Change Impact analysis



Similar documents
The Role of CM in Agile Development of Safety-Critical Software

Change Impact Analysis in Agile Development. Abstract

An Agile Development Process for Petrochemical Safety Conformant Software

The application of Safe Scrum to IEC certifiable software

Controlling Risks Safety Lifecycle

ISO Introduction

Design of automatic testing tool for railway signalling systems software safety assessment

Frequently Asked Questions

IEC Overview Report

Quality Risk Management Tools Quality Risk Management Tool Selection When to Select FMEA: QRM Tool Selection Matrix

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

Frequently Asked Questions

Intelligent development tools Design methods and tools Functional safety

Application Functional Safety IEC 61511

Testing of safety-critical software some principles

Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9

IEC Functional Safety Assessment. United Electric Controls Watertown, MA USA

How to Upgrade SPICE-Compliant Processes for Functional Safety

COMMON REGULATORY OBJECTIVES FOR WIRELESS LOCAL AREA NETWORK (WLAN) EQUIPMENT PART 2 SPECIFIC ASPECTS OF WLAN EQUIPMENT

Life Sciences Product Development Artifacts Survey Results

TÜ V Rheinland Industrie Service

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL

Reduce Medical Device Compliance Costs with Best Practices.

TÜV FS Engineer Certification Course Being able to demonstrate competency is now an IEC requirement:

ASSESSMENT OF THE ISO STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

IEC and IEC 61511: application state and trends

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC AND IEC IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF

Functional Safety Hazard & Risk Analysis

Agile in a Safety Critical world

Safety Certification of Software-Intensive Systems with Reusable Components

Automotive SPICE & ISO/CD Their Mutual Relationship

CASS TEMPLATES FOR SOFTWARE REQUIREMENTS IN RELATION TO IEC PART 3 SAFETY FUNCTION ASSESSMENT Version 1.0 (5128)

Lean and Agile in Safety-critical Software Development Research and Practice. Henrik Jonsson

Safety Lifecycle illustrated with exemplified EPS

Controlling Risks Risk Assessment

APPLICATION OF IEC AND IEC IN THE NORWEGIAN PETROLEUM INDUSTRY

SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND. Queensland 4072 Australia TECHNICAL REPORT

Core Fittings C-Core and CD-Core Fittings

Common Safety Method for risk evaluation and assessment

Independent Safety Assessment White Paper

DEDICATED TO EMBEDDED SOLUTIONS

SIL manual. Structure. Structure

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

ISO 26262:2011 Functional Safety Assessment Report. Texas Instruments Richardson, TX USA. Project: TDA2X ADAS SoC. Customer:

Introduction of ISO/DIS (ISO 26262) Parts of ISO ASIL Levels Part 6 : Product Development Software Level

Requirements-driven Verification Methodology for Standards Compliance

SOFTWARE QUALITY & SYSTEMS ENGINEERING PROGRAM. Quality Assurance Checklist

From ideas to products

Agile Software Development compliant to Safety Standards?

Software in safety critical systems

Quality Risk Management ICH Q9 & ISO Presented by Michael Kerr 11 th November 2011

RAMS MANAGEMENT OF RAILWAY SYSTEMS

Best Practice In A Change Management System

Achieving Functional Safety with Global Resources and Market Reach

SafeProd. Functional safety in complex products.

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

HS line TSI Conformity Certification and Safety Assessment

ACHIEVING FUNCTIONAL SAFETY OF AUDI DYNAMIC STEERING USING A STRUCTURED DEVELOPMENT PROCESS

Hardware safety integrity Guideline

IRIS International Railway Industry Standard

Network Certification Body

A System-Safety Process For By-Wire Automotive Systems

SERVICES AND ACTIVITIES ISD ITALIA ACTIVITIES

I requisiti delle Norme IEC EN Ed 2: 2010 e IEC EN Ed. 2: 2016

Improved Utilization of Self-Inspection Programs within the GMP Environment A Quality Risk Management Approach

Is the Cost of Reliability, Maintainability, and Availability Affordable for Software Intensive Systems?

INTERNATIONAL STANDARD

Risk Management in IEC rd Edition. Presented by Alberto Paduanelli Medical Devices Lead Auditor, MHS-UK, TÜV SÜD Product Service

Safety-Critical Systems: Processes, Standards and Certification

SECTION REFERENCE STANDARDS

Risk Assessment and Management. Allen L. Burgenson Manager, Regulatory Affairs Lonza Walkersville Inc.

How to design safe machine control systems a guideline to EN ISO

Testing and Certification Procedure

Medical Device Training Program 2015

Overview of International Medical Device Human Factors Standards. Ed Israelski PhD, Director of Human Factors Abbott Abbott Park, IL, USA

Leittechnik für Bahnsysteme mit Eclipse

Risk Assessment for Medical Devices. Linda Braddon, Ph.D. Bring your medical device to market faster 1

Building a Safety Case in Compliance with ISO for Fuel Level Estimation and Display System

ATEX 94/9/EC Directive Declaration of Conformity: Tips and FAQ s

How To Write Software

RELEX ITALIA ACTIVITIES SERVICES AND ACTIVITIES. Relex Italia team provides Consulting services and support in the following main areas:

Guidance for Industry

Abbott Risk Consulting Ltd. Rail Consultancy. Managing Risk Improving Performance

What is ATEX? The European Regulatory Framework for Manufacture, Installation and Use of Equipment in Explosive Atmospheres

