Re: [SystemSafety] EASA Notice of Proposed Amendment 2014-13

From: SPRIGGS, John J < >
Date: Fri, 25 Jul 2014 14:19:41 +0000

> Maybe John Spriggs will have something to say,

I do not want to upset an organisation that is, in effect, my Regulator's Regulator, but I was originally given to believe that this activity was just intended to consolidate the existing Common Requirements and Oversight Regulations into one harmonious whole. It seems to have grown enormously from that.

It was not meant to impinge on (EC) No 552/2004, which is the authority for Mandate 390, but there are rumours that it may now do so. Furthermore, I understand that EASA develop their own means of compliance; if this were to be the case, the Mandate would become superfluous.

I must admit that I had not noticed the proposed 'promotion' of (EC) No 482/2008, from a external reference requiring a Software Safety Assurance System, to a section on system assurance; it was pointed out to me by a correspondent at another ANSP. I will have to track it more carefully, as that would require a major change to our management systems.


Note that, in this context, "Oversight" means the act of overseeing, and not an unintentional failure to notice or do something...

-----Original Message-----
Sent: 22 July 2014 12:21
To: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] EASA Notice of Proposed Amendment 2014-13

On 2014-07-22 10:39 , Martyn Thomas wrote:
> It's worth a look.

Some more background. Maybe John Spriggs will have something to say, since he is involved in discussions about possible new regs.

There is a Commission Regulation 482/2008 establishing a software safety assurance system. John S., Andrew Eaton of the CAA and I had some interaction in late 2011-early 2012 about Mandate 390 and a proposed European Norm (EN) to implement it, based on EUROCAE ED-153. ED-153 is, in my judgement and that of colleagues, technically flawed; we thus recommended against the proposed EN. I contacted Andrew and John Penny; John was seconded to EASA and I am now guessing why. Andrew suggested that EASA was working on material which would replace 482/2008 and imagine this NPA does just that, while being more extensive (dealing with systems, conglomerations of components, and not just SW).

Mandate 390 says "develop software assurance levels and a means of assigning them", which ED-153 tried to do (and in our opinion failed). NPA 2014-13 does not do that either, as far as I can tell. Our German committee DIN NA 131-05-02-01 NA is trying to do that, but to my mind we are not sufficiently far along to meet a notional deadline of end of summer 2014 for a draft. The committee is international; I invited John Spriggs, and Ron Pierce has taken an interest (he wrote material with Derek Fowler on possible application of the IEC 61508 concepts to ATC/ATM). Herbert Bachmayer of Austrocontrol is a regular participant, as is Hans de Haan of Eurocontrol; John S. is involved in e-mail discussions.

Any notion of defining SWALs with an assignment process, that is, of satisfying Mandate 390, will need to take account of what is proposed in NPA 2014-13, to ensure it is consistent with it - it would be daft to have an EN that is inconsistent with a regulation or its guidance. And it will take a while for us to digest NPA 2014-13, so end August seems out as any kind of deadline.

The other big question for our committee is, I think, ISO/IEC 15026-3, which defines system integrity levels, and I don't think we have really discussed this in detail yet. One wonders, for example, whether a SWAL should be different from a SW-SIL. One could well argue that a SWAL and its assignment corresponds to the first of three required "work products" of a SIL system (15026-3:2011 6.6(a)). We'll see, I guess.

I invite anyone with expertise in software-based ground-based air traffic systems who is interested in these issues to get in touch.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319

The System Safety Mailing List

If you are not the intended recipient, please notify our Help Desk at Email isproduction_at_xxxxxx immediately. You should not copy or use this email or attachment(s) for any purpose nor disclose their contents to any other person.

NATS computer systems may be monitored and communications carried on them recorded, to secure the effective operation of the system.

Please note that neither NATS nor the sender accepts any responsibility for viruses or any losses caused as a result of viruses and it is your responsibility to scan or otherwise check this email and any attachments.

NATS means NATS (En Route) plc (company number: 4129273), NATS (Services) Ltd (company number 4129270), NATSNAV Ltd (company number: 4164590) or NATS Ltd (company number 3155567) or NATS Holdings Ltd (company number 4138218). All companies are registered in England and their registered office is at 4000 Parkway, Whiteley, Fareham, Hampshire, PO15 7FL.

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Jul 25 2014 - 16:19:57 CEST

This archive was generated by hypermail 2.3.0 : Wed Feb 20 2019 - 02:17:07 CET