Safety-critical software development is a very interesting specialization for development professionals, although it may not be as well known as other types of software. Which is why in this article we answer seven questions that every developer should know about safety-critical systems.
1. What do we mean by safety-critical software systems?
Safety-critical systems are systems where a failure could lead to loss of life or significant damage to property or the environment. The most typical examples of this type of system are found in the aeronautical and aerospace industry, although it is also important in other sectors such as car-making and railways, a subject we’ve already covered in another article.
But there are many more applications than you may think for this type of system. It is commonly used in infrastructure projects that have alarm systems or life support systems built in. Many power generation and distribution plants also have safety-critical systems, especially if we’re talking about nuclear installations.
In medicine there are also many applications where the safety of the system ensures that the patient remains alive, for example in mechanical ventilation systems, infusion pumps, radiotherapy machines, robotic surgery systems, etc.
2. What is the main characteristic of safety-critical software?
The main feature of this type of system is security, more than any other feature that may be usual in other types of software such as speed, usability, etc.
This feature may seem simple at first glance but it is the reason why the development of this type of software is so complex. It’s necessary to take into account all possible failures that could occur and take steps to avoid them, which in complex systems, with a multitude of variables, sensors and actuators, is an arduous task.
Achieving this involves complying with each and every one of the points mentioned in the standard, minimizing all risks as far as possible and achieving the applicable certification (we’ll get on to all this a little later).
3. Is the development of safety-critical software very different from other types of software?
The short answer is yes. Safety-critical software development is a highly specialized area within general software development. Normally, work is carried out subject to standards (depending on the sector), ensuring that a certain level of safety is achieved, so that work processes must be tailored to the specifications of these standards from the outset. This makes projects slower and more expensive compared to other software types, necessitating significant investment in resources to get them off the ground.
4. What is the level of security that safety-critical software can achieve?
We have already said that the main feature of these systems is security, but how safe are they?
We’re talking about safest software that can possibly be created, and this can be observed quantitatively if we look at what the standards set out. For example, if we use the SIL (Safety Integrity Level, widely used in the railway industry), the probability of a dangerous failure at SIL level 4 (the most demanding) must be less than 10-8 per hour of continuous operation, which means less than one failure per 11,400 years. This certainly provides a striking illustration of the difference compared to other types of software
5. What resources are needed to develop safety-critical software?
Safety-critical software development projects are highly resource intensive. They require trained and experienced professionals, financial input and considerable time, something that normally only large companies can afford.
It is necessary to develop the product very thoroughly from the outset in order to minimize the costs associated with changes and modifications. Failure to get through certification processes entails delays and cost overruns, which in many cases are unaffordable. It’s therefore preferable to succeed in the first instance, but this means investing in resources.
In this sense, there are no shortcuts or fast track options. It takes talent and experience to be able to follow the steps set by the standards and achieve a good product that achieves certification.
6. How are safety-critical software systems developed?
We cannot specify here all the work that needs to go in to development, but we can at least provide a summary of the major steps and stages of development. Incidentally, if you follow this link you’ll find a downloadable checklist with the key points for safety-critical software certification.
Starting from the beginning, you must first know which standard you have to meet. This may be determined by the sector you work in or by the requirements of the client you’re working for. This is important as it will have a major bearing on the processes you’ll have to follow during development, just as it’s important that your team has a thorough understanding of the standard in order to be successful.
The next step is to determine the safety level. This depends on each standard, but in general it will be necessary to define the level of impact (severity of the consequences) that your system will have in the event of failure and the probability that this will occur.
Once you know the level you need to meet, it’s necessary to analyze the processes and documentation you will need to follow during each of the development phases. In the downloadable checklist mentioned above you can see this information for some standards for each phase of the project.
Finally, the product must be certified before it is sold or used. Normally there are organizations that are in charge of evaluating your software and issuing the certification in the event that it meets all the requirements. In some cases, additional verification and validation by an independent body may also be required.
7. Does complying with a standard ensure that system failures will not occur?
Even systems developed under the highest security standards can suffer failures, as happened in these historical cases. Following the procedures outlined by the standard step by step does not in itself ensure the development of good software. Knowledge and know-how are required. In other words, the product that is created must be certifiable, but it mustn’t be forgotten that its purpose is something else, such as controlling certain operations on an aircraft. Certification is not the end, it is an intermediate step.
Standards are demanding but it is necessary to go one step further to create high-quality, certifiable and safe products.
Centum, experts in safety-critical systemsengineering
For many organizations it is difficult to address safety-critical software projects, whether due to lack of experience or lack of the required resources, etc. If you need help in this regard, please do not hesitate to contact us. CENTUM Digital has more than 16 years’ experience offering Engineering services in Safety-Critical Systems in the most demanding settings, such as Aviation, Shipbuilding, Defence, Railways and the Automotive industry, mainly oriented towards Certification, Safety, Environmental Rating and HW/SW Assurance processes.
