[SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

SPRIGGS, John J John.SPRIGGS at nats.co.uk
Thu Mar 17 14:09:13 CET 2016 

Hi Matthew,
I do not know the provenance, but I will speculate.  Twenty-four hours a day for three hundred and sixty-five days is 8760 hours (I would, of course, have used 8766).  It probably arises from someone in committee saying “Surely, a failure-free year is sufficient”.  The document was, after all, developed by an industry association of equipment suppliers, I assume that they would not want to make it too hard.
I know ED-109 is not for avionics, but if they had read across from the then-current JAR-25 requirements for civil avionics, which did not use risk matrices, preferring hard limits, they would have found a larger number of hours was required for the equivalent assurance level (and then, perhaps, they should be looking for a 95% confidence level rather than saying, “We assume that there was a single failure just after we stopped monitoring at time T, so we will use the quantity 1/T to compare with the limit in the JAR”…

John
From: Matthew Squair [mailto:mattsquair at gmail.com]
Sent: 17 March 2016 12:45
To: SPRIGGS, John J
Cc: Peter Bernard Ladkin; systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

Strangely that COTS low number has been 'used in anger' on a project of mine. Any idea were it came from?

Matthew Squair

MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com<mailto:Mattsquair at gmail.com>
Web: http://criticaluncertainties.com

On 17 Mar 2016, at 9:23 PM, SPRIGGS, John J <John.SPRIGGS at nats.co.uk<mailto:John.SPRIGGS at nats.co.uk>> wrote:
Peter wrote: "... let me refer you to the current edition of IEC 61508, Parts 2 and 3. The conditions on "proven in use" for SW are to my mind incoherent. "

IEC61508 is not alone in being incoherent on this matter, EUROCAE Document ED-109 (RTCA/DO-278, if you prefer) sets assurance levels on the basis of the severity of the risk that is being mitigated but, in a note about using service history to support assurance for COTS and the like, it suggests a (low) numbers of failure-free hours that can be used to claim achievement of some assurance levels.  But, surely, that is "likelihood", which should be orthogonal to severity.

The newer version, ED-109A (RTCA/DO-278A) does not have this note, which may be why some have said that the COTS requirements are much more onerous than in the original...


John

-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Peter Bernard Ladkin
Sent: 16 March 2016 07:23
To: Les Chambers; systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

***************************************************************************
If you are not the intended recipient, please notify our Help Desk at Email information.solutions at nats.co.uk<mailto:information.solutions at nats.co.uk>
immediately. You should not copy or use this email or attachment(s) for any purpose nor disclose
their contents to any other person.

NATS computer systems may be monitored and communications carried on them recorded, to
secure the effective operation of the system.

Please note that neither NATS nor the sender accepts any responsibility for viruses or any losses
caused as a result of viruses and it is your responsibility to scan or otherwise check this email
and any attachments.

NATS means NATS (En Route) plc (company number: 4129273), NATS (Services) Ltd
(company number 4129270), NATSNAV Ltd (company number: 4164590)
or NATS Ltd (company number 3155567) or NATS Holdings Ltd (company number 4138218).
All companies are registered in England and their registered office is at 4000 Parkway,
Whiteley, Fareham, Hampshire, PO15 7FL.

***************************************************************************

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at techfak.uni-bielefeld.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160317/f40ed0d3/attachment-0001.html>

More information about the systemsafety mailing list