ikt 1 certification of safety-critical systems for the oil & gas and railway domains using agile...
TRANSCRIPT
![Page 1: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/1.jpg)
IKT1
Certification of safety-critical systemsfor the Oil & Gas and Railway domains using Agile methods
– exemplified by using the SafeScrum method
Thor Myklebust
SINTEF ICT
1510 – 1555
London, 25th of June 2015
![Page 2: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/2.jpg)
IKT2
Introduction
SafeScrum
IEC 61508-3 and EN 50128 lifecycles
Current practice
Conclusion
Topics
![Page 3: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/3.jpg)
IKT3
Why Railway and Oil&Gas?
Norway shall invest more than £10 billion in Rail in the period 2014-2023
Norway invested more than £10 billion in offshore projects in 2014
![Page 4: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/4.jpg)
IKT4
Important goals Shorten the development time
Less time from the last written code line to the system is certified
Adequate plans
Less resources used on documentation
Faster introduction of new technology
.
Projects and project goals
Projects:• SUSS
• Safe Software
• NCEI Software
• ASHLEY
![Page 5: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/5.jpg)
IKT
Agile methods
e.g. Scrum
5
A scrum is a method of restarting the game in rugby football
![Page 6: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/6.jpg)
IKT
The agile life-cycle
Dev./test
Start-up TerminationEvaluation
Prioritizing
Release
a few days n * 1-4 weeks
a few days
product
Agile
![Page 7: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/7.jpg)
IKT
Add-On to Scrum
7
Keeping track of how these relate
Stable
Add-On to Scrum:Involvement of the validator and/or assessor
Add-On to Scrum
Add-On to Scrum: tracing safety requirements
Add-On to Scrum: RAMS V&V
Add-On to Scrum:CM
![Page 8: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/8.jpg)
IKT
Environmentdescription
RAMSvalidation
Scrum Phase 10
Backlog
SSRSPhases 1 - 4
OperationPhase 14
ModificationsPhase 15
Parts of Annex A.1 – A.7B.1 – B.3B.7 – B.9
High levelplans
Change Impact
Analysis
Change not implemented
Change implemented in
SSRS
New safety requirements from the customer
Requirement changes R
esults
Update of the User Manual?
Separation of concern and CIA
![Page 9: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/9.jpg)
IKT
V-model and Separation of Concern
The main Scrum domain
"Outside SafeScrum"
![Page 10: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/10.jpg)
IKT10
Separation of Concern
Upfront activities After sprints
• Safety requirements• Hazard/Risk• Architecture• System design
• Remaining validation activities
• RAMS evaluations• Remaining parts of the
Safety Case or similar
![Page 11: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/11.jpg)
IKT11
Topics to be addressed when complying to safety standards
Definitions Lifecycle requirements Configuration management Change Impact Analysis Documentation Regression testing
Safety standards and us of an Agile method
![Page 12: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/12.jpg)
IKT12
Safety standards intentionally do not include information related to
Safety standards
Topics Comments
Project management Agile methods have solutions for the SW team
Project organization Scrum has solutions for the SW team
Communication Agile methods have solutions for the SW team
Certification Agile methods have solutions for communicationDaily Scrum
![Page 13: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/13.jpg)
IKT
Assessor
Duty to provide guidance (copy from the appointment of SINTEF as Notified Body)
A NoBo has a general duty to provide guidance
SINTEF ICT shall through its guidance point out possible faults or shortcomings of a product
so that the manufacturer can bring the product into line with the requirements from regulations
It is however the manufacturer's responsibility to find the actual technical solutions
13
![Page 14: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/14.jpg)
IKT14
IEC 61508-3 includes lifecycle requirements
The requirements are based on the waterfall process methodology although "any software lifecycle model may be used provided all the objectives and requirements of this clause are met".
The current standard has not succeeded in presenting the requirements as model independent since the requirements are presented according to the waterfall model, including the V-model.
