[SystemSafety] Agile methods

Les Chambers les at chambers.com.au
Sat Aug 31 03:53:29 CEST 2013 

Hi Rene

As you may have sensed by now, mentioning agile development in a room full
of functional safety engineers introduces a stench that makes you want a
look around and ask who ... It's lucky we're not crowded into a
lift/elevator. Having said that, in my own practical experience, elements of
the agile philosophy can be applied to functional safety. While a hazard
analysis is done at the beginning of a project and functional safety
requirements derived from it, these requirements are never complete or
static. This is why most standards require the generation and maintenance of
a hazard log throughout a project. Hazards arise from the operational
environment but can also be introduced by design approaches. Also there are
always those oops  moments when, on thinking through a problem in great
detail, you gain insights that were not possible at the beginning of the
project. Then there is always the guy with the knowledge that wasn't invited
to the hazard analysis sessions and turns up with whole new take on safety
including hard knowledge of past safety incidents that no one knew about.  

The job of a functional safety engineer is to sit in on design reviews and
highlight and document these hazards together with the agreed corrective
action. In a practical sense the response to a hazard should be some kind of
safety requirement that must be validated in the end product and verified in
the design as it progresses. As one who has had the job of running a hazard
log and closing it out at the end of the project I would like to see a more
agile approach to implementing some of these in-process generated
requirements. This is where agile comes in. The fundamental principle of
agile is incremental generation of requirements in close cooperation with
the customer and regular demonstration of progress in implementing those
requirements that allows a customer to give feedback. Too many projects I
have been associated with have left implementing in-process generated
requirements far too long to the point where it's almost too late and very
expensive to do the necessary work, hence the need for more agility and a
faster turnaround on implementing requirements in the design.

In summary, using agile as the core methodology for a safety critical system
build is just not practical but using agile ideas in aspects of such a
project can be beneficial. In other words I'm advocating a mash up which
inevitably happens in the real world.

A note of caution though: if you are working with an organisation that
insists on using 100% agile principles in a safety critical system build its
highly likely they have no experience in that field and are dangerous
people. Run!!

Cheers

Les

 

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
René Senden
Sent: Saturday, August 31, 2013 3:30 AM
To: 'Nancy Leveson'
Cc: systemsafety at techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Agile methods

 

I appreciate your input, however, my question addresses a specific situation
that some of you may have encountered in practice


It is such practical experience I am interested in


Let me rephrase
 I was not very clear/accurate in describing my query


Have you encountered a situation, in industrial practice, in which an
organization developing software following an agile methodology 

has to comply with a safety standard which has specific requirements on the
software development process? A typical example of

such safety standard, with respect to its requirements on the sw-dev, would
be IEC-61508 Part 3 or DO-178


 

Rene

 

From: Nancy Leveson [mailto:leveson.nancy8 at gmail.com] 
Sent: vrijdag 30 augustus 2013 19:14
To: René Senden
Cc: systemsafety at techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Agile methods

 

Definitions always differ among the users of terms. But if the Agile methods
being considered do not start with a complete and thorough specification of
all the system/software safety requirements before anything else, then the
system resulting system/software design will almost surely be less safe than
one that does. Whether it coincides with other standards (most of which are
very deficient with respect to safety) is not really important, is it?

 

Nancy

 

On Fri, Aug 30, 2013 at 1:02 PM, René Senden <rene.senden at gmail.com> wrote:

Dear all,

Do any of you have practical experience with reconciling established agile
software development with software safety requirements (e.g. IEC-61508 or
DO-178..) ?

Best regards,
Rene

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE





 

-- 
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson at mit.edu
URL: http://sunnyday.mit.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130831/6e0f41e4/attachment-0001.html>

More information about the systemsafety mailing list