign Integrity Concepts What Do You Mean It Doesn’t Do What We Thought? Validating a Design.
12.1 Introduction Checklists are used as a technique to give status information in a formalized manner about all aspects of the test process. This chapter.
Safety-Critical Systems T Ilkka Herttua. Safety Context Diagram HUMANPROCESS SYSTEM - Hardware - Software - Operating Rules.
SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)
Open Platform for EvolutioNary Certification Of Safety-critical Systems Large-scale integrating project (IP) Nuanced Term-Matching to Assist in Compositional.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
Use of Fieldbus in safety related systems, an evaluation study of WorldFIP according to proven-in-use concept of IEC Jean Pierre Froidevaux WorldFIP.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
Over View of CENELC Standards for Signalling Applications
Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)
Winter 2011SEG Chapter 11 Chapter 1 (Part 1) Review from previous courses Subject 1: The Software Development Process.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
ASPEC Damaging Energies New Staff Induction What is this course about? This course is designed to talk through the major damaging energies on site. It.
Ensuring the Safety of Future Developments
©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.
Briefer: John Charles Angermayer Briefer: John Charles AngermayerESC/GA Electronic Systems Center Hanscom AFB, MA Date: 5 Oct 2004 Date: 5 Oct 2004 Briefer:
ISO 9001:2015 Subject: Quality Management System Clause 8 - Operation
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
About Us! Rob StockhamBA IEng MIEE General Manager Moore Industries-Europe, Inc MemberIEE Honorary Secretary ISA England Institute of Directors DirectorThe.
LECTURE 7 AVIATION SAFETY & SECURITY
OH&S Plant Obligations make
The Systems Engineering Context
(Additional materials)
Security Engineering.
HSE Case: Risk Based Approach.
Critical Systems Validation
Designed-in Logic to Ensure Safety of Integration and Field Engineering of Large Scale CBTC Systems Author: Fenggang Shi.
Chapter 13 Quality Management
Review and comparison of the modeling approaches and risk analysis methods for complex ship system. Author: Sunil Basnet.
Presentation transcript:

NCAF_May03.ppt Slide - 1 CSE International Ltd Data Integrity: The use of data by safety-related systems Alastair Faulkner CEng CSE International Ltd Tel: +44 (0)

NCAF_May03.ppt Slide - 2 ContentsContents Brief introduction Introduction to safety Data integrity Data provision Data origination Conclusions

NCAF_May03.ppt Slide - 3 Safety-related systems

NCAF_May03.ppt Slide - 4 Brief introduction Safety concepts Hazard, opportunity, accident Risk, Risk reduction Generalised safety process

NCAF_May03.ppt Slide - 5 Safety Concepts Harm:death, physical injury or damage etc Hazard:source of potential harm Risk:likelihood of harm from specified hazard(s) Safety related systems are intended to reduce risk Safety Requirements comprise: –safety functions –safety function integrity requirements Failures may give rise to hazards Failures may be random or systematic in nature

NCAF_May03.ppt Slide - 6 Error – Fault - Failure [Engineering Safety Management: Yellow Book 3]

NCAF_May03.ppt Slide - 7 Hazard, opportunity, accident [Engineering Safety Management: Yellow Book 3]

NCAF_May03.ppt Slide - 8 Innovation: First powered flight

NCAF_May03.ppt Slide - 9 Trees- A hazard to navigation

NCAF_May03.ppt Slide - 10 Risk and ALARP [HSE: Reducing Risks, Protecting People]

NCAF_May03.ppt Slide - 11 Risk reduction [IEC ]

NCAF_May03.ppt Slide - 12 Example risk classification matrix

NCAF_May03.ppt Slide - 13 Generalised safety process List system functions (operational requirements) Find out how they can go wrong –Functional Hazard Analysis Calculate tolerable failure rates (safety requirements) – consequence analysis to assess mitigation Design system to meet safety requirements Show that system will meet safety requirements –provide safety arguments and evidence in safety case Maintain safe operation

NCAF_May03.ppt Slide - 14 Data integrity Data in air navigation Data integrity Data provision

NCAF_May03.ppt Slide - 15 Air Navigation

NCAF_May03.ppt Slide - 16 Problem description The use of data by safety-related systems is becoming more common. In such systems data is often a significant (if not the major) component Data is not commonly treated as a separate system component and hence is largely ignored. Safety of the system may rely on the correctness of the data

NCAF_May03.ppt Slide - 17 Data-driven systems The data used by a data-driven system may have extensive influence over both the normal and abnormal behaviour of the system Typical examples of large-scale data-driven systems are transportation control systems. These systems use several different types of data –Static configuration data –Instantaneous status information –Operational information –Command Schedule – Timetable

NCAF_May03.ppt Slide - 18 Data integrity requirements Hazard and risk analysis process are used to establish system integrity requirements These requirements are then apportioned between components of the design, including people, process, hardware, software and data components of the system. The integrity requirements apportioned to the data component of the system are termed in this presentation ‘data integrity requirements’.

