Building software to be used in safety-critical environments (for example, software embedded in medical devices, automotive or aviation systems, railway software, etc) is different to "ordinary" software development. As human lives may be dependent on these systems, it is imperative that they operate reliably, without the risk of malfunction, over extended periods of time, under all possible circumstances and operating environments.
Therefore, great emphasis is placed on managing risks, controlling processes (both of development and testing), and ensuring complete transparency and traceability throughout the lifecycle. The enforcement of adequate development & testing processes is vital if you're aiming to achieve compliance with relevant industry standards, guidelines and regulations. In addition to ensuring the use of compliant processes, you also have to prove this, finding a way to show that your lifecycle fits the requirements set forth by regulations. To verify adherence to these rules & regulations, development companies have to document their compliance measures & processes, and compile reports on them to facilitate audits.
So what exactly do these standards require?
Safety-critical standards and regulations
While most regulations are industry-specific, there are a few general safety standards, such as IEC 61508, from which several industry-specific standards are derived.
Related reading: Check out our compliance guide on IEC 61508!
What's more, even the sector-specific standards tend to overlap in terms of their fundamental requirements, which can be summarized as follows:
Traceability & clear links between artifacts
Traceability in particular is one key requirement no matter what industry or standard we're talking about. The complete transparency of processes, and relationships established between all work items are among the most basic requirements. In a nutshell, complete traceability helps make sure that all of your original requirements are covered with code/features, all features can be traced back to their sources, and changes on all of your work items have been recorded throughout development.
Safe & compliant methods and processes
Traceability also helps prove the other essential point: the use of effective and adequate methods and processes during the development lifecycle. When developing safety-critical products, you have to make sure that unauthorized users can't access certain documents or artifacts, and that a safe and compliant workflow is enforced at all times.
Another measure of crucial importance is risk management. An adequate hazard management lifecycle has to be implemented in order to make sure that the end product's overall residual risk level is acceptable. While the actual measures and processes of risk management may vary in different industries and according to different standards, the lifecycle should consist of the following steps in general:
- Risk Identification
- Classification and Assessment
- Hazard Analysis
- Risk Reduction Plan
- Risk Mitigation Actions
- Documentation and Reporting
Failure Mode and Effects Analysis (FMEA) is one of the widely used techniques in risk analysis and management.
Specific risk management procedures and methods are available for the medical industry (for instance, Healthcare FMEA or HFMEA, and other risk management measures required by standards such as ISO 14971), automotive development (where the standard ISO 26262 requires developers to implement meticulous risk management), embedded avionics systems, and various other sectors.
Overall, companies involved in safety-critical product development have to pay special attention to processes, traceability, security and risks – areas which are of less importance in the case of "ordinary" software development. Therefore, they need adequate software solutions to support these aspects more than any other development team. Not only do they have to ensure they use the right processes, they also need to be able to show this in a convenient, efficient way. A few advanced ALM software solutions such as codeBeamer can automatically record this data, greatly facilitating compliance audits.
codeBeamer ALM offers fully customizable & enforceable workflows, gapless end-to-end traceability and a full change history on all work items, as well as advanced risk management capabilities. What's more, it comes with preconfigured templates for the automotive, medical device and avionics industries, providing a simple yet efficient way of supporting compliance with relevant standards and regulations.