Safety development lifecycle concept

The safety development lifecycle concept is enshrined in an international standard called EC 61508 [1]. This is intended as a standard of standards , for use aaoss aU process industries, the energy sector, and rail, automobile and aviation. Other standards have then been written which put the EC 61508 requirements into an industry-specific framework. These include EC 61511 (process industries), EC 61513 (nuclear industries), and Do-178 (aircraft), although their scopes may vary. 

In the proposed BBN, as a general principle, we model the rigour of application of any method (its effectiveness), in terms of two subsidiary concepts the inherent power to do the job ( power of build/verification method i nodes) and the intensity of its application ( intensity at which build/verification method i was applied nodes). The multiple node notation presented in Figure 3 indicates that every phase of the IEC61508 safety software development lifecycle has one or more build and verification methods, the precise number of nodes depends on -... 

Within the overall development lifecycle, the technical safety requirements are the technical requirements necessary to implement the functional safety concept, with the intention being to detail the item-level functional safety requirements into the system-level technical scfety requirements. 

During the development of the draft Standard, a Safety Lifecycle concept was developed reflecting some of the titles of future parts of the Standard. The envisaged lifecycle comprises the stages illustrated in Figure 1 [lEC 89a, b]. This paper will concentrate on the first step of the model Hazard Analysis. 

Facility System Safety (FSS), which is the application of system safety concepts to the facility acquisition process, has recently gained acceptance throughout the Department of Defense and most recently within the Department of Army with the conception of SAFEARMY 1990. The Army s goal is to fully integrate the total system safety, human factors, and health hazard assessments into continuous comprehensive evaluation of selected systems and facilities. The Chemical Research Development and Engineering Center (CRDEC) has mandated appropriate levels of system safety throughout the lifecycle of facility development for many reasons. These include ... 

ABSTRACT The draft document of the NATO allied ordnance publication (AOP) 52 gives guidance on software safety design and assessment of ammunition-related computing systems. The content of the draft is reviewed and compared with the lEC 61508 standard for functional safety of electrical/electronic/programmable electronic (E/E/PE) systems. We discuss the overall development model, the safety-lifecycle model and proposed techniques and measures. We also investigate whether the functional safety concept of lEC 61508 is incorporated in the document. 

A key concept of the lEC 61508 as mentioned before is the implementation of a safety lifecycle that includes hardware and software development life cycles for the safety functions. The AOP 52 recommends the usage of a lifecycle during development of hardware and software. One can say that there is a basic correspondence between the key concept of using process models for the development of safety critical systems. 

Figure 1 illustrates a Lifecycle V-Model with the essential safety lifecycle activates that have to be performed during the concept phase, SRECS and Software design and development processes, and during operation. 

According to ISO 26262, safety requirements comprise several attributes, not all are relevant to be considered for the development of the EEA. SGs express a statement in textual form and have the attribute ASIL. Both should be available in the EEA model. Although the SGs are not directly allocated to artifacts of the EEA ([6] part 3, chapter 8.1), they are needed to track deriving of ESRs. Following the ISO 26262 lifecycle, ESRs are allocated to the elements of the preliminary architectural concept for the item ([6] part 3, chapter 8.2). 

Although the NORSOK concept covers the entire lifecycle the main impact has been on the development and construction phases, see figure 1 below. This new approach created boom activity in the new development projects and in the construction and supply industry activities far beyond their normal capacity. This was followed by a panic reaction the winter 1998/99 resulting in a full stop as a response to a short term oil price of less than 10 per barrel. The price grew fast to 20-30, but in a power-play with the authorities for improved conditions, i.e. reduced safety requirements, the industry used 10-12 as a reference price on oil. 

The following Fig. 3.15 is an excerpt of the safety lifecycle and shows how activities, requirements and work results leave the conception phase and enter the development phase. 

The first objective of this clause is to define the safety management roles and responsibilities, regarding the concept phase and the development phases in the scfety lifecycle (see Figs. 1 and 2). 

This paper is concerned chiefly with Hazard Analysis and Risk Assessment when PES are used to carry out critical safety functions and the use to these ends of a modified Hazard and Operability (HAZOP) methodology. In order to put the HAZOP in perspective, some other major factors, influences and definitions will be addressed in the first part of the paper, beginning with the concept of Safety Lifecycle, followed by a short discussion of software risks, some case histories and a description of the development of the HAZOP approach to Hazard Analysis, including the increasing awareness of the signifrcance of human error. 

---