The importance of data in safety-critical systems

Introduction All computer-based systems make use of data in one form or another and it is common to consider this data as an integral part of the system's software. However, an increasing number of systems make use of data to configure the system or to describe its environment, and in such cases data often forms a distinct element. Data in these 'data-driven' systems is often generated and maintained quite independently from the executable software, and there is some evidence to suggest that in many cases it is not receiving the attention it deserves. The high development costs of safety-related systems encourage the use (and re-use) of standardised hardware and software wherever possible and this has led to the large-scale use of COTS products, and to the development of systems that can be easily adapted to a range of similar situations [1]. COTS and multipurpose systems are often adapted to a particular installation through the use of configuration data. In some cases, this configuration data is extensive, and represents a substantial part of the complexity and the cost of the complete system. Other examples of data-driven applications include those that use data to model a physical or operating environment. These include applications such as air traffic control (ATC) and railway management systems. Since safety is a property of a complete system, rather than its individual components, it follows that attention must be paid to all its components during the development process. Over the years a great many techniques have been developed for treating the hardware and software elements of computer systems, but less attention has been directed at the data element. This is evident from the various standards and guidelines relating to safety-related systems. Generic standards, such as IEC 61508 [2] provide extensive guidance on hardware and software issues, and are used across a range of industrial sectors, however, these say almost nothing about the generation, testing or control of data. Similarly, industry-specific standards such as those in the civil aircraft, military, nuclear and railway sectors [3-6] give very little guidance in this area. One of the few industrial sectors that do have standards relating to data is the air traffic control sector, which has created the DO 200A family of standards in connection with the processing of aeronautical data [7,8]. These standards contain much useful information, but are highly industry specific and are not widely used (or known of) in …