Thor Myklebust

Agile Change Impact Analysis of Safety Critical Software

Change Impact Analysis (CIA) is an important task for all who develops and maintains safety critical software. Many of the safety standards that are used in the development and use of systems with a certified safety integrity level (SIL) requires changes of such systems to be initiated by a CIA. The resulting CIA report will identify planned changes that may threaten the existing safety level. The challenge with CIA is that there are no practical guidelines on how to conduct and report such an analysis. This has led to a practice where most changes lead to extensive up-front analysis that may be costly and delay the change process itself. In this paper we propose a new strategy for CIA based on the principles of agile software development and the SafeScrum approach to establish a more efficient in-process impact analysis. We discuss several benefits of this approach, like resource savings, shorter time to initiate the change process, better prioritization and management of the change process, and others.

Quality Assurance in Scrum Applied to Safety Critical Software

Various agile methods have several quality assurance mechanisms embedded in the process itself, without any explicit QA role. In principle, the team takes care of quality assurance during sprints and as part of daily stand-ups, sprint reviews and retrospectives. We have defined SafeScrum, a variant of Scrum with some additional XP techniques that can be used to develop safety-critical software and have the software certified according to the IEC 61508 standard. This imposes a load of additional requirements on the process. In a recent industrial case, we have experienced that the quality assurance mechanisms in Scrum becomes insufficient. We have therefore analyzed the standard, consulted an independent assessor and worked with the Scrum team to identify necessary additional tasks for a team-internal QA role to be added to the SafeScrum process.

Agile Safety Analysis

In this paper, we describe a method for performing safety analysis based on user stories in an agile setting. The chosen analysis method is a generic hazards list, combined with FMEA -- both because it is simple and intuitive to use and because it is efficient. In order to handle failure propagation in an efficient and easy-tounderstand way, we have chosen to use the input-Focused FMEA from the HiP-HOPS project.

The Role of CM in Agile Development of Safety-Critical Software

Agile development is getting more and more used, also in the development of safety-critical software. For the sake of certification, it is necessary to comply with relevant standards – in this case IEC 61508 and EN 50128. In this paper we focus on two aspects of the need for configuration management and SafeScrum. First and foremost we need to adapt SafeScrum to the standards’ needs for configuration management. We show that this can be achieved by relative simple amendments to SafeScrum. In addition – in order to keep up with a rapidly changing set of development paradigms it is necessary to move the standards’ requirement in a goal based direction – more focus on what and not so much focus on how.

Early Safety Analysis

In this paper, we discuss how to use available information to get an early start on safety analysis in an agile setting, based on the early, high level requirements and early system sketches. We suggest that this can be done by using existing generic failure modes for FMEA, domain specific fault trees and hazard lists plus generic architectural patterns. The paper gives a short presentation of the methods and some examples from the analysis of a fire alarm system.

Technical Safety Report (TSR)

What This Chapter Is About: This chapter provides information regarding the content of the technical safety part of the safety case including software. It discusses tests related to environmental conditions. It explains how an agile approach and agile practices can be included in this part of the safety case.

Safety Management Report (SMR)

What This Chapter Is About: This chapter provides information regarding the content of the safety management part of the safety case. It explains how an agile approach and agile practices can be included in this part of the safety case.

Safety Case: Quality Management Report

What This Chapter Is About: This chapter provides information regarding the content of the quality management part of the safety case. It describes to some degree how the ISO 9001 quality management system, IRIS system and the European module system for assessment of conformity are linked to this part of the safety case report. It explains how an agile approach and agile practices can be included in this part of the safety case.

Related Safety Cases, Conclusion and Safety Case References

What This Chapter Is About: Information regarding the related safety case part of the safety case Information regarding the conclusion part of the safety case Information regarding the safety case references part of the safety case Information on how an agile approach and agile practices can be included in this part of the safety case

Safety Case Patterns, Notations and GSN

What This Chapter Is About: Information regarding safety case patterns and notations. We explain how an agile approach can be combined with GSN.