Re: [SystemSafety] EASA Notice of Proposed Amendment 2014-13

From: Peter Bernard Ladkin < >
Date: Tue, 22 Jul 2014 13:21:17 +0200

On 2014-07-22 10:39 , Martyn Thomas wrote:
> It's worth a look.

Some more background. Maybe John Spriggs will have something to say, since he is involved in discussions about possible new regs.

There is a Commission Regulation 482/2008 establishing a software safety assurance system. John S., Andrew Eaton of the CAA and I had some interaction in late 2011-early 2012 about Mandate 390 and a proposed European Norm (EN) to implement it, based on EUROCAE ED-153. ED-153 is, in my judgement and that of colleagues, technically flawed; we thus recommended against the proposed EN. I contacted Andrew and John Penny; John was seconded to EASA and I am now guessing why. Andrew suggested that EASA was working on material which would replace 482/2008 and imagine this NPA does just that, while being more extensive (dealing with systems, conglomerations of components, and not just SW).

Mandate 390 says "develop software assurance levels and a means of assigning them", which ED-153 tried to do (and in our opinion failed). NPA 2014-13 does not do that either, as far as I can tell. Our German committee DIN NA 131-05-02-01 NA is trying to do that, but to my mind we are not sufficiently far along to meet a notional deadline of end of summer 2014 for a draft. The committee is international; I invited John Spriggs, and Ron Pierce has taken an interest (he wrote material with Derek Fowler on possible application of the IEC 61508 concepts to ATC/ATM). Herbert Bachmayer of Austrocontrol is a regular participant, as is Hans de Haan of Eurocontrol; John S. is involved in e-mail discussions.

Any notion of defining SWALs with an assignment process, that is, of satisfying Mandate 390, will need to take account of what is proposed in NPA 2014-13, to ensure it is consistent with it - it would be daft to have an EN that is inconsistent with a regulation or its guidance. And it will take a while for us to digest NPA 2014-13, so end August seems out as any kind of deadline.

The other big question for our committee is, I think, ISO/IEC 15026-3, which defines system integrity levels, and I don't think we have really discussed this in detail yet. One wonders, for example, whether a SWAL should be different from a SW-SIL. One could well argue that a SWAL and its assignment corresponds to the first of three required "work products" of a SIL system (15026-3:2011 6.6(a)). We'll see, I guess.

I invite anyone with expertise in software-based ground-based air traffic systems who is interested in these issues to get in touch.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Jul 22 2014 - 13:21:29 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST