On 18 November 2020, we were treated to an excellent presentation from Rosanna Butters (TfL) on the results of an ongoing initiative within TfL, in collaboration with five software suppliers and consultancies, to understand issues and recommendations associated with the procurement of software-intensive systems.
Rosanna illustrated the issues by referring to 3 examples of high-profile accidents caused by software failures in the railway, space and aviation domains.
The presentation was followed by a panel discussion on the questions raised by the attendees.
A few significant points from the presentation are highlighted below. However, it is recommended that the presentation be viewed in its entirety.
- It was recognised that safety and security need to be managed throughout the lifecycle. The panel agreed that there needs to be a mechanism for all requirements (safety, security, environment) to be considered at a top-level and any necessary trade-offs/conflicts to be resolved at that level, not left to the individual, siloed, teams to resolve.
- Use of agile methodologies comes with a qualified endorsement. This was discussed during the panel discussion session, including the need to provide evidence that safety/software assessors can trace back to.
- The use of metrics and a recommendation around setting contractual confidence levels for software’s were explored. Further work is likely to be undertaken in this area to understand more fully the benefits that this would bring.
Attendees were directed to ISA WG guidance, available on the ISA WG page.
Pertinent published guidance includes Assessment of Safety Related Compliance Claims and a position paper on Security, Safety and Independent Safety Assessment (ISA).