[SystemSafety] Agile methods

René Senden rene.senden at gmail.com
Tue Sep 3 14:12:22 CEST 2013 

Hello Peter,

I appreciate all contributions/replies, but of course I am particularly interested in those that actually address the initiating question..and indeed some members of this 
list addressed practical industrial experience, most of which however contacted me offline for that, this is after all a tough crowd at times… Perhaps we have different 
views on practical experience…or perhaps my wording of the question is a little short of perfection.. I kept my initial question somewhat general because I also have to 
consider things like confidentiality..so it goes without saying that I assume we all have similar restrictions… the sector at hand is defence, so not medical..

My latest contribution, as a response to Myriam, indeed concludes with an additional question…  I am not hoping for any particular outcome, I don’t know how you got that impression… 

Personally I am very skeptic about agile methods in this context..that being said.. we can’t always chose the questions we are faced with…

Rene


From: Peter Bernard Ladkin [mailto:ladkin at rvs.uni-bielefeld.de]
Sent: dinsdag 3 september 2013 6:55
To: René Senden
Cc: M Mencke; systemsafety at techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Agile methods

On 2 Sep 2013, at 17:32, René Senden <rene.senden at gmail.com> wrote:
.... I tacitly assumed that anyone who’d answer this question with “Yes”, would also include some
of the corresponding experiences … 

I think some of the initial replies that you didn't like did include experience. Nancy's and Martyn's for example. If you want anecdotes, that is hoping for a bit much, since many of us work under constraints of commercial confidence and sometimes legal privilege, *especially* when dealing with systems which have safety-related function.

Since you said (I paraphrase) "...such as IEC 61508 and DO 178" I presume that neither of these explicitly apply to the concrete case you have in mind, otherwise you would have specified. I conclude that you are talking about SW development in the medical-device domain. Indeed, there are organisations working in this area who use "agile" development for products with safety-related functionality. 

There is a reason for such a cultural difference. For example, accidents are earnestly and independently investigated, with considerable effort, in commercial aviation, and safety issues identified are required to be fixed. There was an accident twenty years ago on approach to Strasbourg airport in which the investigators pointed out that the approach profile was consistent with a choice of rate of descent rather than angle of descent in the AP settings, and that the difference between the two on the annuciator was not particularly striking. It got fixed. Whereas there are critical medical devices coming on the market "new" in which quantity is expressed on the display as a number, and to see the units requires a different manipulation of the controls, which, as is well known, personnel do not always have the time, inclination or motivation to check. Accidents and incidents caused by medical personnel commanding right numbers with wrong units, and not checking the units, were rife twenty years ago and are still rife today, many or even most of them not documented. Apparently it is deemed OK for this situation to continue. One concludes that the technical-correction regime in the use of medical devices is not as rigorous as it is in commercial aviation.  


Is it (at all) possible to harmonize these very different worlds, or would any such
attempt result in compromising either? 

Looking through the thread, most of the replies answer that question clearly. Maybe that was not the answer you had hoped for?

PBL

Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited

More information about the systemsafety mailing list