Impact of Safety Standards to Processes and Methodologies. Dr. Herbert Eichfeld

A System-safety process for by-wire automotive systems

Test-Driven Approach for Safety-Critical Software Development

QUALITY RISK MANAGEMENT

Overview of IEC Design of electrical / electronic / programmable electronic safety-related systems

Safe Automotive software architecture (SAFE) WP 6, WT Deliverable D Methods for Assessment Activity Architecture Model (AAM)

Combining Security Risk Assessment and Security Testing based on Standards

A methodology For the achievement of Target SIL

IBM Rational systems and software solutions for the medical device industry

Transcription:

1 Change Impact analysis and the safety standard IEC 61508:2010 series Author and presenter: Thor Myklebust SINTEF ICT Authors: Tor Stålhane, IDI NTNU Geir Hanssen, SINTEF ICT Børge Haugset, SINTEF ICT

2 Change Impact analysis (CIA) Topics Introduction and relevant definitions Scrum and CIA Requirements related to Modification and Impact analysis Related standards CIA Report/information (or e.g. a tool or database)

3 Scrum A scrum is a method of restarting play in rugby football

Change not implemented Update of the User Manual? Change Impact Analysis New safety requirements from the customer Environment description Change implemented in SSRS SSRS Phases 1-4 Backlog Scrum Requirement changes RAMS validation R e s u l T s The SafeScrum and CIA model for IEC 61508 Operation Phase 14 Modifications Phase 15 Parts of Annex A.1 A.7 B.1 B.3 B.7 B.9 High level plans

5 Related standards ISO, IEEE and CENELEC have already issued standards presenting requirements for safety, quality and project plans Safety plan EN 50126-1:1999 ch.6.2.3.4 Software safety plan IEEE 1228:1994 Project plan ISO 10006:2003 Quality plan ISO 10005:2005 analysis and review techniques FMECA IEC 60812:2006 FTA IEC 61025:2006 Design review IEC 61160:2006 HAZOP IEC 61882:2001 Markov IEC 61165:2006 RBD IEC 61078:2006

6 IEC 61508:2010 Requirements Part 1: 7.16 Overall modification and retrofit 7.16.2.3 An impact analysis shall be carried out that shall include an assessment of the impact of the proposed 7.16.2.6 All modifications that have an impact on the functional safety of any E/E/PE safety related system shall initiate a return to an appropriate phase of the overall, E/E/PE system or software safety lifecycles. 4 5 Overall safety requirements Overall safety Requirements allocation 9 E/E/PE system safety Requirements specification 10 Overall safety requirements Realisation

7 Change Impact Analysis Report Sources: IEC 61508:2010 series EN 5012X series (Railway) ISO 26262:2011 series (Road vehicles) EU Directives Standards for FMEA (IEC 60812), FTA (IEC 61025) etc EXIDA book: Functional Safety An IEC 61508 SIL3 Compliant Development Process. 2011 Several CIARs (Change Impact Analysis Reports) www.sintef.no/safescrum

8 Change Impact Analysis Report Motivation for a CIAR Agile: frequent changes to existing Code and Requirements Satisfy IEC 61508 requirements Overview (for all involved parties) Less faults and errors Improved planning Improved information to the validator and to the assessor Improved process towards the assessor Improved process for the design team and scrum team Source: http://en.wikipedia.org/wiki/file:st_vs_gloucester_-_match_-_23.jpg

9 Change Impact Analysis Report Content of an CIAR: 1. Title page 5. Table of content 2. Distribution 3. Names of authors and signatories 4. Revision history Summarize the changes in 1-3sentences Version number Date 6. Introduction Definitions 7. Modification/change request Reference to database or relevant "change request form" "No change"

10 Impact Analysis Report Content of an IAR continued: 8. Description of existing problem or reason for change Reference to database or relevant "change request form" 9. Description of suggested change Summarice the change (or each change) being considered in one or two sentences 10. Description of proposed change(s) Details of proposed changes are described or Reference to relevant document(s)

11 Impact Analysis Report Content of an IAR continued: 11. Potential safety impact without change Impact of existing behaviour Root cause of problem SRAC (safety related application condition) necessary? EN 50129:2003 Impact on existing systems

12 Impact Analysis Report Content of an IAR continued: 12. Potential safety impact of change Functional Safety impact Hazards affected and new hazards EMC, ATEX, LVD, RTTE, Railway interoperability etc Technical file, Technical documentation Areas that are not being directly changed Interfaces Execution order Timing

13 Change Impact Analysis Report Content of an IAR continued: 13. Names of participants including information related to competence (experience) Selection of relevant and sufficient number of experts is important part of an Impact analysis EMC experts, SW experts, HW experts etc 14. Relevant dates Analysis dates Meeting days etc

Impact Analysis Report 14 Content of an IAR continued: 15. Any deviations from normal operations and conditions that occur as a result of this change Failure behavior related to the change Hazop necessary? The condition list or e.g. SRAC (safety related application condition) list should be checked. 16. Re-entry point into life cycle Required in Part 1: 7.16.2.6 and Part 3: 7.1.2.9 17. Required verification 18. Required validation

15 Impact Analysis Report Content of an IAR continued: 19. Assessor aspects New assessor? Special interpretations of the standards in the new design that should be discussed with the assessor in the beginning of the project? 20. Certification and authorisation aspects New certification body More countries? 21. Required document changes Several reasons to include a list of all the documents affected

16 Impact Analysis Report Content of an IAR continued: 22. Conclusion/summary 23. Document references

17 Change Impact Analysis Questions? thor.myklebust@sintef.no www.sintef.no/sjs (Railway) www.sintef.no/iec61508 (Certification and Consultancy) www.sintef.no/safescrum (Software development)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information