Goal-based approach to improve IEC 61508-3
![Page 15: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/15.jpg)
IKT15
According to IEC 61508-3 , any lifecycle may be used provided that all the objectives and requirements are met
Although this is stated in the standard, it presents the requirements as if the V-model is the only model to be used
Only one requirement for the lifecycle has to be changed in the next edition of IEC 61508-3
However, notes should be added as part of some of the existing requirements
Goal-based approach to improve IEC 61508-3
![Page 16: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/16.jpg)
IKT16
Goal-based approach to improve IEC 61508-3
Current IEC 61508-3 edition Future edition
7.1.2.4:“Provided that the software safety lifecycle satisfies the requirements of table 1, it is acceptable to tailor the V-model (see figure 6) to take account of the safety integrity and the complexity of the project.
7.1.2.4:Provided that the software safety lifecycle satisfies the requirements in chapter 7, it is acceptable to tailor the model chosen (e.g. V-model or Scrum) to take account of the safety integrity and the complexity of the project.
Ch.7: Software lifecycle requirements
![Page 17: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/17.jpg)
IKT17
EN 50128 includes detailed requirements related to the organisation, roles and responsibilities.
Requirements related to documentation are specific in EN 50128 and 45 documents are listed in the standard.
Personnel competence requirements are strict and concrete involving required key competencies for 10 different roles.
EN 50128
![Page 18: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/18.jpg)
IKT
Configuration management
18
Categories Comments related to Agile versus Waterfall
CM during development (including requirements for tools)
Different mainly because Agile results in• More builds/baselines• More deliveries/releases• More changes
CM when in use (architecture/design)
Similar
Configuration data Similar
![Page 19: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/19.jpg)
IKT19
More information related to CM has to be presented in Part 7
Either as Text in Part 7 (prefered by the industry) or
More references in Part 7 E.g. refer to IEEE 828:2012 standard for Configuration Management
in Systems and Software Engineering
CM and IEC 61508 Part 7
![Page 20: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/20.jpg)
IKT20
Requirements and information related to regression testing is currently weak in the two standards
Regression testing is more important when performing incremental development
Complete regression testing of a large or complex system will usually require much effort and resource
The standard approach is to repeat all tests. But in some cases this is impractical and expensive
Regression testing may also be necessary when performing non-code changes (change configuration files and databases)
Regression
![Page 21: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/21.jpg)
IKT21
AAMI, the Association for the Advancement of Medical Instrumentation
Current practice
![Page 22: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/22.jpg)
IKT
Current practice, Certification Bodies
22
Certification body Comments
TUV Nord Accept SafeScrum
TUV Rheinland Accept SafeScrum
TUV Sud Accept Adapted Agile methods
Exida Accept Adapted Agile methods
Lloyds Accept Adapted Agile methods
![Page 23: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/23.jpg)
IKT23
Edition 2 of IEC 61508 does not stop the use of Agile methods
CIA, CM, Regression, "Add-on" and "Separation of Consern" are
addressed in the SafeScrum model
Two certification bodies accept SafeScrum and at least 3 other
main certification bodies accept "Adapted agile methods"
Provided that the software safety lifecycle satisfies the
requirements in chapter 7, it is acceptable to tailor the model
chosen (e.g. V-model or adapted Scrum) to take account of the
safety integrity and the complexity of the project
Conclusions
![Page 24: IKT 1 Certification of safety-critical systems for the Oil & Gas and Railway domains using Agile methods – exemplified by using the SafeScrum method Thor](https://reader035.vdocuments.net/reader035/viewer/2022062719/56649ee95503460f94bfb086/html5/thumbnails/24.jpg)
IKT24
https://no.linkedin.com/in/thormyklebust
www.sintef.no/sjs (Railway)
www.sintef.no/IEC61508 (Certification and Consultancy)
www.sintef.no/SafeScrum (Software development)