Re: [SystemSafety] Software Safety Assessment

From: Uma Ferrell < >
Date: Wed, 8 Jul 2015 07:58:31 -0400

  1. I agree with the previous answers on the obligatory nature of application of specific standards per regulatory guidance or stake holder preference or contract.
  2. One would need to ask the question, of the difference between the standard and its update - are there new items introduced in the updated standard that would invalidate assignment of SIL? If you do not now follow and apply knowledge uncovered in the latest standard, is one really fielding an appropriately safe system?
  3. Checklists should be tailored to the tools, techniques, language, safety measures etc - checklists are meant to be a gate to check if the implementers followed specific techniques and avoided problematic ones that are particular and peculiar to that system which would avoid/lessen latent problems. If the new standard has uncovered some new hazard that needs attention, then there may be need for a delta review or a delta test or use of a static verification tool to make sure that known hazards are addressed.

On one hand we have a question of legal obligation and on the other a professional obligation.



From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Of Carl Sandom
Sent: Wednesday, July 08, 2015 5:54 AM
To: systemsafety_at_xxxxxx Subject: [SystemSafety] Software Safety Assessment  

Consider the following scenario:  

In 2004 Project A software was assessed against a safety standard (let's call it Standard X). Standard X had a very prescriptive list of software safety requirements and a simple checklist was used for assessing SIL1 compliance.  

In 2014, Project B began to integrate significant new functionality into Project A. Standard X, which was by 2014 an obsolete standard, was used to assess the significantly smaller software baseline of Project B. Under modern scrutiny, the simple Standard X checklist used for Project A in 2004 was not as explicit as it could have been and it was decided to use an improved checklist for Project B.  

A couple of important questions can be raised with this scenario:  

  1. Is it acceptable to use an obsolete safety standard to assess software?
  2. Is the SIL1 claim for 10 year old Project A invalid because the checklist could have been better?
  3. If Project B used the old checklist from Project A would that be adequate?

I've been having some interesting discussions with the Project Managers involved, any thoughts?  



Dr. Carl Sandom CErgHF CEng PhD


iSys Integrity Ltd.

+44 7967 672560



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 08 2015 - 13:58:41 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST