The purpose of this document is to aid projects involved in the development and assurance of safety critical software contained in a system. This document shall provide the preferred methodology to be used to identify, manage, and control system/software safety critical capabilities or hazards. This shall be applicable to; software developers/subcontractors, software product assurance, system safety, software quality assurance, airworthiness, and software safety organizations. In general, this document complies with MIL-STD-882 and shall be used in association with the software development strategies and activities required by ISO/IEC 15288/12207 using MIL-STD-498 and SEI "key practices" as defined by the "Project Standards". This document assumes the reader is familiar with the processes and products required by "ISO/IEC 12207/MIL-STD-498" and "MIL-STD-882".
This document shall define the system safety programme requirements for safety-critical software to be performed throughout the life cycle of any new system, new development, re-engineering, upgrade, modification, resolution of deficiencies, or technology development. This document however will not define the systems analysis tasks for the hardware components of a programme; that may well be a significant effort. When properly applied, these requirements shall ensure the identification and understanding of all known hazards and their associated risks; and mishap risk eliminated or reduced to acceptable levels.
This document describes resource data required for each analysis task, the methodology, techniques, and tools for performing the analysis, and the output products. It also describes how to use these products in the overall risk management activity.
The document goes on to describe techniques and procedures in more detail. To make the document more practical, it contains analysis examples and possible pitfalls and problems that may be encountered during the analysis process.
This document also intends to satisfy the following objectives of RTCA/DO-178B :
- Develop objectives for the software development life cycle processes;
- Provide a description of the activities and design considerations for achieving those objectives.
The additional RTCA/DO-178B requirements to provide a description of the evidence-indicating adherence to these objectives shall be defined in the "Software Considerations for Airworthiness Certification Process" document when applicable.
The identification of hazards is the responsibility of all programme and project participants.
This standard software safety process shall be used in conjunction with "Project Standards", "ISO/IEC 15288/12207/MIL-STD-498", and the supporting "MIL-STD-498" "Overview and Tailoring" and "Application and Reference" guidebooks.
The primary objective of the System Safety Engineering programme shall be to minimize or contain system hazards. Scientific and engineering principles shall be applied during the system and software design and development to identify and mitigate these hazards. Management techniques shall include system and software life cycle considerations to ensure identified hazards are contained. The basic premise of System Safety philosophy is recognition that an initial investment in "engineering-out, safety hazards, and "designing-in" mitigation measures is a long term cost saving measure. System Safety Engineering shall be integrated with the systems engineering and management process and software project tracking and oversight process to identify any hazards are contained or mitigated.
