Building a Preliminary Safety Case: An Example from Aerospace
暂无分享,去创建一个
The phased production of safety cases, in step with an evolving design, is an increasingly common approach to managing the potential risk associated with certification. The Preliminary Safety Case, the first safety case to be issued, is prepared during the initial stages of project development. An important part of the Preliminary Safety Case involves defining the safety argument approach that is being adopted for the system. Such an argument can make clear the principal safety objectives and constraints of the project, and outline how they will be interpreted and addressed. In this paper we describe the production of these ‘Preliminary Safety Arguments’. In particular, we show how we have used the Goal Structuring Notation as the basis for presenting the Preliminary Safety Argument for a distributed computing platform for aero-engine control. Through such an approach, we argue that certification risk can be reduced by deriving safety objectives in advance of system development rather than ‘discovering’ them after significant functional design commitments have already been made.
[1] Hoyt Lougee,et al. SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .
[2] James W. Layland,et al. Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.
[3] John A. McDermid,et al. Safety Case Development: Current Practice, Future Prospects , 1997 .
[4] Hermann Kopetz,et al. Clock Synchronization in Distributed Real-Time Systems , 1987, IEEE Transactions on Computers.