1 / 35

CSE International Ltd

CSE International Ltd. Data Integrity: The use of data by safety-related systems. Alastair Faulkner CEng CSE International Ltd Tel: +44 (0)1724 862169 email: agf@cse-euro.com. Contents. Brief introduction Introduction to safety Data integrity Data provision Data origination Conclusions.

erling
Download Presentation

CSE International Ltd

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE International Ltd Data Integrity:The use of data by safety-related systems Alastair Faulkner CEng CSE International LtdTel: +44 (0)1724 862169 email: agf@cse-euro.com

  2. Contents • Brief introduction • Introduction to safety • Data integrity • Data provision • Data origination • Conclusions

  3. Safety-related systems

  4. Brief introduction • Safety concepts • Hazard, opportunity, accident • Risk, Risk reduction • Generalised safety process

  5. Error – Fault - Failure [Engineering Safety Management: Yellow Book 3]

  6. Hazard, opportunity, accident [Engineering Safety Management: Yellow Book 3]

  7. Innovation: First powered flight

  8. Trees- A hazard to navigation

  9. Risk and ALARP [HSE: Reducing Risks, Protecting People]

  10. Risk reduction [IEC 61508-5]

  11. Example risk classification matrix

  12. Generalised safety process • List system functions (operational requirements) • Find out how they can go wrong • Functional Hazard Analysis • Calculate tolerable failure rates (safety requirements) • consequence analysis to assess mitigation • Design system to meet safety requirements • Show that system will meet safety requirements • provide safety arguments and evidence in safety case • Maintain safe operation

  13. Data integrity • Data in air navigation • Data integrity • Data provision

  14. Air Navigation

  15. Problem description • The use of data by safety-related systems is becoming more common. • In such systems data is often a significant (if not the major) component • Data is not commonly treated as a separate system component and hence is largely ignored. • Safety of the system may rely on the correctness of the data

  16. Data-driven systems • The data used by a data-driven system may have extensive influence over both the normal and abnormal behaviour of the system • Typical examples of large-scale data-driven systems are transportation control systems. These systems use several different types of data • Static configuration data • Instantaneous status information • Operational information • Command Schedule – Timetable

  17. Data integrity requirements • Hazard and risk analysis process are used to establish system integrity requirements • These requirements are then apportioned between components of the design, including people, process, hardware, software and data components of the system. • The integrity requirements apportioned to the data component of the system are termed in this presentation ‘data integrity requirements’.

  18. Apportionment of ‘error budget’ [IEC 61508]

  19. A question of scale? “Things get bigger and bigger, pushing the boundaries, until you’ve had a change of scale” Peter Elliott BP, Keynote Speaker ESAS-02

  20. Layer model

  21. Workstation

  22. Vertical coupling

  23. Horizontal coupling

  24. Design – Control System

  25. Design – Interface considerations

  26. Data Quality • DO 200A identifies a number of ‘data quality’ criteria • the accuracy of the data • the resolution of the data • the confidence that the data is not corrupted while stored or in transit (assurance level) • the ability to determine the origin of the data (traceability) • the level of confidence that the data is applicable to the period of (its) intended use (timeliness) • all of the data needed to support the function is provided (completeness) • the format of the data meets the users requirements

  27. Data development • In data-driven systems the data is often developed separately from the software • However, it is clearly an integral part of the system • Safety of the overall system will normally depend on the correctness of the data • Presumably the SIL of the data will be similar to that of the executable software • One would expect similar levels of rigour

  28. Data ownership • Ownership may itself be a complex issue as data may originate from within a number of organisational and political bodies and include any consolidations required to produce a higher data abstraction. • Organisational responsibilities are not only concerned with the supply of data, but also the ownership and in some cases the liabilities associated data errors. • Ownership may also be passed across the data supply chain.

  29. Data Provision • Data provision is dependant upon the integrity of the data source • Data provision has two main components • Data source (Either data production or Origination) • Data supply chain

  30. Integrity of the data source • Data may be produced by a number of means, from simple data entry to complex and diverse automated toolsets. • The integrity of the data origin will be a significant influence upon the integrity required from the supply chain. • Low integrity at the data source may render the source unusable. • All data of a particular type may not be provided from a single source

  31. Data production • Small-scale systems may use data entry to create a validated dataset. • As the scale and volume of data increases the nature of the data required changes. • Data production may require vertical or horizontal datasets (or a combination of both) • Data production may consider data extracted from enabling products such as middleware or data mining or data warehouses.

  32. Data supply chain • Properties required from a data supply chain • Origination (data of suitable integrity) - Identifies a point at which the data originates • Data then progresses across a series of elements such as transmission, preparation, formatting and finally consumed by the data-driven system. • Each element will not be perfect and therefore, each element in the chain may introduce error of faults. • Data supply chain errors must be less than the data integrity requirements for the safe operation of the system

  33. Buildings: A hazard to navigation

  34. Conclusions • The safe operation of the data-driven system is likely to depend upon the correctness of the data • However, data and its production, use and maintenance rarely are treated as the subject of integrity requirements • All too often • data is not subject to any systematic hazard or risk analysis • data is poorly structured, making errors more likely to be produced, and more difficult to detect • data is not subjected to any form of verification

  35. A final quote “You would think that before they let people use these systems, they'd ensure they're safe” Hiram K. Hackenbacker (Brains) International Rescue, Thunderbirds 1966 (1972 in UK)

More Related