NCAF_May03.ppt Slide - 19 Apportionment of ‘error budget’ [IEC 61508]

NCAF_May03.ppt Slide - 20 Control System Model

NCAF_May03.ppt Slide - 21 Systems hierarchy Safety-related systems may co-exist in a hierarchy of systems –Supervisory systems –Peer systems –Subordinate systems Data is shared amongst this systems hierarchy, through interfaces Each level in the systems hierarchy may use the same data for different purposes e.g. Train planning or route setting

NCAF_May03.ppt Slide - 22 A question of scale? “Things get bigger and bigger, pushing the boundaries, until you’ve had a change of scale ” Peter Elliott BP, Keynote Speaker ESAS-02

NCAF_May03.ppt Slide - 23 Layer model

NCAF_May03.ppt Slide - 24 WorkstationWorkstation

NCAF_May03.ppt Slide - 25 Vertical coupling

NCAF_May03.ppt Slide - 26 Horizontal coupling

NCAF_May03.ppt Slide - 27 Design – Control System

NCAF_May03.ppt Slide - 28 Design – Interface considerations

NCAF_May03.ppt Slide - 29 Data Quality DO 200A identifies a number of ‘data quality’ criteria the accuracy of the data the resolution of the data the confidence that the data is not corrupted while stored or in transit (assurance level) the ability to determine the origin of the data (traceability) the level of confidence that the data is applicable to the period of (its) intended use (timeliness) all of the data needed to support the function is provided (completeness) the format of the data meets the users requirements

NCAF_May03.ppt Slide - 30 Data development In data-driven systems the data is often developed separately from the software However, it is clearly an integral part of the system –Safety of the overall system will normally depend on the correctness of the data –Presumably the SIL of the data will be similar to that of the executable software –One would expect similar levels of rigour

NCAF_May03.ppt Slide - 31 Data ownership Ownership may itself be a complex issue as data may originate from within a number of organisational and political bodies and include any consolidations required to produce a higher data abstraction. Organisational responsibilities are not only concerned with the supply of data, but also the ownership and in some cases the liabilities associated data errors. Ownership may also be passed across the data supply chain.

NCAF_May03.ppt Slide - 32 Data Provision Data provision is dependant upon the integrity of the data source Data provision has two main components –Data source (Either data production or Origination) –Data supply chain

NCAF_May03.ppt Slide - 33 Integrity of the data source Data may be produced by a number of means, from simple data entry to complex and diverse automated toolsets. The integrity of the data origin will be a significant influence upon the integrity required from the supply chain. Low integrity at the data source may render the source unusable. All data of a particular type may not be provided from a single source

NCAF_May03.ppt Slide - 34 Data production Small-scale systems may use data entry to create a validated dataset. As the scale and volume of data increases the nature of the data required changes. Data production may require vertical or horizontal datasets (or a combination of both) Data production may consider data extracted from enabling products such as middleware or data mining or data warehouses.

NCAF_May03.ppt Slide - 35 Data supply chain Properties required from a data supply chain –Origination (data of suitable integrity) - Identifies a point at which the data originates –Data then progresses across a series of elements such as transmission, preparation, formatting and finally consumed by the data-driven system. –Each element will not be perfect and therefore, each element in the chain may introduce error of faults. Data supply chain errors must be less than the data integrity requirements for the safe operation of the system

NCAF_May03.ppt Slide - 36 Buildings: A hazard to navigation

NCAF_May03.ppt Slide - 37 ConclusionsConclusions The safe operation of the data-driven system is likely to depend upon the correctness of the data However, data and its production, use and maintenance rarely are treated as the subject of integrity requirements All too often –data is not subject to any systematic hazard or risk analysis –data is poorly structured, making errors more likely to be produced, and more difficult to detect –data is not subjected to any form of verification

NCAF_May03.ppt Slide - 38 A final quote “You would think that before they let people use these systems, they'd ensure they're safe ” Hiram K. Hackenbacker (Brains) International Rescue, Thunderbirds 1966 (1972 in UK)